On Sunday, July 19, 2020 3:02 AM, Wojtek Porczyk <w...@invisiblethingslab.com> wrote:
> On Sat, Jul 18, 2020 at 08:04:35AM +0000, WillyPillow wrote: > > > On Friday, July 17, 2020 5:56 PM, Wojtek Porczyk > > w...@invisiblethingslab.com wrote: > > > > > Maybe the -primary key and the key for siging ITL templates should be > > > separated? Would that be more convenient? > > > > I'm a bit unsure about this. Whether the -primary key or another key is > > used, isn't it the case that two files in two separate repos still need to > > be maintained anyway? > > They need, and that's the point. So they may be two different key as well, not > just a copy of the same key. We can leave the -primary key in qubes-relase > in dom0 and have Marek generate another key for ITL templates. > > Keypairs are cheap [1], so unless I missed something, I'd say this is > preferable solution to two others, which would be just more complicated to > mainain: > > - having two copies of the same key (we risk they desynchronise), Ah, I see what you mean. Taking this concern into consideration, having another key for this may indeed be a better solution. For the time being, the -primary and -community keys are placed in the package. Swapping them out for dedicated keys in the future should be fairly easy if needed. > - we have another package just for the -primary key (more packages to > maintain). > > [1] If there is sufficient automation around crypto, but the template > build > environment is already automated (there are two of them, as reflected by > -primary and -community keys), so this is non-issue. > On another note, I'm wonder which fields are needed in the output of the "info" operation. Comparing my WIP code to DNF, I currently do not have the architecture [2], URL, licence, and description fields. This is due to `qubes.TemplateSearch` not currently returning those fields. For the packages in the official repos, those fields do not contain much information (in particular, the description field contains the same information as the summary), though I'm not sure if they might be useful in the future or for unofficial templates. One tricky thing is that the description may contain newlines, while `dnf repoquery` does not escape them at all [3]. This may mean that another method of querying the repo needs to be considered if the description is included. (Or use unconventional characters/strings as separators. In particular, I can't pass NULL characters in the arguments to DNF for obvious reasons.) [2]: Probably not needed unless Qubes becomes available on other architectures. [3]: Speaking of which, I'm also unsure what would happen if newlines appear in, say, the summary field. Maybe I can conduct some experiments about this... Thanks, WillyPillow > https://blog.nerde.pw/ > > PGP fingerprint = 6CCF 3FC7 32AC 9D83 D154 217F 1C16 C70E E7C3 1C84 > > Protonmail PGP = D02D CEFF ACE5 5A7B FF5D 871E 4004 1CB1 F52B 127E -- You received this message because you are subscribed to the Google Groups "qubes-devel" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-devel+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-devel/oWAdo1XBshsowTJqYI5RDt9JDSxq5WxKOXjdb4CXQVttzygukC5XAcppE27MsIctTqctLaU-FO-rWK0RUnyX3Ds7ak5WqM6tD_xJUet4zYo%3D%40nerde.pw.
publickey - wp@nerde.pw - 0xD02DCEFF.asc
Description: application/pgp-keys
signature.asc
Description: OpenPGP digital signature