Hello GNUnet! Here’s a little update on what’s coming for this project.
The current binary package distribution (through HTTP) is based on two components: a substituer that retrieves packages, and a publisher to make them available. The current plan is to start with adapting the publisher for GNUnet before attacking the substituer; this work will be started once I’ll have successfully bound the download and publish operations. Here’s an overview of how these components will work: After a call to `guix package -i foo`, the GNUnet substituer will search GNUnet for a specific build of the `foo` package and if it finds one, it will download it and install it (as if it had been downloaded through HTTP). An interesting point is handling of metadata: in Guix (and Nix), each binary package’s metadata (size, signature, compression method…) is downloaded separatedly, before its archive. In the HTTP substituer, that means you have to download two files: one for the metadata, one for the archive. In the GNUnet substituer, we take advantage of the functionning of GNUnet and ship an archive’s metadata along with the search result, using. In order to make this work, the publisher will basically inline an archive’s metadata file in the archive’s metadata using a specific libextractor type. On the security side, Guix uses a list of authorized public keys to determine if its safe to download a specific binary (based, thus, on its author). I’m currently wondering if it would be better to use a peer’s key or a namespace’s; what do you think? As usual, feel free to contact me for any question, suggestion, advice, critic or idea. -- Rémi Birot-Delrue _______________________________________________ GNUnet-developers mailing list [email protected] https://lists.gnu.org/mailman/listinfo/gnunet-developers
