Hi Pierre, Thinking a bit of your issue and you have right: you cannot. I mean, if you cannot trust the Guix daemon on a remote machine, everything is doomed. Period! :-)
To me, you are asking: how can I verify the validity of a signature using an untrusted GPG. Well, you cannot. The untrusted GPG can say whatever it wants then it is game over. Trusting trust attack. Well, so you need to transport one trusted Guix on the untrusted machine balaitou. For example, you create a container with Guix (code and daemon) from the trusted machine aneto and then you move this container to balaitou. From the machine balaitou, you start the container mounting /gnu/store/ and verify the integrity (using the trusted guix). Then you will know if you can trust or not the /gnu/store. Something like that... I do not know. Cheers, simon
