<spikebike>
if I run ipfs dht query I get something like <peer.ID annHrJ>
<spikebike>
how do I turn annHrJ into a peer id?
<jbenet>
spkebike: oh that's truncated. the dht command is mostly debugging info for us. we should make them better
tilgovi has joined #ipfs
jibber11 has joined #ipfs
<spikebike>
jbenet: yeah, just wanted to follow along and see if things worked like I expected
<whyrusleeping>
spikebike, if you use the raw http api you'll get the info you want
<jbenet>
whyrusleeping: i'm going through the records spec now lmk if anything else you wanted fixed than what's on the PR
<jbenet>
whyrusleeping, wking: we went for one mandatory integer in the record, right?
<spikebike>
whyrusleeping: ah, k, I'll try that
<wking>
jbenet: one mandatory integer? Ah, for validity?
<jbenet>
wking: yeah
<jbenet>
wking: we had a case that we solved by saying "you always get one int to increment" or something
<jbenet>
i can't recall what it was.
<wking>
looks like discussion was here on 2015-06-03
<jbenet>
wking: awesome, good find
<wking>
I was arguing for revocation lists in the event of an incompatible validity scheme change
<wking>
I still think that's a good idea, but to get started "integer increments with a finite expiration time" seems like a safe starting point
<jbenet>
wait, "finite expiration time" ?
<wking>
I want something inside the record so I can tell it's invalid all by itself
<jbenet>
time is external to the record
<jbenet>
that assumes a TI
<wking>
to avoid the "carry it around in my revocation list forever" issue if we do switch schemes in the future
<wking>
assuming a TI is acceptable for me at the moment
<jbenet>
revocations are a notorious distributed systems mess. they sounds great, but in practice don't work well.
<wking>
right, and having an in-record expiration feature lets us not use them (much)
<wking>
and hopefully not at all
<jbenet>
assuming a TI is not acceptable for me. the whole point is not depending on time.
<wking>
maybe make it optional then? So I can publish my (safer, I think) expiring records, and you can publish your eternal records?
<wking>
nodes in the DHT can ignore the time expiration if they want to keep ancient records (and haven't seen a higher number record since they got the old one)
<jbenet>
wking: yeah, it already is, define your validity scheme
<wking>
so sounds good to me if the stock go-ipfs node wants to be increasing-number only
jibber11 has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
<jbenet>
the DHT (specifically) will purge records that are older than 24 (or 48) hours.
<jbenet>
wking: i want to implement the four example record types
<jbenet>
in stock go-ipfs
<wking>
^ do providers have to republish?
<jbenet>
wking: yeah they do.
<wking>
ok
<jbenet>
wking: we can tweak these constants. these are standard kademlia constants with a very different use case.
<jbenet>
(well, not very, but somewhat)
<wking>
so that takes care of my expiration concerns in the short term
<jbenet>
some routing systems, like "Stone Hash Tablet" may not be able to expire things.
<wking>
everything else is minor enough that we can iterate on it as we gain experience with the current spec
<jbenet>
sounds good! :)
<wking>
alright, I'm off to bed :p
jibber11 has joined #ipfs
<jbenet>
wking: night! p/
nell has quit [Quit: WeeChat 1.3-dev]
sharky has quit [Ping timeout: 264 seconds]
sharky has joined #ipfs
<jbenet>
whyrusleeping anything else i should review today?
chriscool has joined #ipfs
<zignig>
o/
<zignig>
jbenet: how hard would it be to have 'ipfs init --template=<file>'
<zignig>
so it uses a config and just generates a new priv key ?
<zignig>
( for my rkt stuff ) , but usefull elsewhere.
<whyrusleeping>
zignig: that would be nice
<zignig>
also so I can turn logging off by default.
<zignig>
it builds up pretty quickly ( then BOOM so space left ) ....
<zignig>
/so/no
tso has quit [Ping timeout: 256 seconds]
warner has quit [Read error: Connection reset by peer]
warner has joined #ipfs
jibber11 has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
tilgovi has quit [Remote host closed the connection]
inconshr_ has quit [Ping timeout: 265 seconds]
tso has joined #ipfs
martinBrown has quit [Quit: -]
besenwesen has quit [Quit: ☠]
besenwesen has joined #ipfs
besenwesen has joined #ipfs
besenwesen has quit [Client Quit]
besenwesen has joined #ipfs
besenwesen has quit [Changing host]
besenwesen has joined #ipfs
inconshreveable has joined #ipfs
sharky has quit [Ping timeout: 246 seconds]
<jbenet>
zignig we should just make it --config
Tv` has quit [Quit: Connection closed for inactivity]
Encrypt has joined #ipfs
Encrypt has quit [Quit: Quitte]
<chriscool>
Hi everyone!
<chriscool>
Just in case someone sent me an email recently at chriscool@tuxfamily.org, I cannot read those email these days as tuxfamily.org had a power outage.
<chriscool>
My gmail address christian.couder@gmail.com is still working though.
kbala has quit [Quit: Connection closed for inactivity]
martinBrown has joined #ipfs
mitchty_ has joined #ipfs
mitchty has quit [Ping timeout: 265 seconds]
williamcotton has joined #ipfs
williamcotton has quit [Ping timeout: 276 seconds]
cow_2001 has quit [Quit: ASCII Muhammad - @o<-<]
cow_2001 has joined #ipfs
G-Ray has joined #ipfs
ei-slackbot-ipfs has quit [Remote host closed the connection]
<Luzifer>
it *should* work but yeah… you know how this works…
<Luzifer>
:D
<whyrusleeping>
Luzifer: brave adding your encrypted key to git
<Luzifer>
AES-256-CBC with a good password…
<whyrusleeping>
yeap, still brave, lol
<Luzifer>
should take some years to decrypt that
<whyrusleeping>
yeah, it all looks good to me
<whyrusleeping>
nothing glaringly wrong
<Luzifer>
yay. the worker machine just finished its update to be able to decrypt that GPG key
<Luzifer>
so: gameday! lets go live with the new stuff!
<whyrusleeping>
ship it!
<Luzifer>
yeah the WoT stuff is hard… currently its only verifying there is a valid signature… (I did not see any other output with different repos where the signing key is trusted by me…)
<Luzifer>
*sigh* dockerhub is slow again…
* Luzifer
is waiting for the new build-image to become available
chrisr_ has joined #ipfs
<wking>
Luzifer: I haven't met Linus, so: git tag --verify v4.0 2>&1 | grep 'not certified with a trusted signature'
<Luzifer>
whyrusleeping: maybe you should codify that ;)
<whyrusleeping>
lol, thats effort
<Luzifer>
wking: gpg: Signature made Thu Mar 19 16:21:40 2015 CET using RSA key ID 14F22410
<Luzifer>
gpg: Good signature from "Burke Libbey <burke.libbey@shopify.com>"
<Luzifer>
hmm I really don't know that guy but it shows a good sig… O_o
<grawity>
good as in mathematically valid
<grawity>
not good as in trusted
chriscool has joined #ipfs
<wking>
Luzifer: Maybe it depends on your GnuPG version? I'm running 2.0.26, with Git 2.1.0
<Luzifer>
hm my own signed tags does have the same wording
<Luzifer>
wking: hmm maybe its using gpg1 on my system (I got 1.4.19 and 2.0.27 with git 2.4.2)…
<wking>
Luzifer: I find it hard to imagine that GnuPG 1 isn't giving you information about a key's untrusted status, but that is the only difference I can think of
<wking>
So for the paranoid who want to close the WoT hole, it's probably worth posting the output of 'git show --raw $TAG' (or $COMMIT) somewhere so users know nobody was MiTMed when they verify "the same tag" locally using their WoT.
<Luzifer>
but how do you verify a signature you dont have the signed data locally?
<wking>
You could fetch the linked GitHub repo and get the tag that way, use a local 'git show --raw $TAG' to make sure you have the same tag as gobuilder, and then verify it locally
<wking>
Or you may just be able to pipe the --raw tag info into GnuPG without fetching the repo. Will check...
<Luzifer>
> git show --raw v1.11.1 | gpg --verify
<Luzifer>
gpg: keine unterschriebene Daten
<Luzifer>
gpg: can't hash datafile: Fehler beim Öffnen der Datei
<Luzifer>
errr sorry… localized output :(
<Luzifer>
it did not find signed data
<wking>
there may be another incantation for cleartext sigs...
williamcotton has joined #ipfs
<wking>
hmm, but there's no commit hash in the raw tag before the sig block...
<Luzifer>
okay signed hash-list is not working
mildred has joined #ipfs
<Luzifer>
hmm even with a signature on my own key from the gobuilder key it is untrusted… O_o
williamcotton has quit [Ping timeout: 246 seconds]
<wking>
Luzifer: to verify from the --raw tag you need to split the --raw output into a cleartext part and a sig part. Then: gpg --verify sig-part text-part
<wking>
ah, and it's not the --raw output, we need: git cat-file tag $TAG
<wking>
or: git cat-file commit $COMMIT
<wking>
to get the uncompressed object without any prettifying
<wking>
To make that easier for folks it's probably best to do the splitting in gobuilder, and offer the text part as tag.txt (or commit.txt) and the signature as tag.txt.asc (or commit.txt.asc)
williamcotton has joined #ipfs
pfraze has joined #ipfs
mildred has quit [Quit: Leaving.]
nessence has joined #ipfs
mildred has joined #ipfs
bren2010 has joined #ipfs
Bioblazin has quit [Remote host closed the connection]
Bioblaze has joined #ipfs
pfraze has quit [Remote host closed the connection]
Bioblazin has joined #ipfs
williamcotton has quit [Ping timeout: 276 seconds]
<Luzifer>
and maybe I'm adding colors to that badge… green for fully trusted and yellow for "code was not changed but who is that guy?"
<Luzifer>
would make sense I think
<Luzifer>
and then adding instructions to that popup how to verify by self
<wking>
that's more generous, and also makes sense. I just don't think it's particularly useful to build tags you don't trust without giving users a way to decide if they trust the tags
<Luzifer>
yep. therefor yellow: "I'm sure the code is the same, you can check everything is the same I build from that unchanged code but I'm unable to tell if the signature is from a trusted source"
<wking>
right, but you need some way for folks to ensure that the untrusted signed tag you build matches the signed tag they're verifying
<Luzifer>
yep. thats the hard part… xD
<wking>
hmm, likely you should be signing the signed tag into your manifest...
<wking>
this will be much easier once we have signatures in IPFS ;)
<Luzifer>
(damnit again localized german output -_-)
<Luzifer>
I just don't know what is setting that lang var :/ my user profile is set to en_US
<wking>
so we just need to figure out how to pass that information (plaintext and detached sig) to the user with a followup sig so they can tell that those files are from gobuilder
chriscool has quit [Ping timeout: 255 seconds]
<wking>
Can you nest cleartext signatures?
<Luzifer>
uhm… lets try…
<Luzifer>
hmpf. that signature is a detached signature. looks like it is not attachable
<Luzifer>
hmmm maybe one could build a circleci job to do an integration test for the gobuilder image… theoretically it could build the building container, execute a build in it and compare if the checksums provided by gobuilder matches the test build ones
elsehow has quit [Remote host closed the connection]
<Luzifer>
so it would verify gobuilder is running latest code from the gobuilder repo which is reviewable
<jbenet>
Luzifer: hmm interesting! that could be cool. federates trust. one step forward.
<jbenet>
Luzifer: in fact, i would appreciate that even when developers build + sign themselves.
<jbenet>
Luzifer: knowing that "CircleCI" AND "J Random Developer" built from "<hash>" i can inspect on github is useful information
<Luzifer>
mh?
<jbenet>
Luzifer: i mean that if a random developer built code themselves (not with gobuilder) i would still want the Testing CI build to agree with the one they made
<jbenet>
(so +1 on the idea)
www has quit [Ping timeout: 252 seconds]
xdanx has joined #ipfs
<Luzifer>
hmm you mean project-specific test builds… I was thinking about one $random project as an integration test for gobuilder itself to verify gobuilder wasn't compromized
inconshreveable has joined #ipfs
inconshreveable has quit [Remote host closed the connection]
<Luzifer>
on the other hand anyone can build and execute the build image and test the result… circleci is just a more convenient way
inconshreveable has joined #ipfs
nessence_ has joined #ipfs
dandroid3000 has joined #ipfs
<dandroid3000>
sup guys :)
nessence has quit [Ping timeout: 256 seconds]
<jbenet>
hey dandroid3000 o/
<jbenet>
Luzifer: well i meant that even in cases where there is already a release process, having the CI system's build _agree_ with the shipped built version is useful because we know the developers didn't introduce crap (or that their machines aren't compromised)
<Luzifer>
yep
<Luzifer>
I'm just writing the CI job to test gobuilders integrity :D
Evermore_ has joined #ipfs
martinBrown has quit [Ping timeout: 264 seconds]
Evermore has quit [Ping timeout: 264 seconds]
flugsio has quit [Ping timeout: 264 seconds]
Bat`O has quit [Ping timeout: 264 seconds]
Bat`O has joined #ipfs
martinBrown has joined #ipfs
flugsio has joined #ipfs
<namick>
jbenet: cool, is there an issue for that? I was unable to find one.
xdanx has quit [Quit: Page closed]
<jbenet>
namick: not yet i dont think
<Luzifer>
meh. circle-ci is not useful for that purpose. :(
<Luzifer>
"hey let me store temp build data" - "nope. permission denied" - "wat?"
<Luzifer>
hmm okay… 2 different builds results in 2 different versions of all zip files… O_o
tso has joined #ipfs
<Luzifer>
lol. zip sucks. every time zip produces different zip files… m(