On Sat, Dec 28, 2019 at 06:45:34PM -0800, Vagrant Cascadian wrote: > On 2019-12-27, Ricardo Wurmus wrote: > >> b3011dbbd2 doc: Mention "make authenticate". > >> 787766ed1e git-authenticate: Keep a local cache of previously-authenticated commits. > >> 785af04a75 git: 'commit-difference' takes a list of excluded commits. > >> 1e43ab2c03 Add 'build-aux/git-authenticate.scm'. > >> > >> Commit 787766ed1e takes care of caching (one of the limitations I > >> mentioned in my previous message). > >> > >> Commit b3011dbbd2 adds instructions for contributors on how to > >> authenticate a checkout (copied below). It’s a bit bumpy so I would > >> very much welcome feedback and suggestions on how to improve this! > > > > This is great! > > Yes! Yes! > > > > Thank you for the instructions. I thought I had all keys, but > > apparently at least one of them is missing. “make authenticate” fails > > for me with this error: > > > > Throw to key `srfi-34' with args `(#)'. > > > > I previously downloaded the gpg keyring from Savannah: > > > > https://savannah.gnu.org/project/memberlist-gpgkeys.php?group=guix > > > > Looks like Hartmut used to use a different key, which I don’t have. > > I got this too, and manually worked around it by downloading > guix-keyring.gpg from: > > https://savannah.gnu.org/project/memberlist-gpgkeys.php?group=guix&download=1 > > And running: > > gpg --no-default-keyring --keyring ~/.config/guix/keyrings/channels/guix.kbx --import ~/guix-keyring.gpg > Thanks for the hint. I started with importing the keyring into my normal keyring but I see now we have another keyring for this specifically. (another being the user default, ~/.config/guix/upstream/trustedkeys.kbx and now this one) > It seems to be working now... how is the keyring *supposed* to be > populated? Before I manually imported guix-keyring.gpg into guix.kbx, > there were a very small number of keys present. > > > It's a little awkward that it uses the fingerprint of the signing key > rather than the primary key, as by default things like "gpg --list-keys" > do not display the fingerprint of signing keys, only the primary key, so > it is an adventure in gpg commandline options to correlate them. > > "gpg log --show-signature" also reports the the primary key fingerprint, > if the key is available in the keyring, and only the subkey fingerprint > for unknown keys if I remember correctly. > > It would be nice if the statistics would display the primary uid > instead, as it is something a little more human readable, and the > primary key fingerprint, as it is a little easier to find. :) > > > I'm hoping the eventual goal is to integrate this into guix pull? > > > Very nice to see progress on this issue! > > > live well, > vagrant -- Efraim Flashner אפרים פלשנר GPG key = A28B F40C 3E55 1372 662D 14F7 41AA E7DC CA3D 8351 Confidentiality cannot be guaranteed on emails sent or received unencrypted