From mboxrd@z Thu Jan 1 00:00:00 1970 From: Chris Marusich Subject: bug#31284: [PATCH 0/1] guix: Add git-fetch/impure. Date: Fri, 27 Apr 2018 21:45:04 -0700 Message-ID: <87y3h8szvz.fsf@gmail.com> References: <20180427081217.28576-1-cmmarusich@gmail.com> Mime-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha256; protocol="application/pgp-signature" Return-path: Received: from eggs.gnu.org ([2001:4830:134:3::10]:55887) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1fCHkM-0005i0-1O for bug-guix@gnu.org; Sat, 28 Apr 2018 00:46:07 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1fCHkI-0002Td-Uf for bug-guix@gnu.org; Sat, 28 Apr 2018 00:46:06 -0400 Received: from debbugs.gnu.org ([208.118.235.43]:33634) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1fCHkI-0002TS-Pu for bug-guix@gnu.org; Sat, 28 Apr 2018 00:46:02 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1fCHkI-0007ey-II for bug-guix@gnu.org; Sat, 28 Apr 2018 00:46:02 -0400 Sender: "Debbugs-submit" Resent-Message-ID: In-Reply-To: (David Thompson's message of "Fri, 27 Apr 2018 09:05:37 -0400") List-Id: Bug reports for GNU Guix List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: bug-guix-bounces+gcggb-bug-guix=m.gmane.org@gnu.org Sender: "bug-Guix" To: "Thompson, David" Cc: 31284@debbugs.gnu.org --=-=-= Content-Type: text/plain Content-Transfer-Encoding: quoted-printable Hi David and Mark, Thank you both for taking a look at this! "Thompson, David" writes: > When I encountered a similar situation at work I opted to use https > cloning with a password token in the url. Then there was no external > state (like an rsa key) needed. This is good to know! I hadn't considered putting the secret into the URL. I can see how that might be a simple and appropriate solution in some situations. However, it would also be nice if Guix could fetch Git repositories over SSH using public key authentication. In some situations, SSH public key authentication may be the only option. Mark H Weaver writes: > My hacky approach has been to manually add a tarball of the desired > sources using "guix download file:///home/mhw/foo.tar.gz" and then to > add a bogus origin but with the correct hash. If a file with a matching > hash is already in the store, then it will be used, and the other fields > of the 'origin' will effectively be ignored. That's a neat trick! It looks like it would work well for ad-hoc hacking. But how does it scale? Imagine if you wanted to do this for 10 packages, or 100. The manual upkeep could become quite painful. It would be so much nicer if Guix could just download the source automatically, as usual! You've both said that you would prefer not to add git-fetch/impure to Guix. Can you help me to understand why you feel that way? I really think it would be nice if Guix could fetch Git repositories over SSH using public key authentication, so I'm hoping that we can talk about it and figure out an acceptable way to implement it. =2D-=20 Chris --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEy/WXVcvn5+/vGD+x3UCaFdgiRp0FAlrj/FAACgkQ3UCaFdgi Rp3DsQ/6A8xMTjJu+YMdDJ3K/6xjJbvGfqfbsFCtDFyIpndhfFL6v7cf1Wtumk7s d7xVM92U6sz3LSipsUlLwLecjivpuWo+jVdFjC+omMO7ewpLArC/COUAtEJ/JnR0 FnWgLQn/yMF4f1wYskxdvhxFnc2KMtlrTtOTP1F6l+RSGHU+sYUsGhEYj1GfBwrK t9I7MfMt5MedS3pq6BT3ygFLjma3zt+3iJShLEDTtSCuChSrgP8T20trjCwV1Ltl e4G4UJZMGgXripK5rjZrsnEsUeMoAnotiCg4h+JVi8F+/edtvntaglHN1qZDS1Bb 8f8Ik/U3WRn9HprZXm+IN4FhlEV/HbJOl811K+p1LItR4cZpaF4ZU+ize8wU/l/k KmtCVma/MiQla5Gg4+SpFWGD3219q105OAvu1zfPtBYwZk5SfzAPP+vT4z7mDZcD ZBglmKTN8yBe6wfH+VjApFcTfojaBWnNQBkFE2+OK8GSlPvA8fiKPzBUTDKEFZbV mbAfwd34FRz0H8rlmbKKKGQIqoftsjWbhGeN2jkyRq16dqA2at0/NUXBH7hQDKAb cTYfesHRjTArFfYQgdNIUjs8ZPsH6vuFfQUkoouJhk5aEloGQnLfIcAsI+Vn/pW3 qo0027KmUF/mkr5uXCprBxFGvxk5qrNpIa5KC3QB8VFlALaZW9A= =sm3G -----END PGP SIGNATURE----- --=-=-=--