From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp1 ([2001:41d0:2:4a6f::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms11 with LMTPS id vQcqCQJS0V6eTgAA0tVLHw (envelope-from ) for ; Fri, 29 May 2020 18:18:42 +0000 Received: from aspmx1.migadu.com ([2001:41d0:2:4a6f::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp1 with LMTPS id GJhLBAJS0V40QgAAbx9fmQ (envelope-from ) for ; Fri, 29 May 2020 18:18:42 +0000 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id A4FEA940CBC for ; Fri, 29 May 2020 18:18:41 +0000 (UTC) Received: from localhost ([::1]:34412 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1jejaa-0005mP-CN for larch@yhetil.org; Fri, 29 May 2020 14:18:40 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:52138) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1jejaR-0005j9-Uk for guix-devel@gnu.org; Fri, 29 May 2020 14:18:31 -0400 Received: from fencepost.gnu.org ([2001:470:142:3::e]:45184) by eggs.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1jejaQ-0008Ph-UX; Fri, 29 May 2020 14:18:30 -0400 Received: from ti0006q161-2604.bb.online.no ([84.202.68.75]:42556 helo=localhost) by fencepost.gnu.org with esmtpsa (TLS1.2:RSA_AES_256_CBC_SHA1:256) (Exim 4.82) (envelope-from ) id 1jejaQ-0002Gz-Bu; Fri, 29 May 2020 14:18:30 -0400 From: Marius Bakke To: Ludovic =?utf-8?Q?Court=C3=A8s?= Subject: Re: Heads-up: hard reset of the 'staging' branch In-Reply-To: <87mu5qy94d.fsf@gnu.org> References: <87ftbn7r7r.fsf@gnu.org> <87mu5qy94d.fsf@gnu.org> Date: Fri, 29 May 2020 20:18:27 +0200 Message-ID: <87ftbi4nbg.fsf@gnu.org> MIME-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha512; protocol="application/pgp-signature" X-BeenThere: guix-devel@gnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: "Development of GNU Guix and the GNU System distribution." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: guix-devel@gnu.org Errors-To: guix-devel-bounces+larch=yhetil.org@gnu.org Sender: "Guix-devel" X-Scanner: scn0 Authentication-Results: aspmx1.migadu.com; dkim=none; dmarc=none; spf=pass (aspmx1.migadu.com: domain of guix-devel-bounces@gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=guix-devel-bounces@gnu.org X-Spam-Score: -3.11 X-TUID: jamkhb2OHU7k --=-=-= Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Ludovic Court=C3=A8s writes: > Hi! > > Marius Bakke skribis: > >> I have good news and bad news. The good news is that the new commit >> verification infrastructure works great. 'make authenticate' will >> verify that all commits were signed by a key that was authorized by >> .guix-authorizations at that point in time. >> >> The bad news is that we need to ensure .guix-authorizations has been >> updated on any branches that new committers/keys will be pushing to. >> Currently the 'staging' branch has one commit >> (8229ce3116c1f522c7157ab2dcd50dc2d765686a) signed by a >> not-yet-authorized key (it had been authorized on 'master' by >> d074f73aacc5a39aed0202d6e45721f53f34a8c0, but that was not yet merged to >> 'staging' at the time). >> >> To fix it properly without leaving a gap where 'make authenticate' will >> fail, we actually need to rewrite the history. Luckily git supports >> rebasing merges(!), and the merge we need was the next commit on that >> branch. > > To be clear, it wouldn=E2=80=99t just =E2=80=9Cleave a gap=E2=80=9D: all = future commits would > also be rejected. The authentication code ensures that each commit is > signed by one of the keys authorized in its parent commit(s). (See the > latest discussions at .) Indeed, sorry for being unclear. The gap I was referring to was based on a hypothetical situation where we worked around this issue in git-authenticate.scm, similar to %commits-with-known-bad-signature. > This is a good opportunity to remind all fellow committers of the latest > changes in that area, which are summarized here: > > https://guix.gnu.org/manual/devel/en/html_node/Commit-Access.html > > Please take a look. > > SCARY WARNING: > > When =E2=80=98guix pull=E2=80=99 runs that authentication code, which I= hope will be > the case in a few weeks, any such mistakes means that users will not > be able to pull at all, so we all have to be very cautious. If we do > make a mistake, we=E2=80=99ll have to reset the branch to a known-good = state, > like you did. I am really looking forward to strong authentication in 'guix pull'. Sounds like a good excuse to make a new release! :-) > That said=E2=80=A6 thanks *a lot* for carrying out this rebase, Marius! = I=E2=80=99ve > never done a rebase including merge commits before (sounds scary!), and > I learned that =E2=80=98git rerere=E2=80=99 is not a typo. Thumbs up! Rebasing merges was a first for me too, and hopefully a last! I only learned about (and enabled) 'git rerere' recently and it has saved me a lot of time already, mainly when a merge had to be aborted and redone. But it's a double edged sword, no wonder it's not enabled by default. --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQEzBAEBCgAdFiEEu7At3yzq9qgNHeZDoqBt8qM6VPoFAl7RUfMACgkQoqBt8qM6 VPrOwgf/dMQUz6Cr/l5sQJ9t0P09tUuGKM/6N+E4wiVuAfeA2sboSl3HJ/Tjqchp 0OJAl590hiXZQ4258nx0DEGoDXbYlRKDumyoFfV7SVPxmVqu9o8xGVl4TZ6J1a1N C/FAq9nx4FwG045q4KdXEokQsqQWEgShEP+UbRE5gu3aD40316ALIdZ/jG02vLQ5 wc8iD+OU1VmGPguhwaHAhAL9CjcWZN/mZ9rwgTYXtBcQT1LP3HyZ1FnHZyWTpBqM aaN20IEHBGM1bIIRKoaOvncRP8nWFI6ksAWUBKyEPZqkaKIuID8Z9SQ9R2CG7YY+ ypRAI4/LqPYtnisnB3UPnjG+9hphZg== =Syqa -----END PGP SIGNATURE----- --=-=-=--