unofficial mirror of guix-devel@gnu.org 
 help / color / Atom feed
* Updating the “pre-push” Git hook
@ 2020-05-22 20:44 Ludovic Courtès
  2020-05-22 21:17 ` Leo Famulari
                   ` (2 more replies)
  0 siblings, 3 replies; 20+ messages in thread
From: Ludovic Courtès @ 2020-05-22 20:44 UTC (permalink / raw)
  To: Guix Devel

[-- Attachment #1: Type: text/plain, Size: 111 bytes --]

Hello Guix!

I think we should change our pre-push hook as shown below.

Thoughts?

Thanks,
Ludo’.


[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #2: Type: text/x-patch, Size: 1816 bytes --]

diff --git a/etc/git/pre-push b/etc/git/pre-push
index 9206a2dfe5..415345fc75 100755
--- a/etc/git/pre-push
+++ b/etc/git/pre-push
@@ -1,7 +1,8 @@
 #!/bin/sh
 
 # This hook script prevents the user from pushing to Savannah if any of the new
-# commits' OpenPGP signatures cannot be verified.
+# commits' OpenPGP signatures cannot be verified, or if a commit is signed
+# with an unauthorized key.
 
 # Called by "git push" after it has checked the remote status, but before
 # anything has been pushed.  If this script exits with a non-zero status nothing
@@ -19,51 +20,13 @@
 #
 #   <local ref> <local sha1> <remote ref> <remote sha1>
 
-z40=0000000000000000000000000000000000000000
-
 # Only use the hook when pushing to Savannah.
 case "$2" in
-*git.sv.gnu.org*)
-	break
+    *.gnu.org*)
+	exec make authenticate check-channel-news
+	exit 127
 	;;
-*)
+    *)
 	exit 0
 	;;
 esac
-
-while read local_ref local_sha remote_ref remote_sha
-do
-	if [ "$local_sha" = $z40 ]
-	then
-		# Handle delete
-		:
-	else
-		if [ "$remote_sha" = $z40 ]
-		then
-			# We are pushing a new branch. To prevent wasting too
-			# much time for this relatively rare case, we examine
-			# all commits since the first signed commit, rather than
-			# the full history. This check *will* fail, and the user
-			# will need to temporarily disable the hook to push the
-			# new branch.
-			range="e3d0fcbf7e55e8cbe8d0a1c5a24d73f341d7243b..$local_sha"
-		else
-			# Update to existing branch, examine new commits
-			range="$remote_sha..$local_sha"
-		fi
-
-		# Verify the signatures of all commits being pushed.
-		ret=0
-		for commit in $(git rev-list $range)
-		do
-			if ! git verify-commit $commit >/dev/null 2>&1
-			then
-				printf "%s failed signature check\n" $commit
-				ret=1
-			fi
-		done
-		exit $ret
-	fi
-done
-
-exit 0

^ permalink raw reply	[flat|nested] 20+ messages in thread

* Re: Updating the “pre-push” Git hook
  2020-05-22 20:44 Updating the “pre-push” Git hook Ludovic Courtès
@ 2020-05-22 21:17 ` Leo Famulari
  2020-05-24  7:27   ` Ricardo Wurmus
  2020-05-24  6:41 ` Efraim Flashner
  2020-05-29 16:45 ` Heads-up: “pre-push” Git hook updated Ludovic Courtès
  2 siblings, 1 reply; 20+ messages in thread
From: Leo Famulari @ 2020-05-22 21:17 UTC (permalink / raw)
  To: Ludovic Courtès; +Cc: Guix Devel

On Fri, May 22, 2020 at 10:44:48PM +0200, Ludovic Courtès wrote:
> Hello Guix!
> 
> I think we should change our pre-push hook as shown below.
> 
> Thoughts?

Is it fast? :)


^ permalink raw reply	[flat|nested] 20+ messages in thread

* Re: Updating the “pre-push” Git hook
  2020-05-22 20:44 Updating the “pre-push” Git hook Ludovic Courtès
  2020-05-22 21:17 ` Leo Famulari
@ 2020-05-24  6:41 ` Efraim Flashner
  2020-05-24 21:45   ` Ludovic Courtès
  2020-05-29 16:45 ` Heads-up: “pre-push” Git hook updated Ludovic Courtès
  2 siblings, 1 reply; 20+ messages in thread
From: Efraim Flashner @ 2020-05-24  6:41 UTC (permalink / raw)
  To: Ludovic Courtès; +Cc: Guix Devel

[-- Attachment #1: Type: text/plain, Size: 550 bytes --]

On Fri, May 22, 2020 at 10:44:48PM +0200, Ludovic Courtès wrote:
> Hello Guix!
> 
> I think we should change our pre-push hook as shown below.
> 
> Thoughts?
> 
> Thanks,
> Ludo’.
> 

(ins)efraim@E5400 ~$ type -P make
(ins)efraim@E5400 ~$ command -v make

I'd need to run 'guix environment --ad-hoc make -- git push'


-- 
Efraim Flashner   <efraim@flashner.co.il>   אפרים פלשנר
GPG key = A28B F40C 3E55 1372 662D  14F7 41AA E7DC CA3D 8351
Confidentiality cannot be guaranteed on emails sent or received unencrypted

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]

^ permalink raw reply	[flat|nested] 20+ messages in thread

* Re: Updating the “pre-push” Git hook
  2020-05-22 21:17 ` Leo Famulari
@ 2020-05-24  7:27   ` Ricardo Wurmus
  2020-05-24 21:44     ` Ludovic Courtès
  0 siblings, 1 reply; 20+ messages in thread
From: Ricardo Wurmus @ 2020-05-24  7:27 UTC (permalink / raw)
  To: Leo Famulari; +Cc: guix-devel


Leo Famulari <leo@famulari.name> writes:

> On Fri, May 22, 2020 at 10:44:48PM +0200, Ludovic Courtès wrote:
>> Hello Guix!
>> 
>> I think we should change our pre-push hook as shown below.
>> 
>> Thoughts?
>
> Is it fast? :)

This depends on how many commits you have previously authenticated.  But
even the slow case is pretty fast.  I just authenticated 16,290 commits
in less than a minute.  Regular contributors won’t have to authenticate
nearly as many commits.

For 0 commits it takes 4 seconds.

-- 
Ricardo


^ permalink raw reply	[flat|nested] 20+ messages in thread

* Re: Updating the “pre-push” Git hook
  2020-05-24  7:27   ` Ricardo Wurmus
@ 2020-05-24 21:44     ` Ludovic Courtès
  2020-05-25  9:50       ` Ricardo Wurmus
  0 siblings, 1 reply; 20+ messages in thread
From: Ludovic Courtès @ 2020-05-24 21:44 UTC (permalink / raw)
  To: Ricardo Wurmus; +Cc: guix-devel

Hi,

Ricardo Wurmus <rekado@elephly.net> skribis:

> Leo Famulari <leo@famulari.name> writes:
>
>> On Fri, May 22, 2020 at 10:44:48PM +0200, Ludovic Courtès wrote:
>>> Hello Guix!
>>> 
>>> I think we should change our pre-push hook as shown below.
>>> 
>>> Thoughts?
>>
>> Is it fast? :)
>
> This depends on how many commits you have previously authenticated.  But
> even the slow case is pretty fast.  I just authenticated 16,290 commits
> in less than a minute.  Regular contributors won’t have to authenticate
> nearly as many commits.
>
> For 0 commits it takes 4 seconds.

Hmm for me it’s more like 0 to 1 second, and it’s ~20s to authenticate
14K commits:

  https://issues.guix.gnu.org/issue/22883#61

Could you try:

  mv ~/.cache/guix/authentication/channels/guix{,.bak}
  time make authenticate
  mv ~/.cache/guix/authentication/channels/guix{.bak,}

?

Anyway, for normal usage, it should be faster than the shell script.
Also, it performs a different job: the shell script would only check
whether a commit is signed at all.

Well, give it a try and lemme know!

Ludo’.


^ permalink raw reply	[flat|nested] 20+ messages in thread

* Re: Updating the “pre-push” Git hook
  2020-05-24  6:41 ` Efraim Flashner
@ 2020-05-24 21:45   ` Ludovic Courtès
  2020-05-25  5:50     ` Efraim Flashner
  2020-05-25 20:13     ` Vagrant Cascadian
  0 siblings, 2 replies; 20+ messages in thread
From: Ludovic Courtès @ 2020-05-24 21:45 UTC (permalink / raw)
  To: Efraim Flashner; +Cc: Guix Devel

Hi,

Efraim Flashner <efraim@flashner.co.il> skribis:

> On Fri, May 22, 2020 at 10:44:48PM +0200, Ludovic Courtès wrote:
>> Hello Guix!
>> 
>> I think we should change our pre-push hook as shown below.
>> 
>> Thoughts?
>> 
>> Thanks,
>> Ludo’.
>> 
>
> (ins)efraim@E5400 ~$ type -P make
> (ins)efraim@E5400 ~$ command -v make
>
> I'd need to run 'guix environment --ad-hoc make -- git push'

You’d need to run ‘git push’ from a full Guix development environment.
Do you think it could be a problem?

Thanks,
Ludo’.


^ permalink raw reply	[flat|nested] 20+ messages in thread

* Re: Updating the “pre-push” Git hook
  2020-05-24 21:45   ` Ludovic Courtès
@ 2020-05-25  5:50     ` Efraim Flashner
  2020-05-25 21:31       ` Ludovic Courtès
  2020-05-25 20:13     ` Vagrant Cascadian
  1 sibling, 1 reply; 20+ messages in thread
From: Efraim Flashner @ 2020-05-25  5:50 UTC (permalink / raw)
  To: Ludovic Courtès; +Cc: Guix Devel

[-- Attachment #1: Type: text/plain, Size: 1324 bytes --]

On Sun, May 24, 2020 at 11:45:34PM +0200, Ludovic Courtès wrote:
> Hi,
> 
> Efraim Flashner <efraim@flashner.co.il> skribis:
> 
> > On Fri, May 22, 2020 at 10:44:48PM +0200, Ludovic Courtès wrote:
> >> Hello Guix!
> >> 
> >> I think we should change our pre-push hook as shown below.
> >> 
> >> Thoughts?
> >> 
> >> Thanks,
> >> Ludo’.
> >> 
> >
> > (ins)efraim@E5400 ~$ type -P make
> > (ins)efraim@E5400 ~$ command -v make
> >
> > I'd need to run 'guix environment --ad-hoc make -- git push'
> 
> You’d need to run ‘git push’ from a full Guix development environment.
> Do you think it could be a problem?

I'd probably run 'guix environment guix -- git push origin master' and
view it as an additional safe guard to not push to the wrong branch or
something, similar to how I view the password on the key. I bet there's
an option to create a repo-specific alias in .git/config so that 'git
push' will run inside 'guix environment guix'.

I'm not convinced that my case is unique or that it should hold back the
change. How does it work if 'make authenticate' fails?

-- 
Efraim Flashner   <efraim@flashner.co.il>   אפרים פלשנר
GPG key = A28B F40C 3E55 1372 662D  14F7 41AA E7DC CA3D 8351
Confidentiality cannot be guaranteed on emails sent or received unencrypted

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]

^ permalink raw reply	[flat|nested] 20+ messages in thread

* Re: Updating the “pre-push” Git hook
  2020-05-24 21:44     ` Ludovic Courtès
@ 2020-05-25  9:50       ` Ricardo Wurmus
  2020-05-25 22:04         ` Ludovic Courtès
  0 siblings, 1 reply; 20+ messages in thread
From: Ricardo Wurmus @ 2020-05-25  9:50 UTC (permalink / raw)
  To: Ludovic Courtès; +Cc: guix-devel


Ludovic Courtès <ludo@gnu.org> writes:

> Could you try:
>
>   mv ~/.cache/guix/authentication/channels/guix{,.bak}
>   time make authenticate
>   mv ~/.cache/guix/authentication/channels/guix{.bak,}
>
> ?

real	0m49.496s
user	0m43.733s
sys	    0m1.658s

And then running it again:

--8<---------------cut here---------------start------------->8---
$ [env] time make authenticate
Authenticating Git checkout...
Authenticating d68de95 to fb1675e (0 commits)...

real	0m2.692s
user	0m2.877s
sys	0m0.128s
$ [env] time make authenticate
Authenticating Git checkout...
Authenticating d68de95 to fb1675e (0 commits)...

real	0m2.754s
user	0m2.939s
sys	0m0.111s
--8<---------------cut here---------------end--------------->8---


-- 
Ricardo


^ permalink raw reply	[flat|nested] 20+ messages in thread

* Re: Updating the “pre-push” Git hook
  2020-05-24 21:45   ` Ludovic Courtès
  2020-05-25  5:50     ` Efraim Flashner
@ 2020-05-25 20:13     ` Vagrant Cascadian
  2020-05-25 21:37       ` Ludovic Courtès
  2020-05-26 16:41       ` Leo Famulari
  1 sibling, 2 replies; 20+ messages in thread
From: Vagrant Cascadian @ 2020-05-25 20:13 UTC (permalink / raw)
  To: Ludovic Courtès, Efraim Flashner; +Cc: Guix Devel

[-- Attachment #1: Type: text/plain, Size: 1330 bytes --]

On 2020-05-24, Ludovic Courtès wrote:
> Efraim Flashner <efraim@flashner.co.il> skribis:
>> On Fri, May 22, 2020 at 10:44:48PM +0200, Ludovic Courtès wrote:
>>> Hello Guix!
>>> 
>>> I think we should change our pre-push hook as shown below.
>>> 
>>> Thoughts?
...
>> (ins)efraim@E5400 ~$ type -P make
>> (ins)efraim@E5400 ~$ command -v make
>>
>> I'd need to run 'guix environment --ad-hoc make -- git push'
>
> You’d need to run ‘git push’ from a full Guix development environment.
> Do you think it could be a problem?

Wait a minute... you're saying this is something that needs to be
configured on each committer's machine(s)?

Shouldn't it be on the server-side recieve hooks instead, otherwise
someone might accidentally (or intentially) push commits not
appropriately signed to the repository or validated by this check...

Or is this an optional check for recommended for committers? Have I been
missing something all along that I was supposed to be doing?

For my own workflow, I usually do not (yet) sign or push commits from a
machine with guix installed... it's a bit awkward, admittedly, but I
don't yet have any SSH or OpenPGP keys I trust guix with directly
(ironically, "make authenticate" is working towards addressing exactly
that trust issue).


live well,
  vagrant

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 227 bytes --]

^ permalink raw reply	[flat|nested] 20+ messages in thread

* Re: Updating the “pre-push” Git hook
  2020-05-25  5:50     ` Efraim Flashner
@ 2020-05-25 21:31       ` Ludovic Courtès
  0 siblings, 0 replies; 20+ messages in thread
From: Ludovic Courtès @ 2020-05-25 21:31 UTC (permalink / raw)
  To: Efraim Flashner; +Cc: Guix Devel

Efraim Flashner <efraim@flashner.co.il> skribis:

> I'd probably run 'guix environment guix -- git push origin master' and
> view it as an additional safe guard to not push to the wrong branch or
> something, similar to how I view the password on the key. I bet there's
> an option to create a repo-specific alias in .git/config so that 'git
> push' will run inside 'guix environment guix'.

OK.

> I'm not convinced that my case is unique or that it should hold back the
> change. How does it work if 'make authenticate' fails?

‘git push’ fails, just like with the current pre-push hook.

Ludo’.


^ permalink raw reply	[flat|nested] 20+ messages in thread

* Re: Updating the “pre-push” Git hook
  2020-05-25 20:13     ` Vagrant Cascadian
@ 2020-05-25 21:37       ` Ludovic Courtès
  2020-05-26 16:41       ` Leo Famulari
  1 sibling, 0 replies; 20+ messages in thread
From: Ludovic Courtès @ 2020-05-25 21:37 UTC (permalink / raw)
  To: Vagrant Cascadian; +Cc: Guix Devel

Hi!

Vagrant Cascadian <vagrant@debian.org> skribis:

> On 2020-05-24, Ludovic Courtès wrote:
>> Efraim Flashner <efraim@flashner.co.il> skribis:
>>> On Fri, May 22, 2020 at 10:44:48PM +0200, Ludovic Courtès wrote:
>>>> Hello Guix!
>>>> 
>>>> I think we should change our pre-push hook as shown below.
>>>> 
>>>> Thoughts?
> ...
>>> (ins)efraim@E5400 ~$ type -P make
>>> (ins)efraim@E5400 ~$ command -v make
>>>
>>> I'd need to run 'guix environment --ad-hoc make -- git push'
>>
>> You’d need to run ‘git push’ from a full Guix development environment.
>> Do you think it could be a problem?
>
> Wait a minute... you're saying this is something that needs to be
> configured on each committer's machine(s)?
>
> Shouldn't it be on the server-side recieve hooks instead, otherwise
> someone might accidentally (or intentially) push commits not
> appropriately signed to the repository or validated by this check...
>
> Or is this an optional check for recommended for committers? Have I been
> missing something all along that I was supposed to be doing?

It should be a server-side check so we don’t shoot ourselves in the foot.

However, it’s not done yet (but hey, the code is not even a month old
:-)), so in the meantime, this hook will be very strongly recommended.

Making this a server-side hook on Savannah will be challenging since
“we” don’t have direct access to Savannah.  That makes me wonder if we
should have a push server say on berlin, and make Savannah mirror it or
something.

Help welcome!

> For my own workflow, I usually do not (yet) sign or push commits from a
> machine with guix installed... it's a bit awkward, admittedly, but I
> don't yet have any SSH or OpenPGP keys I trust guix with directly
> (ironically, "make authenticate" is working towards addressing exactly
> that trust issue).

Heh.  :-)

Thanks,
Ludo’.


^ permalink raw reply	[flat|nested] 20+ messages in thread

* Re: Updating the “pre-push” Git hook
  2020-05-25  9:50       ` Ricardo Wurmus
@ 2020-05-25 22:04         ` Ludovic Courtès
  0 siblings, 0 replies; 20+ messages in thread
From: Ludovic Courtès @ 2020-05-25 22:04 UTC (permalink / raw)
  To: Ricardo Wurmus; +Cc: guix-devel

Hi,

Ricardo Wurmus <rekado@elephly.net> skribis:

> Ludovic Courtès <ludo@gnu.org> writes:
>
>> Could you try:
>>
>>   mv ~/.cache/guix/authentication/channels/guix{,.bak}
>>   time make authenticate
>>   mv ~/.cache/guix/authentication/channels/guix{.bak,}
>>
>> ?
>
> real	0m49.496s
> user	0m43.733s
> sys	    0m1.658s

Same timing if you run:

  make guix/{git,openpgp}.go

beforehand?

I get 29s for 16865 commits.

> And then running it again:
>
> $ [env] time make authenticate
> Authenticating Git checkout...
> Authenticating d68de95 to fb1675e (0 commits)...
>
> real	0m2.692s
> user	0m2.877s
> sys	0m0.128s

Oh I see that too.  Roughly half of the time seems to be spent loading
the keyring from the ‘keyring’ branch, and the other half is traversing
the commit graph:

--8<---------------cut here---------------start------------->8---
$ ./pre-inst-env  guile --no-auto-compile -e git-authenticate ./build-aux/git-authenticate.scm d68de958b60426798ed62797ff7c96c327a672ac $(git rev-parse HEAD)
Authenticating d68de95 to a1a3bd5 (0 commits)...
%     cumulative   self             
time   seconds     seconds  procedure
 37.04      0.73      0.73  anon #x4a44d0
 12.96      0.25      0.25  anon #x49e788
 11.11      0.22      0.22  guix/openpgp.scm:1030:0:crc24
  6.48      0.16      0.13  anon #x4a2810
  4.63      0.09      0.09  ice-9/popen.scm:145:0:reap-pipes
  3.70      0.07      0.07  ice-9/vlist.scm:539:0:vhash-assq
  3.70      0.07      0.07  anon #x497578
  2.78      0.05      0.05  anon #x4a52c0
  2.78      0.05      0.05  anon #x4a27e0
  2.78      0.05      0.05  anon #x49d9e0
  1.85      0.05      0.04  anon #x4a5494
  1.85      0.05      0.04  anon #x497190
  0.93      0.62      0.02  guix/openpgp.scm:1056:0:read-radix-64
  0.93      0.33      0.02  gcrypt/base64.scm:154:2:base64-decode
  0.93      0.04      0.02  anon #x4a2878
  0.93      0.02      0.02  anon #x4a2840
  0.93      0.02      0.02  anon #x49f928
  0.93      0.02      0.02  git/commit.scm:213:0:commit-parents
  0.93      0.02      0.02  anon #x4a1ab8
  0.93      0.02      0.02  anon #x4975a8
  0.93      0.02      0.02  anon #x5f6210
  0.00      1.96      0.00  /home/ludo/src/guix/build-aux/git-authenticate.scm:430:3
  0.00      1.15      0.00  guix/git.scm:387:0:commit-closure
  0.00      1.15      0.00  guix/git.scm:401:0:commit-difference
  0.00      1.05      0.00  srfi/srfi-1.scm:530:0:unfold
  0.00      0.96      0.00  git/commit.scm:198:4
  0.00      0.82      0.00  srfi/srfi-1.scm:452:2:fold
  0.00      0.82      0.00  /home/ludo/src/guix/build-aux/git-authenticate.scm:356:0:authenticate-commits
  0.00      0.82      0.00  guix/progress.scm:65:0:call-with-progress-reporter
  0.00      0.73      0.00  git/commit.scm:197:14
  0.00      0.62      0.00  /home/ludo/src/guix/build-aux/git-authenticate.scm:346:10
  0.00      0.20      0.00  guix/openpgp.scm:987:0:get-openpgp-keyring
  0.00      0.15      0.00  guix/openpgp.scm:610:0:get-signature
  0.00      0.11      0.00  ice-9/format.scm:39:0:format
  0.00      0.09      0.00  anon #x495690
  0.00      0.09      0.00  anon #x497d54
  0.00      0.09      0.00  git/types.scm:83:0
  0.00      0.07      0.00  guix/openpgp.scm:614:2:get-sig
  0.00      0.07      0.00  gcrypt/pk-crypto.scm:103:4
  0.00      0.05      0.00  ice-9/rdelim.scm:193:0:read-line
  0.00      0.05      0.00  guix/openpgp.scm:845:0:get-public-key
  0.00      0.05      0.00  ice-9/format.scm:759:2:format:out-obj-padded
  0.00      0.05      0.00  ice-9/format.scm:113:2:format:format-work
  0.00      0.04      0.00  guix/sets.scm:84:0:set-insert
  0.00      0.02      0.00  git/types.scm:106:0:make-double-pointer
  0.00      0.02      0.00  ice-9/ports.scm:545:0:call-with-output-string
---
Sample count: 108
Total time: 1.963880152 seconds (0.382282758 seconds in GC)
--8<---------------cut here---------------end--------------->8---

We can make that a bit faster by not loading the keyring when there’s
nothing to do, and by storing keys in binary format instead of
ASCII-armored, if needed.

Thanks,
Ludo’.


^ permalink raw reply	[flat|nested] 20+ messages in thread

* Re: Updating the “pre-push” Git hook
  2020-05-25 20:13     ` Vagrant Cascadian
  2020-05-25 21:37       ` Ludovic Courtès
@ 2020-05-26 16:41       ` Leo Famulari
  1 sibling, 0 replies; 20+ messages in thread
From: Leo Famulari @ 2020-05-26 16:41 UTC (permalink / raw)
  To: Vagrant Cascadian; +Cc: Guix Devel

[-- Attachment #1: Type: text/plain, Size: 709 bytes --]

On Mon, May 25, 2020 at 01:13:16PM -0700, Vagrant Cascadian wrote:
> Wait a minute... you're saying this is something that needs to be
> configured on each committer's machine(s)?

Yes, it was recommended in HACKING and then, after we removed that file,
in the Commit Access section of the manual. We try to remind new
committers to read these files but maybe we forgot for you.

However, the security model does not depend on either it or on a
post-receive server hook. It's simply to prevent mistakes.

There are commits in the repo that are unsigned when they should have
been signed, and even one commit that is signed but that fails the
signature check :/

A simple pre-push hook would have caught that.

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]

^ permalink raw reply	[flat|nested] 20+ messages in thread

* Heads-up: “pre-push” Git hook updated
  2020-05-22 20:44 Updating the “pre-push” Git hook Ludovic Courtès
  2020-05-22 21:17 ` Leo Famulari
  2020-05-24  6:41 ` Efraim Flashner
@ 2020-05-29 16:45 ` Ludovic Courtès
  2020-05-29 17:07   ` Pierre Neidhardt
                     ` (2 more replies)
  2 siblings, 3 replies; 20+ messages in thread
From: Ludovic Courtès @ 2020-05-29 16:45 UTC (permalink / raw)
  To: Guix Devel

[-- Attachment #1: Type: text/plain, Size: 496 bytes --]

Hi!

Ludovic Courtès <ludo@gnu.org> skribis:

> I think we should change our pre-push hook as shown below.

I’ve pushed it in e65a44649e8d7698c4a888f1de625a67052520e9.
To all committers: please do use it from now on:

  cp etc/guix/pre-push .git/hooks/

If you never run “make authenticate” before, the first run takes a few
minutes.  You might want to run it before your first ‘git push’.

Please report any issues, slowness, errors, unhappiness, whatever!

Ludo’.

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 832 bytes --]

^ permalink raw reply	[flat|nested] 20+ messages in thread

* Re: Heads-up: “pre-push” Git hook updated
  2020-05-29 16:45 ` Heads-up: “pre-push” Git hook updated Ludovic Courtès
@ 2020-05-29 17:07   ` Pierre Neidhardt
  2020-05-29 18:39   ` Christopher Baines
  2020-06-08 18:41   ` Vagrant Cascadian
  2 siblings, 0 replies; 20+ messages in thread
From: Pierre Neidhardt @ 2020-05-29 17:07 UTC (permalink / raw)
  To: Ludovic Courtès, Guix Devel

[-- Attachment #1: Type: text/plain, Size: 290 bytes --]

Ludovic Courtès <ludo@gnu.org> writes:

> I’ve pushed it in e65a44649e8d7698c4a888f1de625a67052520e9.
> To all committers: please do use it from now on:
>
>   cp etc/guix/pre-push .git/hooks/

Typo: cp etc/git/pre-push .git/hooks/

-- 
Pierre Neidhardt
https://ambrevar.xyz/

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 487 bytes --]

^ permalink raw reply	[flat|nested] 20+ messages in thread

* Re: Heads-up: “pre-push” Git hook updated
  2020-05-29 16:45 ` Heads-up: “pre-push” Git hook updated Ludovic Courtès
  2020-05-29 17:07   ` Pierre Neidhardt
@ 2020-05-29 18:39   ` Christopher Baines
  2020-06-04 11:50     ` Ludovic Courtès
  2020-06-08 18:41   ` Vagrant Cascadian
  2 siblings, 1 reply; 20+ messages in thread
From: Christopher Baines @ 2020-05-29 18:39 UTC (permalink / raw)
  To: Ludovic Courtès; +Cc: guix-devel

[-- Attachment #1: Type: text/plain, Size: 1948 bytes --]


Ludovic Courtès <ludo@gnu.org> writes:

> Hi!
>
> Ludovic Courtès <ludo@gnu.org> skribis:
>
>> I think we should change our pre-push hook as shown below.
>
> I’ve pushed it in e65a44649e8d7698c4a888f1de625a67052520e9.
> To all committers: please do use it from now on:
>
>   cp etc/guix/pre-push .git/hooks/
>
> If you never run “make authenticate” before, the first run takes a few
> minutes.  You might want to run it before your first ‘git push’.
>
> Please report any issues, slowness, errors, unhappiness, whatever!

So, I think make authenticate dislikes the naming I use for Git remotes,
in particular I don't have an origin remote.

→ make authenticate
Compiling Scheme modules...
Authenticating Git checkout...
Authenticating d68de95 to 776409c (0 commits)...
Backtrace:
In ice-9/boot-9.scm:
  1736:10 10 (with-exception-handler _ _ #:unwind? _ # _)
In unknown file:
           9 (apply-smob/0 #<thunk 7f4b2fed8940>)
In ice-9/boot-9.scm:
    718:2  8 (call-with-prompt _ _ #<procedure default-prompt-handle…>)
In ice-9/eval.scm:
    619:8  7 (_ #(#(#<directory (guile-user) 7f4b2fafaf00>)))
   293:34  6 (_ #(#(#(#(#(#(#(#(#(#(#<…> …) …) …) …) …) …) …) …) …) …))
In guix/progress.scm:
    71:36  5 (call-with-progress-reporter _ _)
In ice-9/eval.scm:
    619:8  4 (_ #(#(#(#<directory (guile-user) 7f4b2fafaf00>) # …) #))
   626:19  3 (_ #(#(#(#<directory (guile-user) 7f4b2fafaf00>) # …) #))
   293:34  2 (_ #(#(#<directory (guile-user) 7f4b2fafaf00>) #<git…> …))
In git/branch.scm:
    101:8  1 (_ _ _ _)
In git/bindings.scm:
     77:2  0 (raise-git-error _)

git/bindings.scm:77:2: In procedure raise-git-error:
Git error: cannot locate remote-tracking branch 'origin/keyring'

make: *** [Makefile:5965: authenticate] Error 1


I tried renaming my savannah remote to origin, and then it seemed to
work. Any ideas?

Thanks,

Chris

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 962 bytes --]

^ permalink raw reply	[flat|nested] 20+ messages in thread

* Re: Heads-up: “pre-push” Git hook updated
  2020-05-29 18:39   ` Christopher Baines
@ 2020-06-04 11:50     ` Ludovic Courtès
  2020-06-04 18:33       ` Christopher Baines
  0 siblings, 1 reply; 20+ messages in thread
From: Ludovic Courtès @ 2020-06-04 11:50 UTC (permalink / raw)
  To: Christopher Baines; +Cc: guix-devel

Hi,

Christopher Baines <mail@cbaines.net> skribis:

> So, I think make authenticate dislikes the naming I use for Git remotes,
> in particular I don't have an origin remote.
>
> → make authenticate
> Compiling Scheme modules...
> Authenticating Git checkout...
> Authenticating d68de95 to 776409c (0 commits)...
> Backtrace:
> In ice-9/boot-9.scm:
>   1736:10 10 (with-exception-handler _ _ #:unwind? _ # _)
> In unknown file:
>            9 (apply-smob/0 #<thunk 7f4b2fed8940>)
> In ice-9/boot-9.scm:
>     718:2  8 (call-with-prompt _ _ #<procedure default-prompt-handle…>)
> In ice-9/eval.scm:
>     619:8  7 (_ #(#(#<directory (guile-user) 7f4b2fafaf00>)))
>    293:34  6 (_ #(#(#(#(#(#(#(#(#(#(#<…> …) …) …) …) …) …) …) …) …) …))
> In guix/progress.scm:
>     71:36  5 (call-with-progress-reporter _ _)
> In ice-9/eval.scm:
>     619:8  4 (_ #(#(#(#<directory (guile-user) 7f4b2fafaf00>) # …) #))
>    626:19  3 (_ #(#(#(#<directory (guile-user) 7f4b2fafaf00>) # …) #))
>    293:34  2 (_ #(#(#<directory (guile-user) 7f4b2fafaf00>) #<git…> …))
> In git/branch.scm:
>     101:8  1 (_ _ _ _)
> In git/bindings.scm:
>      77:2  0 (raise-git-error _)
>
> git/bindings.scm:77:2: In procedure raise-git-error:
> Git error: cannot locate remote-tracking branch 'origin/keyring'
>
> make: *** [Makefile:5965: authenticate] Error 1
>
>
> I tried renaming my savannah remote to origin, and then it seemed to
> work. Any ideas?

Yeah, that’s a problem Tobias reported as well.

In <https://issues.guix.gnu.org/41653> I change it to just use the local
‘keyring’ branch.  That also requires you to set things up
appropriately, but I think that’s hard to avoid no?

Ludo’.


^ permalink raw reply	[flat|nested] 20+ messages in thread

* Re: Heads-up: “pre-push” Git hook updated
  2020-06-04 11:50     ` Ludovic Courtès
@ 2020-06-04 18:33       ` Christopher Baines
  0 siblings, 0 replies; 20+ messages in thread
From: Christopher Baines @ 2020-06-04 18:33 UTC (permalink / raw)
  To: Ludovic Courtès; +Cc: guix-devel

[-- Attachment #1: Type: text/plain, Size: 1873 bytes --]


Ludovic Courtès <ludo@gnu.org> writes:

> Hi,
>
> Christopher Baines <mail@cbaines.net> skribis:
>
>> So, I think make authenticate dislikes the naming I use for Git remotes,
>> in particular I don't have an origin remote.
>>
>> → make authenticate
>> Compiling Scheme modules...
>> Authenticating Git checkout...
>> Authenticating d68de95 to 776409c (0 commits)...
>> Backtrace:
>> In ice-9/boot-9.scm:
>>   1736:10 10 (with-exception-handler _ _ #:unwind? _ # _)
>> In unknown file:
>>            9 (apply-smob/0 #<thunk 7f4b2fed8940>)
>> In ice-9/boot-9.scm:
>>     718:2  8 (call-with-prompt _ _ #<procedure default-prompt-handle…>)
>> In ice-9/eval.scm:
>>     619:8  7 (_ #(#(#<directory (guile-user) 7f4b2fafaf00>)))
>>    293:34  6 (_ #(#(#(#(#(#(#(#(#(#(#<…> …) …) …) …) …) …) …) …) …) …))
>> In guix/progress.scm:
>>     71:36  5 (call-with-progress-reporter _ _)
>> In ice-9/eval.scm:
>>     619:8  4 (_ #(#(#(#<directory (guile-user) 7f4b2fafaf00>) # …) #))
>>    626:19  3 (_ #(#(#(#<directory (guile-user) 7f4b2fafaf00>) # …) #))
>>    293:34  2 (_ #(#(#<directory (guile-user) 7f4b2fafaf00>) #<git…> …))
>> In git/branch.scm:
>>     101:8  1 (_ _ _ _)
>> In git/bindings.scm:
>>      77:2  0 (raise-git-error _)
>>
>> git/bindings.scm:77:2: In procedure raise-git-error:
>> Git error: cannot locate remote-tracking branch 'origin/keyring'
>>
>> make: *** [Makefile:5965: authenticate] Error 1
>>
>>
>> I tried renaming my savannah remote to origin, and then it seemed to
>> work. Any ideas?
>
> Yeah, that’s a problem Tobias reported as well.
>
> In <https://issues.guix.gnu.org/41653> I change it to just use the local
> ‘keyring’ branch.  That also requires you to set things up
> appropriately, but I think that’s hard to avoid no?

Great, that sounds good :)

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 962 bytes --]

^ permalink raw reply	[flat|nested] 20+ messages in thread

* Re: Heads-up: “pre-push” Git hook updated
  2020-05-29 16:45 ` Heads-up: “pre-push” Git hook updated Ludovic Courtès
  2020-05-29 17:07   ` Pierre Neidhardt
  2020-05-29 18:39   ` Christopher Baines
@ 2020-06-08 18:41   ` Vagrant Cascadian
  2020-06-09 15:46     ` Ludovic Courtès
  2 siblings, 1 reply; 20+ messages in thread
From: Vagrant Cascadian @ 2020-06-08 18:41 UTC (permalink / raw)
  To: Ludovic Courtès, Guix Devel

[-- Attachment #1: Type: text/plain, Size: 999 bytes --]

On 2020-05-29, Ludovic Courtès wrote:
> Ludovic Courtès <ludo@gnu.org> skribis:
>
>> I think we should change our pre-push hook as shown below.
>
> I’ve pushed it in e65a44649e8d7698c4a888f1de625a67052520e9.
> To all committers: please do use it from now on:
>
>   cp etc/guix/pre-push .git/hooks/
>
> If you never run “make authenticate” before, the first run takes a few
> minutes.  You might want to run it before your first ‘git push’.
>
> Please report any issues, slowness, errors, unhappiness, whatever!

$ guix environment --pure guix --ad-hoc guile git gnupg -- make authenticate
...
configure: checking for guile 3.0
configure: checking for guile 2.2
configure: error:
No Guile development packages were found.

Without --pure i'm getting the same thing.

Running on Guix System with commit
e78275608065ef073775fabb9f1a757da65851f2 + some changes I was hoping to
push soon, but really can't imagine those breaking the above.

live well,
  vagrant

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 227 bytes --]

^ permalink raw reply	[flat|nested] 20+ messages in thread

* Re: Heads-up: “pre-push” Git hook updated
  2020-06-08 18:41   ` Vagrant Cascadian
@ 2020-06-09 15:46     ` Ludovic Courtès
  0 siblings, 0 replies; 20+ messages in thread
From: Ludovic Courtès @ 2020-06-09 15:46 UTC (permalink / raw)
  To: Vagrant Cascadian; +Cc: Guix Devel

Hi,

Vagrant Cascadian <vagrant@debian.org> skribis:

> On 2020-05-29, Ludovic Courtès wrote:
>> Ludovic Courtès <ludo@gnu.org> skribis:
>>
>>> I think we should change our pre-push hook as shown below.
>>
>> I’ve pushed it in e65a44649e8d7698c4a888f1de625a67052520e9.
>> To all committers: please do use it from now on:
>>
>>   cp etc/guix/pre-push .git/hooks/
>>
>> If you never run “make authenticate” before, the first run takes a few
>> minutes.  You might want to run it before your first ‘git push’.
>>
>> Please report any issues, slowness, errors, unhappiness, whatever!
>
> $ guix environment --pure guix --ad-hoc guile git gnupg -- make authenticate
> ...
> configure: checking for guile 3.0
> configure: checking for guile 2.2
> configure: error:
> No Guile development packages were found.
>
> Without --pure i'm getting the same thing.

What does ‘config.log’ say?

The above could happen if ‘guile-3.0.pc’ or ‘guile-2.2.pc’ is not in
$PKG_CONFIG_PATH, but I don’t see why that would happen here:

--8<---------------cut here---------------start------------->8---
$ guix environment --pure guix --search-paths
export PATH="/gnu/store/wpizavgr4p8cp8bryxg1dxac4h47xhzh-profile/bin:/gnu/store/wpizavgr4p8cp8bryxg1dxac4h47xhzh-profile/sbin"
export PKG_CONFIG_PATH="/gnu/store/wpizavgr4p8cp8bryxg1dxac4h47xhzh-profile/lib/pkgconfig"
export GUILE_LOAD_PATH="/gnu/store/wpizavgr4p8cp8bryxg1dxac4h47xhzh-profile/share/guile/site/3.0"
export GUILE_LOAD_COMPILED_PATH="/gnu/store/wpizavgr4p8cp8bryxg1dxac4h47xhzh-profile/lib/guile/3.0/site-ccache:/gnu/store/wpizavgr4p8cp8bryxg1dxac4h47xhzh-profile/share/guile/site/3.0"
export ACLOCAL_PATH="/gnu/store/wpizavgr4p8cp8bryxg1dxac4h47xhzh-profile/share/aclocal"
export INFOPATH="/gnu/store/wpizavgr4p8cp8bryxg1dxac4h47xhzh-profile/share/info"
export C_INCLUDE_PATH="/gnu/store/wpizavgr4p8cp8bryxg1dxac4h47xhzh-profile/include"
export CPLUS_INCLUDE_PATH="/gnu/store/wpizavgr4p8cp8bryxg1dxac4h47xhzh-profile/include/c++:/gnu/store/wpizavgr4p8cp8bryxg1dxac4h47xhzh-profile/include"
export LIBRARY_PATH="/gnu/store/wpizavgr4p8cp8bryxg1dxac4h47xhzh-profile/lib"
export GUIX_LOCPATH="/gnu/store/wpizavgr4p8cp8bryxg1dxac4h47xhzh-profile/lib/locale"
$ ls /gnu/store/wpizavgr4p8cp8bryxg1dxac4h47xhzh-profile/lib/pkgconfig/guile-3.0.pc
/gnu/store/wpizavgr4p8cp8bryxg1dxac4h47xhzh-profile/lib/pkgconfig/guile-3.0.pc
--8<---------------cut here---------------end--------------->8---

Note that you don’t need to explicitly add guile, git, and gnupg.

Thanks,
Ludo’.


^ permalink raw reply	[flat|nested] 20+ messages in thread

end of thread, back to index

Thread overview: 20+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-05-22 20:44 Updating the “pre-push” Git hook Ludovic Courtès
2020-05-22 21:17 ` Leo Famulari
2020-05-24  7:27   ` Ricardo Wurmus
2020-05-24 21:44     ` Ludovic Courtès
2020-05-25  9:50       ` Ricardo Wurmus
2020-05-25 22:04         ` Ludovic Courtès
2020-05-24  6:41 ` Efraim Flashner
2020-05-24 21:45   ` Ludovic Courtès
2020-05-25  5:50     ` Efraim Flashner
2020-05-25 21:31       ` Ludovic Courtès
2020-05-25 20:13     ` Vagrant Cascadian
2020-05-25 21:37       ` Ludovic Courtès
2020-05-26 16:41       ` Leo Famulari
2020-05-29 16:45 ` Heads-up: “pre-push” Git hook updated Ludovic Courtès
2020-05-29 17:07   ` Pierre Neidhardt
2020-05-29 18:39   ` Christopher Baines
2020-06-04 11:50     ` Ludovic Courtès
2020-06-04 18:33       ` Christopher Baines
2020-06-08 18:41   ` Vagrant Cascadian
2020-06-09 15:46     ` Ludovic Courtès

unofficial mirror of guix-devel@gnu.org 

Archives are clonable:
	git clone --mirror https://yhetil.org/guix-devel/0 guix-devel/git/0.git

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V2 guix-devel guix-devel/ https://yhetil.org/guix-devel \
		guix-devel@gnu.org
	public-inbox-index guix-devel

Example config snippet for mirrors

Newsgroups are available over NNTP:
	nntp://news.yhetil.org/yhetil.gnu.guix.devel
	nntp://news.gmane.io/gmane.comp.gnu.guix.devel


AGPL code for this site: git clone https://public-inbox.org/public-inbox.git