From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp10.migadu.com ([2001:41d0:2:4a6f::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms5.migadu.com with LMTPS id 2CuONrwR9WKhQgAAbAwnHQ (envelope-from ) for ; Thu, 11 Aug 2022 16:27:09 +0200 Received: from aspmx1.migadu.com ([2001:41d0:2:4a6f::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp10.migadu.com with LMTPS id wOC1NbwR9WJp8gAAG6o9tA (envelope-from ) for ; Thu, 11 Aug 2022 16:27:08 +0200 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id AD4852F674 for ; Thu, 11 Aug 2022 16:27:06 +0200 (CEST) Received: from localhost ([::1]:47658 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1oM99N-0005gE-C2 for larch@yhetil.org; Thu, 11 Aug 2022 10:27:05 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:58206) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1oM98p-0005Gw-9b for guix-devel@gnu.org; Thu, 11 Aug 2022 10:26:31 -0400 Received: from relay2-d.mail.gandi.net ([2001:4b98:dc4:8::222]:46933) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1oM98f-0006W6-6s; Thu, 11 Aug 2022 10:26:31 -0400 Received: (Authenticated sender: andrew@trop.in) by mail.gandi.net (Postfix) with ESMTPSA id 7A60440006; Thu, 11 Aug 2022 14:26:14 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=trop.in; s=gm1; t=1660227975; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type; bh=xuZPrkjxoYD/cuw1PueJAS9766CMTDlYy4v/LY2KJuk=; b=D6aWcFDhvPMBgTZwVwjg9EtEs4l6eJDG97YPuAfWTy/23FKOgN5B/LMNjp9c8DmcGbNx7u vR7E5g5Y3daehHcA/t8hu9X8gvcK+cM7rciD2LruHA4EleVgZlbCiVD3u88P/Ta2vH2aGm CRidV8ShXMMbUudYvf0snIFEERWvuXzMTFAa7uCmwALDcNzKnOkuG3RI7EEV8jymSJ8UJU vyKsmmQ+j7gcf6auWPvRNSsv0hi6xn7xNB+/u0HFEGHlL8jRh05tDTAn9GRabcO7Ao5r0X ry9jouiGzlsy8gxan6W+OouY9Is9LOsswsHzoSTyoJLYPdUZndR3bBxrjsdZPQ== From: Andrew Tropin To: guix-devel@gnu.org Cc: Tobias Geerinckx-Rice , Efraim Flashner , Ludovic =?utf-8?Q?Court=C3=A8s?= Subject: [POSTMORTEM] Subkey is not authorized by .guix-authorizations Date: Thu, 11 Aug 2022 17:26:10 +0300 Message-ID: <87tu6idfgd.fsf@trop.in> MIME-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha512; protocol="application/pgp-signature" Received-SPF: pass client-ip=2001:4b98:dc4:8::222; envelope-from=andrew@trop.in; helo=relay2-d.mail.gandi.net X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: guix-devel@gnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "Development of GNU Guix and the GNU System distribution." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-devel-bounces+larch=yhetil.org@gnu.org Sender: "Guix-devel" X-Migadu-Flow: FLOW_IN X-Migadu-To: larch@yhetil.org X-Migadu-Country: US ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org; s=key1; t=1660228026; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:list-id:list-help:list-unsubscribe: list-subscribe:list-post:dkim-signature; bh=xuZPrkjxoYD/cuw1PueJAS9766CMTDlYy4v/LY2KJuk=; b=tuIpJN3lwDw/WdGh8F14JPbOC6KJjPY17fcVT/ga5amJEPE8HEB/37/EcscgDBrEUJklUq 9zQs/BCthI6H390ZzlxwE5/Q+ShkaIHKc8nXbm9WWGXxHxAaEdTTpv9pgfLuEjf0i+aHZ7 65i7mtv1pokk2XxnK5QDJYmKAX7nJ6pRpRg0IaIhdvgkRe3NreQKd3J71L6oqeUKjpUM4G AeKona1dXcRsTSwm7mZfJKhzbunuGgYykc0yKjyS60Win0atqAAWTEKZ45ICKtiPVlF6P0 TfMHtDux09HFBMNgEzlFpIwtczZr1toNKptw/3VfC4G61kNzwVTLslT8tWrIIg== ARC-Seal: i=1; s=key1; d=yhetil.org; t=1660228026; a=rsa-sha256; cv=none; b=Ze2p8Zbq6Ke8LN0UaSbwB3bL5j2q7cqX17Xog640SZOaajQIzuniDkHtc1N2EtPGWEfZME aLpOOYLtHGaHTd6kiDTBLunAu+KdK8/oITTRdXVOPq2oBlm6Yq2rdiyC3A6LNLfzPbUPax OzKRpkSY/pjr/uUzTr9IdT9SvmCQ5+2k1NS2zAbxCig4xyfWuOurBQ2XU+Tqe4nPs+wEDP hRsRBkJqRH1/eBTQ/NFXk+vwwaysjPpoweRYWyuPYfSkyHeUvOj4+nqp7X+VLZtxnEScoJ gur/Xi8+RBuRMPmAxs5TVbs0VhLaFBnYIMfSJruUEQ4Aib25HvX22S/BotC+og== ARC-Authentication-Results: i=1; aspmx1.migadu.com; dkim=pass header.d=trop.in header.s=gm1 header.b=D6aWcFDh; dmarc=none; spf=pass (aspmx1.migadu.com: domain of "guix-devel-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-devel-bounces+larch=yhetil.org@gnu.org" X-Migadu-Spam-Score: -5.95 Authentication-Results: aspmx1.migadu.com; dkim=pass header.d=trop.in header.s=gm1 header.b=D6aWcFDh; dmarc=none; spf=pass (aspmx1.migadu.com: domain of "guix-devel-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-devel-bounces+larch=yhetil.org@gnu.org" X-Migadu-Queue-Id: AD4852F674 X-Spam-Score: -5.95 X-Migadu-Scanner: scn0.migadu.com X-TUID: 8f2iucOHsW+C --=-=-= Content-Type: text/plain Content-Transfer-Encoding: quoted-printable * Summary On 2022-08-06 the commit 3946540[fn:1] was pushed and lead to failing guix pull: =2D-8<---------------cut here---------------start------------->8--- guix pull: error: commit 39465409f0481f27d252ce25d2b02d3f5cbc6723 not signed by an authorized key: 2841 9AC6 5038 7440 C7E9 2FFA 2208 D209 58C1 DEB0 =2D-8<---------------cut here---------------end--------------->8--- It was discovered and reported to IRC almost immediately by a few people. The commit itself was signed and benign[fn:2], but it was signed w= ith subkey. While primary key was added to .guix-authorizations, guix pull still rejected commit signed with subkey. From=20the point commit pushed there is no easy way to recover guix pull. nckx contacted savannah admins and a few hours later master branch was reset to the state before 3946540 was pushed. * Impact =2D guix pull of latest commit from master branch couldn't be done for a few hours, the possible problem of such DoS is known[fn:3]. * What could be done better? =2D guix pull could be done from local checkout, before pushing. =2D First commit by a fresh commiter could be pushed on a weekday, after checking if maintainers and admins are present. * What to do after? =2D Accept subkey on guix pull if master key is in .guix-authorizations. =2D Add tip to Commit Access section about pull from local checkout. =2D Add pre-push hook, which checks authorization on Savannah. * Footnotes [fn:1] https://git.savannah.gnu.org/cgit/guix.git/commit/?id=3D39465409f048= 1f27d252ce25d2b02d3f5cbc6723 [fn:2] https://lists.gnu.org/archive/html/help-guix/2022-08/msg00073.html [fn:3] https://lists.gnu.org/archive/html/guix-devel/2021-03/msg00156.html =2D-=20 Best regards, Andrew Tropin --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEKEGaxlA4dEDH6S/6IgjSCVjB3rAFAmL1EYIACgkQIgjSCVjB 3rDP5w//ehV5cUsUODv03dF1DPOVs/OD/ft+vCayyxFaNU3kHm+Q+gQ6QRJBR2Z2 okpvJf4U5eyfXHDppqdX97ClI6K4U7rh+MGYS4sNBhUHh+LS0fGQu4G5mEf9mnBN LBOQdoXFkF8U7Ss3j0NTk9DAYzxbDTyPo7zyzJrntZ3REleQHjDOMzS0TohKe0sy 9UGIbh+47h/uZHWyCTpgPXvQ5jZEof/CcOKSEbJp/qEyuUixwAEpJ23BkxvUDXGL KpY29pZ6MEEmP6h+peXAPxqN/WYnRIOvqg4SYkF+5asTBgxCI2kcgZhkP3TErZhC GdO4XGWKrKeC/Ew/FzWl/2Yz6uW/pEtnxUJXtRjjCIwm5proQZho8XgZVIU+ncvp eLmMo7YHtLo0HEuHTp5T6SDrPj44S/cu2OWInnoBss0xrd1rXeff4MB9pFWWY8// M5dv7uVvZm2dcSlBPAS5GzUQy8lvSPN3EUfk2m93QihZgK75HoiuX+5vB3/ZDseU l12eaCyC82N7A3oG7ZgDLETlurrm8Rme6HRztEPLNDhCDws6JORMihTvYRlQzQsK muwFTqgHyWqDkB6F6vyasDqmOeYhfzqNXeo9BX7bQ9GVZULebur2qKI76/X105q6 o3Z71PffWOn+AyHrZOT6/9KyOiHD8M6kZhOgb4T78evz+Mq/ZSI= =+0+f -----END PGP SIGNATURE----- --=-=-=--