On Sun, Sep 26, 2021 at 12:19:29PM +0200, Attila Lendvai wrote:
> * guix/git-authenticate.scm (authenticate-commit): Reword and extend the error
> message to point to the relevant part of the manual.
> (authenticate-repository): Explicitly authenticate the channel introduction
> commit, so that it's also rejected unless it is signed by an authorized
> key. Otherwise only the second commit would yield an error, which
> is confusing.
> ---
> 
> here's how i tested this:
> 
> i set up pulling from a local checkout of guix.
> in that branch i created a signed dummy commit, and added it as a channel
> introduction, replacing guix in my /etc/guix/channels.scm. then tried to
> guix pull, which worked.
> 
> then i added another dummy commit, which resulted in an error when pulling.
> 
> then i reset the branch back to only contain the first commit, and added
> this code that then resulted in an error even with a single commit.
> 
> i have encountered it while i was trying to set up my local checkout to
> test my patches on my live guix, and i was utterly confused why my commit
> was rejected as unauthenticated (i misunderstood how git-authenticate
> works).

Thanks for your report.

I've marked the severity as "grave", which in Debbugs parlance means
"makes the package in question unusable or mostly so, or causes data
loss, or introduces a security hole allowing access to the accounts of
users who use the package."

https://debbugs.gnu.org/Developer.html#severities

I'm not sure if that's justified or not but this patch should be
prioritized.