From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp11.migadu.com ([2001:41d0:2:bcc0::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms5.migadu.com with LMTPS id 2EGqDpG37mIIOwEAbAwnHQ (envelope-from ) for ; Sat, 06 Aug 2022 20:48:49 +0200 Received: from aspmx1.migadu.com ([2001:41d0:2:bcc0::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp11.migadu.com with LMTPS id 6Ca1DpG37mKn1AAA9RJhRA (envelope-from ) for ; Sat, 06 Aug 2022 20:48:49 +0200 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id BCD44382D5 for ; Sat, 6 Aug 2022 20:48:48 +0200 (CEST) Received: from localhost ([::1]:53786 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1oKOqu-00077B-0d for larch@yhetil.org; Sat, 06 Aug 2022 14:48:48 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:54206) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1oKOqR-00076o-V4 for help-guix@gnu.org; Sat, 06 Aug 2022 14:48:19 -0400 Received: from tobias.gr ([2a02:c205:2020:6054::1]:54262) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1oKOqN-00038N-1N for help-guix@gnu.org; Sat, 06 Aug 2022 14:48:19 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; s=2018; bh=LmAO8vZj+VDO0 18Y4EePNIpJgCPHGmOuwnNc83DDmjQ=; h=subject:to:from:date; d=tobias.gr; b=A9PO8DmPLoMYnN+NnbPwZmUTWp6Iu4n9oWF1y0g08xelAPMsaz9i/GV+fmmiMxCSPdFW 0+zWxc7zNurpFD7Mmdt2oGuqoNFdLaS5LlXiawRvJJZ/9Zkvypx7onbQffRBD77fi88YtS rn8EAJ9XyLiEDAjFd63gNpgLjU8C2iq1mHa6SFVe0X8/ZfBm3Fw5K+iv0QLykdoSFznMSt 5M+/8sdDvgG4EO1ErhCO1wtd3cfockDSllwdoUY2AnUweyUrd0NKnrMS7jALGKtpd+5Dqx mJbRid7QKFFqF45w8xKZcz0uB1Qszi7UhPWOFlK3CR0xAWqYpex/2UiX2Bc6rjOA== Received: by submission.tobias.gr (OpenSMTPD) with ESMTP id edc9868d for ; Sat, 6 Aug 2022 18:48:09 +0000 (UTC) MIME-Version: 1.0 Date: Sat, 06 Aug 2022 20:48:09 +0200 From: Tobias Geerinckx-Rice To: help-guix@gnu.org Subject: guix pull: error: commit 3946540 not signed by an authorized key: 2841 9AC6 5038 7440 C7E9 2FFA 2208 D209 58C1 DEB0 Message-ID: <20d423407ef7793bfdde3d86ed705e57@tobias.gr> Content-Type: text/plain; charset=US-ASCII; format=flowed Content-Transfer-Encoding: 7bit Received-SPF: pass client-ip=2a02:c205:2020:6054::1; envelope-from=me@tobias.gr; helo=tobias.gr X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: help-guix@gnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: help-guix-bounces+larch=yhetil.org@gnu.org Sender: "Help-Guix" X-Migadu-Flow: FLOW_IN X-Migadu-To: larch@yhetil.org X-Migadu-Country: US ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org; s=key1; t=1659811728; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding:list-id:list-help: list-unsubscribe:list-subscribe:list-post:dkim-signature; bh=LmAO8vZj+VDO018Y4EePNIpJgCPHGmOuwnNc83DDmjQ=; b=oBxtAI7h1+ZKwVPQluGgbkP/egx/EqTfXJoH/gNH/Ig16RDGYAu/piQF6EyqSDD6LH2wtj gOak3wvWNNhTfvAM8qWGz4ZPcEAlk3rgA3Ezk/km/TE6qpeDSCM4x+EWqf0YdOjjETOrRO IvPMItwHYxQrUOUtziJfbTUKcLlDqrcU3B0gsUlyIfaIm0jY0d7dxoZNLhmcIM5DaOAw8O KVzYUqh/Luv2Jd06vyMHBBOOpYnhAAQxqxaiEKpOBJR2sMGtMhEUd/WkTt87YLIMnIlBPp MLIwWWEcZe9ZuSq2YgO8EWrTz6cofdlSJX8tqtKQtWy2oRBNBGoAj5Xr4+qy3w== ARC-Seal: i=1; s=key1; d=yhetil.org; t=1659811728; a=rsa-sha256; cv=none; b=Sccr9NJg6NkVQYKWFnl32QYIdbSqNoOwVAvojkvsFvL/27C2hVXyRm44Z7Q4JdmKByW/+D 7kQe9J4fO48MKpkh6e9T91K/Z7zHBIJhH5pdESQyKDbntiC4trz9cmVU8hUbNMS/I760g8 HvaMDXidwzVN724NPOJHHVnrvhX5Ku+LB4jFoGyD6D9WtFQE3uda+PYg9yfUAf4h7bsZZ+ 9L3bJN+wO/NGJ3a4nahtO/Cow6uZzS8IUoyCSwKDrDVxJKPG0YUAQswWEVG+tFNoPmDQlU vbJDkB4sdw4tnZK82UTHeyQZu7+O3g7Au6nhRsGC9KoKfkoej57rhITpkEVr1w== ARC-Authentication-Results: i=1; aspmx1.migadu.com; dkim=pass header.d=tobias.gr header.s=2018 header.b=A9PO8DmP; dmarc=pass (policy=reject) header.from=tobias.gr; spf=pass (aspmx1.migadu.com: domain of "help-guix-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="help-guix-bounces+larch=yhetil.org@gnu.org" X-Migadu-Spam-Score: -3.90 Authentication-Results: aspmx1.migadu.com; dkim=pass header.d=tobias.gr header.s=2018 header.b=A9PO8DmP; dmarc=pass (policy=reject) header.from=tobias.gr; spf=pass (aspmx1.migadu.com: domain of "help-guix-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="help-guix-bounces+larch=yhetil.org@gnu.org" X-Migadu-Queue-Id: BCD44382D5 X-Spam-Score: -3.90 X-Migadu-Scanner: scn1.migadu.com X-TUID: PR9ofIxYAlQ1 Hi all, If you try to guix pull now, this is what you'll see: guix pull: error: commit 39465409f0481f27d252ce25d2b02d3f5cbc6723 not signed by an authorized key: 2841 9AC6 5038 7440 C7E9 2FFA 2208 D209 58C1 DEB0 There is and was no security risk. This is Guix working as intended in the presence of a commit pushed earlier today. The failing commit[0] is benign, and the committer did nothing wrong. The commit is signed by a subkey of the main key that Guix expects, and it does not deal well with that fact. This is something we'll have to discuss and probably fix, both in Guix and in the git push hook on Savannah[1]. I'm currently waiting to hear from the Savannah admins, who are the only ones who can roll back master for us. I'm not aware of any way we could do this ourselves. I'll follow up when it's done. Until then, you can: 1. Not pull. If your Guix was relatively recent, you're not missing much if anything. 2. If you must have the very latest (valid) commit, you can run: guix pull --commit=ad878a2c5e5313c534ccf2546cb8c978e5295ae1 which will validate just fine. 3. I do NOT recommend disabling authentication. There is simply no benefit to that. TTYL, T G-R [0]: https://git.savannah.gnu.org/cgit/guix.git/commit/?id=39465409f0481f27d252ce25d2b02d3f5cbc6723 [1]: Which has been deficient for years, which I've known about, and did nothing about. Sent from a Web browser. Excuse or enjoy my brevity.