From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp1.migadu.com ([2001:41d0:303:e16b::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms13.migadu.com with LMTPS id eM9xFPo2dWc7ugAA62LTzQ:P1 (envelope-from ) for ; Wed, 01 Jan 2025 12:37:14 +0000 Received: from aspmx1.migadu.com ([2001:41d0:303:e16b::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp1.migadu.com with LMTPS id eM9xFPo2dWc7ugAA62LTzQ (envelope-from ) for ; Wed, 01 Jan 2025 13:37:14 +0100 X-Envelope-To: larch@yhetil.org Authentication-Results: aspmx1.migadu.com; dkim=pass header.d=marekpasnikowski.pl header.s=dkim header.b="BZ/f+hnQ"; spf=pass (aspmx1.migadu.com: domain of "help-guix-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="help-guix-bounces+larch=yhetil.org@gnu.org"; dmarc=pass (policy=reject) header.from=marekpasnikowski.pl ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org; s=key1; t=1735735034; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:list-id:list-help: list-unsubscribe:list-subscribe:list-post:dkim-signature; bh=9UcfIwJnlNyDhKfw/ulp0PqMEpKU67xkuRDoU3Faa5s=; b=KxVPqlH19Vucmr5nCYZHaKcPg5Tim2DO/2PkgsHknfYqzbDAHU90MhwELhiYKdDqe7c7sp rkrdLSqmbjQZaK3OxOhCt9j9wl8U0hwtFJavbZUX6f+7sWcQ0vYHSMUocnokG9bpBJ1ak9 Hxwr+LajlJG21U0YigBoywFWu6toOJ4piRKOOPJJCvNisQDTAsoc6wE93B4Y/SVajgGEmG S+3VkcQbZKS6jWJFEW5X5wb9XFaQSj6aZlXwuZKNeduYqoUpL2f0QCdvAmntcmQJNDiDXA xW0IasyvbNE5u8fO43Bs93ppF4ZhqfmxkVHPraOaXkgVWIEToJGL4h98p8D/ZQ== ARC-Authentication-Results: i=1; aspmx1.migadu.com; dkim=pass header.d=marekpasnikowski.pl header.s=dkim header.b="BZ/f+hnQ"; spf=pass (aspmx1.migadu.com: domain of "help-guix-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="help-guix-bounces+larch=yhetil.org@gnu.org"; dmarc=pass (policy=reject) header.from=marekpasnikowski.pl ARC-Seal: i=1; s=key1; d=yhetil.org; t=1735735034; a=rsa-sha256; cv=none; b=mYPeo0xNlIUzSvx41W3LkPR2by3jRApo/SIOpwk0k2IkUdCHJKSmEySJISAunRHdzBs5JZ UgYqn82hXcGw0WttAFoVegY6N4QIUnsEtWOb0mMCFtrgVq9Ilxu7YLQeSjEd9tBAkoKFe/ s9kEWHla16CvL5wN37xlKFRShRrbtob6k140FAAyOO4f+tjyaozKmuj7+pSBrPbOJLFQf1 fAzKrb4x1cRsiHwfihMyzeQiUuPqxedsRmAIibW6IdpOeZ6NuZdtQ9oDgJ87sw0gfaIHDN uAXOIF2IjuG4qxnZufcmLmO6d4zfc/xlA4vA1u25h5xOKgksin1e+K1Dkz7vuQ== Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id 1977D5696D for ; Wed, 01 Jan 2025 13:37:14 +0100 (CET) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1tSxRq-0001B3-Hw; Wed, 01 Jan 2025 07:03:38 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1tSxRo-0001Am-Cv for help-guix@gnu.org; Wed, 01 Jan 2025 07:03:36 -0500 Received: from [81.190.248.246] (helo=marekpasnikowski.pl) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1tSxRm-0004XY-Dc for help-guix@gnu.org; Wed, 01 Jan 2025 07:03:36 -0500 Received: from localhost (localhost.local [127.0.0.1]) by localhost (OpenSMTPD) with ESMTP id e6d7232c; Wed, 1 Jan 2025 12:03:26 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed; d=marekpasnikowski.pl; h= from:to:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding:content-type; s=dkim; bh=TfZENfA9rmadmSko2AEVH1W0sZf0oat2g2u2UE8feFk=; b=BZ/f+hnQcpwj s1ChElNdru9JFBqCcTH+EeVIj0t3sB4OW5gXXdnS9APkvtiO5rheoJcKKu3ex2fU F77KDardFkWGG9gynyWq6LnUEnIV86SDB3BgBojOcpZLAt5cxp2Hrmjzr7hzcBW5 CB7rkw8krmPNBVx8kviaDPVjZhU+QFeXL9sUVgynOo+XAD+3JKivkvqFBJ2TGbXZ bbjbARgruPIdvx2+gdjUfj0PKjFQ5RExDRm+5xK8EUv/z3cS+T7aBaOItjhPP5/g 13rQgO7TrKMuEvWihZ9pQilqoxM+gl3l4Sqs44IhwiQY3JKLttZUYe7WrV1WFfDD +x+Dk/mS1Q== Received: by localhost (OpenSMTPD) with ESMTPSA id 95b7eb98 (TLSv1.3:TLS_AES_256_GCM_SHA384:256:NO); Wed, 1 Jan 2025 12:03:24 +0000 (UTC) From: Marek =?utf-8?B?UGHFm25pa293c2tp?= To: Marcel van der Boom , help-guix@gnu.org, Cayetano Santos Subject: Re: Authenticate a channel Date: Wed, 01 Jan 2025 13:03:23 +0100 Message-ID: <4633822.LvFx2qVVIh@aisaka> In-Reply-To: <875xn1nglo.fsf@inventati.org> References: <4bf83a0c-cff8-427e-97c0-9ae65febd426@korwin-zmijowski.fr> <6f5ae1ff-a5fa-4c82-9cd2-54d38daa4c0b@hsdev.com> <875xn1nglo.fsf@inventati.org> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" X-Host-Lookup-Failed: Reverse DNS lookup failed for 81.190.248.246 (failed) Received-SPF: pass client-ip=81.190.248.246; envelope-from=marek@marekpasnikowski.pl; helo=marekpasnikowski.pl X-Spam_score_int: 12 X-Spam_score: 1.2 X-Spam_bar: + X-Spam_report: (1.2 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_VALIDITY_CERTIFIED_BLOCKED=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, RDNS_NONE=0.793, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, URIBL_DBL_SPAM=2.5 autolearn=no autolearn_force=no X-Spam_action: no action X-BeenThere: help-guix@gnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: help-guix-bounces+larch=yhetil.org@gnu.org Sender: help-guix-bounces+larch=yhetil.org@gnu.org X-Migadu-Country: US X-Migadu-Flow: FLOW_IN X-Migadu-Queue-Id: 1977D5696D X-Migadu-Scanner: mx13.migadu.com X-Migadu-Spam-Score: -0.89 X-Spam-Score: -0.89 X-TUID: RInRgyrw/lQg > >dim. 29 d=C3=A9c. 2024 at 14:04, Marcel van der Boom = wrote: > > I have issues with this too. On every git pull and guix pull I get > > messages that my key is missing, although I did add it locally to the > > keyring branch. > >=20 > > Is there a procedure documented somewhere on how to make sure the > > signature is present and correct? It feels like I am just missing > > something small here. >=20 > Most up to date documentation is here, >=20 > https://guix.gnu.org/manual/devel/en/html_node/Specifying-Channel-Authori= zat > ions.html > > Some unknowns for me: > > - are subkeys supported? anything special needed? > > - it seems there is a file-naming convention on the keyring branch for = the > > keys? - do i need to pull the keyring in manually over time of does the > > machinery take care of>=20 > > this? >=20 > Have you checked with other public channels ? >=20 > -- > Cayetano Santos > GnuPG Key: https://meta.sr.ht/~csantosb.pgp > FingerPrint: CCB8 1842 F9D7 058E CD67 377A BF5C DF4D F6BF 6682 I looked at Jeko=E2=80=99s channel and noticed one discrepancy from my work= ing setup. The key file has a wrong name extension. =46rom documentation: Additionally, your channel must provide all the OpenPGP keys that were ever= =20 mentioned in .guix-authorizations, stored as .key files, which can be eithe= r=20 binary or =E2=80=9CASCII-armored=E2=80=9D. In Jeko=E2=80=99s case, the key is stored in a jeko-A2E0F15D.asc file, whic= h breaks=20 the documented assumption. My key is named marekpasnikowski.key , for=20 reference. Hopefully, the name problem is the only problem here. I also share the opinion that the documentation is written in a confusing=20 style, especially for novices.