I try to follow the tutorial on guix blog (https://guix.gnu.org/en/blog/2024/authenticate-your-git-checkouts/) to authenticate my commit for a personal channel. I have some feedback to do, and possible missing info. for padawan like me.

A / There are no information for pushing keyring branch to origin repo. Commit for keyring come before Introductory commit so pushing keyring to <yourforge> repository failed. Talking with ludovic, the tutorial doesn't say that pre-push hook need to be desactivated to push on <yourforge> repository.

B / I follow the tutorial on an existing channel repo, two times, because i made some errors that imply : a reset --hard of the repo, the delete of the keyring branch, removing the authenticate line in git/config, removing the post-merge and pre-push hook. But, now my repository is probably in a strange state and guix git authenticate failed even if the commit is a correct descendant of the introductory commit. More info after :

An example with one commit after Introductory Commit (fcf50534c7fec17e689597cfaaec9f4cedb397de) :

---

commit 2eddf958be68a5a4df7fd43feb604707472f89a4 (HEAD -> master, origin/master)

gpg: Signature faite le mar. 19 nov. 2024 23:05:17 CET

gpg: avec la clef RSA 41D051592D59A9C07AB4DF25DC55CB6B7043416E

gpg: Bonne signature de « xxx <xxx> » [ultime]

Author: xxx <xxx>

Date: Tue Nov 19 23:05:17 2024 +0100

add README

commit fcf50534c7fec17e689597cfaaec9f4cedb397de

gpg: Signature faite le mar. 19 nov. 2024 22:55:40 CET

gpg: avec la clef RSA 41D051592D59A9C07AB4DF25DC55CB6B7043416E

gpg: Bonne signature de « xxx <> » [ultime]

Author: xxx <>

Date: Tue Nov 19 22:55:40 2024 +0100

Introductory commit.

In my .git/config i have :

[core]

repositoryformatversion = 0

filemode = true

bare = false

logallrefupdates = true

[remote "origin"]

url = git@codeberg.org:reycoseb/extra-guix-channel.git

fetch = +refs/heads/*:refs/remotes/origin/*

[branch "master"]

remote = origin

merge = refs/heads/master

[guix "authentication"]

introduction-commit = fcf50534c7fec17e689597cfaaec9f4cedb397de

introduction-signer = 41D051592D59A9C07AB4DF25DC55CB6B7043416E

keyring = keyring

[branch "keyring"]

remote = origin

merge = refs/heads/keyring

I use a Yubikey with a specific subkey used to sign :

Signature key ....: 41D0 5159 2D59 A9C0 7AB4 DF25 DC55 CB6B 7043 416E

created ....: 2020-09-01 12:13:40

Encryption key....: 04E1 4065 2E41 C847 4D7F B0EE D788 9EAF B20E C927

created ....: 2020-09-01 12:14:39

Authentication key: D57E C3C4 1288 E30D 17C1 290B 1DB9 AAD6 04D0 60C0

created ....: 2020-09-01 12:15:08

My .guix authorization file :

(authorizations

(version 0) ;current file format version

(("41D0 5159 2D59 A9C0 7AB4 DF25 DC55 CB6B 7043 416E"

(name "xxx"))))

When i run guix git authenticate in my master branch, with yubikey activated, i have

Authentification des commits fcf5053 à 2eddf95 (1 nouveaux commits)...

guix git: erreur : commit 2eddf958be68a5a4df7fd43feb604707472f89a4 not signed by an authorized key: 41D0 5159 2D59 A9C0 7AB4 DF25 DC55 CB6B 7043 416E

Strange ? Also, the git push command say the same thing. If you have

I use guix 4c56d0c

URL du dépôt : https://git.savannah.gnu.org/git/guix.git

branche : master

commit : 4c56d0cccdc44e12484b26332715f54768738c5f