From: "Ludovic Courtès" <ludo@gnu.org>
To: 41767@debbugs.gnu.org
Cc: "Ludovic Courtès" <ludo@gnu.org>, 22883@debbugs.gnu.org
Subject: [bug#41767] [PATCH 0/9] Authenticate channels
Date: Mon, 8 Jun 2020 23:52:24 +0200 [thread overview]
Message-ID: <20200608215224.2672-1-ludo@gnu.org> (raw)
Hi Guix!
This patch series does it! It integrates checkout authentication
with (guix channels). Now, ‘guix pull’, ‘guix time-machine’ etc.
automatically authenticate the commits they fetch and raise an
error if they find an unsigned commit or a commit signed by an
unauthorized party¹.
Channel introductions² are implemented but not exposed. Thus,
third-party channels cannot use the authentication mechanism yet.
Conversely, the ‘guix’ channel is authenticated by default.
Any commit in the closure of the introduction’s first commit
is considered authentic (for instance, the commit pointed to
by ‘v0.5’ is considered authentic, even though it’s not even
signed.) Conversely, any commit that does _not_ contain the
introduction’s first commit in its closure is considered
inauthentic.
The patch marked “DROP?” implements “prehistorical authorizations”,
i.e., authorizations for when ‘.guix-authorizations’ didn’t exist
(“make authenticate” does that as well).
Without that patch, we take 87a40d7203a813921b3ef0805c2b46c0026d6c31
(May 5th) as the introduction’s first commit.
In concrete terms, what the patch marked as “DROP?” would buy
us is the ability to merge branches created between ‘v1.0.0’ and
87a40…. I think it’s not that useful, so I’m willing to drop it.
(We can always take it later if we want to.)
There’s a ‘--disable-authentication’ escape hatch for ‘guix pull’,
but not for ‘guix time-machine’ (we’d need to make sure we don’t
cache an inferior that was not authenticated.)
I would much welcome feedback! I’m happy to answer questions if
anything’s unclear. Don’t hesitate, because after that it’ll be
harder to change!
Ludo’.
¹ https://issues.guix.gnu.org/issue/22883#64
² https://issues.guix.gnu.org/issue/22883#69
Ludovic Courtès (9):
git-authenticate: Cache takes a key parameter.
git-authenticate: 'authenticate-commits' takes a #:keyring parameter.
tests: Move OpenPGP helpers to (guix tests gnupg).
channels: 'latest-channel-instance' authenticates Git checkouts.
channels: Make 'validate-pull' call right after clone/pull.
.guix-channel: Add 'keyring-reference'.
channels: Automatically add introduction for the official 'guix'
channel.
pull: Add '--disable-authentication'.
DROP? channels: Add prehistorical authorizations to
<channel-introduction>.
.dir-locals.el | 1 +
.guix-channel | 3 +-
build-aux/git-authenticate.scm | 246 +------------------
doc/guix.texi | 20 +-
guix/channels.scm | 437 +++++++++++++++++++++++++++++++--
guix/git-authenticate.scm | 32 +--
guix/scripts/pull.scm | 24 +-
guix/tests/gnupg.scm | 32 ++-
tests/channels.scm | 128 +++++++++-
tests/git-authenticate.scm | 25 --
10 files changed, 634 insertions(+), 314 deletions(-)
--
2.26.2
next reply other threads:[~2020-06-08 21:53 UTC|newest]
Thread overview: 23+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-06-08 21:52 Ludovic Courtès [this message]
2020-06-08 22:02 ` [bug#41767] [PATCH 1/9] git-authenticate: Cache takes a key parameter Ludovic Courtès
2020-06-08 22:02 ` [bug#41767] [PATCH 2/9] git-authenticate: 'authenticate-commits' takes a #:keyring parameter Ludovic Courtès
2020-06-08 22:02 ` [bug#41767] [PATCH 3/9] tests: Move OpenPGP helpers to (guix tests gnupg) Ludovic Courtès
2020-06-08 22:02 ` [bug#41767] [PATCH 4/9] channels: 'latest-channel-instance' authenticates Git checkouts Ludovic Courtès
2020-06-09 17:49 ` Maxim Cournoyer
2020-06-11 9:24 ` Ludovic Courtès
2020-06-11 13:15 ` Maxim Cournoyer
2020-06-08 22:02 ` [bug#41767] [PATCH 5/9] channels: Make 'validate-pull' call right after clone/pull Ludovic Courtès
2020-06-08 22:02 ` [bug#41767] [PATCH 6/9] .guix-channel: Add 'keyring-reference' Ludovic Courtès
2020-06-08 22:02 ` [bug#41767] [PATCH 7/9] channels: Automatically add introduction for the official 'guix' channel Ludovic Courtès
2020-06-08 22:02 ` [bug#41767] [PATCH 8/9] pull: Add '--disable-authentication' Ludovic Courtès
2020-06-08 22:02 ` [bug#41767] [PATCH 9/9] DROP? channels: Add prehistorical authorizations to <channel-introduction> Ludovic Courtès
2020-06-09 18:35 ` Maxim Cournoyer
2020-06-10 13:21 ` Ludovic Courtès
2020-06-09 7:15 ` [bug#41767] [PATCH 0/9] Authenticate channels Ludovic Courtès
2020-06-09 10:52 ` zimoun
2020-06-09 14:16 ` Ludovic Courtès
2020-06-13 11:42 ` zimoun
2020-06-14 13:51 ` Ludovic Courtès
2020-06-13 9:46 ` Ludovic Courtès
2020-06-16 14:22 ` bug#41767: " Ludovic Courtès
2020-06-16 14:34 ` bug#22883: [bug#41767] " Ludovic Courtès
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200608215224.2672-1-ludo@gnu.org \
--to=ludo@gnu.org \
--cc=22883@debbugs.gnu.org \
--cc=41767@debbugs.gnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this external index
https://git.savannah.gnu.org/cgit/guix.git
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.