From: Tobias Geerinckx-Rice <me@tobias.gr>
To: help-guix@gnu.org
Subject: guix pull: error: commit 3946540 not signed by an authorized key: 2841 9AC6 5038 7440 C7E9 2FFA 2208 D209 58C1 DEB0
Date: Sat, 06 Aug 2022 20:48:09 +0200 [thread overview]
Message-ID: <20d423407ef7793bfdde3d86ed705e57@tobias.gr> (raw)
Hi all,
If you try to guix pull now, this is what you'll see:
guix pull: error: commit 39465409f0481f27d252ce25d2b02d3f5cbc6723
not signed by an authorized key:
2841 9AC6 5038 7440 C7E9 2FFA 2208 D209 58C1 DEB0
There is and was no security risk.
This is Guix working as intended in the presence of a commit pushed
earlier today. The failing commit[0] is benign, and the committer did
nothing wrong.
The commit is signed by a subkey of the main key that Guix expects, and
it does not deal well with that fact. This is something we'll have to
discuss and probably fix, both in Guix and in the git push hook on
Savannah[1].
I'm currently waiting to hear from the Savannah admins, who are the only
ones who can roll back master for us. I'm not aware of any way we could
do this ourselves. I'll follow up when it's done.
Until then, you can:
1. Not pull. If your Guix was relatively recent, you're not missing
much if anything.
2. If you must have the very latest (valid) commit, you can run:
guix pull --commit=ad878a2c5e5313c534ccf2546cb8c978e5295ae1
which will validate just fine.
3. I do NOT recommend disabling authentication. There is simply no
benefit to that.
TTYL,
T G-R
[0]:
https://git.savannah.gnu.org/cgit/guix.git/commit/?id=39465409f0481f27d252ce25d2b02d3f5cbc6723
[1]: Which has been deficient for years, which I've known about, and did
nothing about.
Sent from a Web browser. Excuse or enjoy my brevity.
next reply other threads:[~2022-08-06 18:48 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-08-06 18:48 Tobias Geerinckx-Rice [this message]
2022-08-06 19:32 ` guix pull: error: commit 3946540 not signed by an authorized key: 2841 9AC6 5038 7440 C7E9 2FFA 2208 D209 58C1 DEB0 Tobias Geerinckx-Rice
2022-08-06 20:43 ` Vagrant Cascadian
2022-08-06 21:06 ` Tobias Geerinckx-Rice
2022-08-06 21:09 ` Tobias Geerinckx-Rice
2022-08-09 20:56 ` Renaming ‘master’ to ‘main’ Ludovic Courtès
2022-08-09 22:01 ` Felix Lechner
2022-08-09 23:05 ` Felix Lechner via
2022-08-10 6:28 ` blake
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20d423407ef7793bfdde3d86ed705e57@tobias.gr \
--to=me@tobias.gr \
--cc=help-guix@gnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this external index
https://git.savannah.gnu.org/cgit/guix.git
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.