From: elaexuotee@wilsonb.com
To: "Ludovic Courtès" <ludo@gnu.org>
Cc: Markku Korkeala <markku.korkeala@iki.fi>, guix-devel@gnu.org
Subject: Re: Losing signing keys for custom Guix channel
Date: Fri, 29 Mar 2024 12:42:57 +0900 [thread overview]
Message-ID: <2ECJ523SGTEV4.2UB8BK9J3U8GN@wilsonb.com> (raw)
In-Reply-To: <87il16j7my.fsf@gnu.org>
> > from reading about guix authentication I think the new signing key
> > must be first added to the .guix-authoriations file and that commit
> > must signed with the current signing keys before the new signing
> > key can be used.
>
> Yes, it’s likely the problem; the rest of the description you gave
> elaexuotee looks fine to me.
>
> (No need to rewrite the history; changing the introduction is enough.)
>
> Ludo’.
Well, the catch 22 is that I've lost the original key and so can only sign
.guix-authorizations with the new one.
> (No need to rewrite the history; changing the introduction is enough.)
Without the old key, I'm gathering that a history rewrite is the only way right
now. Seems like a fresh channel introduction should be enough, but our current
authorization check appears to look at earlier commits even in that case, IIUC.
Maybe forcing history rewrites on key loss is the desired behavior? I'm not
sure. From a client perspective, the only difference is whether or not you have
to specify --allow-downgrades on the next pull. In either case a channel intro
update is necessary.
next prev parent reply other threads:[~2024-03-29 3:43 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-03-25 5:41 Losing signing keys for custom Guix channel elaexuotee
2024-03-25 7:49 ` Markku Korkeala
2024-03-25 12:31 ` Attila Lendvai
2024-03-28 22:47 ` Ludovic Courtès
2024-03-29 3:42 ` elaexuotee [this message]
2024-03-29 3:55 ` Jake
2024-03-29 5:06 ` elaexuotee
2024-03-29 9:45 ` Ludovic Courtès
2024-03-29 10:20 ` elaexuotee
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=2ECJ523SGTEV4.2UB8BK9J3U8GN@wilsonb.com \
--to=elaexuotee@wilsonb.com \
--cc=guix-devel@gnu.org \
--cc=ludo@gnu.org \
--cc=markku.korkeala@iki.fi \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this external index
https://git.savannah.gnu.org/cgit/guix.git
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.