From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp1 ([2001:41d0:2:4a6f::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms0.migadu.com with LMTPS id 8k+nNYzL1WAiigAAgWs5BA (envelope-from ) for ; Fri, 25 Jun 2021 14:26:52 +0200 Received: from aspmx1.migadu.com ([2001:41d0:2:4a6f::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp1 with LMTPS id HtCpMIzL1WBSCwAAbx9fmQ (envelope-from ) for ; Fri, 25 Jun 2021 12:26:52 +0000 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id D5CD01E1FF for ; Fri, 25 Jun 2021 14:26:51 +0200 (CEST) Received: from localhost ([::1]:43144 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1lwkv4-0008Jl-QT for larch@yhetil.org; Fri, 25 Jun 2021 08:26:50 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:36408) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1lwkub-0008G3-Dz for guix-devel@gnu.org; Fri, 25 Jun 2021 08:26:21 -0400 Received: from baptiste.telenet-ops.be ([2a02:1800:120:4::f00:13]:44380) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1lwkuW-0003Kf-LI for guix-devel@gnu.org; Fri, 25 Jun 2021 08:26:21 -0400 Received: from ptr-bvsjgyjmffd7q9timvx.18120a2.ip6.access.telenet.be ([IPv6:2a02:1811:8c09:9d00:aaf1:9810:a0b8:a55d]) by baptiste.telenet-ops.be with bizsmtp id MQSC2500W0mfAB401QSC23; Fri, 25 Jun 2021 14:26:13 +0200 Message-ID: <6a4757b61e1cf6717aac88a654202087ff7e76c4.camel@telenet.be> Subject: Re: Authenticating maintenance.git From: Maxime Devos To: Chris Marusich , Ludovic =?ISO-8859-1?Q?Court=E8s?= Date: Fri, 25 Jun 2021 14:26:03 +0200 In-Reply-To: <87zgvg9ium.fsf@gmail.com> References: <87tungf7k6.fsf@gnu.org> <87o8c6e0ng.fsf@gmail.com> <87czsgcxli.fsf@gnu.org> <87lf71be64.fsf@gmail.com> <87zgvg9ium.fsf@gmail.com> Content-Type: multipart/signed; micalg="pgp-sha512"; protocol="application/pgp-signature"; boundary="=-eNHYR/hj7Gb2uEeKcxQp" User-Agent: Evolution 3.34.2 MIME-Version: 1.0 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=telenet.be; s=r21; t=1624623973; bh=Up2k70kR8KOPUlE5GlDoaLJFKP9yuPTyRj5hyl1ch6o=; h=Subject:From:To:Cc:Date:In-Reply-To:References; b=VtE/O8ZQuv3h9bfWoF+pe7LxKIGsice8frwifxG6jIJLU25U2mXWO3CErvT4sMsmx qkAEZTITSetQEOq7se3xJLJkSIFRbo45uvt53VrR41HtkLGZpRrM9+VjiuY80rgx8k kcFAmrv5FoWiDc0kwObMVQqzjbhDvGYg4LZvC6242rFso72GIf5lBXQySjNOCW8Prp 5or9PQuHrRZtKFAYhUp3BXEb7vkrYjrKuKmD7o6Ik75kAhjQ8/VUVOGU76yrJW7c+6 3uMq91qKflGwCgv+2hS1+GrxNRRAnpJ/lzgWj90IcxNsduESyuLzEvQ+LXeYr68+Qt p5f11jN1iW2PQ== Received-SPF: pass client-ip=2a02:1800:120:4::f00:13; envelope-from=maximedevos@telenet.be; helo=baptiste.telenet-ops.be X-Spam_score_int: -27 X-Spam_score: -2.8 X-Spam_bar: -- X-Spam_report: (-2.8 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: guix-devel@gnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: "Development of GNU Guix and the GNU System distribution." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: guix-devel@gnu.org Errors-To: guix-devel-bounces+larch=yhetil.org@gnu.org Sender: "Guix-devel" X-Migadu-Flow: FLOW_IN ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org; s=key1; t=1624624012; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:in-reply-to:in-reply-to: references:references:list-id:list-help:list-unsubscribe: list-subscribe:list-post:dkim-signature; bh=Up2k70kR8KOPUlE5GlDoaLJFKP9yuPTyRj5hyl1ch6o=; b=rxvdeiSMLBMfMXUqT4jS0jireCrEMrchDYLZLz1DWvA9+NdU/7FhTpLy3JFnHJpBdTH6vz XpQ9K1kPen8AhnipuQc19BBnQmT+TF4zKdK+uZ0PN0o82cvaHsF9XrYZopSbj/K9NJegUb DfrI3ydNRbl3/t8blzBf69BbCZG32EBgmiK6keNeCdG2RfNcO/HUUS6J/MWN8sLwKybKAF UTFxuFXVIuHiqGV59wna8k2Jnxh4J3x77U4zvhH4KQltj+ehUChZFACSodUvQNZPjC/UVW Mp7xVuMDI+49PsTdCvXaoCGQ8Gm82FC/eYbHTCUuI4Mu2crkwB3mHII0QfPi0A== ARC-Seal: i=1; s=key1; d=yhetil.org; t=1624624012; a=rsa-sha256; cv=none; b=oCp/8x4yV0MxZmwyVy4zKaGaFYdVG12vAltwHKjkPDomCcQv+Yy3kRxQ5elZJYwNoOjHEF nhUD1rPTklr1Qb64kBle2/7huw5Yq9JCNt1kftA3VVgViV+kbnL7Z78zwd1zTeQK/XbVtH TNx25AbW5OaYMLZ9ZQ7Oz36ghS8HqufSUc4AstArc8ITWtVVjoLupr7Wug1q1GAH4itl9N lIoFUfLoSt4+M1vVDszYNEnOhbZi4HjsRvQbm9TUglw0vQBLuOWs1mX+WzYpFmjhwrMWfw Sulq3AIvgyNguUq16a77wLHbtmW1YYYYdWB7OmupD2xqCxdy3wgFeQ8v5gJjnw== ARC-Authentication-Results: i=1; aspmx1.migadu.com; dkim=pass header.d=telenet.be header.s=r21 header.b="VtE/O8ZQ"; dmarc=pass (policy=none) header.from=telenet.be; spf=pass (aspmx1.migadu.com: domain of guix-devel-bounces@gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=guix-devel-bounces@gnu.org X-Migadu-Spam-Score: -2.73 Authentication-Results: aspmx1.migadu.com; dkim=pass header.d=telenet.be header.s=r21 header.b="VtE/O8ZQ"; dmarc=pass (policy=none) header.from=telenet.be; spf=pass (aspmx1.migadu.com: domain of guix-devel-bounces@gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=guix-devel-bounces@gnu.org X-Migadu-Queue-Id: D5CD01E1FF X-Spam-Score: -2.73 X-Migadu-Scanner: scn1.migadu.com X-TUID: By4McJo0Bbxa --=-eNHYR/hj7Gb2uEeKcxQp Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Chris Marusich schreef op wo 23-06-2021 om 18:01 [-0700]: > Although I was now able to run the pre-push hook, it seems unaware of my > PGP key. I tried making the attached change to the README and testing a > push via "git push -n origin", and it complained about the signature: >=20 > --8<---------------cut here---------------start------------->8--- > $ git push -n origin > Authenticating commits 8a7e10b to 413b8f1 (1 new commits)... > [########################################################################= ######]guix git: error: could not authenticate commit 413b8f1c6d9ca2160d7aa= 8d80db181a6f39d3d82: > key CBF5 9755 CBE7 E7EF EF18 3FB1 DD40 9A15 D822 469D is missing > error: failed to push some refs to 'git.savannah.gnu.org:/srv/git/guix/ma= intenance.git' > --8<---------------cut here---------------end--------------->8--- It is complaining about the missing key, not about signatures. > GnuPG reports it can find the keys: >=20 > --8<---------------cut here---------------start------------->8--- > $ gpg --list-keys 'CBF5 9755 CBE7 E7EF EF18 3FB1 DD40 9A15 D822 469D' > [...] The keyring in ~/.gnupg is irrelevant to "guix git authenticate". "guix git authenticate" only uses the keys on the keyring branch (whose fingerprint needs to be .guix-authorizations). The public key is in .guix-authorization (see https://git.savannah.gnu.org/cgit/guix/maintenance.git/tree/.guix-auth= orizations#n32). But is it on the keyring branch? It would appear it isn't. There is a marusich-D822469D.key, but that appears to be a different key (DD40 9A15 D822 469D). Perhaps you need to add your key to the keyring branch? IIUC, commits to the keyring branch are unauthenticated, so you could do that yourself. (It is secure because .guix-authorizations contains a whitelist of allowed key fingerprints.) Greetings, Maxime. --=-eNHYR/hj7Gb2uEeKcxQp Content-Type: application/pgp-signature; name="signature.asc" Content-Description: This is a digitally signed message part Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNATURE----- iI0EABYKADUWIQTB8z7iDFKP233XAR9J4+4iGRcl7gUCYNXLWxccbWF4aW1lZGV2 b3NAdGVsZW5ldC5iZQAKCRBJ4+4iGRcl7kGRAQCweRtgULe/zinOuSyl059RwVM2 YCXuKH6kFyHXu48XrAD/SjKH3NNUlyJJvaLqMz5Jay9gmX+sYV2m7rySxSKDDA4= =PJSq -----END PGP SIGNATURE----- --=-eNHYR/hj7Gb2uEeKcxQp--