From: Vagrant Cascadian <vagrant@debian.org>
To: "Ricardo Wurmus" <rekado@elephly.net>, "Ludovic Courtès" <ludo@gnu.org>
Cc: 22883@debbugs.gnu.org, guix-devel@gnu.org
Subject: Re: bug#22883: Authenticating Git checkouts: step #1
Date: Sat, 28 Dec 2019 18:45:34 -0800 [thread overview]
Message-ID: <87a77bzw6p.fsf@yucca> (raw)
In-Reply-To: <87o8vto5rl.fsf@elephly.net>
[-- Attachment #1: Type: text/plain, Size: 2593 bytes --]
On 2019-12-27, Ricardo Wurmus wrote:
>> b3011dbbd2 doc: Mention "make authenticate".
>> 787766ed1e git-authenticate: Keep a local cache of previously-authenticated commits.
>> 785af04a75 git: 'commit-difference' takes a list of excluded commits.
>> 1e43ab2c03 Add 'build-aux/git-authenticate.scm'.
>>
>> Commit 787766ed1e takes care of caching (one of the limitations I
>> mentioned in my previous message).
>>
>> Commit b3011dbbd2 adds instructions for contributors on how to
>> authenticate a checkout (copied below). It’s a bit bumpy so I would
>> very much welcome feedback and suggestions on how to improve this!
>
> This is great!
Yes! Yes!
> Thank you for the instructions. I thought I had all keys, but
> apparently at least one of them is missing. “make authenticate” fails
> for me with this error:
>
> Throw to key `srfi-34' with args `(#<condition &message [message: "could not authenticate commit b291c9570d5a27b11472df3df61cef9ed012241b: key B943509D633E80DD27FC4EED634A8DFFD3F631DF is missing"] 7f70fb08c240>)'.
>
> I previously downloaded the gpg keyring from Savannah:
>
> https://savannah.gnu.org/project/memberlist-gpgkeys.php?group=guix
>
> Looks like Hartmut used to use a different key, which I don’t have.
I got this too, and manually worked around it by downloading
guix-keyring.gpg from:
https://savannah.gnu.org/project/memberlist-gpgkeys.php?group=guix&download=1
And running:
gpg --no-default-keyring --keyring ~/.config/guix/keyrings/channels/guix.kbx --import ~/guix-keyring.gpg
It seems to be working now... how is the keyring *supposed* to be
populated? Before I manually imported guix-keyring.gpg into guix.kbx,
there were a very small number of keys present.
It's a little awkward that it uses the fingerprint of the signing key
rather than the primary key, as by default things like "gpg --list-keys"
do not display the fingerprint of signing keys, only the primary key, so
it is an adventure in gpg commandline options to correlate them.
"gpg log --show-signature" also reports the the primary key fingerprint,
if the key is available in the keyring, and only the subkey fingerprint
for unknown keys if I remember correctly.
It would be nice if the statistics would display the primary uid
instead, as it is something a little more human readable, and the
primary key fingerprint, as it is a little easier to find. :)
I'm hoping the eventual goal is to integrate this into guix pull?
Very nice to see progress on this issue!
live well,
vagrant
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 227 bytes --]
next prev parent reply other threads:[~2019-12-29 2:45 UTC|newest]
Thread overview: 87+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-03-02 18:03 bug#22883: Trustable "guix pull" Christopher Allan Webber
2016-03-02 19:26 ` Leo Famulari
2016-03-02 21:07 ` Christopher Allan Webber
2016-04-25 22:25 ` Ludovic Courtès
2016-04-26 0:13 ` Leo Famulari
2016-04-26 0:17 ` Thompson, David
2016-04-26 7:12 ` Ludovic Courtès
2016-04-30 4:43 ` Mike Gerwitz
2016-06-03 16:12 ` bug#22883: Authenticating a Git checkout Ludovic Courtès
2016-06-03 20:17 ` Leo Famulari
2016-06-04 11:04 ` Ludovic Courtès
2016-06-04 4:24 ` Mike Gerwitz
2016-06-04 11:17 ` Ludovic Courtès
2016-06-04 12:45 ` ng0
2016-06-06 12:20 ` ng0
2016-06-04 16:14 ` Mike Gerwitz
2016-06-05 20:39 ` Christopher Allan Webber
2016-06-05 21:15 ` Leo Famulari
2016-06-06 2:41 ` Mike Gerwitz
2016-06-06 7:01 ` Ludovic Courtès
2016-07-22 8:22 ` Ludovic Courtès
2016-07-22 12:58 ` Thompson, David
2016-07-22 13:58 ` Ludovic Courtès
2017-10-24 23:30 ` Ludovic Courtès
2019-12-27 19:48 ` Ricardo Wurmus
2019-12-28 14:47 ` Ludovic Courtès
2019-12-28 16:05 ` Ricardo Wurmus
2019-12-28 17:45 ` Ludovic Courtès
2020-04-30 15:32 ` Ludovic Courtès
2020-05-01 15:46 ` Justus Winter
2020-05-01 16:50 ` Ludovic Courtès
2020-05-01 17:04 ` Ludovic Courtès
2020-05-19 20:23 ` Ludovic Courtès
2020-06-01 14:07 ` bug#22883: Channel introductions Ludovic Courtès
2020-06-02 23:45 ` zimoun
2020-06-03 9:50 ` Ludovic Courtès
2020-06-03 16:20 ` zimoun
2020-06-04 9:55 ` Ludovic Courtès
2020-05-01 17:20 ` bug#22883: Authenticating a Git checkout Ludovic Courtès
2020-05-02 22:02 ` Ludovic Courtès
2020-05-04 8:03 ` Ludovic Courtès
2016-06-01 16:47 ` bug#22883: Discussion of TUF in the context of Git checkout authentication Ludovic Courtès
2016-05-15 12:40 ` bug#22883: Trustable "guix pull" fluxboks
2016-05-16 17:55 ` Thompson, David
2016-05-17 21:19 ` Ludovic Courtès
2016-06-04 16:19 ` Werner Koch
2016-06-04 22:27 ` Ludovic Courtès
2016-06-05 7:51 ` Werner Koch
2016-06-06 21:01 ` Leo Famulari
2016-06-07 8:08 ` bug#22883: gpg2 vs. gpg Ludovic Courtès
2016-06-07 11:25 ` Werner Koch
2016-06-07 12:58 ` ng0
2016-06-05 1:43 ` bug#22883: Trustable "guix pull" Mike Gerwitz
2018-08-28 19:56 ` Vagrant Cascadian
2018-09-02 16:05 ` Ludovic Courtès
2018-09-02 17:15 ` Vagrant Cascadian
2018-09-02 20:07 ` Ludovic Courtès
2019-12-20 22:11 ` Authenticating Git checkouts: step #1 Ludovic Courtès
2019-12-21 1:33 ` zimoun
2019-12-21 1:33 ` bug#22883: " zimoun
2019-12-27 12:58 ` Ludovic Courtès
2019-12-27 20:47 ` Ricardo Wurmus
2019-12-27 21:31 ` Alex Griffin
2019-12-30 21:23 ` Ludovic Courtès
2019-12-29 2:45 ` Vagrant Cascadian
2019-12-29 2:45 ` Vagrant Cascadian [this message]
2019-12-29 7:34 ` Efraim Flashner
2019-12-29 7:34 ` Efraim Flashner
2019-12-30 21:29 ` Ludovic Courtès
2019-12-30 21:29 ` Ludovic Courtès
2019-12-27 20:47 ` Ricardo Wurmus
2019-12-27 12:58 ` Ludovic Courtès
2019-12-20 22:11 ` Ludovic Courtès
2019-12-31 19:16 ` Jakub Kądziołka
2020-01-08 13:30 ` Ludovic Courtès
2020-06-02 13:49 ` bug#22883: Authenticating a Git checkout John Soo
2020-06-03 9:33 ` Ludovic Courtès
2020-06-08 21:54 ` bug#22883: [PATCH 1/9] git-authenticate: Cache takes a key parameter Ludovic Courtès
2020-06-08 21:54 ` bug#22883: [PATCH 2/9] git-authenticate: 'authenticate-commits' takes a #:keyring parameter Ludovic Courtès
2020-06-08 21:54 ` bug#22883: [PATCH 3/9] tests: Move OpenPGP helpers to (guix tests gnupg) Ludovic Courtès
2020-06-08 21:54 ` bug#22883: [PATCH 4/9] channels: 'latest-channel-instance' authenticates Git checkouts Ludovic Courtès
2020-06-08 21:54 ` bug#22883: [PATCH 5/9] channels: Make 'validate-pull' call right after clone/pull Ludovic Courtès
2020-06-08 21:54 ` bug#22883: [PATCH 6/9] .guix-channel: Add 'keyring-reference' Ludovic Courtès
2020-06-08 21:54 ` bug#22883: [PATCH 7/9] channels: Automatically add introduction for the official 'guix' channel Ludovic Courtès
2020-06-08 21:54 ` bug#22883: [PATCH 8/9] pull: Add '--disable-authentication' Ludovic Courtès
2020-06-08 21:54 ` bug#22883: [PATCH 9/9] DROP? channels: Add prehistorical authorizations to <channel-introduction> Ludovic Courtès
2020-06-08 22:04 ` bug#22883: [PATCH 1/9] git-authenticate: Cache takes a key parameter Ludovic Courtès
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87a77bzw6p.fsf@yucca \
--to=vagrant@debian.org \
--cc=22883@debbugs.gnu.org \
--cc=guix-devel@gnu.org \
--cc=ludo@gnu.org \
--cc=rekado@elephly.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this external index
https://git.savannah.gnu.org/cgit/guix.git
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.