From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp0 ([2001:41d0:2:4a6f::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms11 with LMTPS id oMEQKdfW314MBgAA0tVLHw (envelope-from ) for ; Tue, 09 Jun 2020 18:37:11 +0000 Received: from aspmx1.migadu.com ([2001:41d0:2:4a6f::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp0 with LMTPS id CP8UJdfW317+egAA1q6Kng (envelope-from ) for ; Tue, 09 Jun 2020 18:37:11 +0000 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id EE06F9401D0 for ; Tue, 9 Jun 2020 18:37:10 +0000 (UTC) Received: from localhost ([::1]:56446 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1jij7U-00023Z-Lm for larch@yhetil.org; Tue, 09 Jun 2020 14:37:08 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:37466) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1jij7O-000234-33 for guix-patches@gnu.org; Tue, 09 Jun 2020 14:37:02 -0400 Received: from debbugs.gnu.org ([209.51.188.43]:49353) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1jij7N-0008KP-Pn for guix-patches@gnu.org; Tue, 09 Jun 2020 14:37:01 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1jij7N-0000CF-Mn for guix-patches@gnu.org; Tue, 09 Jun 2020 14:37:01 -0400 X-Loop: help-debbugs@gnu.org Subject: [bug#41767] [PATCH 9/9] DROP? channels: Add prehistorical authorizations to . Resent-From: Maxim Cournoyer Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Tue, 09 Jun 2020 18:37:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 41767 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: Ludovic =?UTF-8?Q?Court=C3=A8s?= Cc: 41767@debbugs.gnu.org Received: via spool by 41767-submit@debbugs.gnu.org id=B41767.1591727769695 (code B ref 41767); Tue, 09 Jun 2020 18:37:01 +0000 Received: (at 41767) by debbugs.gnu.org; 9 Jun 2020 18:36:09 +0000 Received: from localhost ([127.0.0.1]:60899 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1jij6W-0000B7-Oq for submit@debbugs.gnu.org; Tue, 09 Jun 2020 14:36:08 -0400 Received: from mail-qv1-f67.google.com ([209.85.219.67]:44051) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1jij6S-0000Ab-Ok for 41767@debbugs.gnu.org; Tue, 09 Jun 2020 14:36:07 -0400 Received: by mail-qv1-f67.google.com with SMTP id g7so10576513qvx.11 for <41767@debbugs.gnu.org>; Tue, 09 Jun 2020 11:36:04 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:references:date:in-reply-to:message-id :user-agent:mime-version:content-transfer-encoding; bh=UrkTTUmmHTG8L4bx4SN96f2ZYynKzHtZOLnuA08ChIo=; b=CnhNi6vFisfhSjVBheELNsgPfU+EWsYEWNRuAiRQ4oWt83MDn4SlH3+oAVhOSviUWM xxqgndFIYCptPoa8TeGBMoAY1yGik1LKG9G8YFcoBeaN6gyZ8Ns/tUYK2JxUZmNS7MOQ nLqq0zPQQ49CqvBbn8N96LYa37aKAblpXDsz0qtJ5GuHdfFOOqcO7gHwdczXDPpkNJSY t6QRNBfjDl1A2mEARB0lfNPzxccHyVtaVu/P+Nsyp80q7oyxr0M4bQWmiE6wz2LorikB HrdZX+ltU38G8EOwWnMEJabCgIAbfqAcbc77pltQWEQXXO9+3gkdc+02o0k4AVjKC3A3 utrw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:references:date:in-reply-to :message-id:user-agent:mime-version:content-transfer-encoding; bh=UrkTTUmmHTG8L4bx4SN96f2ZYynKzHtZOLnuA08ChIo=; b=CNQEfTZpmRPdY24LkaRBdR9gz9r1n6g+nz8q5jaMva/vwqOYisBdEMFon9j6Oy4SSC vjrSsJZbfOu946lCBWmmSjTcsy50Q3nHmKerOcm0R/kHowXkO+jWAyxbI+SI/MVH2URm d99IMocf6kC1+cE/wYFPDCeU8Zke3n+QPeogkzBHuustM1ugiOqJehY3I3tlLZfSp1o0 L/wI5wZYCfdhQm6arwP6sge7T+nBbwygTeGpJscGwfj8RWrxPO8mIjsOGBks6ei93Owy T7NqbIfTasaVcT5HQTOLnmWiXx87RQ9ZrmO1tJf7zUn5uPMca3svg0R/GlZriLWpQ3gd 08Hg== X-Gm-Message-State: AOAM530Sg7dKEhVdDzxqgy21ZDJJEqJU5LwxnN8Bjkfrm0qT3DGcufK+ 7r9JAwN79ZJoueCm1xNVWXUxlq+WOzE= X-Google-Smtp-Source: ABdhPJyBkRSr1WN+F+1SF5e3IBNflS7VMi0BqALX9vOjfPnK3nptqFwj58TbYcNIEAc5CdIZRCPh3w== X-Received: by 2002:a05:6214:14ab:: with SMTP id bo11mr5314357qvb.20.1591727758962; Tue, 09 Jun 2020 11:35:58 -0700 (PDT) Received: from hurd (dsl-152-235.b2b2c.ca. [66.158.152.235]) by smtp.gmail.com with ESMTPSA id b188sm10206816qkc.30.2020.06.09.11.35.57 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 09 Jun 2020 11:35:58 -0700 (PDT) From: Maxim Cournoyer References: <20200608220256.3267-1-ludo@gnu.org> <20200608220256.3267-9-ludo@gnu.org> Date: Tue, 09 Jun 2020 14:35:57 -0400 In-Reply-To: <20200608220256.3267-9-ludo@gnu.org> ("Ludovic \=\?utf-8\?Q\?Cour\?\= \=\?utf-8\?Q\?t\=C3\=A8s\=22's\?\= message of "Tue, 9 Jun 2020 00:02:56 +0200") Message-ID: <87o8pshysy.fsf@gmail.com> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/26.3 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Spam-Score: 0.0 (/) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-Spam-Score: -1.0 (-) X-BeenThere: guix-patches@gnu.org List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-patches-bounces+larch=yhetil.org@gnu.org Sender: "Guix-patches" X-Scanner: scn0 Authentication-Results: aspmx1.migadu.com; dkim=fail (rsa verify failed) header.d=gmail.com header.s=20161025 header.b=CnhNi6vF; dmarc=fail reason="SPF not aligned (relaxed)" header.from=gmail.com (policy=none); spf=pass (aspmx1.migadu.com: domain of guix-patches-bounces@gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=guix-patches-bounces@gnu.org X-Spam-Score: 1.59 X-TUID: zMBHDSFoOO6D Hello! Ludovic Court=C3=A8s writes: > This allows users to authenticate commits that were made before > '.guix-authorizations' was introduced. > > * guix/channels.scm ()[prehistorical-authorizations= ]: > New field. > (%guix-historical-committers): New variable. > (openpgp-fingerprint->bytevector): New procedure. > (%guix-channel-introduction): Add 'prehistorical-authorizations' field. > (authenticate-channel): Honor it. Pass it as #:default-authorizations > to 'authenticate-commits'. > * build-aux/git-authenticate.scm (%historical-committers) > (%historical-authorized-signing-keys, commit-short-id): Remove. > * build-aux/git-authenticate.scm (git-authenticate): Rewrite to use > 'authenticate-channel'. > * tests/channels.scm ("authenticate-channel, wrong first commit signer") > ("authenticate-channel, .guix-authorizations"): Adjust accordingly. I'd be in favor of dropping this commit, to not be burdened by legacy complexity, which I'm doubtful would see much use anyway. This means that a channel require all its commits to have a .guix-authorizations file to be authenticated. I think that's fine. The series LGTM. I haven't tested it locally, but the tests give me confidence. Thank you for working on this! Maxim