all messages for Guix-related lists mirrored at yhetil.org
 help / color / mirror / code / Atom feed
* guix pull: error: commit 3946540 not signed by an authorized key: 2841 9AC6 5038 7440 C7E9 2FFA 2208 D209 58C1 DEB0
@ 2022-08-06 18:48 Tobias Geerinckx-Rice
  2022-08-06 19:32 ` Tobias Geerinckx-Rice
  0 siblings, 1 reply; 9+ messages in thread
From: Tobias Geerinckx-Rice @ 2022-08-06 18:48 UTC (permalink / raw)
  To: help-guix

Hi all,

If you try to guix pull now, this is what you'll see:

   guix pull: error: commit 39465409f0481f27d252ce25d2b02d3f5cbc6723
   not signed by an authorized key:
   2841 9AC6 5038 7440 C7E9 2FFA 2208 D209 58C1 DEB0

There is and was no security risk.

This is Guix working as intended in the presence of a commit pushed 
earlier today.  The failing commit[0] is benign, and the committer did 
nothing wrong.

The commit is signed by a subkey of the main key that Guix expects, and 
it does not deal well with that fact.  This is something we'll have to 
discuss and probably fix, both in Guix and in the git push hook on 
Savannah[1].

I'm currently waiting to hear from the Savannah admins, who are the only 
ones who can roll back master for us.  I'm not aware of any way we could 
do this ourselves.  I'll follow up when it's done.

Until then, you can:

   1. Not pull.  If your Guix was relatively recent, you're not missing 
much if anything.

   2. If you must have the very latest (valid) commit, you can run:

      guix pull --commit=ad878a2c5e5313c534ccf2546cb8c978e5295ae1

      which will validate just fine.

   3. I do NOT recommend disabling authentication.  There is simply no 
benefit to that.

TTYL,

T G-R

[0]: 
https://git.savannah.gnu.org/cgit/guix.git/commit/?id=39465409f0481f27d252ce25d2b02d3f5cbc6723
[1]: Which has been deficient for years, which I've known about, and did 
nothing about.

Sent from a Web browser.  Excuse or enjoy my brevity.


^ permalink raw reply	[flat|nested] 9+ messages in thread

* Re: guix pull: error: commit 3946540 not signed by an authorized key: 2841 9AC6 5038 7440 C7E9 2FFA 2208 D209 58C1 DEB0
  2022-08-06 18:48 guix pull: error: commit 3946540 not signed by an authorized key: 2841 9AC6 5038 7440 C7E9 2FFA 2208 D209 58C1 DEB0 Tobias Geerinckx-Rice
@ 2022-08-06 19:32 ` Tobias Geerinckx-Rice
  2022-08-06 20:43   ` Vagrant Cascadian
  0 siblings, 1 reply; 9+ messages in thread
From: Tobias Geerinckx-Rice @ 2022-08-06 19:32 UTC (permalink / raw)
  To: help-guix

On 2022-08-06 20:48, Tobias Geerinckx-Rice wrote:
>   guix pull: error: commit 39465409f0481f27d252ce25d2b02d3f5cbc6723
>   not signed by an authorized key:
>   2841 9AC6 5038 7440 C7E9 2FFA 2208 D209 58C1 DEB0

I tried a few other random things to wriggle out of this but I think 
we're stuck (which is, design-wise, probably a good thing).

Now I eat,

T G-R

Sent from a Web browser.  Excuse or enjoy my brevity.


^ permalink raw reply	[flat|nested] 9+ messages in thread

* Re: guix pull: error: commit 3946540 not signed by an authorized key: 2841 9AC6 5038 7440 C7E9 2FFA 2208 D209 58C1 DEB0
  2022-08-06 19:32 ` Tobias Geerinckx-Rice
@ 2022-08-06 20:43   ` Vagrant Cascadian
  2022-08-06 21:06     ` Tobias Geerinckx-Rice
  2022-08-09 20:56     ` Renaming ‘master’ to ‘main’ Ludovic Courtès
  0 siblings, 2 replies; 9+ messages in thread
From: Vagrant Cascadian @ 2022-08-06 20:43 UTC (permalink / raw)
  To: Tobias Geerinckx-Rice, help-guix

[-- Attachment #1: Type: text/plain, Size: 747 bytes --]

On 2022-08-06, Tobias Geerinckx-Rice wrote:
> On 2022-08-06 20:48, Tobias Geerinckx-Rice wrote:
>>   guix pull: error: commit 39465409f0481f27d252ce25d2b02d3f5cbc6723
>>   not signed by an authorized key:
>>   2841 9AC6 5038 7440 C7E9 2FFA 2208 D209 58C1 DEB0
>
> I tried a few other random things to wriggle out of this but I think 
> we're stuck (which is, design-wise, probably a good thing).

What a great opportunity to switch to using "main" instead of "master"
anyways. :)

I thought git was going to at some point make "main" the default new
branch name instead of "master" anyways. May as well get ahead of the
game, now that there's a technical reason to consider switching branch
names anyways.

live well,
  vagrant

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 227 bytes --]

^ permalink raw reply	[flat|nested] 9+ messages in thread

* Re: guix pull: error: commit 3946540 not signed by an authorized key: 2841 9AC6 5038 7440 C7E9 2FFA 2208 D209 58C1 DEB0
  2022-08-06 20:43   ` Vagrant Cascadian
@ 2022-08-06 21:06     ` Tobias Geerinckx-Rice
  2022-08-06 21:09       ` Tobias Geerinckx-Rice
  2022-08-09 20:56     ` Renaming ‘master’ to ‘main’ Ludovic Courtès
  1 sibling, 1 reply; 9+ messages in thread
From: Tobias Geerinckx-Rice @ 2022-08-06 21:06 UTC (permalink / raw)
  To: Vagrant Cascadian; +Cc: help-guix

(Aside: the immediate issue has been resolved!  Pull to your heart's 
content.  Pull for a friend.)

On 2022-08-06 22:43, Vagrant Cascadian wrote:
> What a great opportunity to switch to using "main" instead of "master"
> anyways. :)
> 
> I thought git was going to at some point make "main" the default new
> branch name instead of "master" anyways. May as well get ahead of the
> game, now that there's a technical reason to consider switching branch
> names anyways.

I'm not aware of a technical reason to switch branch names.

But: Guix should not assume 'master' anywhere, and maybe we can remove 
it from %default-guix-channel too.  Logically, if "master" no longer 
occurs in the code, we should be good to go... no?  All we have to do is 
make sure the cache follows suit or is deleted.

Some effort was made (I think by civodul) to simply track the upstream 
HEAD, whatever branch that happens to be, although I don't know if that 
was ever completed.  It's possible that some assumptions snuck in that 
we won't notice until we switch.  But it should certainly be possible.

Kind regards,

T G-R

Sent from a Web browser.  Excuse or enjoy my brevity.


^ permalink raw reply	[flat|nested] 9+ messages in thread

* Re: guix pull: error: commit 3946540 not signed by an authorized key: 2841 9AC6 5038 7440 C7E9 2FFA 2208 D209 58C1 DEB0
  2022-08-06 21:06     ` Tobias Geerinckx-Rice
@ 2022-08-06 21:09       ` Tobias Geerinckx-Rice
  0 siblings, 0 replies; 9+ messages in thread
From: Tobias Geerinckx-Rice @ 2022-08-06 21:09 UTC (permalink / raw)
  To: Vagrant Cascadian; +Cc: help-guix

On 2022-08-06 23:06, Tobias Geerinckx-Rice wrote:
> I'm not aware of a technical reason to switch branch names.

OK, having read up on the mood in #guix I think I understand the 
reference.

But I don't think that would have been a good idea, and I wouldn't have 
supported it.

Kind regards,

T G-R

Sent from a Web browser.  Excuse or enjoy my brevity.


^ permalink raw reply	[flat|nested] 9+ messages in thread

* Renaming ‘master’ to ‘main’
  2022-08-06 20:43   ` Vagrant Cascadian
  2022-08-06 21:06     ` Tobias Geerinckx-Rice
@ 2022-08-09 20:56     ` Ludovic Courtès
  2022-08-09 22:01       ` Felix Lechner
                         ` (2 more replies)
  1 sibling, 3 replies; 9+ messages in thread
From: Ludovic Courtès @ 2022-08-09 20:56 UTC (permalink / raw)
  To: Vagrant Cascadian; +Cc: Tobias Geerinckx-Rice, help-guix

Vagrant Cascadian <vagrant@debian.org> skribis:

> On 2022-08-06, Tobias Geerinckx-Rice wrote:
>> On 2022-08-06 20:48, Tobias Geerinckx-Rice wrote:
>>>   guix pull: error: commit 39465409f0481f27d252ce25d2b02d3f5cbc6723
>>>   not signed by an authorized key:
>>>   2841 9AC6 5038 7440 C7E9 2FFA 2208 D209 58C1 DEB0
>>
>> I tried a few other random things to wriggle out of this but I think 
>> we're stuck (which is, design-wise, probably a good thing).
>
> What a great opportunity to switch to using "main" instead of "master"
> anyways. :)

Yes, this is something we should do.  There’s preliminary work here:

  https://issues.guix.gnu.org/49252

I eventually lost track of what the problem was, but we should resume.

Ludo’.


^ permalink raw reply	[flat|nested] 9+ messages in thread

* Re: Renaming ‘master’ to ‘main’
  2022-08-09 20:56     ` Renaming ‘master’ to ‘main’ Ludovic Courtès
@ 2022-08-09 22:01       ` Felix Lechner
  2022-08-09 23:05       ` Felix Lechner via
  2022-08-10  6:28       ` blake
  2 siblings, 0 replies; 9+ messages in thread
From: Felix Lechner @ 2022-08-09 22:01 UTC (permalink / raw)
  Cc: help-guix

Hi,

On Tue, Aug 9, 2022 at 1:57 PM Ludovic Courtès <ludo@gnu.org> wrote:
>
> Yes, this is something we should do.

For what it's worth, I now use 'history' for primary development
branches when possible.

For me, it establishes a preeminence among branches by function rather
than name. Plus, I like writing "It was merged into 'history'."

Kind regards
Felix Lechner


^ permalink raw reply	[flat|nested] 9+ messages in thread

* Re: Renaming ‘master’ to ‘main’
  2022-08-09 20:56     ` Renaming ‘master’ to ‘main’ Ludovic Courtès
  2022-08-09 22:01       ` Felix Lechner
@ 2022-08-09 23:05       ` Felix Lechner via
  2022-08-10  6:28       ` blake
  2 siblings, 0 replies; 9+ messages in thread
From: Felix Lechner via @ 2022-08-09 23:05 UTC (permalink / raw)
  To: help-guix

Hi,

On Tue, Aug 9, 2022 at 1:57 PM Ludovic Courtès <ludo@gnu.org> wrote:
>
> Yes, this is something we should do.

For what it's worth, I now use 'history' for primary development
branches when possible. To me, it establishes a preeminence among
branches by function rather than name. Plus, I like writing "It was
merged into 'history'."

Kind regards
Felix Lechner


^ permalink raw reply	[flat|nested] 9+ messages in thread

* Re: Renaming ‘master’ to ‘main’
  2022-08-09 20:56     ` Renaming ‘master’ to ‘main’ Ludovic Courtès
  2022-08-09 22:01       ` Felix Lechner
  2022-08-09 23:05       ` Felix Lechner via
@ 2022-08-10  6:28       ` blake
  2 siblings, 0 replies; 9+ messages in thread
From: blake @ 2022-08-10  6:28 UTC (permalink / raw)
  To: felix.lechner; +Cc: help-guix

I use trunk! I think the metaphor is the most accurate, but I'm open to whatever.

August 9, 2022 10:01 PM, "Felix Lechner" <lechner.felix@gmail.com> wrote:

> Hi,
> 
> On Tue, Aug 9, 2022 at 1:57 PM Ludovic Courtès <ludo@gnu.org> wrote:
> 
>> Yes, this is something we should do.
> 
> For what it's worth, I now use 'history' for primary development
> branches when possible.
> 
> For me, it establishes a preeminence among branches by function rather
> than name. Plus, I like writing "It was merged into 'history'."
> 
> Kind regards
> Felix Lechner


^ permalink raw reply	[flat|nested] 9+ messages in thread

end of thread, other threads:[~2022-08-10  9:59 UTC | newest]

Thread overview: 9+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-08-06 18:48 guix pull: error: commit 3946540 not signed by an authorized key: 2841 9AC6 5038 7440 C7E9 2FFA 2208 D209 58C1 DEB0 Tobias Geerinckx-Rice
2022-08-06 19:32 ` Tobias Geerinckx-Rice
2022-08-06 20:43   ` Vagrant Cascadian
2022-08-06 21:06     ` Tobias Geerinckx-Rice
2022-08-06 21:09       ` Tobias Geerinckx-Rice
2022-08-09 20:56     ` Renaming ‘master’ to ‘main’ Ludovic Courtès
2022-08-09 22:01       ` Felix Lechner
2022-08-09 23:05       ` Felix Lechner via
2022-08-10  6:28       ` blake

Code repositories for project(s) associated with this inbox:

	https://git.savannah.gnu.org/cgit/guix.git

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.