From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp1 ([2001:41d0:8:6d80::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms0.migadu.com with LMTPS id i7ZZFPsTjmCZDwAAgWs5BA (envelope-from ) for ; Sun, 02 May 2021 04:52:43 +0200 Received: from aspmx1.migadu.com ([2001:41d0:8:6d80::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp1 with LMTPS id OM91D/sTjmDncgAAbx9fmQ (envelope-from ) for ; Sun, 02 May 2021 02:52:43 +0000 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id C73E426F2B for ; Sun, 2 May 2021 04:52:42 +0200 (CEST) Received: from localhost ([::1]:38292 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1ld2Dp-0000A9-Vk for larch@yhetil.org; Sat, 01 May 2021 22:52:41 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:49436) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1ld2Da-00009t-A8 for guix-devel@gnu.org; Sat, 01 May 2021 22:52:26 -0400 Received: from mail-qv1-xf2a.google.com ([2607:f8b0:4864:20::f2a]:41554) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1ld2DY-0001FY-3o for guix-devel@gnu.org; Sat, 01 May 2021 22:52:26 -0400 Received: by mail-qv1-xf2a.google.com with SMTP id l19so543388qvu.8 for ; Sat, 01 May 2021 19:52:20 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:references:date:in-reply-to:message-id :user-agent:mime-version; bh=+aIvMyugfPjcaeOq3lAXqrLvLofNCnxIRkmEoR7g+iM=; b=EWCHYnSUb46adhnBcBaECO+bOV0b49vlHJSFhbLdErG78EQfZVOcIMJ8X5+Xk+2bJb wFf11hSAHqgtQRG8e0keBE83c2k4jXmIKDGiL7fAmlPZVHSyiq0hXz2QB4opcsWzGaTZ tRzY2pwVwj+y1eE8H630/tWWN4TGKFQYrI/hY8m9PUncZ66bjLuQCDc/bub3y0UcTNLW PS5pv72PD9hkswOwYNrkycR3PonMaIcccxNNxV/5c3I+aXMyZnPTDtfd2Elbal/rL75a +Q4PsRizzE0r9rEkyf7wAAhjPxJ/wzCYN+qLf+5d8aYrLwqN3XOpZPln75IORW2gZPDM QsBg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:references:date:in-reply-to :message-id:user-agent:mime-version; bh=+aIvMyugfPjcaeOq3lAXqrLvLofNCnxIRkmEoR7g+iM=; b=AeHRPHBhWR123FRuczFWFYwjxQDBmDuZO2Ev7iZmofDZIwPnCFFFZfT1C1j4FoymUL 1cOmB1HJFhgRdlV/cVxHFLvbZnhImkgPkw7dwks3dldvmn4jbXTULNlkO17ELWR2qYNV mKkXbGl8yYvYIRS3CGOOvLNGzwrO5JlkWodtnChZ2TZujJ5pL760hyzEp/1kXtAKtH77 oYA1Z4KE7KPz9cxrZtOpcvyfjYFH4c3/atHXyrnBGZHZG7JtsWCzsvSVBLBB63cYguuo cDj9qZCostM4LQe+hzeJ/8Sf2Sn0bIkoJo40OuVPA3CwHtDKSPPc4usJzDeITXg8psE/ LGTQ== X-Gm-Message-State: AOAM530GIXiWxuAsS/4G0pBOdNTjwCaP74+GJd69jvdnyicVnHWiglOj bzrbi2vvN74VOeM2F7cEgN+nW7HOvLY= X-Google-Smtp-Source: ABdhPJx1x3jbD5e1xplDLoJ4aX7iJhrSryIU2qK0vv0wUb9RUJHlo/7AgS3SisaONka2WXlpCxaJEw== X-Received: by 2002:ad4:58c7:: with SMTP id dh7mr12721152qvb.37.1619923939924; Sat, 01 May 2021 19:52:19 -0700 (PDT) Received: from hurd (dsl-158-145.b2b2c.ca. [66.158.158.145]) by smtp.gmail.com with ESMTPSA id p190sm5028530qke.13.2021.05.01.19.52.19 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sat, 01 May 2021 19:52:19 -0700 (PDT) From: Maxim Cournoyer To: Leo Famulari Subject: Re: GNU Guix 1.3.0rc1 available for testing! References: <877dkjovl6.fsf@gmail.com> Date: Sat, 01 May 2021 22:52:18 -0400 In-Reply-To: (Leo Famulari's message of "Sat, 1 May 2021 17:25:45 -0400") Message-ID: <87tunlonj1.fsf@gmail.com> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/27.2 (gnu/linux) MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="=-=-=" Received-SPF: pass client-ip=2607:f8b0:4864:20::f2a; envelope-from=maxim.cournoyer@gmail.com; helo=mail-qv1-xf2a.google.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: guix-devel@gnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: "Development of GNU Guix and the GNU System distribution." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: guix-devel Errors-To: guix-devel-bounces+larch=yhetil.org@gnu.org Sender: "Guix-devel" X-Migadu-Flow: FLOW_IN ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org; s=key1; t=1619923963; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:in-reply-to:in-reply-to: references:references:list-id:list-help:list-unsubscribe: list-subscribe:list-post:dkim-signature; bh=+aIvMyugfPjcaeOq3lAXqrLvLofNCnxIRkmEoR7g+iM=; b=Uf2FshmicwozCKc+6KRPjj5QbV415j0uIIRPUO1DlydZ2ja9GeFC7gpw2t7uDINbM+if6o 5C1yGwJ+SA0ENk6fdhyS8GFfso4Aws56D4D04sR7+S6BVpErcnipOuJXPDABqIcEBB+qnY b/2TSagU0CMQoENzWKMKVe/qg9CCF6yWLaLFMLZfNzN1oHajysG1BO4x+XKhiaoqqzQcHB uuwrUKDkn2Y/RlAka4w3X4XR+ojPG2kh7SAe5EhzSwabYXeA1GjpWxq0aQqwFBFlifAi5S Bp5WdDBtzVcG+/XoiEEDcW4qZIsbr84W0zaDBl1jmiw/HpnGC9wrNrNqlpJwxA== ARC-Seal: i=1; s=key1; d=yhetil.org; t=1619923963; a=rsa-sha256; cv=none; b=VtXNPruluUea64jNOmu60rZYQuldJxUWTSjVQw2OBJXCjtN4GX2aC4oQa2bE3Q3xCm8Yyq RnEJXd92D48CIJt3iop05gmg5MNkmGl2t8sWRmbUsUmsMOOdWzheEzX3aekbx8O5rv9VCc 3YLQfPzZbFicvcMd0cy171PWtfMVlAvYjfey598nPx66/OoGIIzzZ2osiHHhTZCIs5XVdS mWKO6Sr4FXr4wGMPrwx9X0HXa8LlDU+EfoMidrFmX8+9nSP20ckKm77ohBLNO90FvPcLCW 9TwqLcp3O1JSYQqu6jVgQ380JjasEJS8HT4I6t4t70OqB5XXIRvpQpjtxQnF8Q== ARC-Authentication-Results: i=1; aspmx1.migadu.com; dkim=pass header.d=gmail.com header.s=20161025 header.b=EWCHYnSU; spf=pass (aspmx1.migadu.com: domain of guix-devel-bounces@gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=guix-devel-bounces@gnu.org X-Migadu-Spam-Score: -3.16 Authentication-Results: aspmx1.migadu.com; dkim=pass header.d=gmail.com header.s=20161025 header.b=EWCHYnSU; dmarc=pass (policy=none) header.from=gmail.com; spf=pass (aspmx1.migadu.com: domain of guix-devel-bounces@gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=guix-devel-bounces@gnu.org X-Migadu-Queue-Id: C73E426F2B X-Spam-Score: -3.16 X-Migadu-Scanner: scn0.migadu.com X-TUID: Vai1EntvWWdg --=-=-= Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Hi Leo, Leo Famulari writes: > On Sat, May 01, 2021 at 01:45:57AM -0400, Maxim Cournoyer wrote: >> https://alpha.gnu.org/gnu/guix/guix-binary-1.3.0rc1.x86_64-linux.tar= .xz > > I tested the binary tarball on x86_64. > > I used `guix package --export-manifest > manifest` before beginning the > test, so that I could easily recreate my profile afterwards. > >> All these files have an associated =E2=80=98.sig=E2=80=99, an OpenPGP si= gnature that you >> can verify as explained at >> . > > These instructions explain how to get Ludo's key, but that wasn't used > here. > > In doc/guix.texi, the variables OPENPGP-SIGNING-KEY-ID and > OPENPGP-SIGNING-KEY-URL are defined. > > Maybe we should update the manual to mention "1.3.0rc1" and the correct > key. > > The "normal" manual would still mention 1.2.0, but the devel manual > would work for 1.3.0rc1. I think that it's fine to mention the release > candidate in the "devel" manual. > > https://guix.gnu.org/manual/en/ > https://guix.gnu.org/manual/devel/en/ Thank you for pointing that issue; I caught the problem with guix-install.sh before posting, but overlooked that one. As you pointed, that won't be reflected on our website, but I agree that having the new key covered in the devel manual (master branch) is already an improvement. The attached patch augments the manual to cover for the new key. Let me know if it looks good to you. If it does, I will push it to the master branch (IIUC we can't push this change to the version-1.3.0 branch as that would break the string freeze there). >> >> 1. Testing the binary tarball on the distro of your choice. You can >> download . Uncomment the >> =E2=80=98GNU_URL=E2=80=99 variable assignment that refers to alpha.= gnu.org and it >> should pick up 1.3.0rc1 automatically. > > The install.sh script also recommends installing Ludo's key, but of > course fails to verify the signature with it. After installing Ludo's > key, the installer does suggest the correct key =E2=80=94 Maxim's. Are you sure you downloaded it from https://guix.gnu.org/install.sh (which just redirects to the current copy on the master branch) ? Since commit e64af2060e8cfa48e74b887281acb3fd4c7e7781 (which was made just before writing the original message), it checks for both keys. > Aside from that, the install.sh script worked fine on current Debian, > and I was able to conveniently restore my Guix profile with `guix > package -m ./manifest`. > > Then I did `guix pull && guix upgrade`. All good! > > I forgot to remove the existing Guix build users and the guixbuild group > before my test. It would be great if somebody can remember to check that > they are created successfully by the script. I've tested the install script in a Ubuntu 20.04 VM which had never known Guix, and it was successful. I guess that part is covered :-). Thanks for the tests and feedback! Maxim --=-=-= Content-Type: text/x-patch Content-Disposition: attachment; filename=0001-doc-Update-to-cover-for-an-additional-OpenPGP-signin.patch >From 3b942cb833688520c4c4dadfb281270520510564 Mon Sep 17 00:00:00 2001 From: Maxim Cournoyer Date: Sat, 1 May 2021 22:35:09 -0400 Subject: [PATCH] doc: Update to cover for an additional OpenPGP signing key. The upcoming 1.3.0 release will be signed with my OpenPGP key, and further releases may also be. * doc/guix.texi (OPENPGP-SIGNING-KEY-ID, OPENPGP-SIGNING-KEY-URL): Rename to... (OPENPGP-SIGNING-KEY-ID-1, OPENPGP-SIGNING-KEY-URL-1): ... these, respectively. (OPENPGP-SIGNING-KEY-ID-2, OPENPGP-SIGNING-KEY-URL-2): New variables. (Binary Installation): Adjust to cover for the new key. (USB Stick and DVD Installation): Likewise. (Invoking guix refresh): Adjust accordingly. --- doc/guix.texi | 26 ++++++++++++++++---------- 1 file changed, 16 insertions(+), 10 deletions(-) diff --git a/doc/guix.texi b/doc/guix.texi index 2fe7ad3a2a..b1bb0db74d 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -9,9 +9,11 @@ @include version.texi -@c Identifier of the OpenPGP key used to sign tarballs and such. -@set OPENPGP-SIGNING-KEY-ID 3CE464558A84FDC69DB40CFB090B11993D9AEBB5 -@set OPENPGP-SIGNING-KEY-URL https://sv.gnu.org/people/viewgpg.php?user_id=15145 +@c Identifier of the OpenPGP keys used to sign tarballs and such. +@set OPENPGP-SIGNING-KEY-ID-1 3CE464558A84FDC69DB40CFB090B11993D9AEBB5 @c ludo +@set OPENPGP-SIGNING-KEY-URL-1 https://sv.gnu.org/people/viewgpg.php?user_id=15145 +@set OPENPGP-SIGNING-KEY-ID-2 27D586A4F8900854329FF09F1260E46482E63562 @c maxim +@set OPENPGP-SIGNING-KEY-URL-2 https://sv.gnu.org/people/viewgpg.php?user_id=127547 @c Base URL for downloads. @set BASE-URL https://ftp.gnu.org/gnu/guix @@ -649,11 +651,13 @@ $ wget @value{BASE-URL}/guix-binary-@value{VERSION}.x86_64-linux.tar.xz.sig $ gpg --verify guix-binary-@value{VERSION}.x86_64-linux.tar.xz.sig @end example -If that command fails because you do not have the required public key, -then run this command to import it: +If that command fails because you do not have the required public keys, +then run these commands to import them: @example -$ wget '@value{OPENPGP-SIGNING-KEY-URL}' \ +$ wget '@value{OPENPGP-SIGNING-KEY-URL-1}' \ + -qO - | gpg --import - +$ wget '@value{OPENPGP-SIGNING-KEY-URL-2}' \ -qO - | gpg --import - @end example @@ -2119,11 +2123,13 @@ $ wget @value{BASE-URL}/guix-system-install-@value{VERSION}.x86_64-linux.iso.xz. $ gpg --verify guix-system-install-@value{VERSION}.x86_64-linux.iso.xz.sig @end example -If that command fails because you do not have the required public key, -then run this command to import it: +If that command fails because you do not have the required public keys, +then run these commands to import them: @example -$ wget @value{OPENPGP-SIGNING-KEY-URL} \ +$ wget @value{OPENPGP-SIGNING-KEY-URL-1} \ + -qO - | gpg --import - +$ wget @value{OPENPGP-SIGNING-KEY-URL-2} \ -qO - | gpg --import - @end example @@ -11912,7 +11918,7 @@ Likewise, you can fetch keys to a specific keybox file like this: @example gpg --no-default-keyring --keyring mykeyring.kbx \ - --recv-keys @value{OPENPGP-SIGNING-KEY-ID} + --recv-keys @value{OPENPGP-SIGNING-KEY-ID-1} @end example @xref{GPG Configuration Options, @option{--keyring},, gnupg, Using the GNU -- 2.31.1 --=-=-=--