#22883 - Trustable "guix pull" - GNU bug report logs

Package	Source(s)		Maintainer(s)
guix		PTS Buildd Popcon

Message #177 received at 22883@debbugs.gnu.org (full text, mbox, reply):

Received: (at 22883) by debbugs.gnu.org; 30 Dec 2019 21:29:50 +0000
From debbugs-submit-bounces@debbugs.gnu.org Mon Dec 30 16:29:50 2019
Received: from localhost ([127.0.0.1]:33526 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
	id 1im2bl-00016O-Qm
	for submit@debbugs.gnu.org; Mon, 30 Dec 2019 16:29:50 -0500
Received: from eggs.gnu.org ([209.51.188.92]:54137)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <ludo@gnu.org>) id 1im2bk-00016B-8O
 for 22883@debbugs.gnu.org; Mon, 30 Dec 2019 16:29:48 -0500
Received: from fencepost.gnu.org ([2001:470:142:3::e]:41633)
 by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from <ludo@gnu.org>)
 id 1im2ba-0007Rd-Nq; Mon, 30 Dec 2019 16:29:38 -0500
Received: from [2a01:e0a:1d:7270:af76:b9b:ca24:c465] (port=44380 helo=ribbon)
 by fencepost.gnu.org with esmtpsa (TLS1.2:RSA_AES_256_CBC_SHA1:256)
 (Exim 4.82) (envelope-from <ludo@gnu.org>)
 id 1im2bZ-0004ZI-II; Mon, 30 Dec 2019 16:29:38 -0500
From: Ludovic Courtès <ludo@gnu.org>
To: Vagrant Cascadian <vagrant@debian.org>
Subject: Re: bug#22883: Authenticating Git checkouts: step #1
References: <87io14sqoa.fsf@dustycloud.org> <87tvnemfjh.fsf@aikidev.net>
 <871sab7ull.fsf@gnu.org> <87zhwz6ct4.fsf@aikidev.net>
 <877ek364u5.fsf@gnu.org> <87mubmodfb.fsf_-_@gnu.org>
 <87eewqgc1v.fsf@gnu.org> <87o8vto5rl.fsf@elephly.net>
 <87a77bzw6p.fsf@yucca>
X-URL: http://www.fdn.fr/~lcourtes/
X-Revolutionary-Date: 10 Nivôse an 228 de la Révolution
X-PGP-Key-ID: 0x090B11993D9AEBB5
X-PGP-Key: http://www.fdn.fr/~lcourtes/ludovic.asc
X-PGP-Fingerprint: 3CE4 6455 8A84 FDC6 9DB4  0CFB 090B 1199 3D9A EBB5
X-OS: x86_64-pc-linux-gnu
Date: Mon, 30 Dec 2019 22:29:35 +0100
In-Reply-To: <87a77bzw6p.fsf@yucca> (Vagrant Cascadian's message of "Sat, 28
 Dec 2019 18:45:34 -0800")
Message-ID: <87woad1ozk.fsf@gnu.org>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/26.3 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic]
X-Spam-Score: -2.3 (--)
X-Debbugs-Envelope-To: 22883
Cc: Ricardo Wurmus <rekado@elephly.net>, 22883@debbugs.gnu.org,
 guix-devel@gnu.org
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit@debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request@debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces@debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
X-Spam-Score: -3.3 (---)

Hello!

Vagrant Cascadian <vagrant@debian.org> skribis:

> On 2019-12-27, Ricardo Wurmus wrote:

[...]

>> Thank you for the instructions.  I thought I had all keys, but
>> apparently at least one of them is missing.  “make authenticate” fails
>> for me with this error:
>>
>> Throw to key `srfi-34' with args `(#<condition &message [message: "could not authenticate commit b291c9570d5a27b11472df3df61cef9ed012241b: key B943509D633E80DD27FC4EED634A8DFFD3F631DF is missing"] 7f70fb08c240>)'.
>>
>> I previously downloaded the gpg keyring from Savannah:
>>
>>     https://savannah.gnu.org/project/memberlist-gpgkeys.php?group=guix
>>
>> Looks like Hartmut used to use a different key, which I don’t have.
>
> I got this too, and manually worked around it by downloading
> guix-keyring.gpg from:
>
>   https://savannah.gnu.org/project/memberlist-gpgkeys.php?group=guix&download=1
>
> And running:
>
>   gpg --no-default-keyring --keyring ~/.config/guix/keyrings/channels/guix.kbx --import ~/guix-keyring.gpg
>
> It seems to be working now... how is the keyring *supposed* to be
> populated? Before I manually imported guix-keyring.gpg into guix.kbx,
> there were a very small number of keys present.

By default, the script currently automatically downloads keys from
keyserver into ~/.config/…/guix.kbx: see ‘gnupg-verify*’ in (guix
gnupg).  This is unreliable and rather undesirable, so the real solution
will be to have the keyring in the repo.

> It's a little awkward that it uses the fingerprint of the signing key
> rather than the primary key, as by default things like "gpg --list-keys"
> do not display the fingerprint of signing keys, only the primary key, so
> it is an adventure in gpg commandline options to correlate them.
>
> "gpg log --show-signature" also reports the the primary key fingerprint,
> if the key is available in the keyring, and only the subkey fingerprint
> for unknown keys if I remember correctly.

Yeah, well.  Apparently ‘gpgv --status-fd’ reports the fingerprint of
the subkey, not that of the primary key, which is why we’re storing the
fingerprint of the subkey.

I think it actually makes sense, but I wonder why ‘gpg’ makes it so hard
to see the fingerprint of subkeys.

> It would be nice if the statistics would display the primary uid
> instead, as it is something a little more human readable, and the
> primary key fingerprint, as it is a little easier to find. :)

Ah, true!

> I'm hoping the eventual goal is to integrate this into guix pull?

Of course!

Ludo’.

Display info messages

Send a report that this bug log contains spam.

debbugs.gnu.org maintainers <help-debbugs@gnu.org>. Last modified: Sat Dec 21 19:01:38 2024; Machine Name: wallace-server

GNU bug tracking system

Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

#22883 Trustable "guix pull"