From debbugs-submit-bounces@debbugs.gnu.org Fri Apr 27 04:12:38 2018 Received: (at submit) by debbugs.gnu.org; 27 Apr 2018 08:12:38 +0000 Received: from localhost ([127.0.0.1]:40907 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1fByUg-00087r-2x for submit@debbugs.gnu.org; Fri, 27 Apr 2018 04:12:38 -0400 Received: from eggs.gnu.org ([208.118.235.92]:46862) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1fByUe-00087e-R3 for submit@debbugs.gnu.org; Fri, 27 Apr 2018 04:12:37 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1fByUY-0002kc-HT for submit@debbugs.gnu.org; Fri, 27 Apr 2018 04:12:31 -0400 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on eggs.gnu.org X-Spam-Level: X-Spam-Status: No, score=0.8 required=5.0 tests=BAYES_50,FREEMAIL_FROM, T_DKIM_INVALID autolearn=disabled version=3.3.2 Received: from lists.gnu.org ([2001:4830:134:3::11]:41645) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1fByUY-0002kX-EL for submit@debbugs.gnu.org; Fri, 27 Apr 2018 04:12:30 -0400 Received: from eggs.gnu.org ([2001:4830:134:3::10]:37818) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1fByUX-0005R4-AX for bug-guix@gnu.org; Fri, 27 Apr 2018 04:12:30 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1fByUW-0002is-BX for bug-guix@gnu.org; Fri, 27 Apr 2018 04:12:29 -0400 Received: from mail-pg0-x230.google.com ([2607:f8b0:400e:c05::230]:44299) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1fByUW-0002ij-5E for bug-guix@gnu.org; Fri, 27 Apr 2018 04:12:28 -0400 Received: by mail-pg0-x230.google.com with SMTP id 82-v6so972184pge.11 for ; Fri, 27 Apr 2018 01:12:28 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id; bh=Bd9Vbq1sMlAnJog2VWSIvKFBMeCILw8V2eVgCSSNiQM=; b=NrkhclBMdtqG9k2QqpzeXrawuwC9GVrLtxvsxfoDlXldJrlP5ubg3ZMCS/hTyv5wee ChdhXhbTOUxOa2ANNk7TBn0HnwGQYn1yyKx7keHUmk1smUh24ViGnnJgIX5KC806rZy0 yXwL5NTzgRPV0D1SMcIzh9from+FlzrquPbb/UoWKEcc/un3BTtFIF829qVlZuCoO6tT cTGAvqgdAG3M+f3raTg2tEr5H4eoYBqmAsJ3QZLbL/dX4EcOEc+Y1J0yutaYsBFqUZ+2 HHa+sUtERqPggTdWw5tpLkUXPEm/lXy10BLQVqXCl1EEPatm2LrQp6BT25UiUJ/svLPl VQ/g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id; bh=Bd9Vbq1sMlAnJog2VWSIvKFBMeCILw8V2eVgCSSNiQM=; b=FZc8/L2sDwqaDXYabRz83+MzMRQst7yDulRmVG38JT1uf2Prv4QQ5GbN7tiB8QGAaI aa2UpAbxKARI8pw41unobjNHDfcMuNvKnbHelUQ6U1hzwkjL4M0RZcOp6DPLCQYxygah WhIZO36HNlNX/Bj1NDvCWLj7f55srn8EgXSR4DHonSR7Lkhnlee/mBVRpbJ6o+mAtByd gaHLXKzmMmcQ6v3Vq9Nl/GpnGnhMatDg1P064iyzW39/8/QHGh1t7789ojrjIW4+FjU2 PWPt8TCsr7MAqv3IFIO5NgSFZwz0jyDl8/ztpMIeVhcKAqY5RN+5/VNIi2ZJwsDtvSSZ 5cMA== X-Gm-Message-State: ALQs6tDzwmx/Xm2vxVKOSmPd5Dl8Hi0+D4PW+eJHd1Kmxj+CeryCfGRb 6drl+G6ks0AFj6dy/qzGBBiq4w== X-Google-Smtp-Source: AB8JxZpJGtO5X1H7BTrNnqjWNebp9jz6RqHkq1OPvk4P1LizAFR6fSo7aODVczLMU1kepsD1pnZwfw== X-Received: by 2002:a17:902:7241:: with SMTP id c1-v6mr1382383pll.217.1524816746681; Fri, 27 Apr 2018 01:12:26 -0700 (PDT) Received: from garuda.local.net ([2601:602:9d02:4725:6495:ba21:1ebe:620a]) by smtp.gmail.com with ESMTPSA id y15sm1836380pfb.37.2018.04.27.01.12.25 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Fri, 27 Apr 2018 01:12:25 -0700 (PDT) From: Chris Marusich To: bug-guix@gnu.org Subject: [PATCH 0/1] guix: Add git-fetch/impure. Date: Fri, 27 Apr 2018 01:12:17 -0700 Message-Id: <20180427081217.28576-1-cmmarusich@gmail.com> X-Mailer: git-send-email 2.17.0 X-detected-operating-system: by eggs.gnu.org: Genre and OS details not recognized. X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.6.x X-Received-From: 2001:4830:134:3::11 X-Spam-Score: -4.0 (----) X-Debbugs-Envelope-To: submit Cc: Chris Marusich X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -5.0 (-----) Hi Guix! Sometimes, a Git repository may only be available via an authenticated SSH connection. Even in the case of repositories that only contain free software, this situation can arise for administrative or compliance-related reasons. How can one define a package in such a situation? This patch adds a new origin method, git-fetch/impure, which solves that problem. Specifically, git-fetch/impure creates a fixed-output derivation that fetches the Git repository outside of a derivation, in the environment of the invoking user. In particular, this enables SSH to communicate with the user's SSH agent, which in turn allows Git to fetch the repository over an authenticated SSH connection. In addition, because it is a fixed-output derivation, the output of a successful git-fetch/impure is guaranteed to be identical to the output of a pure git-fetch for any given commit. Here's a simple example: (define-public guix-over-ssh (package (inherit guix) (name "guix-over-ssh") (source (origin (inherit (package-source guix)) (method git-fetch/impure) (uri (git-reference (inherit (origin-uri (package-source guix))) (url "ssh://marusich@git.sv.gnu.org:/srv/git/guix.git"))))))) In this particular example, my username appears in the package definition, but there is no reason why that has to be so. In many systems, it is possible to grant access to multiple users with different SSH keys under a single shared user name. And in other systems, an automated build system might need to fetch sources using its own unique system user name and SSH key. All in all, I think this is pretty useful. It enables developers to define packages in environments where authenticated access to Git repositories is required. Please let me know what you think! Chris Marusich (1): guix: Add git-fetch/impure. doc/guix.texi | 24 +++++++ guix/git-download.scm | 150 ++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 174 insertions(+) -- 2.17.0 From debbugs-submit-bounces@debbugs.gnu.org Fri Apr 27 04:19:37 2018 Received: (at 31284-done) by debbugs.gnu.org; 27 Apr 2018 08:19:37 +0000 Received: from localhost ([127.0.0.1]:40918 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1fBybR-0008K4-3c for submit@debbugs.gnu.org; Fri, 27 Apr 2018 04:19:37 -0400 Received: from mail-pf0-f171.google.com ([209.85.192.171]:34462) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1fBybO-0008Jk-Om for 31284-done@debbugs.gnu.org; Fri, 27 Apr 2018 04:19:35 -0400 Received: by mail-pf0-f171.google.com with SMTP id a14so946331pfi.1 for <31284-done@debbugs.gnu.org>; Fri, 27 Apr 2018 01:19:34 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:subject:date:in-reply-to:message-id:user-agent:mime-version; bh=c4jtldgAiCepd7PthFhTIC8ITRkH94g2rDgRx2Ea5rQ=; b=rqBkxY4rysFN+GWtqRgc9endj+bfMwV8RB6izrzvCrFDnQRGuVQMwqzK+/X3z+by5y wT/iAObNnguqxlbpUstgo+CBjpi1wV6NaMbKw1pytb3e/7lvPB4/+Mdrke81zITV5O/8 Ml7pkijr0bf10zoN0uIfJYMxvSUwipZQ/mh7Wbo45ZtY8GvosP/OGGRwUu9cSDQSmBeL 0ZOpnbC7x9uzxfw23Kk47l74hqIMAUR4hknQKgpmojP6RNRrdjYXF6kZvDCap/hnTSvI bKDgA9zyyZwwt+nrK2xgl5udbplfvA7GBqUvTpPtivSjJHpBa5acyzzSTLjabfP6R7NO imkA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:subject:date:in-reply-to:message-id :user-agent:mime-version; bh=c4jtldgAiCepd7PthFhTIC8ITRkH94g2rDgRx2Ea5rQ=; b=NP50F5B+dFGFU1phgD4vyxGWS2W2pUU1zx2Chjw2zaNVBMui/QLZiL/W1AJyd1ZxOR xxdQMnuZNkfbinjKdBOOdTVmtioRdXP4/0Rv28e+VEWA0W3jEov33SN5Gg1Sh9jZsRrd h2Mc2giz7BP9fAXvLiyBeH7OdVkgWfBjbnGiXMKd7H9Bk0CEett+a/l6rwHk9CXhNLzK md4fDZbRZ29SJfa+PfQEMFGCTGA03/iLAMQRziVfQHfAqZmPsrSHN56HNupUZczd2V3K neqqlGKcEeaMjxP87iktGrhQ+ptrbxm5xpjn3/wADY/3VfTHm63lok6Ns5wbrO9rc5eW KNJg== X-Gm-Message-State: ALQs6tCJMxiuC2t5XE4D5jeKHk5XUeJvWtyQglUrO4EYRSryQgA3vwb4 5k8Pks1a/Udo+XWa7eWxIscPRA== X-Google-Smtp-Source: AB8JxZqk2FQPUiB1/E1gM3pLjj3+9W0PGMkYwv0uwvqJYkE+nie9f8abvsLWgoFutbJ0zgQGhaPKsw== X-Received: by 2002:a17:902:3225:: with SMTP id y34-v6mr1442936plb.180.1524817168167; Fri, 27 Apr 2018 01:19:28 -0700 (PDT) Received: from garuda.local ([2601:602:9d02:4725:6495:ba21:1ebe:620a]) by smtp.gmail.com with ESMTPSA id v10-v6sm1488553pgt.33.2018.04.27.01.19.26 for <31284-done@debbugs.gnu.org> (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Fri, 27 Apr 2018 01:19:26 -0700 (PDT) From: Chris Marusich To: 31284-done@debbugs.gnu.org Subject: Re: Status: [PATCH 0/1] guix: Add git-fetch/impure. Date: Fri, 27 Apr 2018 01:19:21 -0700 In-Reply-To: bug's message of "Fri\, 27 Apr 2018 08\:18\:11 +0000" Message-ID: <87muxp12pi.fsf@gmail.com> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/25.3 (gnu/linux) MIME-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha256; protocol="application/pgp-signature" X-Spam-Score: 0.0 (/) X-Debbugs-Envelope-To: 31284-done X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) --=-=-= Content-Type: text/plain Content-Transfer-Encoding: quoted-printable Hi, Please ignore this bug report. I intended to submit it to guix-patches@gnu.org, but I entered the wrong email address. =2D-=20 Chris --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEy/WXVcvn5+/vGD+x3UCaFdgiRp0FAlri3QkACgkQ3UCaFdgi Rp1hUw//VwRfItW4w6MUTgKkPGyORUuTCcEd3W/SGLUbpftYAVwOfkXzu0bUT4G6 u7ZDrWFlLLGuywbQIVjVyU4z4AhZqAcu64yPQnymgX4rceHppzaObQkrWme8QWaC mIbY11/K2+JlEEJDMUcAEn5b8rt3ovmzFOGKTl3PWzEldGgpK5yXgp51QyCp651d 9G0oKXjh448YPszRq2uyx487cadeTTdCeC/Z9oAUkiNHAgU4R1vS8JJWc/z2dOrm 5m5H6y21Im1rySFvD6LquPiaWZ0HWUTvpKsDFBEokexiLAIcC6Y5ynwBJ159yMKm Okp1kt8R65UKz7p36qGkcSo1yX+heskNMKlv9VhfW5bNfiT7Vxk6w7yKYXDfVcCc VPMFoRTAagufBCqWYPtwrLpFhwfwbf4F71peDWPxfzUWWe0S4TL1CvTUWVecrs+/ EcjOjEMAsxJ/50uDnoucYFBWQQVE0jQHFQnuZJC5OrZKyj1gdP6vfpKGIjdVLcq9 cc1thAEJEAk7T2EAbeXTpQp0XzKHuCgeBCbYOfqq4hHeUw75PKYK6kKig7BZNPy9 Q5Qo44ZxgP9er8+ON+2evGP25lVEtxa+PrVZsPgpMRpWnYOOav3PFLc8HaZXUx7X yMRePdKgf9TmmkR5DgWaWaMbeHhsSdU4LO8OfOsD19OS5GN+C3Q= =SW5j -----END PGP SIGNATURE----- --=-=-=-- From debbugs-submit-bounces@debbugs.gnu.org Fri Apr 27 09:05:44 2018 Received: (at 31284) by debbugs.gnu.org; 27 Apr 2018 13:05:44 +0000 Received: from localhost ([127.0.0.1]:41021 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1fC34K-0002Pz-Ko for submit@debbugs.gnu.org; Fri, 27 Apr 2018 09:05:44 -0400 Received: from mail-ot0-f175.google.com ([74.125.82.175]:42058) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1fC34J-0002Pm-Fn for 31284@debbugs.gnu.org; Fri, 27 Apr 2018 09:05:43 -0400 Received: by mail-ot0-f175.google.com with SMTP id l13-v6so1916744otk.9 for <31284@debbugs.gnu.org>; Fri, 27 Apr 2018 06:05:43 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=worcester-edu.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=QOX9vg63OQBUu67jSkkyhAONIJw8NvUgVrjIs6Qa4Ys=; b=nbBiEucXBM0NbnAA3QhxFGKjEgAPHWlUqH1rTb73BDVhdcGtLHTD+wVfG5YdFkrtJk 3rs0moObC08G7lpSRUzNpxIYpusZ6SmI7jzGxnUl8NYDiJkfKsiNbKYImoeJ9kVTCf6a Mauz3/fn8ODpwDwsApOsuzPfxwnSynKf7vZV3sqJMJXTW2v3S2qk0wpYTlcuCyGDWNLV MjLMxS8ffRGq1wZSoJoaDN0uPBiKRmK5alj0pGGFasMZrztujRR2c1lZiow8pnhIbzqR 0t6upzXf7uZuguuDwqNxfjMJvfGVkwV+e0fDi8kyJyUu+DZjN+UDadg0h8t2Zq1g9Czu m8lg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=QOX9vg63OQBUu67jSkkyhAONIJw8NvUgVrjIs6Qa4Ys=; b=toGK9glPJNJoYA6d0cGOTMQ3YrlDUkh+EM87g9Sm07SjX9F08VBbHNUxpTd3tlFs7D rbr8zVP67uT/f0e9hhhGngxoXgOGA58YKbtNwcs+MEAwRTzSYdAGgwyjjSf2vl46GvUe 9ZTiAtGljBmkiR9eXxXzAZoW6uLtIjF1MB8Cf1EZbSuID5wQGhFspK3X/xkSXRP5Ac3+ 8EJzLc/mCPzvIvC7SSKr/YjNU+cPj5uq3eY21OuRJ7GmMEtufEWa2cDcd+WVetmj451q QGvLuov0XGec3NejCg5NUNRfXDZiypqfUF98yI+SCYqksO/NmGzTTygDfUFs0sfPCwG7 DtcA== X-Gm-Message-State: ALQs6tCYgp8DOpFehRA6RzJhibbHIqt2jq6L6+trW3s+r0kztj7K3w0M +5+6gd26elglJAOhqbV5GbGmj6XS54nGeaejlukAEg== X-Google-Smtp-Source: AB8JxZpixm3ZYiTpAHl+9QlJVLPiIo5QMEzMpLAc6pPIQFBz65MaVwrtcwvqLbLp95/ZHa360MGJO+K6aN00Tp/RIBE= X-Received: by 2002:a9d:36e2:: with SMTP id s31-v6mr1488795otd.329.1524834337784; Fri, 27 Apr 2018 06:05:37 -0700 (PDT) MIME-Version: 1.0 Received: by 2002:a9d:714d:0:0:0:0:0 with HTTP; Fri, 27 Apr 2018 06:05:37 -0700 (PDT) In-Reply-To: <20180427081217.28576-1-cmmarusich@gmail.com> References: <20180427081217.28576-1-cmmarusich@gmail.com> From: "Thompson, David" Date: Fri, 27 Apr 2018 09:05:37 -0400 Message-ID: Subject: Re: bug#31284: [PATCH 0/1] guix: Add git-fetch/impure. To: Chris Marusich Content-Type: text/plain; charset="UTF-8" X-Spam-Score: -0.0 (/) X-Debbugs-Envelope-To: 31284 Cc: 31284@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) Hi Chris, On Fri, Apr 27, 2018 at 4:12 AM, Chris Marusich wrote: > Hi Guix! > > Sometimes, a Git repository may only be available via an authenticated > SSH connection. Even in the case of repositories that only contain > free software, this situation can arise for administrative or > compliance-related reasons. How can one define a package in such a > situation? > > This patch adds a new origin method, git-fetch/impure, which solves > that problem. Specifically, git-fetch/impure creates a fixed-output > derivation that fetches the Git repository outside of a derivation, in > the environment of the invoking user. In particular, this enables SSH > to communicate with the user's SSH agent, which in turn allows Git to > fetch the repository over an authenticated SSH connection. In > addition, because it is a fixed-output derivation, the output of a > successful git-fetch/impure is guaranteed to be identical to the > output of a pure git-fetch for any given commit. In general I'm opposed to including such things in Guix. When I encountered a similar situation at work I opted to use https cloning with a password token in the url. Then there was no external state (like an rsa key) needed. I understand the motivation behind asking for something like this, but I don't think Guix proper should include it. - Dave From debbugs-submit-bounces@debbugs.gnu.org Fri Apr 27 17:38:40 2018 Received: (at 31284) by debbugs.gnu.org; 27 Apr 2018 21:38:40 +0000 Received: from localhost ([127.0.0.1]:41398 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1fCB4i-0005va-Hs for submit@debbugs.gnu.org; Fri, 27 Apr 2018 17:38:40 -0400 Received: from world.peace.net ([64.112.178.59]:60360) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1fCB4h-0005vO-6g for 31284@debbugs.gnu.org; Fri, 27 Apr 2018 17:38:39 -0400 Received: from mhw by world.peace.net with esmtpsa (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.89) (envelope-from ) id 1fCB4b-00037x-78; Fri, 27 Apr 2018 17:38:33 -0400 From: Mark H Weaver To: Chris Marusich Subject: Re: bug#31284: [PATCH 0/1] guix: Add git-fetch/impure. References: <20180427081217.28576-1-cmmarusich@gmail.com> Date: Fri, 27 Apr 2018 17:37:34 -0400 In-Reply-To: <20180427081217.28576-1-cmmarusich@gmail.com> (Chris Marusich's message of "Fri, 27 Apr 2018 01:12:17 -0700") Message-ID: <87vacc49gh.fsf@netris.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/25.3 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain X-Spam-Score: 0.0 (/) X-Debbugs-Envelope-To: 31284 Cc: 31284@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) Hi Chris, Chris Marusich writes: > Sometimes, a Git repository may only be available via an authenticated > SSH connection. Even in the case of repositories that only contain > free software, this situation can arise for administrative or > compliance-related reasons. How can one define a package in such a > situation? > > This patch adds a new origin method, git-fetch/impure, which solves > that problem. Specifically, git-fetch/impure creates a fixed-output > derivation that fetches the Git repository outside of a derivation, in > the environment of the invoking user. In particular, this enables SSH > to communicate with the user's SSH agent, which in turn allows Git to > fetch the repository over an authenticated SSH connection. I agree with David that I'd prefer not to have something like this in Guix. However, I can offer another method that I've sometimes used to build a package based on a git checkout that's not publicly available on the network. My hacky approach has been to manually add a tarball of the desired sources using "guix download file:///home/mhw/foo.tar.gz" and then to add a bogus origin but with the correct hash. If a file with a matching hash is already in the store, then it will be used, and the other fields of the 'origin' will effectively be ignored. Mark From debbugs-submit-bounces@debbugs.gnu.org Sat Apr 28 00:45:19 2018 Received: (at 31284) by debbugs.gnu.org; 28 Apr 2018 04:45:19 +0000 Received: from localhost ([127.0.0.1]:41526 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1fCHja-0007dW-Nv for submit@debbugs.gnu.org; Sat, 28 Apr 2018 00:45:18 -0400 Received: from mail-pg0-f54.google.com ([74.125.83.54]:37132) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1fCHjY-0007dD-Jw for 31284@debbugs.gnu.org; Sat, 28 Apr 2018 00:45:17 -0400 Received: by mail-pg0-f54.google.com with SMTP id a13-v6so2918731pgu.4 for <31284@debbugs.gnu.org>; Fri, 27 Apr 2018 21:45:16 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:references:date:in-reply-to:message-id :user-agent:mime-version; bh=klKOC2tKXHWecZNfrBbpASuqomIzPX7SUEmdrqFupII=; b=pMvWkjfWSzxt5eYDHy6oPUBbDgn9dKkDBt+lXpdhIrTr8IX5MM9ucntvtV/ADOH5Ts hRLqbldkT2Pcb4eDCmRjRsmzWbFw75qyFx1euLnwhwQ3ipC1ffttPqcv/v05Cwn9ZKkS ezdNk2qea+hHysvKZZK02mB0ExBIRE/0LqGtwGlmmv5rco7eZCFCWez1R6QZR5OAya8A sH/qzSRwTCfZ/HKkLSdVQLUubdQXb2nsQVKdJlcVW3mdiRFY0B0cByBvDu9FXje8RVwX 9DGfDIIANnnq4R0IyjHviMGyu1Lmkt/3+cQzXECSl5dYJ/M5pQhmhL/3NQxdxGUmsvyS Qc2Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:references:date:in-reply-to :message-id:user-agent:mime-version; bh=klKOC2tKXHWecZNfrBbpASuqomIzPX7SUEmdrqFupII=; b=DNu4O7QPFGfzE6qBuzJ1RMTmuvD6DYx4cZctB3GOMLqEx09R6Ork12oJzN/5h5YPyT EMo2LdWEhLSlYCFKhAsFBCz+cJHPEHYQ5cKbPz5zi1E1GHKJMW88h4h41qPNAGWXU6ob 4Cyo3/YyH+/3h6aA4G0IEMF+RrZt9qfIpCsFf1cTi0B+6AeTZBgkpFeTdFVqz/ddcgoI rnZxNAYixJSx454D2rKMxYvmKtabb0o1wduoqeq7bYH9JAGb0CFVohwIa35ppJ4ZxIfR xD4YxWgPLt05tNIrhHDoxfPk6E69OxulmKWMpgxoWLE6YnLgMJ3TDhwZwK5cd65FoVmi Pizw== X-Gm-Message-State: ALQs6tAQHfhg+oanshJg0T6/HqTDlvFVobpLX44zggs1Mjq1LkwyQOXa zW0qz70ZbSE68uTtS7uTtDMvJ1ar X-Google-Smtp-Source: AB8JxZoCLHXbNbrysJ+snsuql9BMORl9hQzGasI5N/+lfPW7PILGyz5OGA42DCLXE4cNCtr+O35YiQ== X-Received: by 2002:a17:902:5602:: with SMTP id h2-v6mr4820118pli.115.1524890709976; Fri, 27 Apr 2018 21:45:09 -0700 (PDT) Received: from garuda.local ([2601:602:9d02:4725:6495:ba21:1ebe:620a]) by smtp.gmail.com with ESMTPSA id k13sm5270758pfj.186.2018.04.27.21.45.08 (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Fri, 27 Apr 2018 21:45:08 -0700 (PDT) From: Chris Marusich To: "Thompson\, David" Subject: Re: bug#31284: [PATCH 0/1] guix: Add git-fetch/impure. References: <20180427081217.28576-1-cmmarusich@gmail.com> Date: Fri, 27 Apr 2018 21:45:04 -0700 In-Reply-To: (David Thompson's message of "Fri, 27 Apr 2018 09:05:37 -0400") Message-ID: <87y3h8szvz.fsf@gmail.com> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/25.3 (gnu/linux) MIME-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha256; protocol="application/pgp-signature" X-Spam-Score: -0.0 (/) X-Debbugs-Envelope-To: 31284 Cc: 31284@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) --=-=-= Content-Type: text/plain Content-Transfer-Encoding: quoted-printable Hi David and Mark, Thank you both for taking a look at this! "Thompson, David" writes: > When I encountered a similar situation at work I opted to use https > cloning with a password token in the url. Then there was no external > state (like an rsa key) needed. This is good to know! I hadn't considered putting the secret into the URL. I can see how that might be a simple and appropriate solution in some situations. However, it would also be nice if Guix could fetch Git repositories over SSH using public key authentication. In some situations, SSH public key authentication may be the only option. Mark H Weaver writes: > My hacky approach has been to manually add a tarball of the desired > sources using "guix download file:///home/mhw/foo.tar.gz" and then to > add a bogus origin but with the correct hash. If a file with a matching > hash is already in the store, then it will be used, and the other fields > of the 'origin' will effectively be ignored. That's a neat trick! It looks like it would work well for ad-hoc hacking. But how does it scale? Imagine if you wanted to do this for 10 packages, or 100. The manual upkeep could become quite painful. It would be so much nicer if Guix could just download the source automatically, as usual! You've both said that you would prefer not to add git-fetch/impure to Guix. Can you help me to understand why you feel that way? I really think it would be nice if Guix could fetch Git repositories over SSH using public key authentication, so I'm hoping that we can talk about it and figure out an acceptable way to implement it. =2D-=20 Chris --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEy/WXVcvn5+/vGD+x3UCaFdgiRp0FAlrj/FAACgkQ3UCaFdgi Rp3DsQ/6A8xMTjJu+YMdDJ3K/6xjJbvGfqfbsFCtDFyIpndhfFL6v7cf1Wtumk7s d7xVM92U6sz3LSipsUlLwLecjivpuWo+jVdFjC+omMO7ewpLArC/COUAtEJ/JnR0 FnWgLQn/yMF4f1wYskxdvhxFnc2KMtlrTtOTP1F6l+RSGHU+sYUsGhEYj1GfBwrK t9I7MfMt5MedS3pq6BT3ygFLjma3zt+3iJShLEDTtSCuChSrgP8T20trjCwV1Ltl e4G4UJZMGgXripK5rjZrsnEsUeMoAnotiCg4h+JVi8F+/edtvntaglHN1qZDS1Bb 8f8Ik/U3WRn9HprZXm+IN4FhlEV/HbJOl811K+p1LItR4cZpaF4ZU+ize8wU/l/k KmtCVma/MiQla5Gg4+SpFWGD3219q105OAvu1zfPtBYwZk5SfzAPP+vT4z7mDZcD ZBglmKTN8yBe6wfH+VjApFcTfojaBWnNQBkFE2+OK8GSlPvA8fiKPzBUTDKEFZbV mbAfwd34FRz0H8rlmbKKKGQIqoftsjWbhGeN2jkyRq16dqA2at0/NUXBH7hQDKAb cTYfesHRjTArFfYQgdNIUjs8ZPsH6vuFfQUkoouJhk5aEloGQnLfIcAsI+Vn/pW3 qo0027KmUF/mkr5uXCprBxFGvxk5qrNpIa5KC3QB8VFlALaZW9A= =sm3G -----END PGP SIGNATURE----- --=-=-=-- From debbugs-submit-bounces@debbugs.gnu.org Sun Apr 29 13:21:14 2018 Received: (at 31284) by debbugs.gnu.org; 29 Apr 2018 17:21:15 +0000 Received: from localhost ([127.0.0.1]:43103 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1fCq0g-0008Bt-PW for submit@debbugs.gnu.org; Sun, 29 Apr 2018 13:21:14 -0400 Received: from hera.aquilenet.fr ([185.233.100.1]:58392) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1fCq0d-0008Bi-LJ for 31284@debbugs.gnu.org; Sun, 29 Apr 2018 13:21:13 -0400 Received: from localhost (localhost [127.0.0.1]) by hera.aquilenet.fr (Postfix) with ESMTP id 9377C12883; Sun, 29 Apr 2018 19:21:10 +0200 (CEST) X-Virus-Scanned: Debian amavisd-new at aquilenet.fr Received: from hera.aquilenet.fr ([127.0.0.1]) by localhost (hera.aquilenet.fr [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2wsKjr2iAK9c; Sun, 29 Apr 2018 19:21:09 +0200 (CEST) Received: from ribbon (unknown [IPv6:2a01:e0a:1d:7270:af76:b9b:ca24:c465]) by hera.aquilenet.fr (Postfix) with ESMTPSA id 47D7A1214B; Sun, 29 Apr 2018 19:21:09 +0200 (CEST) From: ludo@gnu.org (Ludovic =?utf-8?Q?Court=C3=A8s?=) To: Chris Marusich Subject: Re: bug#31284: [PATCH 0/1] guix: Add git-fetch/impure. In-Reply-To: <87y3h8szvz.fsf@gmail.com> (Chris Marusich's message of "Fri, 27 Apr 2018 21:45:04 -0700") References: <20180427081217.28576-1-cmmarusich@gmail.com> <87y3h8szvz.fsf@gmail.com> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/25.3 (gnu/linux) X-URL: http://www.fdn.fr/~lcourtes/ X-Revolutionary-Date: 10 =?utf-8?Q?Flor=C3=A9al?= an 226 de la =?utf-8?Q?R?= =?utf-8?Q?=C3=A9volution?= X-PGP-Key-ID: 0x090B11993D9AEBB5 X-PGP-Key: http://www.fdn.fr/~lcourtes/ludovic.asc X-PGP-Fingerprint: 3CE4 6455 8A84 FDC6 9DB4 0CFB 090B 1199 3D9A EBB5 X-OS: x86_64-pc-linux-gnu Date: Sun, 29 Apr 2018 19:21:08 +0200 Message-ID: <874lju3p4r.fsf@gnu.org> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Spam-Score: 1.0 (+) X-Debbugs-Envelope-To: 31284 Cc: 31284@debbugs.gnu.org, "Thompson, David" X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -0.0 (/) Hello, Chris Marusich skribis: > You've both said that you would prefer not to add git-fetch/impure to > Guix. Can you help me to understand why you feel that way? I really > think it would be nice if Guix could fetch Git repositories over SSH > using public key authentication, so I'm hoping that we can talk about it > and figure out an acceptable way to implement it. One argument against it would be that it encourages people (or at least makes it very easy) to write origins that depend on external state, and thus may be non-reproducible by others, and that Guix itself should provide tools for writing reproducible build definitions. Ludo=E2=80=99. From debbugs-submit-bounces@debbugs.gnu.org Sun Apr 29 13:29:17 2018 Received: (at 31284) by debbugs.gnu.org; 29 Apr 2018 17:29:17 +0000 Received: from localhost ([127.0.0.1]:43113 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1fCq8S-0008PA-QT for submit@debbugs.gnu.org; Sun, 29 Apr 2018 13:29:17 -0400 Received: from world.peace.net ([64.112.178.59]:37446) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1fCq8Q-0008Ov-Vl for 31284@debbugs.gnu.org; Sun, 29 Apr 2018 13:29:15 -0400 Received: from mhw by world.peace.net with esmtpsa (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.89) (envelope-from ) id 1fCq8L-0007k6-9d; Sun, 29 Apr 2018 13:29:09 -0400 From: Mark H Weaver To: Chris Marusich Subject: Re: bug#31284: [PATCH 0/1] guix: Add git-fetch/impure. References: <87o9i4szg8.fsf@gmail.com> Date: Sun, 29 Apr 2018 13:28:13 -0400 In-Reply-To: <87o9i4szg8.fsf@gmail.com> (Chris Marusich's message of "Fri, 27 Apr 2018 21:54:31 -0700") Message-ID: <87vac9ylaq.fsf@netris.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/25.3 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain X-Spam-Score: 0.0 (/) X-Debbugs-Envelope-To: 31284 Cc: 31284@debbugs.gnu.org, "Thompson, David" X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) Hi Chris, Chris Marusich writes: > You've both said that you would prefer not to add git-fetch/impure to > Guix. Can you help me to understand why you feel that way? I really > think it would be nice if Guix could fetch Git repositories over SSH > using public key authentication, so I'm hoping that we can talk about it > and figure out an acceptable way to implement it. I thought about it some more, and found that I cannot really justify my position on this, so I hereby drop my objection. It's obviously not useful for packages that will be included in Guix itself, which is our primary focus, but I suppose it could be useful for private package definitions. What do you think, David? It seems to me that password tokens in URLs raise possible security risks, whereas public-key authentication is generally better practice. Mark From debbugs-submit-bounces@debbugs.gnu.org Sun Apr 29 13:40:47 2018 Received: (at 31284) by debbugs.gnu.org; 29 Apr 2018 17:40:47 +0000 Received: from localhost ([127.0.0.1]:43126 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1fCqJb-0000HZ-78 for submit@debbugs.gnu.org; Sun, 29 Apr 2018 13:40:47 -0400 Received: from world.peace.net ([64.112.178.59]:37454) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1fCqJY-0000HD-LE for 31284@debbugs.gnu.org; Sun, 29 Apr 2018 13:40:45 -0400 Received: from mhw by world.peace.net with esmtpsa (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.89) (envelope-from ) id 1fCqJS-0007nH-SO; Sun, 29 Apr 2018 13:40:38 -0400 From: Mark H Weaver To: Chris Marusich Subject: Re: bug#31284: [PATCH 0/1] guix: Add git-fetch/impure. References: <20180427081217.28576-1-cmmarusich@gmail.com> Date: Sun, 29 Apr 2018 13:39:43 -0400 In-Reply-To: <20180427081217.28576-1-cmmarusich@gmail.com> (Chris Marusich's message of "Fri, 27 Apr 2018 01:12:17 -0700") Message-ID: <87efixykrk.fsf@netris.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/25.3 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain X-Spam-Score: 0.0 (/) X-Debbugs-Envelope-To: 31284 Cc: 31284@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) Hi Chris, I don't see your patch anywhere in . Can you resend it? I'm curious how you arrange for a build process launched by guix-daemon to have access to your 'ssh-agent'. Although I've dropped my objection to this idea in principle, I have yet to review the technical details of how this actually works. It might be that the details will raise further alarm bells in my head :) Mark From debbugs-submit-bounces@debbugs.gnu.org Sun Apr 29 20:19:09 2018 Received: (at 31284) by debbugs.gnu.org; 30 Apr 2018 00:19:09 +0000 Received: from localhost ([127.0.0.1]:43278 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1fCwX7-0005X0-6l for submit@debbugs.gnu.org; Sun, 29 Apr 2018 20:19:09 -0400 Received: from mail-pf0-f171.google.com ([209.85.192.171]:45326) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1fCwX5-0005Wo-9Y for 31284@debbugs.gnu.org; Sun, 29 Apr 2018 20:19:07 -0400 Received: by mail-pf0-f171.google.com with SMTP id c10so5411029pfi.12 for <31284@debbugs.gnu.org>; Sun, 29 Apr 2018 17:19:07 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:references:date:in-reply-to:message-id :user-agent:mime-version; bh=VwJMw7LWUUnxsBP+w4U9OUkaw0kXDAubEGQ1Yz3lAvc=; b=lkuVe1UuyFBhwYXWQuvN79bTEtbZjUSYzPfmRzjD+t5Q3P9DcXeLVlearnyX7/c0Ae +edMWAghiSCXx51KNSxUCk374FmWR6JanhzB3zw18OIrJhOqSnqPpWG8n7BHQ2H1sGTZ 2+OtAjE0aZl1tgzUJFtLoa/TuaiuVPKhzBeGwfDcQ2B7ouj3DazcX0wG07Btv7pkXyWw MIbjLcTBhW+5PIA8BuAQhSWGTeVhp0tY2tAwGhNszV4Vz9CYhXgczYMBqGL5iBewC6Oj zJ/FHfZWL3G0lZ7Hp636/Y3mlMRuyXKG9keXfAjZ0ws59aBHbzSOK6lYAAD34vh8wCC7 RvQA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:references:date:in-reply-to :message-id:user-agent:mime-version; bh=VwJMw7LWUUnxsBP+w4U9OUkaw0kXDAubEGQ1Yz3lAvc=; b=GC51klma/dI8SRH5MzXvkAogL9ulMW/dvrM/hkvXB/WZ2awmNm+ejkXv/T7MZkrtpb qDlNHF8lFCV3Xmj2BE3/mUTk/rx7nIyv6NdJ5FMIcQNSgmc2TK7/5ZISykZ+S9xWWkPK VeKLrc9CTghMqM2dIm+lBdPB791Z1ILE79FNbypRDksqhxW8kyYmzfTlULKfvsTUE8iH olYqg5dwEG+TOD2acejFB+TLNBFbGcrECTEhohwGRqErmgmTQPRCr4hrAEj9PdBjtCsJ TXH0y2e79YVm9OBSLdx8egka2U+kPWljoI8SzOHZSitf7okRGcnbYxlIIE+O8ucW8ujg u98A== X-Gm-Message-State: ALQs6tDGyZ7DsZxb2nJJ3PS4g9/GLXZmhGX2bQD3KqRx9h3aE1M7mhug 1ywoMO72VntYmW6Letp9TlHhZA== X-Google-Smtp-Source: AB8JxZqL3i7PjIyRnCzjZTOFbuNPc8J4VPiatg6XDTIaxFZydei0ojPewV5ETqQgGTbRBQ1WbjSKmA== X-Received: by 2002:a63:6012:: with SMTP id u18-v6mr3650722pgb.284.1525047541192; Sun, 29 Apr 2018 17:19:01 -0700 (PDT) Received: from garuda.local ([2601:602:9d02:4725:6495:ba21:1ebe:620a]) by smtp.gmail.com with ESMTPSA id 76sm15969015pfm.178.2018.04.29.17.18.59 (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Sun, 29 Apr 2018 17:19:00 -0700 (PDT) From: Chris Marusich To: Mark H Weaver Subject: Re: bug#31284: [PATCH 0/1] guix: Add git-fetch/impure. References: <20180427081217.28576-1-cmmarusich@gmail.com> <87efixykrk.fsf@netris.org> Date: Sun, 29 Apr 2018 17:18:58 -0700 In-Reply-To: <87efixykrk.fsf@netris.org> (Mark H. Weaver's message of "Sun, 29 Apr 2018 13:39:43 -0400") Message-ID: <87h8nteebx.fsf@gmail.com> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/25.3 (gnu/linux) MIME-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha256; protocol="application/pgp-signature" X-Spam-Score: 0.0 (/) X-Debbugs-Envelope-To: 31284 Cc: 31284@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) --=-=-= Content-Type: text/plain Content-Transfer-Encoding: quoted-printable Mark H Weaver writes: > Hi Chris, > > I don't see your patch anywhere in . > Can you resend it? > > I'm curious how you arrange for a build process launched by guix-daemon > to have access to your 'ssh-agent'. Although I've dropped my objection > to this idea in principle, I have yet to review the technical details of > how this actually works. It might be that the details will raise > further alarm bells in my head :) The patch can be found here: https://debbugs.gnu.org/cgi/bugreport.cgi?bug=3D31285 I accidentally sent the cover letter to bug-guix@gnu.org instead of guix-patches@gnu.org, which is why this bogus bug report (31284) was opened. I've closed this bug report in favor of the "guix-patches" one. Sorry for the confusion! =2D-=20 Chris --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEy/WXVcvn5+/vGD+x3UCaFdgiRp0FAlrmYPIACgkQ3UCaFdgi Rp2bsg//SqldnhbIrrGQOX2e8ErZy4avIbf3qNaI1NjpRs1MrssLz/ezlCeAx4gi dSeu4bBTCEy2uBTx25Y8hNGIik6TidTtBrkb5N3EHGmtsZfH/f6nG0ElBnatG9Fg 8Re5+6tYD5UHWVpCcaP/dg77G9vWkuFx2a5A56GuLTvV42XzIxu99IIzaL5IOz/j diK1bYhf9/SHZYpP8TjB64yfC00KiwAaIsuA5kHk3seYahCds/WKpR+YL+DnFpNC nEO/qVFdmNjCHMe9gLo7r5ivBN0aYoeePr4r8KbspdiaBpIYycSG/2YoKj9QJ40l zCkc5aAYe+FMX/ZbredeTfGSVJ/O6gDzynJblLLO5FZkRguknuQwmbRSdB5hevFV VBG6kTVoQnBDBA+lK1hIx4+maUVy7Yh/BZikijkn9UAnGD+fMZ+Pq1n6fDU2oIdr gAiryuFM8+J0rYeR6iFLpoKdX3q0yzGxabfQyk+B7gT3vnQtjlpYCi7gwNY+RAUE im1zGCGcmMikYXze8i/SMMBNiUKlVol6yOrrkIrsPC3xVZzgxklP085bFz28Rqwg oftJCaCwC9hBxvpVOIf7dKyLPrgPo4E4KTX7A/ipl2ehIjng2gxrWIw6+ZVpBmpU Y6VKe07PRiYcK7oJMK6GhDBU+iaTKJh0ugXxm9UIdWcw8poElBA= =tPEE -----END PGP SIGNATURE----- --=-=-=-- From debbugs-submit-bounces@debbugs.gnu.org Mon Apr 30 09:59:12 2018 Received: (at 31284) by debbugs.gnu.org; 30 Apr 2018 13:59:12 +0000 Received: from localhost ([127.0.0.1]:44102 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1fD9Kh-0003bO-WF for submit@debbugs.gnu.org; Mon, 30 Apr 2018 09:59:12 -0400 Received: from mail-ot0-f176.google.com ([74.125.82.176]:33408) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1fD9Kg-0003bC-LP for 31284@debbugs.gnu.org; Mon, 30 Apr 2018 09:59:11 -0400 Received: by mail-ot0-f176.google.com with SMTP id l22-v6so9562114otj.0 for <31284@debbugs.gnu.org>; Mon, 30 Apr 2018 06:59:10 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=worcester-edu.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=TZZqxja3hVHx3nhMGN25HOoSWiSBf3Ut3Ut9uXPCB14=; b=bX+48wNy5K4/BT60Isx13fH5tQ3WKoeeL3xi8jZy7T599dqE6HV8PNoNzHdAVxOGHT US+ADWDgGdWw4EbHD5DUwUD1gSFLSVAmme8TZsTwuUP86QS0ixxra19dY2LYTUukUC2k JP57LojNHiTEYopKrMH44IA1uA6aJox9QLCGFrmQKGGnBW8Wo8XksRjGle8JMDDpNggs q+guy2KD8d1+/UZQhBWP0fkuNgGILDgw+3+z0mPl9juO9KHhSjRJ2dBDjcL8Ff8zU4OR 8dDnMC/hnmw7lVCEvcJQA75AUOnkn7iyNzxv4h458qen3S2hicsFYv1XhDi/Mb0Ldvby L5rw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=TZZqxja3hVHx3nhMGN25HOoSWiSBf3Ut3Ut9uXPCB14=; b=cV1FXvlQp3DKyCAk9sn7+iEhJC+FN4zPwaaeVVE2LdpG7ex+XXCqtQB0mkQA6yRzhB H+UR+Y+HztTOOcAdxdSRhr1ZUh0qHb9wPkRznVGwRGaIuFR1qe0UW7GnhqKk3zJgdBuP T6CKLPsw4MbRl3vgSKSU/ze7PNvR1wa9SLVo0CYODREMvQzj2hFVvPxCXE+M5OEAUoiG ovmDVcsRff3YsgtBMxg1kHkyQzf5Lh0s+r34t7XA17kD9AmMfrNy2dJIvw8AGz1cGAsc AFmL+Ox9LeXcrss7y+lInC2QsDbeRiCemhrVEnym4GIKck1HVRFsh711DiYNkMHAvkue odFA== X-Gm-Message-State: ALQs6tDMhAfZJ9miu+RuEpACo//lxkVgWuJSP27mynvqJfhsSw0HA/vT FM9QTSgmEW2Rn/7ZNXYww617sp9xsZ8ech1oYdGqKA== X-Google-Smtp-Source: AB8JxZpdbI1c+E3xIsRxDyxJm/DWUcVN/UMBaa3DkxXswpI7Af/h1a62HXXMMzQz7edvbnTtwxZ06UegzxZlEw1A+/g= X-Received: by 2002:a9d:3844:: with SMTP id r4-v6mr7869153otd.13.1525096744704; Mon, 30 Apr 2018 06:59:04 -0700 (PDT) MIME-Version: 1.0 Received: by 2002:a9d:714d:0:0:0:0:0 with HTTP; Mon, 30 Apr 2018 06:59:04 -0700 (PDT) In-Reply-To: <87vac9ylaq.fsf@netris.org> References: <87o9i4szg8.fsf@gmail.com> <87vac9ylaq.fsf@netris.org> From: "Thompson, David" Date: Mon, 30 Apr 2018 09:59:04 -0400 Message-ID: Subject: Re: bug#31284: [PATCH 0/1] guix: Add git-fetch/impure. To: Mark H Weaver Content-Type: text/plain; charset="UTF-8" X-Spam-Score: -0.0 (/) X-Debbugs-Envelope-To: 31284 Cc: 31284@debbugs.gnu.org, Chris Marusich X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) On Sun, Apr 29, 2018 at 1:28 PM, Mark H Weaver wrote: > Hi Chris, > > Chris Marusich writes: > >> You've both said that you would prefer not to add git-fetch/impure to >> Guix. Can you help me to understand why you feel that way? I really >> think it would be nice if Guix could fetch Git repositories over SSH >> using public key authentication, so I'm hoping that we can talk about it >> and figure out an acceptable way to implement it. > > I thought about it some more, and found that I cannot really justify my > position on this, so I hereby drop my objection. It's obviously not > useful for packages that will be included in Guix itself, which is our > primary focus, but I suppose it could be useful for private package > definitions. > > What do you think, David? It seems to me that password tokens in URLs > raise possible security risks, whereas public-key authentication is > generally better practice. If I'm outvoted here then I'm OK with accepting this change. Just to clarify, I advocate the use of password tokens in URLs for private repositories only. I do this for non-Guix things as well in order to improve reproducibility of internal builds. - Dave From unknown Tue Aug 19 23:15:33 2025 Received: (at fakecontrol) by fakecontrolmessage; To: internal_control@debbugs.gnu.org From: Debbugs Internal Request Subject: Internal Control Message-Id: bug archived. Date: Tue, 29 May 2018 11:24:05 +0000 User-Agent: Fakemail v42.6.9 # This is a fake control message. # # The action: # bug archived. thanks # This fakemail brought to you by your local debbugs # administrator