GNU bug report logs -
#41767
[PATCH 0/9] Authenticate channels
Previous Next
Reported by: Ludovic Courtès <ludo <at> gnu.org>
Date: Mon, 8 Jun 2020 21:53:02 UTC
Severity: normal
Tags: patch
Done: Ludovic Courtès <ludo <at> gnu.org>
Bug is archived. No further changes may be made.
Full log
View this message in rfc822 format
Hello!
Ludovic Courtès <ludo <at> gnu.org> writes:
> This allows users to authenticate commits that were made before
> '.guix-authorizations' was introduced.
>
> * guix/channels.scm (<channel-introduction>)[prehistorical-authorizations]:
> New field.
> (%guix-historical-committers): New variable.
> (openpgp-fingerprint->bytevector): New procedure.
> (%guix-channel-introduction): Add 'prehistorical-authorizations' field.
> (authenticate-channel): Honor it. Pass it as #:default-authorizations
> to 'authenticate-commits'.
> * build-aux/git-authenticate.scm (%historical-committers)
> (%historical-authorized-signing-keys, commit-short-id): Remove.
> * build-aux/git-authenticate.scm (git-authenticate): Rewrite to use
> 'authenticate-channel'.
> * tests/channels.scm ("authenticate-channel, wrong first commit signer")
> ("authenticate-channel, .guix-authorizations"): Adjust accordingly.
I'd be in favor of dropping this commit, to not be burdened by legacy
complexity, which I'm doubtful would see much use anyway. This means
that a channel require all its commits to have a .guix-authorizations
file to be authenticated. I think that's fine.
The series LGTM. I haven't tested it locally, but the tests give me
confidence.
Thank you for working on this!
Maxim
This bug report was last modified 4 years and 344 days ago.
Previous Next
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.