From unknown Sat Jun 14 05:00:17 2025 X-Loop: help-debbugs@gnu.org Subject: [bug#42048] [PATCH 0/6] Authenticated channels for everyone! Resent-From: Ludovic =?UTF-8?Q?Court=C3=A8s?= Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Thu, 25 Jun 2020 21:05:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: report 42048 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: 42048@debbugs.gnu.org Cc: Ludovic =?UTF-8?Q?Court=C3=A8s?= X-Debbugs-Original-To: guix-patches@gnu.org Received: via spool by submit@debbugs.gnu.org id=B.15931190568094 (code B ref -1); Thu, 25 Jun 2020 21:05:02 +0000 Received: (at submit) by debbugs.gnu.org; 25 Jun 2020 21:04:16 +0000 Received: from localhost ([127.0.0.1]:41334 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1joZ2d-00026U-WC for submit@debbugs.gnu.org; Thu, 25 Jun 2020 17:04:16 -0400 Received: from lists.gnu.org ([209.51.188.17]:49286) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1joZ2Y-00026H-Ls for submit@debbugs.gnu.org; Thu, 25 Jun 2020 17:04:13 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:45256) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1joZ2Y-00087s-FZ for guix-patches@gnu.org; Thu, 25 Jun 2020 17:04:10 -0400 Received: from fencepost.gnu.org ([2001:470:142:3::e]:45143) by eggs.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1joZ2X-0002Av-Gr; Thu, 25 Jun 2020 17:04:09 -0400 Received: from [2a01:e0a:1d:7270:af76:b9b:ca24:c465] (port=59592 helo=gnu.org) by fencepost.gnu.org with esmtpsa (TLS1.2:DHE_RSA_AES_256_CBC_SHA1:256) (Exim 4.82) (envelope-from ) id 1joZ2W-0005LQ-O8; Thu, 25 Jun 2020 17:04:09 -0400 From: Ludovic =?UTF-8?Q?Court=C3=A8s?= Date: Thu, 25 Jun 2020 23:04:00 +0200 Message-Id: <20200625210400.29033-1-ludo@gnu.org> X-Mailer: git-send-email 2.26.2 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Spam-Score: -2.3 (--) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -3.3 (---) Hello Guix! This patch series follows up on channel authentication support: https://issues.guix.gnu.org/41767 This time the goal is to expose and document the authentication mechanism so that third-party channel authors can use it. This should be the last series on this theme in the foreseeable future. :-) The most visible effect is that channel introductions are now part of the API and shown by ‘guix describe’. It becomes a long-term commitment because we want to be able to pass the output of ‘guix describe -C channels’ or /run/current-system/channels.scm to ‘guix pull’ and ‘guix time-machine’ in the future. Contrary to what I initially proposed¹, channel introductions are stripped to the bare minimum: a commit/fingerprint pair (as is currently the case on master, internally). I figured it doesn’t buy us much to have the commit/fingerprint pair signed; what matters is that users obtain the introduction from a trusted source, and the signature wouldn’t help with that. I also got rid of the idea of rendering introductions are opaque base64 blobs. In the manual I tried to distinguish instructions for users (“what do I need to put in my channels.scm file?”) from instructions for channel authors (“how do I allow users of my channel to authenticate it?”). If people have a channel that they’d like to make “authenticable”, please do try and report back! You can even test with master, you only need to add ‘@@’ to access (guix channels) internals to create the introduction. Feedback welcome! Thanks, Ludo’. ¹ https://issues.guix.gnu.org/issue/22883#69 Ludovic Courtès (6): channels: Add 'openpgp-fingerprint->bytevector'. channels: Make channel introductions public. channels: Remove 'signature' from . channels: Save and interpret 'introduction' field in provenance data. guix describe: Display channel introductions and add 'channels-sans-intro'. services: provenance: Save channel introductions. doc/guix.texi | 130 +++++++++++++++++++++++++++++++++++++- gnu/services.scm | 26 ++++++-- guix/channels.scm | 86 +++++++++++++++++++------ guix/scripts/describe.scm | 56 +++++++++++++--- guix/scripts/system.scm | 4 +- tests/channels.scm | 10 ++- 6 files changed, 269 insertions(+), 43 deletions(-) -- 2.26.2 From unknown Sat Jun 14 05:00:17 2025 X-Loop: help-debbugs@gnu.org Subject: [bug#42048] [PATCH 1/6] channels: Add 'openpgp-fingerprint->bytevector'. References: <20200625210400.29033-1-ludo@gnu.org> In-Reply-To: <20200625210400.29033-1-ludo@gnu.org> Resent-From: Ludovic =?UTF-8?Q?Court=C3=A8s?= Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Thu, 25 Jun 2020 21:17:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 42048 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: 42048@debbugs.gnu.org Cc: Ludovic =?UTF-8?Q?Court=C3=A8s?= Received: via spool by 42048-submit@debbugs.gnu.org id=B42048.15931197859522 (code B ref 42048); Thu, 25 Jun 2020 21:17:02 +0000 Received: (at 42048) by debbugs.gnu.org; 25 Jun 2020 21:16:25 +0000 Received: from localhost ([127.0.0.1]:41349 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1joZEO-0002TV-Qp for submit@debbugs.gnu.org; Thu, 25 Jun 2020 17:16:25 -0400 Received: from eggs.gnu.org ([209.51.188.92]:34486) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1joZEM-0002T3-4b for 42048@debbugs.gnu.org; Thu, 25 Jun 2020 17:16:23 -0400 Received: from fencepost.gnu.org ([2001:470:142:3::e]:45248) by eggs.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1joZEG-0000Tb-85; Thu, 25 Jun 2020 17:16:16 -0400 Received: from [2a01:e0a:1d:7270:af76:b9b:ca24:c465] (port=59608 helo=gnu.org) by fencepost.gnu.org with esmtpsa (TLS1.2:DHE_RSA_AES_256_CBC_SHA1:256) (Exim 4.82) (envelope-from ) id 1joZEF-0006HK-7C; Thu, 25 Jun 2020 17:16:15 -0400 From: Ludovic =?UTF-8?Q?Court=C3=A8s?= Date: Thu, 25 Jun 2020 23:16:00 +0200 Message-Id: <20200625211605.29316-1-ludo@gnu.org> X-Mailer: git-send-email 2.26.2 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Spam-Score: -2.3 (--) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -3.3 (---) * guix/channels.scm (openpgp-fingerprint->bytevector): New procedure. (openpgp-fingerprint): New macro. (%guix-channel-introduction): Use it. --- guix/channels.scm | 27 ++++++++++++++++++++++----- 1 file changed, 22 insertions(+), 5 deletions(-) diff --git a/guix/channels.scm b/guix/channels.scm index 3eec5df883..1d4b50aa48 100644 --- a/guix/channels.scm +++ b/guix/channels.scm @@ -71,6 +71,9 @@ channel-introduction? ;; accessors purposefully omitted for now. + openpgp-fingerprint->bytevector + openpgp-fingerprint + %default-channels guix-channel? @@ -134,6 +137,23 @@ (first-commit-signer channel-introduction-first-commit-signer) ;bytevector (signature channel-introduction-signature)) ;string +(define (openpgp-fingerprint->bytevector str) + "Convert STR, an OpenPGP fingerprint (hexadecimal string with whitespace), +to the corresponding bytevector." + (base16-string->bytevector + (string-downcase (string-filter char-set:hex-digit str)))) + +(define-syntax openpgp-fingerprint + (lambda (s) + "Convert STR, an OpenPGP fingerprint (hexadecimal string with whitespace), +to the corresponding bytevector." + (syntax-case s () + ((_ str) + (string? (syntax->datum #'str)) + (openpgp-fingerprint->bytevector (syntax->datum #'str))) + ((_ str) + #'(openpgp-fingerprint->bytevector str))))) + (define %guix-channel-introduction ;; Introduction of the official 'guix channel. The chosen commit is the ;; first one that introduces '.guix-authorizations' on the 'staging' @@ -142,11 +162,8 @@ ;; & co. (make-channel-introduction "9edb3f66fd807b096b48283debdcddccfea34bad" ;2020-05-26 - (base16-string->bytevector - (string-downcase - (string-filter char-set:hex-digit ;mbakke - "BBB0 2DDF 2CEA F6A8 0D1D E643 A2A0 6DF2 A33A 54FA"))) - #f)) ;TODO: Add an intro signature so it can be exported. + (openpgp-fingerprint ;mbakke + "BBB0 2DDF 2CEA F6A8 0D1D E643 A2A0 6DF2 A33A 54FA"))) (define %default-channel-url ;; URL of the default 'guix' channel. -- 2.26.2 From unknown Sat Jun 14 05:00:17 2025 X-Loop: help-debbugs@gnu.org Subject: [bug#42048] [PATCH 2/6] channels: Make channel introductions public. Resent-From: Ludovic =?UTF-8?Q?Court=C3=A8s?= Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Thu, 25 Jun 2020 21:17:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 42048 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: 42048@debbugs.gnu.org Cc: Ludovic =?UTF-8?Q?Court=C3=A8s?= Received: via spool by 42048-submit@debbugs.gnu.org id=B42048.15931197889558 (code B ref 42048); Thu, 25 Jun 2020 21:17:02 +0000 Received: (at 42048) by debbugs.gnu.org; 25 Jun 2020 21:16:28 +0000 Received: from localhost ([127.0.0.1]:41354 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1joZES-0002Tz-2q for submit@debbugs.gnu.org; Thu, 25 Jun 2020 17:16:28 -0400 Received: from eggs.gnu.org ([209.51.188.92]:34500) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1joZEN-0002T9-W4 for 42048@debbugs.gnu.org; Thu, 25 Jun 2020 17:16:25 -0400 Received: from fencepost.gnu.org ([2001:470:142:3::e]:45250) by eggs.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1joZEI-0000Uq-PM; Thu, 25 Jun 2020 17:16:18 -0400 Received: from [2a01:e0a:1d:7270:af76:b9b:ca24:c465] (port=59608 helo=gnu.org) by fencepost.gnu.org with esmtpsa (TLS1.2:DHE_RSA_AES_256_CBC_SHA1:256) (Exim 4.82) (envelope-from ) id 1joZEG-0006HK-IB; Thu, 25 Jun 2020 17:16:17 -0400 From: Ludovic =?UTF-8?Q?Court=C3=A8s?= Date: Thu, 25 Jun 2020 23:16:01 +0200 Message-Id: <20200625211605.29316-2-ludo@gnu.org> X-Mailer: git-send-email 2.26.2 In-Reply-To: <20200625211605.29316-1-ludo@gnu.org> References: <20200625211605.29316-1-ludo@gnu.org> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Spam-Score: -2.3 (--) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -3.3 (---) * guix/channels.scm (): Rename constructor to '%make-channel-introduction'. (make-channel-introduction): New procedure. * tests/channels.scm ("authenticate-channel, wrong first commit signer") ("authenticate-channel, .guix-authorizations"): Use 'make-channel-introduction' without '@@' and without third argument. * doc/guix.texi (Channels)[Channel Authentication, Specifying Channel Authorizations]: New subsections. --- doc/guix.texi | 117 ++++++++++++++++++++++++++++++++++++++++++++- guix/channels.scm | 14 ++++-- tests/channels.scm | 10 ++-- 3 files changed, 130 insertions(+), 11 deletions(-) diff --git a/doc/guix.texi b/doc/guix.texi index 5b854ccbd4..a4bb52bb24 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -3975,8 +3975,52 @@ deploys Guix itself from the official GNU@tie{}Guix repository. This can be customized by defining @dfn{channels} in the @file{~/.config/guix/channels.scm} file. A channel specifies a URL and branch of a Git repository to be deployed, and @command{guix pull} can be instructed -to pull from one or more channels. In other words, channels can be used to -@emph{customize} and to @emph{extend} Guix, as we will see below. +to pull from one or more channels. In other words, channels can be used +to @emph{customize} and to @emph{extend} Guix, as we will see below. +Before that, some security considerations. + +@subsection Channel Authentication + +@cindex authentication, of channel code +The @command{guix pull} and @command{guix time-machine} commands +@dfn{authenticate} the code retrieved from channels: they make sure each +commit that is fetched is signed by an authorized developer. The goal +is to protect from unauthorized modifications to the channel that would +lead users to run malicious code. + +As a user, you must be @dfn{introduced} to a channel so you can start +pulling from it and authenticate its code. The @dfn{channel +introduction} tells Guix how to authenticate the first commit of that +channel: + +As a user, you must provide a @dfn{channel introduction} in your +channels file so that Guix knows how to authenticate its first commit. +A channel specification, including its introduction, looks something +along these lines: + +@lisp +(channel + (name 'my-channel) + (url "https://example.org/my-channel.git") + (introduction + (make-channel-introduction + "6f0d8cc0d88abb59c324b2990bfee2876016bb86" + (openpgp-fingerprint + "CABB A931 C0FF EEC6 900D 0CFB 090B 1199 3D9A EBB5")))) +@end lisp + +The specification above shows the name and URL of the channel. The call +to @code{make-channel-introduction} above specifies that authentication +of this channel starts at commit @code{6f0d8cc@dots{}}, which is signed +by the OpenPGP key with fingerprint @code{CABB A931@dots{}}. + +For the main channel, called @code{guix}, you automatically get that +information from your Guix installation. For other channels, include +the channel introduction provided by the channel authors in your +@file{channels.scm} file. Make sure you retrieve the channel +introduction from a trusted source since that is the root of your trust. + +If you're curious about the authentication mechanics, read on! @subsection Using a Custom Guix Channel @@ -4150,6 +4194,75 @@ add a meta-data file @file{.guix-channel} that contains: (directory "guix")) @end lisp +@cindex channel authorizations +@subsection Specifying Channel Authorizations + +As we saw above, Guix ensures the source code it pulls from channels +comes from authorized developers. As a channel author, you need to +specify the list of authorized developers in the +@file{.guix-authorizations} file in the channel's Git repository. The +authentication rule is simple: each commit must be signed by a key +listed in the @file{.guix-authorizations} file of its parent +commit(s)@footnote{Git commits form a @dfn{directed acyclic graph} +(DAG). Each commit can have zero or more parents; ``regular'' commits +have one parent and merge commits have two parent commits. Read +@uref{https://eagain.net/articles/git-for-computer-scientists/, @i{Git +for Computer Scientists}} for a great overview.} The +@file{.guix-authorizations} file looks like this: + +@lisp +;; Example '.guix-authorizations' file. + +(authorizations + (version 0) ;current file format version + + (("AD17 A21E F8AE D8F1 CC02 DBD9 F8AE D8F1 765C 61E3" + (name "alice")) + ("2A39 3FFF 68F4 EF7A 3D29 12AF 68F4 EF7A 22FB B2D5" + (name "bob")) + ("CABB A931 C0FF EEC6 900D 0CFB 090B 1199 3D9A EBB5" + (name "charlie")))) +@end lisp + +Each fingerprint is followed by optional key/value pairs, as in the +example above. Currently these key/value pairs are ignored. + +This authentication rule creates a chicken-and-egg issue: how do we +authenticate the first commit? Related to that: how do we deal with +channels whose repository history contains unsigned commits and lack +@file{.guix-authorizations}? And how do we fork existing channels? + +@cindex channel introduction +Channel introductions answer these questions by describing the first +commit of a channel that should be authenticated. The first time a +channel is fetched with @command{guix pull} or @command{guix +time-machine}, the command looks up the introductory commit and verifies +that it is signed by the specified OpenPGP key. From then on, it +authenticates commits according to the rule above. + +To summarize, as the author of a channel, there are two things you have +to do to allow users to authenticate your code: + +@enumerate +@item +Introduce an initial @file{.guix-authorizations} in the channel's +repository. Do that in a signed commit (@pxref{Commit Access}, for +information on how to sign Git commits.) + +@item +Advertise the channel introduction, for instance on your channel's web +page. The channel introduction, as we saw above, is the commit/key +pair---i.e., the commit that introduced @file{.guix-authorizations}, and +the fingerprint of the OpenPGP used to sign it. +@end enumerate + +Publishing a signed channel requires discipline: any mistake, such as an +unsigned commit or a commit signed by an unauthorized key, will prevent +users from pulling from your channel---well, that's the whole point of +authentication! Pay attention to merges in particular: merge commits +are considered authentic if and only if they are signed by a key present +in the @file{.guix-authorizations} file of @emph{both} branches. + @cindex primary URL, channels @subsection Primary URL diff --git a/guix/channels.scm b/guix/channels.scm index 1d4b50aa48..9859bfdda8 100644 --- a/guix/channels.scm +++ b/guix/channels.scm @@ -69,7 +69,9 @@ channel-location channel-introduction? - ;; accessors purposefully omitted for now. + make-channel-introduction + channel-introduction-first-signed-commit + channel-introduction-first-commit-signer openpgp-fingerprint->bytevector openpgp-fingerprint @@ -130,13 +132,19 @@ ;; commit so that only them may emit this introduction. Introductions are ;; used to bootstrap trust in a channel. (define-record-type - (make-channel-introduction first-signed-commit first-commit-signer - signature) + (%make-channel-introduction first-signed-commit first-commit-signer + signature) channel-introduction? (first-signed-commit channel-introduction-first-signed-commit) ;hex string (first-commit-signer channel-introduction-first-commit-signer) ;bytevector (signature channel-introduction-signature)) ;string +(define (make-channel-introduction commit signer) + "Return a new channel introduction: COMMIT is the introductory where +authentication starts, and SIGNER is the OpenPGP fingerprint (a bytevector) of +the signer of that commit." + (%make-channel-introduction commit signer #f)) + (define (openpgp-fingerprint->bytevector str) "Convert STR, an OpenPGP fingerprint (hexadecimal string with whitespace), to the corresponding bytevector." diff --git a/tests/channels.scm b/tests/channels.scm index 3a2c1d429b..016c3ad9db 100644 --- a/tests/channels.scm +++ b/tests/channels.scm @@ -430,12 +430,11 @@ (with-repository directory repository (let* ((commit1 (find-commit repository "first")) (commit2 (find-commit repository "second")) - (intro ((@@ (guix channels) make-channel-introduction) + (intro (make-channel-introduction (commit-id-string commit1) (openpgp-public-key-fingerprint (read-openpgp-packet - %ed25519bis-public-key-file)) ;different key - #f)) ;no signature + %ed25519bis-public-key-file)))) ;different key (channel (channel (name 'example) (url (string-append "file://" directory)) (introduction intro)))) @@ -486,12 +485,11 @@ (let* ((commit1 (find-commit repository "first")) (commit2 (find-commit repository "second")) (commit3 (find-commit repository "third")) - (intro ((@@ (guix channels) make-channel-introduction) + (intro (make-channel-introduction (commit-id-string commit1) (openpgp-public-key-fingerprint (read-openpgp-packet - %ed25519-public-key-file)) - #f)) ;no signature + %ed25519-public-key-file)))) (channel (channel (name 'example) (url (string-append "file://" directory)) (introduction intro)))) -- 2.26.2 From unknown Sat Jun 14 05:00:17 2025 X-Loop: help-debbugs@gnu.org Subject: [bug#42048] [PATCH 3/6] channels: Remove 'signature' from . Resent-From: Ludovic =?UTF-8?Q?Court=C3=A8s?= Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Thu, 25 Jun 2020 21:17:03 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 42048 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: 42048@debbugs.gnu.org Cc: Ludovic =?UTF-8?Q?Court=C3=A8s?= Received: via spool by 42048-submit@debbugs.gnu.org id=B42048.15931197899568 (code B ref 42048); Thu, 25 Jun 2020 21:17:03 +0000 Received: (at 42048) by debbugs.gnu.org; 25 Jun 2020 21:16:29 +0000 Received: from localhost ([127.0.0.1]:41356 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1joZES-0002U7-P7 for submit@debbugs.gnu.org; Thu, 25 Jun 2020 17:16:29 -0400 Received: from eggs.gnu.org ([209.51.188.92]:34512) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1joZEP-0002TD-HH for 42048@debbugs.gnu.org; Thu, 25 Jun 2020 17:16:25 -0400 Received: from fencepost.gnu.org ([2001:470:142:3::e]:45251) by eggs.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1joZEK-0000WI-Ay; Thu, 25 Jun 2020 17:16:20 -0400 Received: from [2a01:e0a:1d:7270:af76:b9b:ca24:c465] (port=59608 helo=gnu.org) by fencepost.gnu.org with esmtpsa (TLS1.2:DHE_RSA_AES_256_CBC_SHA1:256) (Exim 4.82) (envelope-from ) id 1joZEJ-0006HK-2z; Thu, 25 Jun 2020 17:16:19 -0400 From: Ludovic =?UTF-8?Q?Court=C3=A8s?= Date: Thu, 25 Jun 2020 23:16:02 +0200 Message-Id: <20200625211605.29316-3-ludo@gnu.org> X-Mailer: git-send-email 2.26.2 In-Reply-To: <20200625211605.29316-1-ludo@gnu.org> References: <20200625211605.29316-1-ludo@gnu.org> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Spam-Score: -2.3 (--) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -3.3 (---) In the end signing the commit/key pair does not buy us much. Someone publishing a valid but different commit/key pair would effectively be publishing a different channel, which could be a fork (made by a former authorized developer) or simply a mirror. In the latter case, there's nothing to be gained by publishing a different commit/key pair. * guix/channels.scm ()[signature]: Remove. (make-channel-introduction): Adjust accordingly. --- guix/channels.scm | 15 ++++++--------- 1 file changed, 6 insertions(+), 9 deletions(-) diff --git a/guix/channels.scm b/guix/channels.scm index 9859bfdda8..05b2661445 100644 --- a/guix/channels.scm +++ b/guix/channels.scm @@ -128,22 +128,19 @@ ;; Channel introductions. A "channel introduction" provides a commit/signer ;; pair that specifies the first commit of the authentication process as well -;; as its signer's fingerprint. The pair must be signed by the signer of that -;; commit so that only them may emit this introduction. Introductions are -;; used to bootstrap trust in a channel. +;; as its signer's fingerprint. Introductions are used to bootstrap trust in +;; a channel. (define-record-type - (%make-channel-introduction first-signed-commit first-commit-signer - signature) + (%make-channel-introduction first-signed-commit first-commit-signer) channel-introduction? - (first-signed-commit channel-introduction-first-signed-commit) ;hex string - (first-commit-signer channel-introduction-first-commit-signer) ;bytevector - (signature channel-introduction-signature)) ;string + (first-signed-commit channel-introduction-first-signed-commit) ;hex string + (first-commit-signer channel-introduction-first-commit-signer)) ;bytevector (define (make-channel-introduction commit signer) "Return a new channel introduction: COMMIT is the introductory where authentication starts, and SIGNER is the OpenPGP fingerprint (a bytevector) of the signer of that commit." - (%make-channel-introduction commit signer #f)) + (%make-channel-introduction commit signer)) (define (openpgp-fingerprint->bytevector str) "Convert STR, an OpenPGP fingerprint (hexadecimal string with whitespace), -- 2.26.2 From unknown Sat Jun 14 05:00:17 2025 X-Loop: help-debbugs@gnu.org Subject: [bug#42048] [PATCH 4/6] channels: Save and interpret 'introduction' field in provenance data. Resent-From: Ludovic =?UTF-8?Q?Court=C3=A8s?= Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Thu, 25 Jun 2020 21:17:03 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 42048 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: 42048@debbugs.gnu.org Cc: Ludovic =?UTF-8?Q?Court=C3=A8s?= Received: via spool by 42048-submit@debbugs.gnu.org id=B42048.15931197939586 (code B ref 42048); Thu, 25 Jun 2020 21:17:03 +0000 Received: (at 42048) by debbugs.gnu.org; 25 Jun 2020 21:16:33 +0000 Received: from localhost ([127.0.0.1]:41359 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1joZEX-0002UX-5s for submit@debbugs.gnu.org; Thu, 25 Jun 2020 17:16:33 -0400 Received: from eggs.gnu.org ([209.51.188.92]:34536) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1joZER-0002TH-5t for 42048@debbugs.gnu.org; Thu, 25 Jun 2020 17:16:27 -0400 Received: from fencepost.gnu.org ([2001:470:142:3::e]:45253) by eggs.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1joZEL-0000XE-Kg; Thu, 25 Jun 2020 17:16:21 -0400 Received: from [2a01:e0a:1d:7270:af76:b9b:ca24:c465] (port=59608 helo=gnu.org) by fencepost.gnu.org with esmtpsa (TLS1.2:DHE_RSA_AES_256_CBC_SHA1:256) (Exim 4.82) (envelope-from ) id 1joZEK-0006HK-L3; Thu, 25 Jun 2020 17:16:21 -0400 From: Ludovic =?UTF-8?Q?Court=C3=A8s?= Date: Thu, 25 Jun 2020 23:16:03 +0200 Message-Id: <20200625211605.29316-4-ludo@gnu.org> X-Mailer: git-send-email 2.26.2 In-Reply-To: <20200625211605.29316-1-ludo@gnu.org> References: <20200625211605.29316-1-ludo@gnu.org> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Spam-Score: -2.3 (--) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -3.3 (---) With this change, profiles created by 'guix pull' & co. include channel introductions as part of the channel metadata of each manifest entry. * guix/channels.scm (channel-instances->manifest)[instance->entry]: Add 'introduction' field when CHANNEL has an introduction. (profile-channels)[sexp->channel-introduction]: New procedure. Use it to initialize the 'introduction' field. --- guix/channels.scm | 36 +++++++++++++++++++++++++++++++----- 1 file changed, 31 insertions(+), 5 deletions(-) diff --git a/guix/channels.scm b/guix/channels.scm index 05b2661445..02800733dd 100644 --- a/guix/channels.scm +++ b/guix/channels.scm @@ -844,8 +844,9 @@ derivation." "Return a profile manifest with entries for all of INSTANCES, a list of channel instances." (define (instance->entry instance drv) - (let ((commit (channel-instance-commit instance)) - (channel (channel-instance-channel instance))) + (let* ((commit (channel-instance-commit instance)) + (channel (channel-instance-channel instance)) + (intro (channel-introduction channel))) (manifest-entry (name (symbol->string (channel-name channel))) (version (string-take commit 7)) @@ -860,7 +861,19 @@ channel instances." (version 0) (url ,(channel-url channel)) (branch ,(channel-branch channel)) - (commit ,commit)))))))) + (commit ,commit) + ,@(if intro + `((introduction + (channel-introduction + (version 0) + (commit + ,(channel-introduction-first-signed-commit + intro)) + (signer + ,(openpgp-format-fingerprint + (channel-introduction-first-commit-signer + intro)))))) + '())))))))) (mlet* %store-monad ((derivations (channel-instance-derivations instances)) (entries -> (map instance->entry instances derivations))) @@ -928,17 +941,30 @@ to 'latest-channel-instances'." (define (profile-channels profile) "Return the list of channels corresponding to entries in PROFILE. If PROFILE is not a profile created by 'guix pull', return the empty list." + (define sexp->channel-introduction + (match-lambda + (('channel-introduction ('version 0) + ('commit commit) ('signer signer) + _ ...) + (make-channel-introduction commit (openpgp-fingerprint signer))) + (x #f))) + (filter-map (lambda (entry) (match (assq 'source (manifest-entry-properties entry)) (('source ('repository ('version 0) ('url url) ('branch branch) ('commit commit) - _ ...)) + rest ...)) (channel (name (string->symbol (manifest-entry-name entry))) (url url) - (commit commit))) + (commit commit) + (introduction + (match (assq 'introduction rest) + (#f #f) + (('introduction intro) + (sexp->channel-introduction intro)))))) ;; No channel information for this manifest entry. ;; XXX: Pre-0.15.0 Guix did not provide that information, -- 2.26.2 From unknown Sat Jun 14 05:00:17 2025 X-Loop: help-debbugs@gnu.org Subject: [bug#42048] [PATCH 5/6] guix describe: Display channel introductions and add 'channels-sans-intro'. Resent-From: Ludovic =?UTF-8?Q?Court=C3=A8s?= Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Thu, 25 Jun 2020 21:17:03 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 42048 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: 42048@debbugs.gnu.org Cc: Ludovic =?UTF-8?Q?Court=C3=A8s?= Received: via spool by 42048-submit@debbugs.gnu.org id=B42048.15931197949595 (code B ref 42048); Thu, 25 Jun 2020 21:17:03 +0000 Received: (at 42048) by debbugs.gnu.org; 25 Jun 2020 21:16:34 +0000 Received: from localhost ([127.0.0.1]:41361 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1joZEX-0002UZ-FF for submit@debbugs.gnu.org; Thu, 25 Jun 2020 17:16:34 -0400 Received: from eggs.gnu.org ([209.51.188.92]:34548) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1joZER-0002TK-JX for 42048@debbugs.gnu.org; Thu, 25 Jun 2020 17:16:28 -0400 Received: from fencepost.gnu.org ([2001:470:142:3::e]:45254) by eggs.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1joZEM-0000Xx-DF; Thu, 25 Jun 2020 17:16:22 -0400 Received: from [2a01:e0a:1d:7270:af76:b9b:ca24:c465] (port=59608 helo=gnu.org) by fencepost.gnu.org with esmtpsa (TLS1.2:DHE_RSA_AES_256_CBC_SHA1:256) (Exim 4.82) (envelope-from ) id 1joZEL-0006HK-Um; Thu, 25 Jun 2020 17:16:22 -0400 From: Ludovic =?UTF-8?Q?Court=C3=A8s?= Date: Thu, 25 Jun 2020 23:16:04 +0200 Message-Id: <20200625211605.29316-5-ludo@gnu.org> X-Mailer: git-send-email 2.26.2 In-Reply-To: <20200625211605.29316-1-ludo@gnu.org> References: <20200625211605.29316-1-ludo@gnu.org> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Spam-Score: -2.3 (--) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -3.3 (---) * guix/scripts/describe.scm (%available-formats): Add "channels-sans-intro". (channel->sexp): Add #:include-introduction?. Emit CHANNEL's intro if INCLUDE-INTRODUCTION? is true and CHANNEL has an introduction. (channel->json): Include CHANNEL's introduction, if any. (channel->recutils): Likewise. (display-profile-info): Add 'channels-sans-intro' case. * doc/guix.texi (Invoking guix describe): Add introduction in example. Add 'channels-sans-intro' case. --- doc/guix.texi | 13 ++++++++- guix/scripts/describe.scm | 56 ++++++++++++++++++++++++++++++++------- 2 files changed, 58 insertions(+), 11 deletions(-) diff --git a/doc/guix.texi b/doc/guix.texi index a4bb52bb24..fcf67bd718 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -4613,7 +4613,12 @@ $ guix describe -f channels (name 'guix) (url "https://git.savannah.gnu.org/git/guix.git") (commit - "e0fa68c7718fffd33d81af415279d6ddb518f727"))) + "e0fa68c7718fffd33d81af415279d6ddb518f727") + (introduction + (make-channel-introduction + "9edb3f66fd807b096b48283debdcddccfea34bad" + (openpgp-fingerprint + "BBB0 2DDF 2CEA F6A8 0D1D E643 A2A0 6DF2 A33A 54FA"))))) @end example @noindent @@ -4639,6 +4644,12 @@ produce human-readable output; produce a list of channel specifications that can be passed to @command{guix pull -C} or installed as @file{~/.config/guix/channels.scm} (@pxref{Invoking guix pull}); +@item channels-sans-intro +like @code{channels}, but omit the @code{introduction} field; use it to +produce a channel specification suitable for Guix version 1.1.0 or +earlier---the @code{introduction} field has to do with channel +authentication (@pxref{Channels, Channel Authentication}) and is not +supported by these older versions; @item json @cindex JSON produce a list of channel specifications in JSON format; diff --git a/guix/scripts/describe.scm b/guix/scripts/describe.scm index 7a2dbc453a..39e096a9a4 100644 --- a/guix/scripts/describe.scm +++ b/guix/scripts/describe.scm @@ -26,9 +26,11 @@ #:use-module (guix scripts) #:use-module (guix describe) #:use-module (guix profiles) + #:autoload (guix openpgp) (openpgp-format-fingerprint) #:use-module (git) #:use-module (json) #:use-module (srfi srfi-1) + #:use-module (srfi srfi-26) #:use-module (srfi srfi-37) #:use-module (ice-9 match) #:autoload (ice-9 pretty-print) (pretty-print) @@ -42,7 +44,8 @@ ;;; ;;; Command-line options. ;;; -(define %available-formats '("human" "channels" "json" "recutils")) +(define %available-formats + '("human" "channels" "channels-sans-intro" "json" "recutils")) (define (list-formats) (display (G_ "The available formats are:\n")) @@ -109,21 +112,50 @@ Display information about the channels currently in use.\n")) (_ (warning (G_ "'GUIX_PACKAGE_PATH' is set but it is not captured~%"))))))) -(define (channel->sexp channel) - `(channel - (name ',(channel-name channel)) - (url ,(channel-url channel)) - (commit ,(channel-commit channel)))) +(define* (channel->sexp channel #:key (include-introduction? #t)) + (let ((intro (and include-introduction? + (channel-introduction channel)))) + `(channel + (name ',(channel-name channel)) + (url ,(channel-url channel)) + (commit ,(channel-commit channel)) + ,@(if intro + `((introduction (make-channel-introduction + ,(channel-introduction-first-signed-commit intro) + (openpgp-fingerprint + ,(openpgp-format-fingerprint + (channel-introduction-first-commit-signer + intro)))))) + '())))) (define (channel->json channel) - (scm->json-string `((name . ,(channel-name channel)) - (url . ,(channel-url channel)) - (commit . ,(channel-commit channel))))) + (scm->json-string + (let ((intro (channel-introduction channel))) + `((name . ,(channel-name channel)) + (url . ,(channel-url channel)) + (commit . ,(channel-commit channel)) + ,@(if intro + `((introduction + . ((commit . ,(channel-introduction-first-signed-commit + intro)) + (signer . ,(openpgp-format-fingerprint + (channel-introduction-first-commit-signer + intro)))))) + '()))))) (define (channel->recutils channel port) + (define intro + (channel-introduction channel)) + (format port "name: ~a~%" (channel-name channel)) (format port "url: ~a~%" (channel-url channel)) - (format port "commit: ~a~%" (channel-commit channel))) + (format port "commit: ~a~%" (channel-commit channel)) + (when intro + (format port "introductioncommit: ~a~%" + (channel-introduction-first-signed-commit intro)) + (format port "introductionsigner: ~a~%" + (openpgp-format-fingerprint + (channel-introduction-first-commit-signer intro))))) (define (display-checkout-info fmt) "Display information about the current checkout according to FMT, a symbol @@ -181,6 +213,10 @@ in the format specified by FMT." (display-profile-content profile number)) ('channels (pretty-print `(list ,@(map channel->sexp channels)))) + ('channels-sans-intro + (pretty-print `(list ,@(map (cut channel->sexp <> + #:include-introduction? #f) + channels)))) ('json (format #t "[~a]~%" (string-join (map channel->json channels) ","))) ('recutils -- 2.26.2 From unknown Sat Jun 14 05:00:17 2025 X-Loop: help-debbugs@gnu.org Subject: [bug#42048] [PATCH 6/6] services: provenance: Save channel introductions. Resent-From: Ludovic =?UTF-8?Q?Court=C3=A8s?= Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Thu, 25 Jun 2020 21:17:04 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 42048 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: 42048@debbugs.gnu.org Cc: Ludovic =?UTF-8?Q?Court=C3=A8s?= Received: via spool by 42048-submit@debbugs.gnu.org id=B42048.15931197949601 (code B ref 42048); Thu, 25 Jun 2020 21:17:04 +0000 Received: (at 42048) by debbugs.gnu.org; 25 Jun 2020 21:16:34 +0000 Received: from localhost ([127.0.0.1]:41363 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1joZEY-0002Ui-2j for submit@debbugs.gnu.org; Thu, 25 Jun 2020 17:16:34 -0400 Received: from eggs.gnu.org ([209.51.188.92]:34556) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1joZES-0002TS-OE for 42048@debbugs.gnu.org; Thu, 25 Jun 2020 17:16:29 -0400 Received: from fencepost.gnu.org ([2001:470:142:3::e]:45255) by eggs.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1joZEN-0000Yd-Hc; Thu, 25 Jun 2020 17:16:23 -0400 Received: from [2a01:e0a:1d:7270:af76:b9b:ca24:c465] (port=59608 helo=gnu.org) by fencepost.gnu.org with esmtpsa (TLS1.2:DHE_RSA_AES_256_CBC_SHA1:256) (Exim 4.82) (envelope-from ) id 1joZEM-0006HK-NK; Thu, 25 Jun 2020 17:16:23 -0400 From: Ludovic =?UTF-8?Q?Court=C3=A8s?= Date: Thu, 25 Jun 2020 23:16:05 +0200 Message-Id: <20200625211605.29316-6-ludo@gnu.org> X-Mailer: git-send-email 2.26.2 In-Reply-To: <20200625211605.29316-1-ludo@gnu.org> References: <20200625211605.29316-1-ludo@gnu.org> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Spam-Score: -2.3 (--) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -3.3 (---) * gnu/services.scm (channel->code): Include CHANNEL's introduction, if any, unless CHANNEL is the singleton %DEFAULT-CHANNELS. (channel->sexp): Add comment. * guix/scripts/system.scm (sexp->channel): Change pattern to allow for extensibility. --- gnu/services.scm | 26 ++++++++++++++++++++++---- guix/scripts/system.scm | 4 +++- 2 files changed, 25 insertions(+), 5 deletions(-) diff --git a/gnu/services.scm b/gnu/services.scm index 27e5558231..f6dc56d940 100644 --- a/gnu/services.scm +++ b/gnu/services.scm @@ -31,6 +31,7 @@ #:use-module (guix sets) #:use-module (guix ui) #:use-module ((guix utils) #:select (source-properties->location)) + #:autoload (guix openpgp) (openpgp-format-fingerprint) #:use-module (guix modules) #:use-module (gnu packages base) #:use-module (gnu packages bash) @@ -392,14 +393,31 @@ by the initrd once the root file system is mounted."))) (define (channel->code channel) "Return code to build CHANNEL, ready to be dropped in a 'channels.scm' file." - `(channel (name ',(channel-name channel)) - (url ,(channel-url channel)) - (branch ,(channel-branch channel)) - (commit ,(channel-commit channel)))) + ;; Since the 'introduction' field is backward-incompatible, and since it's + ;; optional when using the "official" 'guix channel, include it if and only + ;; if we're referring to a different channel. + (let ((intro (and (not (equal? (list channel) %default-channels)) + (channel-introduction channel)))) + `(channel (name ',(channel-name channel)) + (url ,(channel-url channel)) + (branch ,(channel-branch channel)) + (commit ,(channel-commit channel)) + ,@(if intro + `((introduction + (make-channel-introduction + ,(channel-introduction-first-signed-commit intro) + (openpgp-fingerprint + ,(openpgp-format-fingerprint + (channel-introduction-first-commit-signer + intro)))))) + '())))) (define (channel->sexp channel) "Return an sexp describing CHANNEL. The sexp is _not_ code and is meant to be parsed by tools; it's potentially more future-proof than code." + ;; TODO: Add CHANNEL's introduction. Currently we can't do that because + ;; older 'guix system describe' expect exactly name/url/branch/commit + ;; without any additional fields. `(channel (name ,(channel-name channel)) (url ,(channel-url channel)) (branch ,(channel-branch channel)) diff --git a/guix/scripts/system.scm b/guix/scripts/system.scm index 212b49f008..cfefe8a8a8 100644 --- a/guix/scripts/system.scm +++ b/guix/scripts/system.scm @@ -452,7 +452,9 @@ list of services." (('channel ('name name) ('url url) ('branch branch) - ('commit commit)) + ('commit commit) + rest ...) + ;; XXX: In the future REST may include a channel introduction. (channel (name name) (url url) (branch branch) (commit commit))))) -- 2.26.2 From unknown Sat Jun 14 05:00:17 2025 X-Loop: help-debbugs@gnu.org Subject: [bug#42048] [PATCH 2/6] channels: Make channel introductions public. Resent-From: Kyle Meyer Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Thu, 25 Jun 2020 22:33:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 42048 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: Ludovic =?UTF-8?Q?Court=C3=A8s?= Cc: 42048@debbugs.gnu.org Received: via spool by 42048-submit@debbugs.gnu.org id=B42048.159312435025514 (code B ref 42048); Thu, 25 Jun 2020 22:33:02 +0000 Received: (at 42048) by debbugs.gnu.org; 25 Jun 2020 22:32:30 +0000 Received: from localhost ([127.0.0.1]:41456 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1joaQ1-0006dS-ON for submit@debbugs.gnu.org; Thu, 25 Jun 2020 18:32:29 -0400 Received: from pb-smtp20.pobox.com ([173.228.157.52]:59787) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1joaPy-0006dJ-Pu for 42048@debbugs.gnu.org; Thu, 25 Jun 2020 18:32:28 -0400 Received: from pb-smtp20.pobox.com (unknown [127.0.0.1]) by pb-smtp20.pobox.com (Postfix) with ESMTP id E9E67E39FE; Thu, 25 Jun 2020 18:32:25 -0400 (EDT) (envelope-from kyle@kyleam.com) DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=pobox.com; h=from:to:cc :subject:in-reply-to:references:date:message-id:mime-version :content-type:content-transfer-encoding; s=sasl; bh=asaGpIyrk2po 9A/vjKNqYwCKY5w=; b=V2TfX+0s40zZELnEhZXLx8ZQ2VjY2QcTuf6GDCvHdFuA bT8lAttQhtzEpwIUmkUyIV/mtP6kFpTnM58GkS5Yn/HJCViFkCOstmvMk0pqo6gq wQ9JrfEWx4xp+1Ann7lGXaBYwBZ6SSzAtkM+dQBLr6e12FHECSYPhtJkFRPx1Zc= Received: from pb-smtp20.sea.icgroup.com (unknown [127.0.0.1]) by pb-smtp20.pobox.com (Postfix) with ESMTP id E23B4E39FD; Thu, 25 Jun 2020 18:32:25 -0400 (EDT) (envelope-from kyle@kyleam.com) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed; d=kyleam.com; h=from:to:cc:subject:in-reply-to:references:date:message-id:mime-version:content-type:content-transfer-encoding; s=mesmtp; bh=zvlSKKkskViO4WWMnBpv2jP6WYtx3c/1Rf4OjvCoc8U=; b=2uF0u11JsT77kzWpo5AK4pRG7E1DiqKacAE+7yLz8ZcyJLaUaHSx1Lnn1JCXgCjSDd4iwb+oQzijIkQL+wCiC1hxZr/FpIUh4/XjVfhVljIfQUQuTNmQFY2DuJQ6T1tC+/+/kD/s0W+ZZMrTfmWDoAMRwtBmIM4Bt1Szrqrvbdg= Received: from localhost (unknown [45.33.91.115]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by pb-smtp20.pobox.com (Postfix) with ESMTPSA id 37844E39FA; Thu, 25 Jun 2020 18:32:23 -0400 (EDT) (envelope-from kyle@kyleam.com) From: Kyle Meyer In-Reply-To: <20200625211605.29316-2-ludo@gnu.org> References: <20200625211605.29316-1-ludo@gnu.org> <20200625211605.29316-2-ludo@gnu.org> Date: Thu, 25 Jun 2020 22:32:20 +0000 Message-ID: <87h7uy7p57.fsf@kyleam.com> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Pobox-Relay-ID: BD1FD292-B733-11EA-B264-B0405B776F7B-24757444!pb-smtp20.pobox.com X-Spam-Score: -0.7 (/) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.7 (-) Ludovic Court=C3=A8s writes: > diff --git a/doc/guix.texi b/doc/guix.texi [...] > +As a user, you must be @dfn{introduced} to a channel so you can start > +pulling from it and authenticate its code. The @dfn{channel > +introduction} tells Guix how to authenticate the first commit of that > +channel: Given the colon, it looks like something is missing here. Based on what comes next... > + > +As a user, you must provide a @dfn{channel introduction} in your > +channels file so that Guix knows how to authenticate its first commit. > +A channel specification, including its introduction, looks something > +along these lines: > + > +@lisp > +(channel > + (name 'my-channel) > + (url "https://example.org/my-channel.git") > + (introduction > + (make-channel-introduction > + "6f0d8cc0d88abb59c324b2990bfee2876016bb86" > + (openpgp-fingerprint > + "CABB A931 C0FF EEC6 900D 0CFB 090B 1199 3D9A EBB5")))) > +@end lisp ... perhaps the second "As a user" paragraph was supposed to replace the first? From unknown Sat Jun 14 05:00:17 2025 X-Loop: help-debbugs@gnu.org Subject: [bug#42048] [PATCH 2/6] channels: Make channel introductions public. Resent-From: Ludovic =?UTF-8?Q?Court=C3=A8s?= Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Fri, 26 Jun 2020 08:18:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 42048 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: Kyle Meyer Cc: 42048@debbugs.gnu.org Received: via spool by 42048-submit@debbugs.gnu.org id=B42048.159315947015512 (code B ref 42048); Fri, 26 Jun 2020 08:18:02 +0000 Received: (at 42048) by debbugs.gnu.org; 26 Jun 2020 08:17:50 +0000 Received: from localhost ([127.0.0.1]:41790 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1jojYU-000427-A5 for submit@debbugs.gnu.org; Fri, 26 Jun 2020 04:17:50 -0400 Received: from eggs.gnu.org ([209.51.188.92]:55272) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1jojYP-00041s-Im for 42048@debbugs.gnu.org; Fri, 26 Jun 2020 04:17:49 -0400 Received: from fencepost.gnu.org ([2001:470:142:3::e]:52575) by eggs.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1jojYJ-00026A-H3; Fri, 26 Jun 2020 04:17:39 -0400 Received: from [2a01:e0a:1d:7270:af76:b9b:ca24:c465] (port=34076 helo=ribbon) by fencepost.gnu.org with esmtpsa (TLS1.2:RSA_AES_256_CBC_SHA1:256) (Exim 4.82) (envelope-from ) id 1jojYJ-0007Hb-2T; Fri, 26 Jun 2020 04:17:39 -0400 From: Ludovic =?UTF-8?Q?Court=C3=A8s?= References: <20200625211605.29316-1-ludo@gnu.org> <20200625211605.29316-2-ludo@gnu.org> <87h7uy7p57.fsf@kyleam.com> X-URL: http://www.fdn.fr/~lcourtes/ X-Revolutionary-Date: 9 Messidor an 228 de la =?UTF-8?Q?R=C3=A9volution?= X-PGP-Key-ID: 0x090B11993D9AEBB5 X-PGP-Key: http://www.fdn.fr/~lcourtes/ludovic.asc X-PGP-Fingerprint: 3CE4 6455 8A84 FDC6 9DB4 0CFB 090B 1199 3D9A EBB5 X-OS: x86_64-pc-linux-gnu Date: Fri, 26 Jun 2020 10:17:37 +0200 In-Reply-To: <87h7uy7p57.fsf@kyleam.com> (Kyle Meyer's message of "Thu, 25 Jun 2020 22:32:20 +0000") Message-ID: <87y2oansv2.fsf@gnu.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/26.3 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Spam-Score: -2.3 (--) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -3.3 (---) Hello Kyle, Kyle Meyer skribis: > Ludovic Court=C3=A8s writes: > >> diff --git a/doc/guix.texi b/doc/guix.texi > [...] >> +As a user, you must be @dfn{introduced} to a channel so you can start >> +pulling from it and authenticate its code. The @dfn{channel >> +introduction} tells Guix how to authenticate the first commit of that >> +channel: > > Given the colon, it looks like something is missing here. Based on what > comes next... > >> + >> +As a user, you must provide a @dfn{channel introduction} in your >> +channels file so that Guix knows how to authenticate its first commit. >> +A channel specification, including its introduction, looks something >> +along these lines: >> + >> +@lisp >> +(channel >> + (name 'my-channel) >> + (url "https://example.org/my-channel.git") >> + (introduction >> + (make-channel-introduction >> + "6f0d8cc0d88abb59c324b2990bfee2876016bb86" >> + (openpgp-fingerprint >> + "CABB A931 C0FF EEC6 900D 0CFB 090B 1199 3D9A EBB5")))) >> +@end lisp > > ... perhaps the second "As a user" paragraph was supposed to replace the > first? Oops, thanks for the heads-up. I guess I got distracted as I was reorganizing this. I=E2=80=99ll post a v2 soonish! Ludo=E2=80=99. From unknown Sat Jun 14 05:00:17 2025 X-Loop: help-debbugs@gnu.org Subject: [bug#42048] [PATCH 2/6] channels: Make channel introductions public. Resent-From: Ludovic =?UTF-8?Q?Court=C3=A8s?= Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Sat, 27 Jun 2020 17:08:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 42048 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: Kyle Meyer Cc: 42048@debbugs.gnu.org Received: via spool by 42048-submit@debbugs.gnu.org id=B42048.159327764631063 (code B ref 42048); Sat, 27 Jun 2020 17:08:01 +0000 Received: (at 42048) by debbugs.gnu.org; 27 Jun 2020 17:07:26 +0000 Received: from localhost ([127.0.0.1]:44510 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1jpEIY-00084x-DE for submit@debbugs.gnu.org; Sat, 27 Jun 2020 13:07:26 -0400 Received: from eggs.gnu.org ([209.51.188.92]:47948) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1jpEIW-00084k-7P for 42048@debbugs.gnu.org; Sat, 27 Jun 2020 13:07:24 -0400 Received: from fencepost.gnu.org ([2001:470:142:3::e]:59196) by eggs.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1jpEIQ-0006eb-UM; Sat, 27 Jun 2020 13:07:18 -0400 Received: from [2a01:e0a:1d:7270:af76:b9b:ca24:c465] (port=37606 helo=ribbon) by fencepost.gnu.org with esmtpsa (TLS1.2:RSA_AES_256_CBC_SHA1:256) (Exim 4.82) (envelope-from ) id 1jpEIQ-0000fP-Ek; Sat, 27 Jun 2020 13:07:18 -0400 From: Ludovic =?UTF-8?Q?Court=C3=A8s?= References: <20200625211605.29316-1-ludo@gnu.org> <20200625211605.29316-2-ludo@gnu.org> <87h7uy7p57.fsf@kyleam.com> Date: Sat, 27 Jun 2020 19:07:16 +0200 In-Reply-To: <87h7uy7p57.fsf@kyleam.com> (Kyle Meyer's message of "Thu, 25 Jun 2020 22:32:20 +0000") Message-ID: <87v9jcl9ob.fsf@gnu.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/26.3 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Spam-Score: -2.3 (--) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -3.3 (---) Kyle Meyer skribis: > Ludovic Court=C3=A8s writes: > >> diff --git a/doc/guix.texi b/doc/guix.texi > [...] >> +As a user, you must be @dfn{introduced} to a channel so you can start >> +pulling from it and authenticate its code. The @dfn{channel >> +introduction} tells Guix how to authenticate the first commit of that >> +channel: > > Given the colon, it looks like something is missing here. Based on what > comes next... > >> + >> +As a user, you must provide a @dfn{channel introduction} in your >> +channels file so that Guix knows how to authenticate its first commit. >> +A channel specification, including its introduction, looks something >> +along these lines: >> + >> +@lisp >> +(channel >> + (name 'my-channel) >> + (url "https://example.org/my-channel.git") >> + (introduction >> + (make-channel-introduction >> + "6f0d8cc0d88abb59c324b2990bfee2876016bb86" >> + (openpgp-fingerprint >> + "CABB A931 C0FF EEC6 900D 0CFB 090B 1199 3D9A EBB5")))) >> +@end lisp > > ... perhaps the second "As a user" paragraph was supposed to replace the > first? Yes, you were right. I=E2=80=99ve changed it locally (not resending the wh= ole series). Thanks! Ludo=E2=80=99. From unknown Sat Jun 14 05:00:17 2025 X-Loop: help-debbugs@gnu.org Subject: [bug#42048] [PATCH 3/6] channels: Remove 'signature' from . Resent-From: Ricardo Wurmus Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Tue, 30 Jun 2020 14:36:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 42048 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: Ludovic =?UTF-8?Q?Court=C3=A8s?= Cc: 42048@debbugs.gnu.org Received: via spool by 42048-submit@debbugs.gnu.org id=B42048.159352772912321 (code B ref 42048); Tue, 30 Jun 2020 14:36:01 +0000 Received: (at 42048) by debbugs.gnu.org; 30 Jun 2020 14:35:29 +0000 Received: from localhost ([127.0.0.1]:51378 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1jqHM9-0003Ce-8u for submit@debbugs.gnu.org; Tue, 30 Jun 2020 10:35:29 -0400 Received: from sender4-of-o51.zoho.com ([136.143.188.51]:21141) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1jqHM7-0003CW-3w for 42048@debbugs.gnu.org; Tue, 30 Jun 2020 10:35:27 -0400 ARC-Seal: i=1; a=rsa-sha256; t=1593527721; cv=none; d=zohomail.com; s=zohoarc; b=f9tHU7QVuH8j++bm353K+BRfGkgPWiLq9SeFGs8PvA+B7I10FT2N03F+jAh+z7PV9jCsKkjBSo37b9lrVgbhoVEAZM/rdeF6xdACewR2rukfnaTTPj/CtpGjdvUHnKX/TcUp+kcZoep2qNOUePC7U3E8H10bkYXZZ1VBRzbKwJY= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1593527721; h=Content-Type:Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:MIME-Version:Message-ID:References:Subject:To; bh=eluen0/Xwz1QvcJ6rzl0K4tk4CSFOtH6RKduptvVQ4E=; b=oLtlS6QdpKJENzGQVbMNJre3AE4OxvjLEVIeDnqoUW9aK/hiq+FiamqvPn4Qc61Q9GtKifTyQdgys3PQiRLE8IG+lh2ZEHKmVEohldZPSRGTGoYH92F6SuJ4M56HyCwSAT3O5gKh+BTdX3h1zVZamtn7J4jcChuEAjeIvVpBQFI= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass header.i=elephly.net; spf=pass smtp.mailfrom=rekado@elephly.net; dmarc=pass header.from= header.from= DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; t=1593527721; s=zoho; d=elephly.net; i=rekado@elephly.net; h=References:From:To:Cc:Subject:In-reply-to:Date:Message-ID:MIME-Version:Content-Type:Content-Transfer-Encoding; bh=eluen0/Xwz1QvcJ6rzl0K4tk4CSFOtH6RKduptvVQ4E=; b=f5xK9VFnjatCCAW7HfXlPyPDSu3ZIRbADmZShofSO+mr9i8NfEKt8XXl/gmdF/bp g782YvIXUNQVZ11KhfFyyBRve1hnZzQE0/iNwkLQ6Gt1CmKfjFCOD/Wyh2NX+TRlN3P faOkS8vMGNg0x7hrK7MG1dy9/EJh13BSakiwlLq4= Received: from localhost (p54ad4df8.dip0.t-ipconnect.de [84.173.77.248]) by mx.zohomail.com with SMTPS id 1593527717790391.9461373074156; Tue, 30 Jun 2020 07:35:17 -0700 (PDT) References: <20200625211605.29316-1-ludo@gnu.org> <20200625211605.29316-3-ludo@gnu.org> User-agent: mu4e 1.4.10; emacs 26.3 From: Ricardo Wurmus In-reply-to: <20200625211605.29316-3-ludo@gnu.org> X-URL: https://elephly.net X-PGP-Key: https://elephly.net/rekado.pubkey X-PGP-Fingerprint: BCA6 89B6 3655 3801 C3C6 2150 197A 5888 235F ACAC Date: Tue, 30 Jun 2020 16:35:14 +0200 Message-ID: <871rlwoc4d.fsf@elephly.net> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-ZohoMailClient: External X-Spam-Score: 0.0 (/) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) Ludovic Court=C3=A8s writes: > In the end signing the commit/key pair does not buy us much. Someone > publishing a valid but different commit/key pair would effectively be > publishing a different channel, which could be a fork (made by a former > authorized developer) or simply a mirror. In the latter case, there's > nothing to be gained by publishing a different commit/key pair. > > * guix/channels.scm ()[signature]: Remove. > (make-channel-introduction): Adjust accordingly. > --- [=E2=80=A6] > (define (make-channel-introduction commit signer) > "Return a new channel introduction: COMMIT is the introductory where > authentication starts, and SIGNER is the OpenPGP fingerprint (a bytevect= or) of > the signer of that commit." > - (%make-channel-introduction commit signer #f)) > + (%make-channel-introduction commit signer)) Do we still need this procedure at all? Looks like %make-channel-introduction could simply be renamed to make-channel-introduc= tion. --=20 Ricardo From unknown Sat Jun 14 05:00:17 2025 X-Loop: help-debbugs@gnu.org Subject: [bug#42048] [PATCH 3/6] channels: Remove 'signature' from . Resent-From: Ludovic =?UTF-8?Q?Court=C3=A8s?= Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Tue, 30 Jun 2020 15:17:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 42048 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: Ricardo Wurmus Cc: 42048@debbugs.gnu.org Received: via spool by 42048-submit@debbugs.gnu.org id=B42048.159353017024371 (code B ref 42048); Tue, 30 Jun 2020 15:17:01 +0000 Received: (at 42048) by debbugs.gnu.org; 30 Jun 2020 15:16:10 +0000 Received: from localhost ([127.0.0.1]:51458 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1jqHzW-0006L0-Fu for submit@debbugs.gnu.org; Tue, 30 Jun 2020 11:16:10 -0400 Received: from eggs.gnu.org ([209.51.188.92]:50252) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1jqHzS-0006KH-7V for 42048@debbugs.gnu.org; Tue, 30 Jun 2020 11:16:08 -0400 Received: from fencepost.gnu.org ([2001:470:142:3::e]:51275) by eggs.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1jqHzM-0007OW-NA; Tue, 30 Jun 2020 11:16:00 -0400 Received: from [2001:660:6102:320:e120:2c8f:8909:cdfe] (port=46168 helo=ribbon) by fencepost.gnu.org with esmtpsa (TLS1.2:RSA_AES_256_CBC_SHA1:256) (Exim 4.82) (envelope-from ) id 1jqHzM-0000X2-6r; Tue, 30 Jun 2020 11:16:00 -0400 From: Ludovic =?UTF-8?Q?Court=C3=A8s?= References: <20200625211605.29316-1-ludo@gnu.org> <20200625211605.29316-3-ludo@gnu.org> <871rlwoc4d.fsf@elephly.net> Date: Tue, 30 Jun 2020 17:15:56 +0200 In-Reply-To: <871rlwoc4d.fsf@elephly.net> (Ricardo Wurmus's message of "Tue, 30 Jun 2020 16:35:14 +0200") Message-ID: <87ftac60ur.fsf@gnu.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/26.3 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Spam-Score: -2.3 (--) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -3.3 (---) Hi, Ricardo Wurmus skribis: > Ludovic Court=C3=A8s writes: > >> In the end signing the commit/key pair does not buy us much. Someone >> publishing a valid but different commit/key pair would effectively be >> publishing a different channel, which could be a fork (made by a former >> authorized developer) or simply a mirror. In the latter case, there's >> nothing to be gained by publishing a different commit/key pair. >> >> * guix/channels.scm ()[signature]: Remove. >> (make-channel-introduction): Adjust accordingly. >> --- > [=E2=80=A6] >> (define (make-channel-introduction commit signer) >> "Return a new channel introduction: COMMIT is the introductory where >> authentication starts, and SIGNER is the OpenPGP fingerprint (a bytevec= tor) of >> the signer of that commit." >> - (%make-channel-introduction commit signer #f)) >> + (%make-channel-introduction commit signer)) > > Do we still need this procedure at all? Looks like > %make-channel-introduction could simply be renamed to make-channel-introd= uction. =E2=80=98%make-channel-introduction=E2=80=99 is actually a macro, which is = thus inlined. Exporting a procedure makes it easier to preserve ABI compatibility and allow for future extensions (keyword parameters, for instance). Ludo=E2=80=99. From unknown Sat Jun 14 05:00:17 2025 X-Loop: help-debbugs@gnu.org Subject: [bug#42048] [PATCH 6/6] services: provenance: Save channel introductions. Resent-From: Ricardo Wurmus Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Tue, 30 Jun 2020 15:54:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 42048 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: Ludovic =?UTF-8?Q?Court=C3=A8s?= Cc: 42048@debbugs.gnu.org Received: via spool by 42048-submit@debbugs.gnu.org id=B42048.159353243427916 (code B ref 42048); Tue, 30 Jun 2020 15:54:02 +0000 Received: (at 42048) by debbugs.gnu.org; 30 Jun 2020 15:53:54 +0000 Received: from localhost ([127.0.0.1]:51515 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1jqIa1-0007GB-QZ for submit@debbugs.gnu.org; Tue, 30 Jun 2020 11:53:54 -0400 Received: from sender4-of-o51.zoho.com ([136.143.188.51]:21138) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1jqIZz-0007G3-IE for 42048@debbugs.gnu.org; Tue, 30 Jun 2020 11:53:52 -0400 ARC-Seal: i=1; a=rsa-sha256; t=1593532425; cv=none; d=zohomail.com; s=zohoarc; b=SdH+t1Fm6uUzjWtQY19DRF5aM6vraKcUzZBhqfBdahnxht6loIILrXSvN5GXohPA1vwB1MulZbI8qcU2njlPduieteZH+Gftv8XaoMAtEgRWg08mJQG0vGkmDpLXXsgLv3NACetiVVGlK9t678Ozx30CYpEJweTZZpXVOCLKMbw= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1593532425; h=Content-Type:Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:MIME-Version:Message-ID:References:Subject:To; bh=QyA8TfGckcQsy/YeLfYj2XuxWPQMdnkqr0e75cYnNCs=; b=YDkAusCqSrYw5Tp/lTqoIwlcXR6f+2XrxqtcIgdc9lGekg1TId8ZL5OQHt++F4mfx8i2tPDGC5SVNHXc4jxlj0ysiRz7Z6eCi1BicAhwc0+bCVdezqDNpFLzX6vNu+Yv6BIgEeHxxwKkaRBWn5Z7zH8ZAjbrthJTmI7HTolnQMc= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass header.i=elephly.net; spf=pass smtp.mailfrom=rekado@elephly.net; dmarc=pass header.from= header.from= DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; t=1593532425; s=zoho; d=elephly.net; i=rekado@elephly.net; h=References:From:To:Cc:Subject:In-reply-to:Date:Message-ID:MIME-Version:Content-Type:Content-Transfer-Encoding; bh=QyA8TfGckcQsy/YeLfYj2XuxWPQMdnkqr0e75cYnNCs=; b=elQ9rZySLCuOVJ3xs07qoTsnK17rPNtbKztLluDZiiWnCXV2cOaDushNgw8BTj9x mJE8qY0KbnfPhy0gMxyuvzmlLZ7l6wo4y1u9CmYgyN8f5KWDcsq7zmo6GL9W/MhP9LM vMoEx17dHQngP3F5D3eOPkiKgEpyusbdB0393nYA= Received: from localhost (p54ad4df8.dip0.t-ipconnect.de [84.173.77.248]) by mx.zohomail.com with SMTPS id 1593532421645225.6214200825167; Tue, 30 Jun 2020 08:53:41 -0700 (PDT) References: <20200625211605.29316-1-ludo@gnu.org> <20200625211605.29316-6-ludo@gnu.org> User-agent: mu4e 1.4.10; emacs 26.3 From: Ricardo Wurmus In-reply-to: <20200625211605.29316-6-ludo@gnu.org> X-URL: https://elephly.net X-PGP-Key: https://elephly.net/rekado.pubkey X-PGP-Fingerprint: BCA6 89B6 3655 3801 C3C6 2150 197A 5888 235F ACAC Date: Tue, 30 Jun 2020 17:53:38 +0200 Message-ID: <87v9j8mtx9.fsf@elephly.net> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-ZohoMailClient: External X-Spam-Score: 0.0 (/) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) I looked through the changes and while I don=E2=80=99t fully understand the= need for adding the introduction to the provenance data, it looks good to me. Thank you! One thing that I worry about is authentication of channels that are added as dependencies of user-selected channels. Let=E2=80=99s say my chan= nel =E2=80=9Cguix-bimsb=E2=80=9D depends on =E2=80=9Cguix-past=E2=80=9D. How w= ill users of =E2=80=9Cguix-bimsb=E2=80=9D authenticate the commits of =E2=80=9Cguix-past=E2=80=9D when they don=E2=80= =99t know about =E2=80=9Cguix-past=E2=80=9D (they only care about =E2=80=9Cguix-bimsb=E2=80= =9D), and don=E2=80=99t explicitly add introduction information to their channels file? Is there something that the authors of =E2=80=9Cguix-bimsb=E2=80=9D can do = to not only indicate the dependency on =E2=80=9Cguix-past=E2=80=9D, but also to attach = introduction information? Will the format of the =E2=80=9C.guix-channel=E2=80=9D need t= o be adjusted? --=20 Ricardo From unknown Sat Jun 14 05:00:17 2025 X-Loop: help-debbugs@gnu.org Subject: [bug#42048] [PATCH 6/6] services: provenance: Save channel introductions. Resent-From: Ludovic =?UTF-8?Q?Court=C3=A8s?= Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Tue, 30 Jun 2020 20:30:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 42048 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: Ricardo Wurmus Cc: 42048@debbugs.gnu.org Received: via spool by 42048-submit@debbugs.gnu.org id=B42048.159354894621358 (code B ref 42048); Tue, 30 Jun 2020 20:30:02 +0000 Received: (at 42048) by debbugs.gnu.org; 30 Jun 2020 20:29:06 +0000 Received: from localhost ([127.0.0.1]:51727 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1jqMsM-0005YQ-6I for submit@debbugs.gnu.org; Tue, 30 Jun 2020 16:29:06 -0400 Received: from eggs.gnu.org ([209.51.188.92]:46120) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1jqMsI-0005Xu-Be for 42048@debbugs.gnu.org; Tue, 30 Jun 2020 16:29:05 -0400 Received: from fencepost.gnu.org ([2001:470:142:3::e]:55703) by eggs.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1jqMsC-0000LK-4M; Tue, 30 Jun 2020 16:28:56 -0400 Received: from [2a01:e0a:1d:7270:af76:b9b:ca24:c465] (port=54834 helo=ribbon) by fencepost.gnu.org with esmtpsa (TLS1.2:RSA_AES_256_CBC_SHA1:256) (Exim 4.82) (envelope-from ) id 1jqMsA-0002t9-E6; Tue, 30 Jun 2020 16:28:54 -0400 From: Ludovic =?UTF-8?Q?Court=C3=A8s?= References: <20200625211605.29316-1-ludo@gnu.org> <20200625211605.29316-6-ludo@gnu.org> <87v9j8mtx9.fsf@elephly.net> X-URL: http://www.fdn.fr/~lcourtes/ X-Revolutionary-Date: 13 Messidor an 228 de la =?UTF-8?Q?R=C3=A9volution?= X-PGP-Key-ID: 0x090B11993D9AEBB5 X-PGP-Key: http://www.fdn.fr/~lcourtes/ludovic.asc X-PGP-Fingerprint: 3CE4 6455 8A84 FDC6 9DB4 0CFB 090B 1199 3D9A EBB5 X-OS: x86_64-pc-linux-gnu Date: Tue, 30 Jun 2020 22:28:52 +0200 In-Reply-To: <87v9j8mtx9.fsf@elephly.net> (Ricardo Wurmus's message of "Tue, 30 Jun 2020 17:53:38 +0200") Message-ID: <87imf847sr.fsf@gnu.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/26.3 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Spam-Score: -2.3 (--) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -3.3 (---) Hi Ricardo, Ricardo Wurmus skribis: > I looked through the changes and while I don=E2=80=99t fully understand t= he need > for adding the introduction to the provenance data, it looks good to > me. Thank you! Overall the idea is that a channel spec should always come with its introduction; together they identify the channel and thus should not be separated. Adding the introduction to the provenance data allows =E2=80=98guix describ= e=E2=80=99 to show the introduction, to ensure it=E2=80=99s not lost in transit. Does that make sense? > One thing that I worry about is authentication of channels that are > added as dependencies of user-selected channels. Let=E2=80=99s say my ch= annel > =E2=80=9Cguix-bimsb=E2=80=9D depends on =E2=80=9Cguix-past=E2=80=9D. How= will users of =E2=80=9Cguix-bimsb=E2=80=9D > authenticate the commits of =E2=80=9Cguix-past=E2=80=9D when they don=E2= =80=99t know about > =E2=80=9Cguix-past=E2=80=9D (they only care about =E2=80=9Cguix-bimsb=E2= =80=9D), and don=E2=80=99t explicitly > add introduction information to their channels file? > > Is there something that the authors of =E2=80=9Cguix-bimsb=E2=80=9D can d= o to not only > indicate the dependency on =E2=80=9Cguix-past=E2=80=9D, but also to attac= h introduction > information? Will the format of the =E2=80=9C.guix-channel=E2=80=9D need= to be > adjusted? That=E2=80=99s a very good question and I had completely overlooked it. With this patch set, someone pulling guix-bimsb would just end up pulling guix-past unauthenticated; there=E2=80=99s not even a warning. (There=E2=80=99s currently a warning in (guix channels), but only when pull= ing an unauthenticated 'guix channel. It=E2=80=99s perhaps too early to have t= hat warning enabled for all channels. WDYT?) So yes, I suppose we would need to extend the =E2=80=98.guix-channel=E2=80= =99 format for dependencies. Luckily it should be quite simply because that format is extensible; older Guix versions would ignore the =E2=80=98introduction=E2= =80=99 field. It would look something like this: (channel (version 0) (dependencies (channel (name some-collection) (url "https://example.org/first-collection.git") (introduction (channel-introduction (version 0) (commit "=E2=80=A6") (signer "=E2=80=A6")))) (channel (name some-other-collection) (url "https://example.org/second-collection.git") (branch "testing")))) ;not an authenticated channel It does mean that a channel can indirectly trick you into turning off authentication for a dependent channel. But I think that=E2=80=99s within = the expectations for channels: when you choose a channel, you trust it enough to run its code. WDYT? Thanks for reviewing! Ludo=E2=80=99. From unknown Sat Jun 14 05:00:17 2025 X-Loop: help-debbugs@gnu.org Subject: [bug#42048] [PATCH 6/6] services: provenance: Save channel introductions. Resent-From: zimoun Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Wed, 01 Jul 2020 08:52:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 42048 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: Ludovic =?UTF-8?Q?Court=C3=A8s?= , Ricardo Wurmus Cc: 42048@debbugs.gnu.org Received: via spool by 42048-submit@debbugs.gnu.org id=B42048.15935934872938 (code B ref 42048); Wed, 01 Jul 2020 08:52:02 +0000 Received: (at 42048) by debbugs.gnu.org; 1 Jul 2020 08:51:27 +0000 Received: from localhost ([127.0.0.1]:52277 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1jqYSk-0000lK-Lr for submit@debbugs.gnu.org; Wed, 01 Jul 2020 04:51:26 -0400 Received: from mail-wm1-f66.google.com ([209.85.128.66]:51346) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1jqYSh-0000l4-8a for 42048@debbugs.gnu.org; Wed, 01 Jul 2020 04:51:26 -0400 Received: by mail-wm1-f66.google.com with SMTP id 22so21547025wmg.1 for <42048@debbugs.gnu.org>; Wed, 01 Jul 2020 01:51:23 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:in-reply-to:references:date:message-id :mime-version:content-transfer-encoding; bh=rArBIQPUw27RbPSBc9X1DA+5O6FlTjopDAEuwbJyJGk=; b=Fb5mlYuLkiNk7sj0KJoDjdzvmJKk38RP8J671t5zGNqAxCNPDftjgX4MmZlc81MAIx 4zYM68aI7nbIvdjhScenQ7ma6fC4G4+HfI4O7/Y1VKxp436CrhZYMVJTBBsUQFWCYOR1 jm1VfkCfAMCV3kcin7JlEINbjPYjCKnLjZMADqS+RZ4lKq4vEBvZSdIRt9kHfaZfXD3J L3zBgtvQybDkFMNJYmd7qkPheEcksTt7puHh9DLv3w3j8vTq+VRSZTUjArgZ5cx2ekHP hvEM976cWrqdhGmqtYGGK9DTxPJNMZK1fJJ8hz3M4Mo9XqG00hXSOoXu5iiUST60fB9E ZBIA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:in-reply-to:references:date :message-id:mime-version:content-transfer-encoding; bh=rArBIQPUw27RbPSBc9X1DA+5O6FlTjopDAEuwbJyJGk=; b=JY9mtw25hED8Zv9Psp2LuFM8GjNFQcnWvHafk2brv96Jnz3nDIXXAmW9xcdZQQ/cra 1FxvDZzCr7HAkjjymm5ylaRGDivWpaW04G+8wLmMNPua0cYyOoJ8uCA//mApHs+0tCzV cFz9kl/7l2cj1iTXHA5gw/DEvoWV344cYwFitLq7E4YFcOF28yqMpggDqjPi7C9MsP2m xC4knJfIcu0Jb+2cauRZOsi2GBYpEfwH8Wnx/LDBAWnjs7Og3dq4Om0pKCtl/2mmVFLE hzu6FoKnRtugY5JMIdRl5A8HXw9wSUuUHa7pSXXEUwQK81EAEl1ZYk3CJztL8E9c8RVj xShw== X-Gm-Message-State: AOAM531PgvqPO3CR292UcniQ3ukRcH7fRLBIeyVPVVDwPvBXQ83SZO/S rvK71oY9EDiZ9je3RII40YhMXNqeQdQ= X-Google-Smtp-Source: ABdhPJxGlBoJ++oFDiojiQPN67Wy4AMjtAK7w6X37/WZO2IzpwdIRUORpXgKzFLMmMpd+XYhH/+P8Q== X-Received: by 2002:a1c:f007:: with SMTP id a7mr25538089wmb.103.1593593476764; Wed, 01 Jul 2020 01:51:16 -0700 (PDT) Received: from lili ([2a01:e0a:59b:9120:65d2:2476:f637:db1e]) by smtp.gmail.com with ESMTPSA id n14sm6813157wro.81.2020.07.01.01.51.15 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 01 Jul 2020 01:51:16 -0700 (PDT) From: zimoun In-Reply-To: <87imf847sr.fsf@gnu.org> References: <20200625211605.29316-1-ludo@gnu.org> <20200625211605.29316-6-ludo@gnu.org> <87v9j8mtx9.fsf@elephly.net> <87imf847sr.fsf@gnu.org> Date: Wed, 01 Jul 2020 10:51:14 +0200 Message-ID: <86lfk3aa9p.fsf@gmail.com> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Spam-Score: 0.0 (/) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) Hi, On Tue, 30 Jun 2020 at 22:28, Ludovic Court=C3=A8s wrote: >> One thing that I worry about is authentication of channels that are >> added as dependencies of user-selected channels. Let=E2=80=99s say my c= hannel >> =E2=80=9Cguix-bimsb=E2=80=9D depends on =E2=80=9Cguix-past=E2=80=9D. Ho= w will users of =E2=80=9Cguix-bimsb=E2=80=9D >> authenticate the commits of =E2=80=9Cguix-past=E2=80=9D when they don=E2= =80=99t know about >> =E2=80=9Cguix-past=E2=80=9D (they only care about =E2=80=9Cguix-bimsb=E2= =80=9D), and don=E2=80=99t explicitly >> add introduction information to their channels file? >> >> Is there something that the authors of =E2=80=9Cguix-bimsb=E2=80=9D can = do to not only >> indicate the dependency on =E2=80=9Cguix-past=E2=80=9D, but also to atta= ch introduction >> information? Will the format of the =E2=80=9C.guix-channel=E2=80=9D nee= d to be >> adjusted? > > That=E2=80=99s a very good question and I had completely overlooked it. H=C3=A9h=C3=A9, yet I had the same question one month ago. :-) --8<---------------cut here---------------start------------->8--- > The question about recursive still applies. ;-) > Currently, if the local channel file points to a channel A which > contains the file '.guix-channel' which points to another channel B, > then when one runs "guix pull" well the channel A will be pulled and > then the channel B, even if this channel B is not explicit in the > initial local channel. (Even, there is bug about recursive implicit > pulls, see http://issues.guix.gnu.org/issue/41069; well another > story.) >What happens for such situation? Nothing special, I guess: each channel would be authenticated (or not,if it=E2=80=99s an unsigned channel). I think it=E2=80=99s completely orthogo= nal. --8<---------------cut here---------------end--------------->8--- http://issues.guix.gnu.org/issue/22883#75 > With this patch set, someone pulling guix-bimsb would just end up > pulling guix-past unauthenticated; there=E2=80=99s not even a warning. > > (There=E2=80=99s currently a warning in (guix channels), but only when pu= lling > an unauthenticated 'guix channel. It=E2=80=99s perhaps too early to have= that > warning enabled for all channels. WDYT?) Enable the warning appears to me a good idea because this dependency is like "doing something I am not necessary aware in my back". For example, the first time I pulled the channel "guix-bimsb-non-free" which depends on "guix-bimsb", it took me some time to understand why "guix-bimsb" was pulled twice and once with a name I do not have in my local channels.scm file. Anyway. > So yes, I suppose we would need to extend the =E2=80=98.guix-channel=E2= =80=99 format for > dependencies. Luckily it should be quite simply because that format is > extensible; older Guix versions would ignore the =E2=80=98introduction=E2= =80=99 field. > It would look something like this: > > (channel > (version 0) > (dependencies > (channel > (name some-collection) > (url "https://example.org/first-collection.git") > (introduction (channel-introduction > (version 0) > (commit "=E2=80=A6") > (signer "=E2=80=A6")))) > (channel > (name some-other-collection) > (url "https://example.org/second-collection.git") > (branch "testing")))) ;not an authenticated channel > > It does mean that a channel can indirectly trick you into turning off > authentication for a dependent channel. But I think that=E2=80=99s withi= n the > expectations for channels: when you choose a channel, you trust it > enough to run its code. Sound good to me. When I choose a channel, I trust the people enough to run their code. But I do not trust the URL which serves it. I mean, it is the point of all this new authentication mechanism, isn't it? However, I agree. Channel should stay easy to fork and add something (then maybe send a pull-request) without going in all the GPG signature dance and/or running the options --allow-downgrades or --disable-authentication (I do not remember the exact name). Cheers, simon From unknown Sat Jun 14 05:00:17 2025 X-Loop: help-debbugs@gnu.org Subject: [bug#42048] [PATCH 0/6] Authenticated channels for everyone! Resent-From: zimoun Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Wed, 01 Jul 2020 09:37:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 42048 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: Ludovic =?UTF-8?Q?Court=C3=A8s?= , 42048@debbugs.gnu.org Cc: Ludovic =?UTF-8?Q?Court=C3=A8s?= Received: via spool by 42048-submit@debbugs.gnu.org id=B42048.15935961717077 (code B ref 42048); Wed, 01 Jul 2020 09:37:02 +0000 Received: (at 42048) by debbugs.gnu.org; 1 Jul 2020 09:36:11 +0000 Received: from localhost ([127.0.0.1]:52311 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1jqZA3-0001q5-DO for submit@debbugs.gnu.org; Wed, 01 Jul 2020 05:36:11 -0400 Received: from mail-wr1-f68.google.com ([209.85.221.68]:37379) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1jqZ9y-0001pX-KE for 42048@debbugs.gnu.org; Wed, 01 Jul 2020 05:36:10 -0400 Received: by mail-wr1-f68.google.com with SMTP id a6so23085194wrm.4 for <42048@debbugs.gnu.org>; Wed, 01 Jul 2020 02:36:06 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:in-reply-to:references:date:message-id :mime-version:content-transfer-encoding; bh=w6NfE7r4fBiCSyjb7PxoAzfgFHURPckZbNNt8dJHx0I=; b=g9xjQdZDeGKAM92QO0XMWCpt3IKXytWvSZex1N3D+o9ZPNQtN6R3hMWQwx3uWbKMt5 7bHy+PohcdSa25c6yLt1ZeQkIHOEjvk6+jLqJSAvAGIpykFc2zASNYeu6tYwHxSbnluE co+YQMdBmCJumhGcPdXiowhpwsUBUyFbKnXmGD66gtUBaLsrJLO69H6Rl9CvBGsSQ+C2 +KubTsfSMBrMZVWPkjuNB7z6jMV4ClZzWpd6pafAve7a2TZ7lEpw7hvdQXC2IsfB+SCo 5Lf9dAqmFjqnAJ97RjTBYQQ5IOK/i2GCtiUNMbLPQoAbDlhV8BkghohAjm9DYNY0zSa0 PiDg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:in-reply-to:references:date :message-id:mime-version:content-transfer-encoding; bh=w6NfE7r4fBiCSyjb7PxoAzfgFHURPckZbNNt8dJHx0I=; b=g4a7OGksUX6oZVHYQscuCAmEWXpqwyzEAV/lFZCFu740XNwByxcdjwuCDke8bHGNI2 NJWaQd0u9/LIYD9YfeOrrpdAbBXI6jVXJjVRHEIiFcxobEdi+mB3mlBFRDokSHWQHDv1 qrUweXwfyMuqDcqdwXWBEV8ToNPgDb3R1jP1xLHLdL0bc/5v3pg4Y29AKyEvQFsu935b 6Krc2iCHZPo1BzFdz6KDZYnmBaO/zMFN05sz9gHUUzoyBq2hpu7XoC4d9DXgCJqRZFWE +IXKE1o9vIZ8YhyBtuf+UXnQ/SbcD1jTXc/uJ03DfmohZdtWbtLJ4cA+rdv1UKFePXfM ih7w== X-Gm-Message-State: AOAM533AVUK1wvkBgv0ACfboThIsU5LCxByp2pN/WFYHHwSGUrbjMD/+ tfIpJlWYVij7lbU438/FMxg2/t3C2II= X-Google-Smtp-Source: ABdhPJy3sCa0v7InEqkWTAKrHIiTrgtUZMGuIUnDg+GZPS/Mxa5UuIFH0ClumnoQF0g303Wm7Yb5fA== X-Received: by 2002:a5d:5341:: with SMTP id t1mr27612922wrv.207.1593596160686; Wed, 01 Jul 2020 02:36:00 -0700 (PDT) Received: from lili ([2a01:e0a:59b:9120:65d2:2476:f637:db1e]) by smtp.gmail.com with ESMTPSA id s15sm6477368wmj.41.2020.07.01.02.35.59 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 01 Jul 2020 02:36:00 -0700 (PDT) From: zimoun In-Reply-To: <20200625210400.29033-1-ludo@gnu.org> References: <20200625210400.29033-1-ludo@gnu.org> Date: Wed, 01 Jul 2020 11:35:59 +0200 Message-ID: <86ftaba874.fsf@gmail.com> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Spam-Score: 0.0 (/) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) Hi Ludo, On Thu, 25 Jun 2020 at 23:04, Ludovic Court=C3=A8s wrote: > The most visible effect is that channel introductions are now > part of the API and shown by =E2=80=98guix describe=E2=80=99. It becomes= a long-term > commitment because we want to be able to pass the output of > =E2=80=98guix describe -C channels=E2=80=99 or /run/current-system/channe= ls.scm > to =E2=80=98guix pull=E2=80=99 and =E2=80=98guix time-machine=E2=80=99 in= the future. How could I test this machinery with "guix time-machine"? > Contrary to what I initially proposed=C2=B9, channel introductions are > stripped to the bare minimum: a commit/fingerprint pair (as is > currently the case on master, internally). I figured it doesn=E2=80=99t > buy us much to have the commit/fingerprint pair signed; what > matters is that users obtain the introduction from a trusted > source, and the signature wouldn=E2=80=99t help with that. I also got > rid of the idea of rendering introductions are opaque base64 blobs. What happens when traveling in time if the key used by the signature has been compromised? Today, everything is fine, I sign and I do in introduction. Couple of months (or even years) later, my key will be compromised and so I will revoke it. What happens if I do "guix time-machine -C"? Well, the question even applies to %default-channel? Maybe you already answered and I missed it. Cheers, simon From unknown Sat Jun 14 05:00:17 2025 X-Loop: help-debbugs@gnu.org Subject: [bug#42048] [PATCH 6/6] services: provenance: Save channel introductions. Resent-From: Ludovic =?UTF-8?Q?Court=C3=A8s?= Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Wed, 01 Jul 2020 12:13:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 42048 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: zimoun Cc: Ricardo Wurmus , 42048@debbugs.gnu.org Received: via spool by 42048-submit@debbugs.gnu.org id=B42048.159360554530946 (code B ref 42048); Wed, 01 Jul 2020 12:13:01 +0000 Received: (at 42048) by debbugs.gnu.org; 1 Jul 2020 12:12:25 +0000 Received: from localhost ([127.0.0.1]:52464 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1jqbbF-000834-7q for submit@debbugs.gnu.org; Wed, 01 Jul 2020 08:12:25 -0400 Received: from eggs.gnu.org ([209.51.188.92]:45878) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1jqbbD-00082q-BI for 42048@debbugs.gnu.org; Wed, 01 Jul 2020 08:12:23 -0400 Received: from fencepost.gnu.org ([2001:470:142:3::e]:38104) by eggs.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1jqbb7-0005zz-1y; Wed, 01 Jul 2020 08:12:17 -0400 Received: from [2a01:e0a:1d:7270:af76:b9b:ca24:c465] (port=53970 helo=ribbon) by fencepost.gnu.org with esmtpsa (TLS1.2:RSA_AES_256_CBC_SHA1:256) (Exim 4.82) (envelope-from ) id 1jqbb6-0004UQ-1x; Wed, 01 Jul 2020 08:12:16 -0400 From: Ludovic =?UTF-8?Q?Court=C3=A8s?= References: <20200625211605.29316-1-ludo@gnu.org> <20200625211605.29316-6-ludo@gnu.org> <87v9j8mtx9.fsf@elephly.net> <87imf847sr.fsf@gnu.org> <86lfk3aa9p.fsf@gmail.com> Date: Wed, 01 Jul 2020 14:12:11 +0200 In-Reply-To: <86lfk3aa9p.fsf@gmail.com> (zimoun's message of "Wed, 01 Jul 2020 10:51:14 +0200") Message-ID: <87r1tvzb6s.fsf@gnu.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/26.3 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Spam-Score: -2.3 (--) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -3.3 (---) Hi Simon, zimoun skribis: > On Tue, 30 Jun 2020 at 22:28, Ludovic Court=C3=A8s wrote: > >>> One thing that I worry about is authentication of channels that are >>> added as dependencies of user-selected channels. Let=E2=80=99s say my = channel >>> =E2=80=9Cguix-bimsb=E2=80=9D depends on =E2=80=9Cguix-past=E2=80=9D. H= ow will users of =E2=80=9Cguix-bimsb=E2=80=9D >>> authenticate the commits of =E2=80=9Cguix-past=E2=80=9D when they don= =E2=80=99t know about >>> =E2=80=9Cguix-past=E2=80=9D (they only care about =E2=80=9Cguix-bimsb= =E2=80=9D), and don=E2=80=99t explicitly >>> add introduction information to their channels file? >>> >>> Is there something that the authors of =E2=80=9Cguix-bimsb=E2=80=9D can= do to not only >>> indicate the dependency on =E2=80=9Cguix-past=E2=80=9D, but also to att= ach introduction >>> information? Will the format of the =E2=80=9C.guix-channel=E2=80=9D ne= ed to be >>> adjusted? >> >> That=E2=80=99s a very good question and I had completely overlooked it. > > H=C3=A9h=C3=A9, yet I had the same question one month ago. :-) Oh I=E2=80=99m sorry, I think I misunderstood your question back then! >> With this patch set, someone pulling guix-bimsb would just end up >> pulling guix-past unauthenticated; there=E2=80=99s not even a warning. >> >> (There=E2=80=99s currently a warning in (guix channels), but only when p= ulling >> an unauthenticated 'guix channel. It=E2=80=99s perhaps too early to hav= e that >> warning enabled for all channels. WDYT?) > > Enable the warning appears to me a good idea because this dependency is > like "doing something I am not necessary aware in my back". I=E2=80=99m talking about the warning that says =E2=80=9Cthis channel is unauthenticated=E2=80=9D, which is mostly orthogonal to the discussion at h= and. The reason I said it=E2=80=99s perhaps too early to enable it is that people haven=E2=80=99t had a chance to make their channel =E2=80=9Cauthenticable= =E2=80=9D yet. >> So yes, I suppose we would need to extend the =E2=80=98.guix-channel=E2= =80=99 format for >> dependencies. Luckily it should be quite simply because that format is >> extensible; older Guix versions would ignore the =E2=80=98introduction= =E2=80=99 field. >> It would look something like this: >> >> (channel >> (version 0) >> (dependencies >> (channel >> (name some-collection) >> (url "https://example.org/first-collection.git") >> (introduction (channel-introduction >> (version 0) >> (commit "=E2=80=A6") >> (signer "=E2=80=A6")))) >> (channel >> (name some-other-collection) >> (url "https://example.org/second-collection.git") >> (branch "testing")))) ;not an authenticated channel >> >> It does mean that a channel can indirectly trick you into turning off >> authentication for a dependent channel. But I think that=E2=80=99s with= in the >> expectations for channels: when you choose a channel, you trust it >> enough to run its code. > > Sound good to me. Alright, I=E2=80=99ll do that as a followup. Thanks! Ludo=E2=80=99. From unknown Sat Jun 14 05:00:17 2025 X-Loop: help-debbugs@gnu.org Subject: [bug#42048] [PATCH 0/6] Authenticated channels for everyone! Resent-From: Ludovic =?UTF-8?Q?Court=C3=A8s?= Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Wed, 01 Jul 2020 12:19:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 42048 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: zimoun Cc: 42048@debbugs.gnu.org Received: via spool by 42048-submit@debbugs.gnu.org id=B42048.159360588231546 (code B ref 42048); Wed, 01 Jul 2020 12:19:01 +0000 Received: (at 42048) by debbugs.gnu.org; 1 Jul 2020 12:18:02 +0000 Received: from localhost ([127.0.0.1]:52479 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1jqbgf-0008Cc-Vz for submit@debbugs.gnu.org; Wed, 01 Jul 2020 08:18:02 -0400 Received: from eggs.gnu.org ([209.51.188.92]:46766) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1jqbgd-0008CB-Aj for 42048@debbugs.gnu.org; Wed, 01 Jul 2020 08:18:00 -0400 Received: from fencepost.gnu.org ([2001:470:142:3::e]:38253) by eggs.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1jqbgX-0006gV-TH; Wed, 01 Jul 2020 08:17:53 -0400 Received: from [2a01:e0a:1d:7270:af76:b9b:ca24:c465] (port=53972 helo=ribbon) by fencepost.gnu.org with esmtpsa (TLS1.2:RSA_AES_256_CBC_SHA1:256) (Exim 4.82) (envelope-from ) id 1jqbgW-0004yV-FQ; Wed, 01 Jul 2020 08:17:53 -0400 From: Ludovic =?UTF-8?Q?Court=C3=A8s?= References: <20200625210400.29033-1-ludo@gnu.org> <86ftaba874.fsf@gmail.com> Date: Wed, 01 Jul 2020 14:17:50 +0200 In-Reply-To: <86ftaba874.fsf@gmail.com> (zimoun's message of "Wed, 01 Jul 2020 11:35:59 +0200") Message-ID: <87a70jzaxd.fsf@gnu.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/26.3 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Spam-Score: -2.3 (--) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -3.3 (---) Hi, zimoun skribis: > On Thu, 25 Jun 2020 at 23:04, Ludovic Court=C3=A8s wrote: > >> The most visible effect is that channel introductions are now >> part of the API and shown by =E2=80=98guix describe=E2=80=99. It become= s a long-term >> commitment because we want to be able to pass the output of >> =E2=80=98guix describe -C channels=E2=80=99 or /run/current-system/chann= els.scm >> to =E2=80=98guix pull=E2=80=99 and =E2=80=98guix time-machine=E2=80=99 i= n the future. > > How could I test this machinery with "guix time-machine"? The normal way. :-) But of course, the new =E2=80=98introduction=E2=80=99 field of wo= n=E2=80=99t be recognized by older Guix versions. In that case, you should use the output of =E2=80=98guix describe -f channels-sans-intro=E2=80=99 as I wrote= in the manual. >> Contrary to what I initially proposed=C2=B9, channel introductions are >> stripped to the bare minimum: a commit/fingerprint pair (as is >> currently the case on master, internally). I figured it doesn=E2=80=99t >> buy us much to have the commit/fingerprint pair signed; what >> matters is that users obtain the introduction from a trusted >> source, and the signature wouldn=E2=80=99t help with that. I also got >> rid of the idea of rendering introductions are opaque base64 blobs. > > What happens when traveling in time if the key used by the signature has > been compromised? In general, when a developer loses control over their key, another committer should remove it right away form =E2=80=98.guix-authorizations=E2= =80=99. (I did that today following Brett=E2=80=99s message, for example.) Signatures on past commits can still be verified and everything is fine. The (guix openpgp) code ignores key expiration and revocation; it =E2=80=9C= just=E2=80=9D verifies signatures. > Today, everything is fine, I sign and I do in introduction. Couple of > months (or even years) later, my key will be compromised and so I will > revoke it. What happens if I do "guix time-machine -C"? That=E2=80=99s OK. The keyring is distributed along with the channel still contains your key, with or without a revocation certificate, but that doesn=E2=80=99t prevent us from verifying signatures on past commits. (Thi= s is different from what gpg does.) Ludo=E2=80=99. From unknown Sat Jun 14 05:00:17 2025 X-Loop: help-debbugs@gnu.org Subject: [bug#42048] [PATCH 6/6] services: provenance: Save channel introductions. Resent-From: Ricardo Wurmus Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Wed, 01 Jul 2020 12:26:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 42048 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: Ludovic =?UTF-8?Q?Court=C3=A8s?= Cc: 42048@debbugs.gnu.org Received: via spool by 42048-submit@debbugs.gnu.org id=B42048.159360632232262 (code B ref 42048); Wed, 01 Jul 2020 12:26:01 +0000 Received: (at 42048) by debbugs.gnu.org; 1 Jul 2020 12:25:22 +0000 Received: from localhost ([127.0.0.1]:52483 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1jqbnl-0008OI-PK for submit@debbugs.gnu.org; Wed, 01 Jul 2020 08:25:22 -0400 Received: from sender4-of-o51.zoho.com ([136.143.188.51]:21128) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1jqbnj-0008O7-Kf for 42048@debbugs.gnu.org; Wed, 01 Jul 2020 08:25:20 -0400 ARC-Seal: i=1; a=rsa-sha256; t=1593606311; cv=none; d=zohomail.com; s=zohoarc; b=izgF5ymD4v7AFCK9uAeoJKOzKQLko35MqrtGQVyiqM8JqlMxPsqJ5q4za/dN0t5JQJeTTU6EmafSbjKnVkv7axGBAD6jM4H17ghTyEj338tgVkN5cmINum0m/jVaL9QMyLmKANyKK2cZ2WxMb87Pnr5jeL8HfO1oXUFfTmHHGTY= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1593606311; h=Content-Type:Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:MIME-Version:Message-ID:References:Subject:To; bh=wBpTdnHeD1YclneT7lienLtGCMfKPcy9Edk862KvR9w=; b=kyqoHBmF66NK9cBcMjaQcpbIMCEEAotDM/S84HeqPfXYZN14C+Xrh/X2OrZYpJwhBS80vZQ95R3imLopYwUKet7bpWzerTu7SyySlAwaYBnLlaZfxtPCutBGxeL4hNZDVPnxbTYjtafh7W/Ay40C9v0bJJSyofz7S4D/GqLxCbw= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass header.i=elephly.net; spf=pass smtp.mailfrom=rekado@elephly.net; dmarc=pass header.from= header.from= DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; t=1593606311; s=zoho; d=elephly.net; i=rekado@elephly.net; h=References:From:To:Cc:Subject:In-reply-to:Date:Message-ID:MIME-Version:Content-Type:Content-Transfer-Encoding; bh=wBpTdnHeD1YclneT7lienLtGCMfKPcy9Edk862KvR9w=; b=JH/1276MvT00QjnhxYACRyvK8XZQBq/1eXRj5k5hA8abhNgx07RSyeWuRbna4PL4 C6i+Kmw0Qu9nDAQu0qdiwn1S3fjcC86YuFgCb+yEN2+4sAZqL/KSJXLy3kpI9i1dCaq NBGqYLQhTsulU6vjcIgHb/9FnrTCBhVk4ikvs560= Received: from localhost (p54ad4b9b.dip0.t-ipconnect.de [84.173.75.155]) by mx.zohomail.com with SMTPS id 1593606308781624.4483809455573; Wed, 1 Jul 2020 05:25:08 -0700 (PDT) References: <20200625211605.29316-1-ludo@gnu.org> <20200625211605.29316-6-ludo@gnu.org> <87v9j8mtx9.fsf@elephly.net> <87imf847sr.fsf@gnu.org> User-agent: mu4e 1.4.10; emacs 26.3 From: Ricardo Wurmus In-reply-to: <87imf847sr.fsf@gnu.org> X-URL: https://elephly.net X-PGP-Key: https://elephly.net/rekado.pubkey X-PGP-Fingerprint: BCA6 89B6 3655 3801 C3C6 2150 197A 5888 235F ACAC Date: Wed, 01 Jul 2020 14:25:04 +0200 Message-ID: <87366bmnhb.fsf@elephly.net> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-ZohoMailClient: External X-Spam-Score: 0.0 (/) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) Ludovic Court=C3=A8s writes: > So yes, I suppose we would need to extend the =E2=80=98.guix-channel=E2= =80=99 format for > dependencies. Luckily it should be quite simply because that format is > extensible; older Guix versions would ignore the =E2=80=98introduction=E2= =80=99 field. > It would look something like this: > > (channel > (version 0) > (dependencies > (channel > (name some-collection) > (url "https://example.org/first-collection.git") > (introduction (channel-introduction > (version 0) > (commit "=E2=80=A6") > (signer "=E2=80=A6")))) > (channel > (name some-other-collection) > (url "https://example.org/second-collection.git") > (branch "testing")))) ;not an authenticated channel > > It does mean that a channel can indirectly trick you into turning off > authentication for a dependent channel. But I think that=E2=80=99s withi= n the > expectations for channels: when you choose a channel, you trust it > enough to run its code. > > WDYT? This sounds reasonable. I agree that you=E2=80=99ve got to trust the chann= el authors anyway, so allowing them to provide the introduction is fair. --=20 Ricardo From unknown Sat Jun 14 05:00:17 2025 X-Loop: help-debbugs@gnu.org Subject: [bug#42048] [PATCH 6/6] services: provenance: Save channel introductions. Resent-From: zimoun Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Wed, 01 Jul 2020 12:50:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 42048 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: Ludovic =?UTF-8?Q?Court=C3=A8s?= Cc: Ricardo Wurmus , 42048@debbugs.gnu.org Received: via spool by 42048-submit@debbugs.gnu.org id=B42048.15936077662076 (code B ref 42048); Wed, 01 Jul 2020 12:50:02 +0000 Received: (at 42048) by debbugs.gnu.org; 1 Jul 2020 12:49:26 +0000 Received: from localhost ([127.0.0.1]:52517 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1jqcB3-0000XQ-NG for submit@debbugs.gnu.org; Wed, 01 Jul 2020 08:49:25 -0400 Received: from mail-wr1-f65.google.com ([209.85.221.65]:35110) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1jqcB0-0000XB-0d for 42048@debbugs.gnu.org; Wed, 01 Jul 2020 08:49:23 -0400 Received: by mail-wr1-f65.google.com with SMTP id z2so1410143wrp.2 for <42048@debbugs.gnu.org>; Wed, 01 Jul 2020 05:49:21 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:in-reply-to:references:date:message-id :mime-version:content-transfer-encoding; bh=2mDgfAVz1BEgauB5N0nOssdsw9Z131nzci4IZqVNI5E=; b=BC7Q7Q5BjNk5TTZAOLAfFXg5nzm+lvCdE17M0FSn9wKHHFCVXVh2i+Pn3MTeEbN5Rs L2ys0S/NF4Yhkhp2cBZqhnIdCxgmQwE6NVIP2iNomw9DJMwiompTM5f/TWl7ukiTx4ZW LJw0CDcaimCMpRYvCAoWuxMRB0ds59N3apSpS+25AHNWiw0IvaPVcoH5cJTVmXCeJKrj aifYNLsdldLkTxVQvBdRGuW1eRPaF8R04DuekmkehPu6+pEuPXw+CCHLLsbCp5DyVVFk szUutjjlrtja1a5CtUob5+YP6agjaxKIg8Inog3pCsgVsiHW6oZCEnbzIGwsX09QKs9R YNWA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:in-reply-to:references:date :message-id:mime-version:content-transfer-encoding; bh=2mDgfAVz1BEgauB5N0nOssdsw9Z131nzci4IZqVNI5E=; b=B82QHbp3B4Wu3OTMn8CUSUJKkJFp8fuIMrEIIR7WqnvAjQeftOqW0j73zFgL2mCNo2 +QP1i8D0Xq+2uStWiUZ6FCYJ6rCp5/jElRPREdhhFgye+Zp/45Z5wh78ggSIy6OP2sA0 vy/9LObI1b424Lv6IKro58AHsDMMgAWfBPVaDRJzIwzzEN4OtA50Lh07WehQLrH+NRs3 eaxtrQNbq22nLE32iFR2TwM71EF19yu2Hx7tVZ0DMtT8X0VXO7RiB/bpLWvq+qTNOoRy ISgGJ+CxONZaAJS4CK4KG13wXj0VCL+CBBuKo+toDcv2w3L5g2tXj6qnrkG8Ctv86wBz 60Rw== X-Gm-Message-State: AOAM533ZS6nytZTXkYf0xUuTMoB742NAwvCNviuLiWTbNeVM/bDtIGJw aap+IrL+lpzMcb67GmnOHGQSlh1i/Xs= X-Google-Smtp-Source: ABdhPJzW3M4tUD8+kVeVDSeQLSUO5tVQl566n9T56SpD8+bUTFTvyTiQEx/yvBwk3zAmZthCcPkNcg== X-Received: by 2002:adf:fd8e:: with SMTP id d14mr26639352wrr.202.1593607755676; Wed, 01 Jul 2020 05:49:15 -0700 (PDT) Received: from lili ([2a01:e0a:59b:9120:65d2:2476:f637:db1e]) by smtp.gmail.com with ESMTPSA id a4sm7822421wrg.80.2020.07.01.05.49.13 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 01 Jul 2020 05:49:14 -0700 (PDT) From: zimoun In-Reply-To: <87r1tvzb6s.fsf@gnu.org> References: <20200625211605.29316-1-ludo@gnu.org> <20200625211605.29316-6-ludo@gnu.org> <87v9j8mtx9.fsf@elephly.net> <87imf847sr.fsf@gnu.org> <86lfk3aa9p.fsf@gmail.com> <87r1tvzb6s.fsf@gnu.org> Date: Wed, 01 Jul 2020 14:49:11 +0200 Message-ID: <86d05f9z94.fsf@gmail.com> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Spam-Score: 0.0 (/) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) On Wed, 01 Jul 2020 at 14:12, Ludovic Court=C3=A8s wrote: > Oh I=E2=80=99m sorry, I think I misunderstood your question back then! My poor English does not help either. :-) >>> With this patch set, someone pulling guix-bimsb would just end up >>> pulling guix-past unauthenticated; there=E2=80=99s not even a warning. >>> >>> (There=E2=80=99s currently a warning in (guix channels), but only when = pulling >>> an unauthenticated 'guix channel. It=E2=80=99s perhaps too early to ha= ve that >>> warning enabled for all channels. WDYT?) >> >> Enable the warning appears to me a good idea because this dependency is >> like "doing something I am not necessary aware in my back". > > I=E2=80=99m talking about the warning that says =E2=80=9Cthis channel is > unauthenticated=E2=80=9D, which is mostly orthogonal to the discussion at= hand. > The reason I said it=E2=80=99s perhaps too early to enable it is that peo= ple > haven=E2=80=99t had a chance to make their channel =E2=80=9Cauthenticable= =E2=80=9D yet. Well, the possible scenarii are: when pulling guix-bimsb which ends up to pull guix-past: 1- unauthenticated guix-bimsb and unauthenticated guix-past 2- authenticated guix-bimsb and unauthenticated guix-past 3- unauthenticated guix-bimsb and authenticated guix-past 4- authenticated guix-bimsb and authenticated guix-past The #1 and #4 do not deserve a warning. The point #3 neither and even the authentication of guix-past should be turned off, at least now. The point #2 requires a warning. Because if I am pulling a authenticated channel, I expect that all the code it pulls is authenticated which will not be the case, so IMHO it deserves a warning. Then it is up to the guix-bimsb channel to add an introduction for the dependency using the format you described. Cheers, simon From unknown Sat Jun 14 05:00:17 2025 X-Loop: help-debbugs@gnu.org Subject: [bug#42048] [PATCH 0/6] Authenticated channels for everyone! Resent-From: zimoun Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Wed, 01 Jul 2020 13:10:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 42048 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: Ludovic =?UTF-8?Q?Court=C3=A8s?= Cc: 42048@debbugs.gnu.org Received: via spool by 42048-submit@debbugs.gnu.org id=B42048.15936089724018 (code B ref 42048); Wed, 01 Jul 2020 13:10:01 +0000 Received: (at 42048) by debbugs.gnu.org; 1 Jul 2020 13:09:32 +0000 Received: from localhost ([127.0.0.1]:52530 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1jqcUV-00012k-SE for submit@debbugs.gnu.org; Wed, 01 Jul 2020 09:09:32 -0400 Received: from mail-wr1-f65.google.com ([209.85.221.65]:40067) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1jqcUS-00012K-UV for 42048@debbugs.gnu.org; Wed, 01 Jul 2020 09:09:30 -0400 Received: by mail-wr1-f65.google.com with SMTP id h5so23746782wrc.7 for <42048@debbugs.gnu.org>; Wed, 01 Jul 2020 06:09:28 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:in-reply-to:references:date:message-id :mime-version:content-transfer-encoding; bh=HFdDPafkzqDajLBraOoftz8P1FH/G8SohHShvpeKCrU=; b=iZ+Gpo+8U8bILuVz1DJqTW3xUspuahJNSWyVSbPe//f00YS/xjbQz9eAdEIYqlF4op VQwHpecfmumP1iofG0AJgHn/wu1T9LHoVeg7aemz02w0lYzCB+xA3yN0RHlKgethqHJj 7C2iX8rC1e44Dk5B/333Se8HHHYgiuYRz2RX2cYUabkfOl0P5qgadQA3HIG/aWXm2E5g NfOKlGJ7Mr9IL8hMsGq3N3nbl/UxnJKCtl90rrO6L4zWkDOsn+BTYYrHB5Q6mFU/jn4z X0YM29ePHwOpr9HeZFGt1Ae0qET/ENlqB9MuPxQpVLMOYfQSjbSTp9q7t/+Ej9On+sbm uOYw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:in-reply-to:references:date :message-id:mime-version:content-transfer-encoding; bh=HFdDPafkzqDajLBraOoftz8P1FH/G8SohHShvpeKCrU=; b=LLTIODazyqOK/oJFf+9vbLA5fDilQti9H3Yq5VyGwGk4ogUSTFQnF72JiQKRsdzK44 i9rPqZ7wEenxkV7+OEBhUkFL+uFsnAvF5LJKzf3SPIIGKDjgR/9iL2dJCRIZg9Ri18Ln q6/xzRZnpxoW2G1DLG3Xvk0vJUZcifv3DPuTvuKPy3aTQFdjoNiHlJRy9Ant3cRTrWVA jkNvwD9YIxecTNSaxw0q303zstzjMlxG8dt0MO4HEPB2+DIFCVSWoTS43Ej0uaTzLyh6 bVTUyXUvQ1sTnLnFOy+cLr8YRTup7/4EWI2/HQicEYhvg6FY1E9wEW+i9uD/SQWvI4ZA EVmA== X-Gm-Message-State: AOAM531PyVOz6/SM3KRebCgYYelr24YOP/WI2I7gJOW6vFlYTlvUVCLs mfSoc+L/m3e3R0pFI2AFXLPajBb5XAU= X-Google-Smtp-Source: ABdhPJx0sOPLEEBG1HV2dFtmirVQtlGscqe/aN0ZrfMbz+lxfbP96ILWq2EX5Ai2W9u7pn1fpVFl5Q== X-Received: by 2002:adf:a111:: with SMTP id o17mr26373134wro.257.1593608962620; Wed, 01 Jul 2020 06:09:22 -0700 (PDT) Received: from lili ([2a01:e0a:59b:9120:65d2:2476:f637:db1e]) by smtp.gmail.com with ESMTPSA id w14sm7263938wrt.55.2020.07.01.06.09.21 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 01 Jul 2020 06:09:22 -0700 (PDT) From: zimoun In-Reply-To: <87a70jzaxd.fsf@gnu.org> References: <20200625210400.29033-1-ludo@gnu.org> <86ftaba874.fsf@gmail.com> <87a70jzaxd.fsf@gnu.org> Date: Wed, 01 Jul 2020 15:09:21 +0200 Message-ID: <86a70j9ybi.fsf@gmail.com> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Spam-Score: 0.0 (/) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) On Wed, 01 Jul 2020 at 14:17, Ludovic Court=C3=A8s wrote: > But of course, the new =E2=80=98introduction=E2=80=99 field of = won=E2=80=99t be > recognized by older Guix versions. In that case, you should use the > output of =E2=80=98guix describe -f channels-sans-intro=E2=80=99 as I wro= te in the > manual. Older Guix versions means the Scheme lib and not Inferiors, right? I mean, if I run using a Guix post-'introduction' "guix describe -f channels", then I can run with another Guix post-'introduction' "guix time-machine -C channels.scm", everything is fine. However, I cannot use this post-'introduction' channels.scm file with a pre-'introduction' Guix and "guix time-machine -C channels.scm" fails, right?=20 > In general, when a developer loses control over their key, another > committer should remove it right away form =E2=80=98.guix-authorizations= =E2=80=99. (I > did that today following Brett=E2=80=99s message, for example.) > > Signatures on past commits can still be verified and everything is fine. > The (guix openpgp) code ignores key expiration and revocation; it =E2=80= =9Cjust=E2=80=9D > verifies signatures. > >> Today, everything is fine, I sign and I do in introduction. Couple of >> months (or even years) later, my key will be compromised and so I will >> revoke it. What happens if I do "guix time-machine -C"? > > That=E2=80=99s OK. The keyring is distributed along with the channel sti= ll > contains your key, with or without a revocation certificate, but that > doesn=E2=80=99t prevent us from verifying signatures on past commits. (T= his is > different from what gpg does.) It answers to my question about time-machine. Thank you. Now I have another one. :-) Well, if now Eve has the control of an authorized key (for example the Brett's one) then you cannot distinguish between past valid signatures to current malicious ones, even if the key is revoked, right? (It is not a practical issue but it is a possible scenario.) Cheers, simon From unknown Sat Jun 14 05:00:17 2025 X-Loop: help-debbugs@gnu.org Subject: [bug#42048] [PATCH 0/6] Authenticated channels for everyone! Resent-From: Ludovic =?UTF-8?Q?Court=C3=A8s?= Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Wed, 01 Jul 2020 15:55:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 42048 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: zimoun Cc: 42048@debbugs.gnu.org Received: via spool by 42048-submit@debbugs.gnu.org id=B42048.159361886320566 (code B ref 42048); Wed, 01 Jul 2020 15:55:01 +0000 Received: (at 42048) by debbugs.gnu.org; 1 Jul 2020 15:54:23 +0000 Received: from localhost ([127.0.0.1]:53606 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1jqf42-0005Le-Rb for submit@debbugs.gnu.org; Wed, 01 Jul 2020 11:54:23 -0400 Received: from eggs.gnu.org ([209.51.188.92]:48438) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1jqf3y-0005LK-Ow for 42048@debbugs.gnu.org; Wed, 01 Jul 2020 11:54:20 -0400 Received: from fencepost.gnu.org ([2001:470:142:3::e]:41268) by eggs.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1jqf3s-0002We-5I; Wed, 01 Jul 2020 11:54:12 -0400 Received: from [2a01:e0a:1d:7270:af76:b9b:ca24:c465] (port=56002 helo=ribbon) by fencepost.gnu.org with esmtpsa (TLS1.2:RSA_AES_256_CBC_SHA1:256) (Exim 4.82) (envelope-from ) id 1jqf3r-0004oy-CT; Wed, 01 Jul 2020 11:54:11 -0400 From: Ludovic =?UTF-8?Q?Court=C3=A8s?= References: <20200625210400.29033-1-ludo@gnu.org> <86ftaba874.fsf@gmail.com> <87a70jzaxd.fsf@gnu.org> <86a70j9ybi.fsf@gmail.com> Date: Wed, 01 Jul 2020 17:54:08 +0200 In-Reply-To: <86a70j9ybi.fsf@gmail.com> (zimoun's message of "Wed, 01 Jul 2020 15:09:21 +0200") Message-ID: <874kqrz0wv.fsf@gnu.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/26.3 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Spam-Score: -2.3 (--) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -3.3 (---) zimoun skribis: > On Wed, 01 Jul 2020 at 14:17, Ludovic Court=C3=A8s wrote: > >> But of course, the new =E2=80=98introduction=E2=80=99 field of = won=E2=80=99t be >> recognized by older Guix versions. In that case, you should use the >> output of =E2=80=98guix describe -f channels-sans-intro=E2=80=99 as I wr= ote in the >> manual. > > Older Guix versions means the Scheme lib and not Inferiors, right? > > I mean, if I run using a Guix post-'introduction' "guix describe -f > channels", then I can run with another Guix post-'introduction' "guix > time-machine -C channels.scm", everything is fine. > > However, I cannot use this post-'introduction' channels.scm file with a > pre-'introduction' Guix and "guix time-machine -C channels.scm" fails, > right?=20 Yup! > Well, if now Eve has the control of an authorized key (for example the > Brett's one) then you cannot distinguish between past valid signatures > to current malicious ones, even if the key is revoked, right? Revocation in the OpenPGP sense doesn=E2=80=99t not matter at all. What ma= tters is whether the key is in =E2=80=98.guix-authorizations=E2=80=99. If we rem= ove if from there in commit X, then any commit descending from X that is signed by that key will be rejected. Past commits (ancestors of X) signed by that key are still considered authentic. Ludo=E2=80=99. From unknown Sat Jun 14 05:00:17 2025 X-Loop: help-debbugs@gnu.org Subject: [bug#42048] [PATCH 6/6] services: provenance: Save channel introductions. Resent-From: Ludovic =?UTF-8?Q?Court=C3=A8s?= Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Wed, 01 Jul 2020 17:06:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 42048 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: zimoun Cc: Ricardo Wurmus , 42048@debbugs.gnu.org Received: via spool by 42048-submit@debbugs.gnu.org id=B42048.159362313027466 (code B ref 42048); Wed, 01 Jul 2020 17:06:02 +0000 Received: (at 42048) by debbugs.gnu.org; 1 Jul 2020 17:05:30 +0000 Received: from localhost ([127.0.0.1]:53721 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1jqgAr-00078w-Or for submit@debbugs.gnu.org; Wed, 01 Jul 2020 13:05:30 -0400 Received: from eggs.gnu.org ([209.51.188.92]:39928) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1jqgAo-00078i-VM for 42048@debbugs.gnu.org; Wed, 01 Jul 2020 13:05:29 -0400 Received: from fencepost.gnu.org ([2001:470:142:3::e]:42633) by eggs.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1jqgAj-0007dU-GX; Wed, 01 Jul 2020 13:05:21 -0400 Received: from [2a01:e0a:1d:7270:af76:b9b:ca24:c465] (port=56814 helo=ribbon) by fencepost.gnu.org with esmtpsa (TLS1.2:RSA_AES_256_CBC_SHA1:256) (Exim 4.82) (envelope-from ) id 1jqgAh-0006k0-7H; Wed, 01 Jul 2020 13:05:20 -0400 From: Ludovic =?UTF-8?Q?Court=C3=A8s?= References: <20200625211605.29316-1-ludo@gnu.org> <20200625211605.29316-6-ludo@gnu.org> <87v9j8mtx9.fsf@elephly.net> <87imf847sr.fsf@gnu.org> <86lfk3aa9p.fsf@gmail.com> <87r1tvzb6s.fsf@gnu.org> <86d05f9z94.fsf@gmail.com> Date: Wed, 01 Jul 2020 19:05:17 +0200 In-Reply-To: <86d05f9z94.fsf@gmail.com> (zimoun's message of "Wed, 01 Jul 2020 14:49:11 +0200") Message-ID: <87wo3nxj1u.fsf@gnu.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/26.3 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Spam-Score: -2.3 (--) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -3.3 (---) zimoun skribis: > On Wed, 01 Jul 2020 at 14:12, Ludovic Court=C3=A8s wrote: [...] >> I=E2=80=99m talking about the warning that says =E2=80=9Cthis channel is >> unauthenticated=E2=80=9D, which is mostly orthogonal to the discussion a= t hand. >> The reason I said it=E2=80=99s perhaps too early to enable it is that pe= ople >> haven=E2=80=99t had a chance to make their channel =E2=80=9Cauthenticabl= e=E2=80=9D yet. To be clear, I=E2=80=99m referring to this: https://git.savannah.gnu.org/cgit/guix.git/tree/guix/channels.scm?id=3D9f= 5f3932debc72a57a830fc6ca5ab980f6db4941#n406 > Well, the possible scenarii are: when pulling guix-bimsb which ends up > to pull guix-past: > > 1- unauthenticated guix-bimsb and unauthenticated guix-past > 2- authenticated guix-bimsb and unauthenticated guix-past > 3- unauthenticated guix-bimsb and authenticated guix-past > 4- authenticated guix-bimsb and authenticated guix-past > > The #1 and #4 do not deserve a warning. > The point #3 neither and even the authentication of guix-past should be > turned off, at least now. > > The point #2 requires a warning. Because if I am pulling a > authenticated channel, I expect that all the code it pulls is > authenticated which will not be the case, so IMHO it deserves a > warning. > > Then it is up to the guix-bimsb channel to add an introduction for the > dependency using the format you described. Exactly. I agree that #2 is problematic, but if the authors of guix-bimsb are aware that guix-past can also be authenticated, then I think it=E2=80=99s their responsibility to update their =E2=80=98.guix-chan= nel=E2=80=99 dependencies accordingly. Ludo=E2=80=99. From unknown Sat Jun 14 05:00:17 2025 MIME-Version: 1.0 X-Mailer: MIME-tools 5.505 (Entity 5.505) X-Loop: help-debbugs@gnu.org From: help-debbugs@gnu.org (GNU bug Tracking System) To: Ludovic =?UTF-8?Q?Court=C3=A8s?= Subject: bug#42048: closed (Re: [bug#42048] [PATCH 6/6] services: provenance: Save channel introductions.) Message-ID: References: <87imf6ykf6.fsf@gnu.org> <20200625210400.29033-1-ludo@gnu.org> X-Gnu-PR-Message: they-closed 42048 X-Gnu-PR-Package: guix-patches X-Gnu-PR-Keywords: patch Reply-To: 42048@debbugs.gnu.org Date: Wed, 01 Jul 2020 21:51:02 +0000 Content-Type: multipart/mixed; boundary="----------=_1593640262-20339-1" This is a multi-part message in MIME format... ------------=_1593640262-20339-1 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Your bug report #42048: [PATCH 0/6] Authenticated channels for everyone! which was filed against the guix-patches package, has been closed. The explanation is attached below, along with your original report. If you require more details, please reply to 42048@debbugs.gnu.org. --=20 42048: http://debbugs.gnu.org/cgi/bugreport.cgi?bug=3D42048 GNU Bug Tracking System Contact help-debbugs@gnu.org with problems ------------=_1593640262-20339-1 Content-Type: message/rfc822 Content-Disposition: inline Content-Transfer-Encoding: 7bit Received: (at 42048-done) by debbugs.gnu.org; 1 Jul 2020 21:50:33 +0000 Received: from localhost ([127.0.0.1]:53850 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1jqkcj-0005HQ-60 for submit@debbugs.gnu.org; Wed, 01 Jul 2020 17:50:33 -0400 Received: from eggs.gnu.org ([209.51.188.92]:59472) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1jqkch-0005HE-1s for 42048-done@debbugs.gnu.org; Wed, 01 Jul 2020 17:50:31 -0400 Received: from fencepost.gnu.org ([2001:470:142:3::e]:47243) by eggs.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1jqkcb-0006rM-6N; Wed, 01 Jul 2020 17:50:25 -0400 Received: from [2a01:e0a:1d:7270:af76:b9b:ca24:c465] (port=51322 helo=ribbon) by fencepost.gnu.org with esmtpsa (TLS1.2:RSA_AES_256_CBC_SHA1:256) (Exim 4.82) (envelope-from ) id 1jqkca-0000Ic-EN; Wed, 01 Jul 2020 17:50:24 -0400 From: =?utf-8?Q?Ludovic_Court=C3=A8s?= To: Ricardo Wurmus Subject: Re: [bug#42048] [PATCH 6/6] services: provenance: Save channel introductions. References: <20200625211605.29316-1-ludo@gnu.org> <20200625211605.29316-6-ludo@gnu.org> <87v9j8mtx9.fsf@elephly.net> <87imf847sr.fsf@gnu.org> <87366bmnhb.fsf@elephly.net> Date: Wed, 01 Jul 2020 23:50:21 +0200 In-Reply-To: <87366bmnhb.fsf@elephly.net> (Ricardo Wurmus's message of "Wed, 01 Jul 2020 14:25:04 +0200") Message-ID: <87imf6ykf6.fsf@gnu.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/26.3 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Spam-Score: -2.3 (--) X-Debbugs-Envelope-To: 42048-done Cc: 42048-done@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -3.3 (---) Hi, Ricardo Wurmus skribis: > Ludovic Court=C3=A8s writes: > >> So yes, I suppose we would need to extend the =E2=80=98.guix-channel=E2= =80=99 format for >> dependencies. Luckily it should be quite simply because that format is >> extensible; older Guix versions would ignore the =E2=80=98introduction= =E2=80=99 field. >> It would look something like this: >> >> (channel >> (version 0) >> (dependencies >> (channel >> (name some-collection) >> (url "https://example.org/first-collection.git") >> (introduction (channel-introduction >> (version 0) >> (commit "=E2=80=A6") >> (signer "=E2=80=A6")))) >> (channel >> (name some-other-collection) >> (url "https://example.org/second-collection.git") >> (branch "testing")))) ;not an authenticated channel >> >> It does mean that a channel can indirectly trick you into turning off >> authentication for a dependent channel. But I think that=E2=80=99s with= in the >> expectations for channels: when you choose a channel, you trust it >> enough to run its code. >> >> WDYT? > > This sounds reasonable. I agree that you=E2=80=99ve got to trust the cha= nnel > authors anyway, so allowing them to provide the introduction is fair. I went ahead and did that: https://git.savannah.gnu.org/cgit/guix.git/commit/?id=3Dd774c7b1218a3cc20= 079b19812da119f9ed26b54 Let me know what you think! The whole series is now pushed: d774c7b121 channels: Dependencies listed in '.guix-channel' can have an i= ntroduction. 884df77640 channels: Properly diagnose test failure. eb5cf39e66 services: provenance: Save channel introductions. 6d39f0cb77 guix describe: Display channel introductions and add 'channels= -sans-intro'. 471550c28c channels: Save and interpret 'introduction' field in provenanc= e data. 22a9699257 channels: Remove 'signature' from . 8b7d982e6a channels: Make channel introductions public. 6577682a6c channels: Add 'openpgp-fingerprint->bytevector'. Thanks for your feedback, Ludo=E2=80=99. ------------=_1593640262-20339-1 Content-Type: message/rfc822 Content-Disposition: inline Content-Transfer-Encoding: 7bit Received: (at submit) by debbugs.gnu.org; 25 Jun 2020 21:04:16 +0000 Received: from localhost ([127.0.0.1]:41334 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1joZ2d-00026U-WC for submit@debbugs.gnu.org; Thu, 25 Jun 2020 17:04:16 -0400 Received: from lists.gnu.org ([209.51.188.17]:49286) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1joZ2Y-00026H-Ls for submit@debbugs.gnu.org; Thu, 25 Jun 2020 17:04:13 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:45256) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1joZ2Y-00087s-FZ for guix-patches@gnu.org; Thu, 25 Jun 2020 17:04:10 -0400 Received: from fencepost.gnu.org ([2001:470:142:3::e]:45143) by eggs.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1joZ2X-0002Av-Gr; Thu, 25 Jun 2020 17:04:09 -0400 Received: from [2a01:e0a:1d:7270:af76:b9b:ca24:c465] (port=59592 helo=gnu.org) by fencepost.gnu.org with esmtpsa (TLS1.2:DHE_RSA_AES_256_CBC_SHA1:256) (Exim 4.82) (envelope-from ) id 1joZ2W-0005LQ-O8; Thu, 25 Jun 2020 17:04:09 -0400 From: =?UTF-8?q?Ludovic=20Court=C3=A8s?= To: guix-patches@gnu.org Subject: [PATCH 0/6] Authenticated channels for everyone! Date: Thu, 25 Jun 2020 23:04:00 +0200 Message-Id: <20200625210400.29033-1-ludo@gnu.org> X-Mailer: git-send-email 2.26.2 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Spam-Score: -2.3 (--) X-Debbugs-Envelope-To: submit Cc: =?UTF-8?q?Ludovic=20Court=C3=A8s?= X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -3.3 (---) Hello Guix! This patch series follows up on channel authentication support: https://issues.guix.gnu.org/41767 This time the goal is to expose and document the authentication mechanism so that third-party channel authors can use it. This should be the last series on this theme in the foreseeable future. :-) The most visible effect is that channel introductions are now part of the API and shown by ‘guix describe’. It becomes a long-term commitment because we want to be able to pass the output of ‘guix describe -C channels’ or /run/current-system/channels.scm to ‘guix pull’ and ‘guix time-machine’ in the future. Contrary to what I initially proposed¹, channel introductions are stripped to the bare minimum: a commit/fingerprint pair (as is currently the case on master, internally). I figured it doesn’t buy us much to have the commit/fingerprint pair signed; what matters is that users obtain the introduction from a trusted source, and the signature wouldn’t help with that. I also got rid of the idea of rendering introductions are opaque base64 blobs. In the manual I tried to distinguish instructions for users (“what do I need to put in my channels.scm file?”) from instructions for channel authors (“how do I allow users of my channel to authenticate it?”). If people have a channel that they’d like to make “authenticable”, please do try and report back! You can even test with master, you only need to add ‘@@’ to access (guix channels) internals to create the introduction. Feedback welcome! Thanks, Ludo’. ¹ https://issues.guix.gnu.org/issue/22883#69 Ludovic Courtès (6): channels: Add 'openpgp-fingerprint->bytevector'. channels: Make channel introductions public. channels: Remove 'signature' from . channels: Save and interpret 'introduction' field in provenance data. guix describe: Display channel introductions and add 'channels-sans-intro'. services: provenance: Save channel introductions. doc/guix.texi | 130 +++++++++++++++++++++++++++++++++++++- gnu/services.scm | 26 ++++++-- guix/channels.scm | 86 +++++++++++++++++++------ guix/scripts/describe.scm | 56 +++++++++++++--- guix/scripts/system.scm | 4 +- tests/channels.scm | 10 ++- 6 files changed, 269 insertions(+), 43 deletions(-) -- 2.26.2 ------------=_1593640262-20339-1--