GNU bug report logs - #54711
Bad Documentation Series: 6.1 Specifying Additional Channels

Previous Next

Package: guix;

Reported by: Marek Paśnikowski <mail <at> marekpasnikowski.name>

Date: Mon, 4 Apr 2022 16:50:02 UTC

Severity: normal

Full log

Message #20 received at 54711 <at> debbugs.gnu.org (full text, mbox):

From: Maxime Devos <maximedevos <at> telenet.be>
To: Marek Paśnikowski <mail <at> marekpasnikowski.name>, 
 54711 <at> debbugs.gnu.org
Subject: Re: bug#54711: Bad Documentation Series: 6.1 Specifying Additional
 Channels
Date: Mon, 04 Apr 2022 20:08:46 +0200

[Message part 1 (text/plain, inline)]
Marek Paśnikowski schreef op ma 04-04-2022 om 18:21 [+0200]:
> 2. What ==is== the channel introduction?

From (guix)Channel Authentication:

   As a user, you must provide a “channel introduction” in your
channels file so that Guix knows how to authenticate its first commit.
A channel specification, including its introduction, looks something
along these lines:

     (channel
       (name 'some-channel)
       (url "https://example.org/some-channel.git")
       (introduction
        (make-channel-introduction
         "6f0d8cc0d88abb59c324b2990bfee2876016bb86"
         (openpgp-fingerprint
          "CABB A931 C0FF EEC6 900D  0CFB 090B 1199 3D9A EBB5"))))

It's the (make-channel-introduction [...]) thing.  It's just a bunch of
information that Guix can use to authenticate the first commit of the
channel.  Also see ...

> Which commit am I supposed to use?

The first commit that adds (or in your case, modifies) the .guix-
authorization file.  From (guix)Specifying Channel Authorizations:

   This authentication rule creates a chicken-and-egg issue: how do we
authenticate the first commit?  Related to that: how do we deal with
channels whose repository history contains unsigned commits and lack
‘.guix-authorizations’?  And how do we fork existing channels?

   Channel introductions answer these questions by describing the first
commit of a channel that should be authenticated.  The first time a
channel is fetched with ‘guix pull’ or ‘guix time-machine’, the command
looks up the introductory commit and verifies that it is signed by the
specified OpenPGP key.  From then on, it authenticates commits
according to the rule above.  Authentication fails if the target commit
is neither a descendant nor an ancestor of the introductory commit.

Greetings,
Maxime.

[signature.asc (application/pgp-signature, inline)]
This bug report was last modified 3 years and 71 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.