From unknown Sat Jun 14 19:10:34 2025 X-Loop: help-debbugs@gnu.org Subject: bug#60852: git-authenticate edge case for certain key setup. Resent-From: Hilton Chain Original-Sender: "Debbugs-submit" Resent-CC: bug-guix@gnu.org Resent-Date: Mon, 16 Jan 2023 07:31:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: report 60852 X-GNU-PR-Package: guix X-GNU-PR-Keywords: To: 60852@debbugs.gnu.org X-Debbugs-Original-To: bug-guix@gnu.org Received: via spool by submit@debbugs.gnu.org id=B.167385421618337 (code B ref -1); Mon, 16 Jan 2023 07:31:02 +0000 Received: (at submit) by debbugs.gnu.org; 16 Jan 2023 07:30:16 +0000 Received: from localhost ([127.0.0.1]:60275 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1pHJwd-0004lg-O6 for submit@debbugs.gnu.org; Mon, 16 Jan 2023 02:30:16 -0500 Received: from lists.gnu.org ([209.51.188.17]:49506) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1pHJwb-0004lX-F9 for submit@debbugs.gnu.org; Mon, 16 Jan 2023 02:30:13 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1pHJwb-0006Mq-1T for bug-guix@gnu.org; Mon, 16 Jan 2023 02:30:13 -0500 Received: from mail.boiledscript.com ([144.168.59.46]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1pHJwZ-0005cW-CJ for bug-guix@gnu.org; Mon, 16 Jan 2023 02:30:12 -0500 Date: Mon, 16 Jan 2023 15:29:40 +0800 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ultrarare.space; s=dkim; t=1673854207; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=QYt8yw2vhTllUC213VEnWzm2kJth3oGHU0Lf3Sq42NU=; b=ciXzNByLUbQsnm5aj00Ql1QKCL/d7k1VpryvZ0kXZgYCyXmRLugt38TlbXMNYvI86pJUvg GoyfPQUgR9RRPEEw/12mK9SwLyip/aofZWc6drEmuEaYq93MEz9+Y9N1XiOZwLuId4/MkC MDdOplV+j4M5rP/gHx4OTDjkeUgQ4RjZOPDEAoO4UhzvhnbZWMfP5oCVDpiaXW78DNsy4K n4OphH5Ufx3Nlc8Fybfop92a1eXW6HK2nD12HLA/p5MpuEt1062MOHBK0p63a34kzlrDkN HJs3j91us5w+u2h+wMFfQDtJa5baDVj9vDX3YhMs3MCWhHe3nrN3G/kC/ro/yw== Message-ID: <87lem3kkd7.wl-hako@ultrarare.space> From: Hilton Chain MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Authentication-Results: mail.boiledscript.com; auth=pass smtp.mailfrom=hako@ultrarare.space X-Spamd-Bar: / Received-SPF: pass client-ip=144.168.59.46; envelope-from=hako@ultrarare.space; helo=mail.boiledscript.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-Spam-Score: -1.3 (-) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -2.3 (--) I encountered the issue when adding a new key to my Guix channel. Though I haven't figured out what happened exactly, I'm currently able to reproduce = the issue with the following steps. 1. Generate two keypairs. Key One with the preset "ECC and ECC", Key Two w= ith "ECC (set your own capabilities)" and only keep the Certify capability, then add a Sign subkey to Key Two. All Curve 25519. #+RESULTS: : /tmp/test/pubring.kbx : --------------------- : sec ed25519/676A52381FFD80C5 2023-01-16 [SC] : Key fingerprint =3D 21D3 9304 CED7 A5CF 50B6 0B80 676A 5238 1FFD 8= 0C5 : uid [ultimate] Key One : ssb cv25519/BA35E2E29D6E4CE4 2023-01-16 [E] : Key fingerprint =3D 450A DF8C 6FE4 AEFF EC75 EBD9 BA35 E2E2 9D6E 4= CE4 : : sec ed25519/06DE4CED9A91AB7B 2023-01-16 [C] : Key fingerprint =3D 4A45 EC76 DA2B 389A FE2F C887 06DE 4CED 9A91 A= B7B : uid [ultimate] Key Two : ssb ed25519/3BE8CD60E408A705 2023-01-16 [S] : Key fingerprint =3D 405C B557 DE1F 1254 B012 640A 3BE8 CD60 E408 A= 705 2. Create a new git repository, commit public keys of the two to the "keyri= ng" branch. Then commit file ".guix-authorizations" to the "main" branch with = the following code: #+begin_src scheme (authorizations (version 0) (("21D3 9304 CED7 A5CF 50B6 0B80 676A 5238 1FFD 80C5" (name "Key One")))) #+end_src Configure git to sign commits with Key One, change the ".guix-authorization= s" file to the following and commit: #+begin_src scheme (authorizations (version 0) (("21D3 9304 CED7 A5CF 50B6 0B80 676A 5238 1FFD 80C5" (name "Key One"))) (("405C B557 DE1F 1254 B012 640A 3BE8 CD60 E408 A705" (name "Key Two")))) #+end_src Then change the signing key to Key Two and add a new commit. Now there're three commits: #+RESULTS: : commit 5240baeebc055187fb738e66e7dbfbb57c0aeba3 (HEAD -> main) : Author: Test : Date: Mon Jan 16 13:53:49 2023 +0800 : : test : : commit a6794b64f9dfa828a5721e3f02c27ab74db9a487 : Author: Test : Date: Mon Jan 16 13:53:17 2023 +0800 : : Authorize Key Two. : : commit c9476062a2f341e9ee95a60d17cf2233b7c55ff4 : Author: Test : Date: Mon Jan 16 13:51:02 2023 +0800 : : Authorize Key One. 3. Invoke `guix git authenticate`...with error. #+begin_src shell guix git authenticate c9476062a2f341e9ee95a60d17cf2233b7c55ff4 "21D3 9304= CED7 A5CF 50B6 0B80 676A 5238 1FFD 80C5" #+end_src #+RESULTS: : Authenticating commits c947606 to 5240bae (1 new commits)... : [########################################################################= ######]guix git: error: commit 5240baeebc055187fb738e66e7dbfbb57c0aeba3 not= signed by an authorized key: 405C B557 DE1F 1254 B012 640A 3BE8 CD60 E408= A705 4. However, if I swap positions of the two fingerprints, it works. New ".guix-authorizations" file: #+begin_src scheme (authorizations (version 0) (("405C B557 DE1F 1254 B012 640A 3BE8 CD60 E408 A705" (name "Key Two"))) (("21D3 9304 CED7 A5CF 50B6 0B80 676A 5238 1FFD 80C5" (name "Key One")))) #+end_src New commits history: #+RESULTS: : commit 7e4d98eea0e89652554d822503096371e5d59f3b (HEAD -> main) : Author: Test : Date: Mon Jan 16 14:52:37 2023 +0800 : : test : : commit a44434b1a9bd955cc897dea4c44abe64d6ab8112 : Author: Test : Date: Mon Jan 16 13:53:49 2023 +0800 : : Swap positions of the two fingerprints. : : commit a6794b64f9dfa828a5721e3f02c27ab74db9a487 : Author: Test : Date: Mon Jan 16 13:53:17 2023 +0800 : : Authorize Key Two. : : commit c9476062a2f341e9ee95a60d17cf2233b7c55ff4 : Author: Test : Date: Mon Jan 16 13:51:02 2023 +0800 : : Authorize Key One. And a new `guix git authenticate` result: #+RESULTS: : Authenticating commits c947606 to 7e4d98e (2 new commits)... =F0=9F=A5=B4 From unknown Sat Jun 14 19:10:34 2025 X-Loop: help-debbugs@gnu.org Subject: bug#60852: git-authenticate edge case for certain key setup. Resent-From: Ludovic =?UTF-8?Q?Court=C3=A8s?= Original-Sender: "Debbugs-submit" Resent-CC: bug-guix@gnu.org Resent-Date: Tue, 17 Jan 2023 15:19:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 60852 X-GNU-PR-Package: guix X-GNU-PR-Keywords: To: Hilton Chain Cc: 60852@debbugs.gnu.org Received: via spool by 60852-submit@debbugs.gnu.org id=B60852.167396870410662 (code B ref 60852); Tue, 17 Jan 2023 15:19:02 +0000 Received: (at 60852) by debbugs.gnu.org; 17 Jan 2023 15:18:24 +0000 Received: from localhost ([127.0.0.1]:37941 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1pHnjE-0002lu-K7 for submit@debbugs.gnu.org; Tue, 17 Jan 2023 10:18:24 -0500 Received: from eggs.gnu.org ([209.51.188.92]:38016) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1pHnjB-0002le-M9 for 60852@debbugs.gnu.org; Tue, 17 Jan 2023 10:18:22 -0500 Received: from fencepost.gnu.org ([2001:470:142:3::e]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1pHnj6-0002yA-Cw; Tue, 17 Jan 2023 10:18:16 -0500 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org; s=fencepost-gnu-org; h=MIME-Version:In-Reply-To:Date:References:Subject:To: From; bh=RE6UyFgEQR87j4+zGq0l1MxFCquTfPZrIDzsZysNMSw=; b=XH2csOE3Y6sSS1QFL5rM TuJCH5ld6rEwmEj32ngDCZ+P0It5vahG9i91irG0+UecJtHhjyVq11Fc22lS9EtR3cEa8QNSIhjbi y3qgLxKsXn/qr9oWSqOkEEyLbpz6ws3Xu+AKuAw2YC5mtXsMam24fNcPJ2k0AOP3bDo0URNfs8DOA qt1ASCpPGUdAqlHZ/N4LoNoR0eJzp3pcA/vwgBubCHBjOqXaVpA/gaPI4XWe3gR8ukYmY7YbEgmbj +Ao6u+6acQC1Ra4M02wnvbB9ylh8ccZtJ8a+F5kXZjFBGY34i5UeejLLed2o8ZRAGyEQrU3yPXGKN U1zD5v9YdpuHGQ==; Received: from [193.50.110.246] (helo=ribbon) by fencepost.gnu.org with esmtpsa (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1pHnj5-0004wZ-Lb; Tue, 17 Jan 2023 10:18:15 -0500 From: Ludovic =?UTF-8?Q?Court=C3=A8s?= References: <87lem3kkd7.wl-hako@ultrarare.space> Date: Tue, 17 Jan 2023 16:18:13 +0100 In-Reply-To: <87lem3kkd7.wl-hako@ultrarare.space> (Hilton Chain's message of "Mon, 16 Jan 2023 15:29:40 +0800") Message-ID: <87y1q1fave.fsf@gnu.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/28.2 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Spam-Score: -2.3 (--) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -3.3 (---) Hi, Hilton Chain skribis: > I encountered the issue when adding a new key to my Guix channel. Though= I > haven't figured out what happened exactly, I'm currently able to reproduc= e the > issue with the following steps. Fishy. Would you be able to write a script to reproduce the whole scenario? That=E2=80=99d make it easier to test and we=E2=80=99d be sure w= e=E2=80=99re talking about the same thing. Thanks for reporting it! Ludo=E2=80=99. From unknown Sat Jun 14 19:10:34 2025 X-Loop: help-debbugs@gnu.org Subject: bug#60852: git-authenticate edge case for certain key setup. Resent-From: Hilton Chain Original-Sender: "Debbugs-submit" Resent-CC: bug-guix@gnu.org Resent-Date: Wed, 25 Jan 2023 16:49:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 60852 X-GNU-PR-Package: guix X-GNU-PR-Keywords: To: Ludovic =?UTF-8?Q?Court=C3=A8s?= Cc: 60852@debbugs.gnu.org Received: via spool by 60852-submit@debbugs.gnu.org id=B60852.167466532628941 (code B ref 60852); Wed, 25 Jan 2023 16:49:01 +0000 Received: (at 60852) by debbugs.gnu.org; 25 Jan 2023 16:48:46 +0000 Received: from localhost ([127.0.0.1]:59817 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1pKix3-0007Wj-MN for submit@debbugs.gnu.org; Wed, 25 Jan 2023 11:48:45 -0500 Received: from mail.boiledscript.com ([144.168.59.46]:53386) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1pKix0-0007WS-2i for 60852@debbugs.gnu.org; Wed, 25 Jan 2023 11:48:44 -0500 Date: Thu, 26 Jan 2023 00:48:10 +0800 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ultrarare.space; s=dkim; t=1674665313; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=m+JJxQXetIQOqmztBZpcvLTvQ9j1YQ+VpnfGXuqrO9M=; b=n4YPrTlOEyEFnHwXG9hmXmRUQpPPuA9K+FN7196D6mN3m4dWdDrNQ2mFWgu4H3VBy77I90 UCbW8GRZ+z+vbYDUCXj9kfdiLQjD+opLwJXIbMqcBTzLtJcNPqLAYczvpMbiQhgd+Qfu1L ELVqVXmgKj+oJMd0FRHn0E9G8iZeRfjnU1M2lqkaSOXRh2pujIpFvbk+4VbGkrs2G8SGAK /JtrXsX7YTmiEfkCaxauaLSvScQyTvysKAYOIZEt9fzTV76eXOCGHqS1mqFpcNV+AGGBPU ExJ88s4p2qOowuPNrzR1O8eeF0BP9OkPh2Lm4GJFW3Bze9usRbUfesrJUY9hpQ== Message-ID: <87h6we36id.wl-hako@ultrarare.space> From: Hilton Chain In-Reply-To: <87y1q1fave.fsf@gnu.org> References: <87lem3kkd7.wl-hako@ultrarare.space> <87y1q1fave.fsf@gnu.org> MIME-Version: 1.0 Content-Type: text/plain; charset=GB2312 Content-Transfer-Encoding: base64 X-Spam-Level: * X-Spamd-Bar: + Authentication-Results: mail.boiledscript.com; auth=pass smtp.mailfrom=hako@ultrarare.space X-Spam-Score: 0.0 (/) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) T24gVHVlLCAxNyBKYW4gMjAyMyAyMzoxODoxMyArMDgwMCwNCkx1ZG92aWMgQ291cnSoqHMgd3Jv dGU6DQo+IA0KPiBIaSwNCj4gDQo+IEhpbHRvbiBDaGFpbiA8aGFrb0B1bHRyYXJhcmUuc3BhY2U+ IHNrcmliaXM6DQo+IA0KPiA+IEkgZW5jb3VudGVyZWQgdGhlIGlzc3VlIHdoZW4gYWRkaW5nIGEg bmV3IGtleSB0byBteSBHdWl4IGNoYW5uZWwuICBUaG91Z2ggSQ0KPiA+IGhhdmVuJ3QgZmlndXJl ZCBvdXQgd2hhdCBoYXBwZW5lZCBleGFjdGx5LCBJJ20gY3VycmVudGx5IGFibGUgdG8gcmVwcm9k dWNlIHRoZQ0KPiA+IGlzc3VlIHdpdGggdGhlIGZvbGxvd2luZyBzdGVwcy4NCj4gDQo+IEZpc2h5 LiAgV291bGQgeW91IGJlIGFibGUgdG8gd3JpdGUgYSBzY3JpcHQgdG8gcmVwcm9kdWNlIHRoZSB3 aG9sZQ0KPiBzY2VuYXJpbz8gIFRoYXShr2QgbWFrZSBpdCBlYXNpZXIgdG8gdGVzdCBhbmQgd2Wh r2QgYmUgc3VyZSB3ZaGvcmUgdGFsa2luZw0KPiBhYm91dCB0aGUgc2FtZSB0aGluZy4NCj4gDQo+ IFRoYW5rcyBmb3IgcmVwb3J0aW5nIGl0IQ0KPiANCj4gTHVkb6GvLg0KDQpJIGNyZWF0ZWQgYSBn aXQgcmVwb3NpdG9yeSBhbmQgdXBsb2FkZWQgaXQgdG8gR2l0SHViOg0KPGh0dHBzOi8vZ2l0aHVi LmNvbS9yYWtpbm8vYnVnLTYwODUyPg0KDQpPdXRwdXRzOg0KOiBncGc6IGtleSA4RkRFQUVEQzNC OEMwMTA5OiBwdWJsaWMga2V5ICJLZXkgT25lIiBpbXBvcnRlZA0KOiBncGc6IGtleSA4RkRFQUVE QzNCOEMwMTA5OiBzZWNyZXQga2V5IGltcG9ydGVkDQo6IGdwZzogVG90YWwgbnVtYmVyIHByb2Nl c3NlZDogMQ0KOiBncGc6ICAgICAgICAgICAgICAgaW1wb3J0ZWQ6IDENCjogZ3BnOiAgICAgICBz ZWNyZXQga2V5cyByZWFkOiAxDQo6IGdwZzogICBzZWNyZXQga2V5cyBpbXBvcnRlZDogMQ0KOiBn cGc6IGtleSBGQzkyODAwRTg0RjNGM0I2OiBwdWJsaWMga2V5ICJLZXkgVHdvIiBpbXBvcnRlZA0K OiBncGc6IGtleSBGQzkyODAwRTg0RjNGM0I2OiBzZWNyZXQga2V5IGltcG9ydGVkDQo6IGdwZzog VG90YWwgbnVtYmVyIHByb2Nlc3NlZDogMQ0KOiBncGc6ICAgICAgICAgICAgICAgaW1wb3J0ZWQ6 IDENCjogZ3BnOiAgICAgICBzZWNyZXQga2V5cyByZWFkOiAxDQo6IGdwZzogICBzZWNyZXQga2V5 cyBpbXBvcnRlZDogMQ0KOiBbdHJ1bmsgMDgzYjdlZl0gQXV0aG9yaXplIEtleSBPbmUuDQo6ICAx IGZpbGUgY2hhbmdlZCwgNCBpbnNlcnRpb25zKCspDQo6ICBjcmVhdGUgbW9kZSAxMDA2NDQgLmd1 aXgtYXV0aG9yaXphdGlvbnMNCjogW3RydW5rIDE2MDIwMDldIEF1dGhvcml6ZSBLZXkgVHdvLg0K OiAgMSBmaWxlIGNoYW5nZWQsIDMgaW5zZXJ0aW9ucygrKSwgMSBkZWxldGlvbigtKQ0KOiBbdHJ1 bmsgNzMyNTc5ZV0gVGVzdC4NCjogIDEgZmlsZSBjaGFuZ2VkLCAxIGluc2VydGlvbigrKQ0KOiAg Y3JlYXRlIG1vZGUgMTAwNjQ0IGR1bW15DQo6IEF1dGhlbnRpY2F0aW5nIGNvbW1pdHMgMDgzYjdl ZiB0byA3MzI1NzllICgyIG5ldyBjb21taXRzKS4uLg0KOiBbIyMjIyMjIyMjIyMjIyMjIyMjIyMj IyMjIyMjIyMjIyMjIyMjIyMjICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg XWd1aXggZ2l0OiBlcnJvcjogY29tbWl0IDczMjU3OWUwZjBkYzZkMTVkYmQyZWE2ODI2ZTAxYWUz YWFmOTk5YTQgbm90IHNpZ25lZCBieSBhbiBhdXRob3JpemVkIGtleTogRTFCMSA3QkVBIDA5NUYg NUIyNSA0MTM1ICBGNkQxIEY4MjAgMjVFNyA4MDBCIDNDQ0YNCjogSEVBRCBpcyBub3cgYXQgMDgz YjdlZiBBdXRob3JpemUgS2V5IE9uZS4NCjogW3RydW5rIGFmNGZhZTFdIEF1dGhvcml6ZSBLZXkg VHdvLg0KOiAgMSBmaWxlIGNoYW5nZWQsIDIgaW5zZXJ0aW9ucygrKQ0KOiBbdHJ1bmsgNGI5MDU0 Nl0gVGVzdC4NCjogIDEgZmlsZSBjaGFuZ2VkLCAxIGluc2VydGlvbigrKQ0KOiAgY3JlYXRlIG1v ZGUgMTAwNjQ0IGR1bW15DQo6IEF1dGhlbnRpY2F0aW5nIGNvbW1pdHMgMDgzYjdlZiB0byA0Yjkw NTQ2ICgyIG5ldyBjb21taXRzKS4uLg0KOiBIRUFEIGlzIG5vdyBhdCAwYmE1NDYxIEFkZCBzdGFy dC5zaC4=