GNU bug report logs -
#75981
[PATCH (WIP) v1 0/4] Add 'guix fork'.
Previous Next
Full log
Message #86 received at 75981 <at> debbugs.gnu.org (full text, mbox):
Hi Guix,
This revision is a major refactor of the previous one, v1.5 [1]. If you
were one of those who felt that adding a entire command line was
excessive, this one will make you happy :)
The changes are as follows:
* `guix fork create` is now `etc/fork.scm`
I realized that Maxim was right when he pointed out that this command
will rarely be used, so it shouldn't be a top-level command.
Other changes made to the script:
- Adds a `--dry-run` option that displays the commands that would be
executed.
- Adds a `--from` option to specify the base commit of the fork branch.
- Use %default-guix-channel to determine the name of the default branch,
instead of the horrific `git symbolic-ref` incantation that was used
earlier.
- We now create the fork in ../guix-fork, since the script will likely
be run from the toplevel of a Guix checkout.
- Addressed feedback from Maxim's review.
* `guix fork authenticate` is now `guix git authenticate --branch`
It turns out that `guix git authenticate` already supports
branch-specific introductions. Quoting from "(guix) Invoking guix git
authenticate":
> Should you have branches that require different introductions, you
> can specify them directly in ‘.git/config’. For example, if the branch
> called ‘personal-fork’ has a different introduction than other branches,
> you can extend ‘.git/config’ along these lines:
>
> [guix "authentication-personal-fork"]
> introduction-commit = cabba936fd807b096b48283debdcddccfea3900d
> introduction-signer = C0FF EECA BBA9 E6A8 0D1D E643 A2A0 6DF2 A33A 54FA
> keyring = keyring
It turns out this is all we really need for fork authentication. `guix
fork authenticate` ended up duplicating a lot of code from `guix git
authenticate` (as Ludovic pointed out), and all it really did
differently was
a. Authenticate a configured 'upstream' branch of the current branch
first
b. Configure a separate introduction
Guix already has support for b., and in retrospect a. isn't really
necessary because the existing post-merge hook should take care of it.
So all we need is a way to configure a branch-specific introduction
without having to manually edit .git/config. This is what patch 2/2 in
this series provides, via the `--branch` option.
* `guix fork update` has been removed
There are two aspects of a solution to handle forks - fork
/authentication/, which is what we've discussed so far; and fork
/management/, which includes keeping a fork updated, rebasing patch
branches onto the latest master, etc. I would like to keep this patch
series restricted to the former, and avoid addressing the latter, for
two main reasons.
The first reason is that fork management is a fairly opinionated
subject. For example, non-committers have to rebase upstream commits
onto their fork branches to update them, but committers are able to and
may prefer to merge.
The second reason is that fork management bleeds into patch management,
which is already addressed by tools like `b4` and the like; and we
already have people working on it even within the Guix community [2].
As `guix fork update` falls more into fork management, I've removed it.
All it really did anyway was rebase commits onto the fork branch, which
is not that hard to to via the Git CLI.
My aim is to have code related to fork authentication upstreamed, while
code related to fork management can be developed as extensions (or
better yet, as standalone tools). Prior experiments [3] have
demonstrated that code which touches the authentication mechanism in any
way has a high chance of introducing security issues, and the only real
way to mitigate this is to have as many eyes on it as possible. The
alternative, which we're already seeing [4], is that people will come up
with their own solutions for fork authentication, which may or may not
be secure, and may never be reviewed by anyone else.
* Other changes
- I've added tests, in tests/fork.sh.
- I've removed the plans for `guix fork identify`, as it falls more into
fork management, and anyway I haven't actually found a use-case for it
so far.
I will probably need to submit a GCD for this change, even though it no
longer adds a new command line, given that last time some people weren't
convinced that fork authentication should be supported. That'll probably
take a while. In the meantime, as always, any feedback is appreciated.
Regards,
45mg
[1] https://yhetil.org/guix/cover.1738408683.git.45mg.writes <at> gmail.com/
[2] https://git.sr.ht/~ngraves/guix-stack
[3] https://yhetil.org/guix/87bjwdpmyh.fsf <at> wolfsden.cz/
[4] Please do not take the inclusion of these solutions here as a judgement on
their quality or on their originators. I am merely trying to demonstrate
that people need a solution to this issue, and if we do not implement one
upstream, we will end up with a bunch of unofficial solutions anyway. No
disrespect is intended.
https://yhetil.org/guix/871pw77ryg.fsf <at> lease-up.com/
https://yhetil.org/guix/D7QG7XS56NR6.2IWYZPP7TMEI1 <at> disroot.org/
https://yhetil.org/guix/87a5bpqmpu.fsf <at> wolfsden.cz/
45mg (2):
etc: Add fork.scm.
scripts: Add `guix git authenticate --branch`.
Makefile.am | 3 +-
doc/contributing.texi | 69 +++++++
doc/guix.texi | 15 +-
etc/fork.scm | 286 ++++++++++++++++++++++++++++++
guix/scripts/git/authenticate.scm | 86 ++++++---
guix/utils.scm | 61 +++++++
tests/fork.sh | 166 +++++++++++++++++
7 files changed, 654 insertions(+), 32 deletions(-)
create mode 100755 etc/fork.scm
create mode 100644 tests/fork.sh
base-commit: 38b4358f4d84cafa54deff77dee6fafac3e03864
--
2.48.1
This bug report was last modified 205 days ago.
Previous Next
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.