[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
bug#22883: Authenticating Git checkouts: step #1
|
From: |
Vagrant Cascadian |
|
Subject: |
bug#22883: Authenticating Git checkouts: step #1 |
|
Date: |
Sat, 28 Dec 2019 18:45:34 -0800 |
On 2019-12-27, Ricardo Wurmus wrote:
>> b3011dbbd2 doc: Mention "make authenticate".
>> 787766ed1e git-authenticate: Keep a local cache of
>> previously-authenticated commits.
>> 785af04a75 git: 'commit-difference' takes a list of excluded commits.
>> 1e43ab2c03 Add 'build-aux/git-authenticate.scm'.
>>
>> Commit 787766ed1e takes care of caching (one of the limitations I
>> mentioned in my previous message).
>>
>> Commit b3011dbbd2 adds instructions for contributors on how to
>> authenticate a checkout (copied below). It’s a bit bumpy so I would
>> very much welcome feedback and suggestions on how to improve this!
>
> This is great!
Yes! Yes!
> Thank you for the instructions. I thought I had all keys, but
> apparently at least one of them is missing. “make authenticate” fails
> for me with this error:
>
> Throw to key `srfi-34' with args `(#<condition &message [message: "could not
> authenticate commit b291c9570d5a27b11472df3df61cef9ed012241b: key
> B943509D633E80DD27FC4EED634A8DFFD3F631DF is missing"] 7f70fb08c240>)'.
>
> I previously downloaded the gpg keyring from Savannah:
>
> https://savannah.gnu.org/project/memberlist-gpgkeys.php?group=guix
>
> Looks like Hartmut used to use a different key, which I don’t have.
I got this too, and manually worked around it by downloading
guix-keyring.gpg from:
https://savannah.gnu.org/project/memberlist-gpgkeys.php?group=guix&download=1
And running:
gpg --no-default-keyring --keyring ~/.config/guix/keyrings/channels/guix.kbx
--import ~/guix-keyring.gpg
It seems to be working now... how is the keyring *supposed* to be
populated? Before I manually imported guix-keyring.gpg into guix.kbx,
there were a very small number of keys present.
It's a little awkward that it uses the fingerprint of the signing key
rather than the primary key, as by default things like "gpg --list-keys"
do not display the fingerprint of signing keys, only the primary key, so
it is an adventure in gpg commandline options to correlate them.
"gpg log --show-signature" also reports the the primary key fingerprint,
if the key is available in the keyring, and only the subkey fingerprint
for unknown keys if I remember correctly.
It would be nice if the statistics would display the primary uid
instead, as it is something a little more human readable, and the
primary key fingerprint, as it is a little easier to find. :)
I'm hoping the eventual goal is to integrate this into guix pull?
Very nice to see progress on this issue!
live well,
vagrant
signature.asc
Description: PGP signature