GNU bug report logs - #69780
[PATCH 0/4] Simplify 'guix git authenticate' usage

Message received at 69780 <at> debbugs.gnu.org:

Received: (at 69780) by debbugs.gnu.org; 7 Apr 2024 20:39:16 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Sun Apr 07 16:39:16 2024
Received: from localhost ([127.0.0.1]:44808 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1rtZIK-0000xx-6L
	for submit <at> debbugs.gnu.org; Sun, 07 Apr 2024 16:39:16 -0400
Received: from eggs.gnu.org ([2001:470:142:3::10]:40960)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <ludo@HIDDEN>) id 1rtZIB-0000vt-LC
 for 69780 <at> debbugs.gnu.org; Sun, 07 Apr 2024 16:39:09 -0400
Received: from fencepost.gnu.org ([2001:470:142:3::e])
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <ludo@HIDDEN>)
 id 1rtZHy-0005qc-IU; Sun, 07 Apr 2024 16:38:55 -0400
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org;
 s=fencepost-gnu-org; h=MIME-Version:References:In-Reply-To:Date:Subject:To:
 From; bh=4fLRJrLDyDZvl6Z8//xN/a7w1GF3IKZy+IiuWLkW5ek=; b=Pd0gdF7rR4tWGRPKoCp/
 DMLf72FzgnDiu47EY7wE3UjUNvcesIXXYZFpZVDv+uzEuI6BPswyxPvMCh7kZ0ceJNegVTJhbZsQJ
 L/VbxRa9HZc9vkD35PeBgEmihUPPZacQ3rzt5Rn9Mec3Oj1F8ayM8gGR/2rw2wrnH/Rtxbp0XO1xD
 Ecy3vE+xI5Mtx2wxn7JtdcKGEP51UQo7LSlE6SiQ6MT+/dx6gGIj++Yzpf0OpKQpB+tSzAqcwPZMj
 fF9kWBhCUPnO/QhYPajMFUUQ5cq6xGQf+XRBdxjc2AKvFcfioJqtabVA3Q97JcKqTq9tztmfvDyRv
 5zfHSnmA8etdMA==;
From: =?UTF-8?q?Ludovic=20Court=C3=A8s?= <ludo@HIDDEN>
To: 69780 <at> debbugs.gnu.org
Subject: [PATCH v2 5/5] =?UTF-8?q?DRAFT=20news:=20Add=20entry=20for=20?=
 =?UTF-8?q?=E2=80=98guix=20git=20authenticate=E2=80=99=20changes.?=
Date: Sun,  7 Apr 2024 22:38:30 +0200
Message-ID: <191a72c762b9453dbff0e4ac21beb3b1d394dd56.1712522119.git.ludo@HIDDEN>
X-Mailer: git-send-email 2.41.0
In-Reply-To: <ZglWFELwh6vJJlOB@ws>
References: <ZglWFELwh6vJJlOB@ws>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
X-Debbugs-Cc: Florian Pelz <pelzflorian@HIDDEN>,
 Julien Lepiller <julien@HIDDEN>
Content-Transfer-Encoding: 8bit
X-Spam-Score: -2.3 (--)
X-Debbugs-Envelope-To: 69780
Cc: =?UTF-8?q?Ludovic=20Court=C3=A8s?= <ludo@HIDDEN>,
 Florian Pelz <pelzflorian@HIDDEN>
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -3.3 (---)

* etc/news.scm: Add entry.

Change-Id: I661a0c0bfc373b87a70508ad9a735315c96ba4a5

Co-authored-by: Florian Pelz <pelzflorian@HIDDEN>
Change-Id: Ibafef9d432df163948c4884279d4ce2579ed0312
---
 etc/news.scm | 44 ++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 44 insertions(+)

diff --git a/etc/news.scm b/etc/news.scm
index 9443475455..e9fde35346 100644
--- a/etc/news.scm
+++ b/etc/news.scm
@@ -31,6 +31,50 @@
 (channel-news
  (version 0)
 
+ (entry (commit "TODO")
+        (title
+         (en "@command{guix git authenticate} usage simplified")
+         (de "@command{guix git authenticate} ist leichter nutzbar")
+         (fr "@command{guix git authenticate} simplifiée"))
+        (body
+         (en "Usage of the @command{guix git authenticate} command has been
+simplified.  The command is useful to channel authors and to developers
+willing to validate the provenance of their code.
+
+On your first use, @command{guix git authenticate} will now record the commit
+and signer (the @dfn{introduction}) in the @file{.git/config} file of your
+repository so that you don't have to pass them on the command line in
+subsequent runs.  It will also install pre-push and post-merge hooks,
+unless preexisting hooks are found.
+
+Run @command{info \"(guix) Invoking guix authenticate\"} for more info.")
+         (de "Der Befehl @command{guix git authenticate} kann jetzt einfacher
+benutzt werden.  Mit dem Befehl können Kanalautoren und Entwickler die
+Provenienz ihres Codes überprüfen.
+
+Beim ersten Gebrauch speichert @command{guix git authenticate} Commit und
+Unterzeichner (wie in der @dfn{Kanaleinführung}) in der Datei
+@file{.git/config} Ihres Repositorys, so dass Sie sie bei späteren
+Ausführungen nicht mehr auf der Befehlszeile angeben müssen.  Auch werden
+Git-Hooks für pre-push und post-merge installiert, wenn es bisher keine
+Hooks dieser Art gibt.
+
+Führen Sie @command{info \"(guix.de) Aufruf von guix git authenticate\"}
+aus, wenn Sie mehr wissen wollen.")
+         (fr "L'utilisation de la commande @command{guix git authenticate} a
+été simplifiée.  Cette commande est utile aux auteur·rices de canaux et aux
+développeur·euses souhaitant pouvoir valider l'origine de leur code.
+
+À la première utilisation, @command{guix git authenticate} enregistre
+désormais le commit et signataire (l'@dfn{introduction}) dans le fichier
+@file{.git/config} du dépôt, ce qui permet de ne pas avoir à les spécifier sur
+la ligne de commande les fois suivantes.  La commande installe aussi des
+crochets « pre-push » et « post-merge », sauf si des crochets préexistants
+sont trouvés.
+
+Lancer @command{info \"(guix.fr) Invoquer guix git authenticate\"} pour en
+savoir plus.")))
+
  (entry (commit "523f3def65ab061a87f4fc9e6f9008e6a78fafb5")
         (title
          (en "GNOME updated to version 44 with a more modular desktop service")
-- 
2.41.0

Message received at 69780 <at> debbugs.gnu.org:

Received: (at 69780) by debbugs.gnu.org; 7 Apr 2024 20:39:15 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Sun Apr 07 16:39:15 2024
Received: from localhost ([127.0.0.1]:44806 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1rtZIF-0000xg-B3
	for submit <at> debbugs.gnu.org; Sun, 07 Apr 2024 16:39:15 -0400
Received: from eggs.gnu.org ([2001:470:142:3::10]:40954)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <ludo@HIDDEN>) id 1rtZI9-0000vN-Pc
 for 69780 <at> debbugs.gnu.org; Sun, 07 Apr 2024 16:39:06 -0400
Received: from fencepost.gnu.org ([2001:470:142:3::e])
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <ludo@HIDDEN>)
 id 1rtZHx-0005qU-G3; Sun, 07 Apr 2024 16:38:53 -0400
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org;
 s=fencepost-gnu-org; h=MIME-Version:References:In-Reply-To:Date:Subject:To:
 From; bh=8ZAmKgn+xiBZV4lMXqIvlvuj3DrSx3JRkOaDsBKL2YY=; b=SKwuXANgVrYFqXqtuipG
 OVgujT3zBe55yYUpfQihdIvOZZaLhqwmPCQHefpwWqna1/hCj7dhVr2XeqNFAg6KTEcg4QP7SHamd
 zShj8ghRaTc6puolB8wIw0Cqru8QInYcmF4he8Sld8IgKHfY8npW31+8ZDx3kA6QZGB3mFbBR5PuW
 rY5pDHUQp73Lm5llvJa7vAtEdqtxRhaDi+vSQnDN4KWG3JGI4MxNYofTQqOL0+iAxEfweF71LbKU8
 MvegS6TGo7msAif9R6N3HDJ1Px0yGEq6BvvcMl++SJQNlVKNoJu/Eia3ZubSzgwCGa0+1pTguNpAw
 abjrZIsxrQ1mIw==;
From: =?UTF-8?q?Ludovic=20Court=C3=A8s?= <ludo@HIDDEN>
To: 69780 <at> debbugs.gnu.org
Subject: [PATCH v2 4/5] git authenticate: Install pre-push and post-checkout
 hooks.
Date: Sun,  7 Apr 2024 22:38:29 +0200
Message-ID: <8361a793c4b4e18115c0e68e6065a7846e759795.1712522119.git.ludo@HIDDEN>
X-Mailer: git-send-email 2.41.0
In-Reply-To: <ZglWFELwh6vJJlOB@ws>
References: <ZglWFELwh6vJJlOB@ws>
MIME-Version: 1.0
X-Debbugs-Cc: Christopher Baines <guix@HIDDEN>, Josselin Poiret <dev@HIDDEN>, Ludovic Courtès <ludo@HIDDEN>, Mathieu Othacehe <othacehe@HIDDEN>, Ricardo Wurmus <rekado@HIDDEN>, Simon Tournier <zimon.toutoune@HIDDEN>, Tobias Geerinckx-Rice <me@HIDDEN>
Content-Transfer-Encoding: 8bit
X-Spam-Score: -2.3 (--)
X-Debbugs-Envelope-To: 69780
Cc: =?UTF-8?q?Ludovic=20Court=C3=A8s?= <ludo@HIDDEN>
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -3.3 (---)

* guix/scripts/git/authenticate.scm (install-hooks): New procedure.
(guix-git-authenticate): Use it.
* doc/guix.texi (Invoking guix git authenticate): Document it.

Change-Id: I4464a33193186e85b476a12740e54412bd58429c
---
 doc/guix.texi                     |  5 ++++
 guix/scripts/git/authenticate.scm | 49 ++++++++++++++++++++++++++++++-
 2 files changed, 53 insertions(+), 1 deletion(-)

diff --git a/doc/guix.texi b/doc/guix.texi
index 6ff0e76d97..9db0ff865d 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -7715,6 +7715,11 @@ Invoking guix git authenticate
 	keyring = keyring
 @end smallexample
 
+The first run also attempts to install pre-push and post-merge hooks,
+such that @command{guix git authenticate} is invoked as soon as you run
+@command{git push}, @command{git pull}, and related commands; it does
+not overwrite preexisting hooks though.
+
 The command-line options described below allow you to fine-tune the
 process.
 
diff --git a/guix/scripts/git/authenticate.scm b/guix/scripts/git/authenticate.scm
index 0797cba0b6..e3ecb67c89 100644
--- a/guix/scripts/git/authenticate.scm
+++ b/guix/scripts/git/authenticate.scm
@@ -148,6 +148,52 @@ (define* (record-configuration repository
       (warning (G_ "could not record introduction and keyring configuration\
  (Guile-Git too old?)~%"))))
 
+(define (install-hooks repository)
+  "Attempt to install in REPOSITORY hooks that invoke 'guix git authenticate'.
+Bail out if one of these already exists."
+  ;; Guile-Git < 0.7.0 lacks 'repository-common-directory'.
+  (if (module-defined? (resolve-interface '(git))
+                       'repository-common-directory)
+      (let ()
+        (define directory
+          (repository-common-directory repository))
+
+        (define pre-push-hook
+          (in-vicinity directory "hooks/pre-push"))
+
+        (define post-merge-hook
+          (in-vicinity directory "hooks/post-merge"))
+
+        (if (or (file-exists? pre-push-hook)
+                (file-exists? post-merge-hook))
+            (begin
+              (warning (G_ "not overriding pre-existing hooks '~a' and '~a'~%")
+                       pre-push-hook post-merge-hook)
+              (display-hint (G_ "Consider running @command{guix git authenticate}
+from your pre-push and post-merge hooks so your repository is automatically
+authenticated before you push and when you pull updates.")))
+            (begin
+              (call-with-output-file pre-push-hook
+                (lambda (port)
+                  (format port "#!/bin/sh
+# Installed by 'guix git authenticate'.
+set -e
+while read local_ref local_oid remote_ref remote_oid
+do
+  guix git authenticate --end=\"$local_oid\"
+done\n")
+                  (chmod port #o755)))
+              (call-with-output-file post-merge-hook
+                (lambda (port)
+                  (format port "#!/bin/sh
+# Installed by 'guix git authenticate'.
+exec guix git authenticate\n")
+                  (chmod port #o755)))
+              (info (G_ "installed hooks '~a' and '~a'~%")
+                    pre-push-hook post-merge-hook))))
+      (warning (G_ "cannot determine where to install hooks\
+ (Guile-Git too old?)~%"))))
+
 (define (show-stats stats)
   "Display STATS, an alist containing commit signing stats as returned by
 'authenticate-repository'."
@@ -271,7 +317,8 @@ (define (guix-git-authenticate . args)
        (unless (configured? repository)
          (record-configuration repository
                                #:commit commit #:signer signer
-                               #:keyring-reference keyring))
+                               #:keyring-reference keyring)
+         (install-hooks repository))
 
        (when (and show-stats? (not (null? stats)))
          (show-stats stats))
-- 
2.41.0

Message received at 69780 <at> debbugs.gnu.org:

Received: (at 69780) by debbugs.gnu.org; 7 Apr 2024 20:39:11 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Sun Apr 07 16:39:11 2024
Received: from localhost ([127.0.0.1]:44804 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1rtZIE-0000xZ-Vt
	for submit <at> debbugs.gnu.org; Sun, 07 Apr 2024 16:39:11 -0400
Received: from eggs.gnu.org ([2001:470:142:3::10]:40942)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <ludo@HIDDEN>) id 1rtZI8-0000v5-UX
 for 69780 <at> debbugs.gnu.org; Sun, 07 Apr 2024 16:39:05 -0400
Received: from fencepost.gnu.org ([2001:470:142:3::e])
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <ludo@HIDDEN>)
 id 1rtZHw-0005qN-L8; Sun, 07 Apr 2024 16:38:52 -0400
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org;
 s=fencepost-gnu-org; h=MIME-Version:References:In-Reply-To:Date:Subject:To:
 From; bh=W1TVkAHGT8uhCnv3nOKyNq86MujsZ5rUiOrufkQ61f0=; b=grBAuy+bosBvGt3ALTqG
 GRnzQ8Rx8sy5wKy2K0IeqFSyGz9HpMK2vmgcacxPTua8GQT3CkoPf8UFPs8lYAw5PWybFNZBhP5PL
 DQVc2tvYs76x/wwjR10x2NT7BS30R43NaWtYJqOCZzAm1wEUXB9v5j3L5O/QhYYOGOt6pV8P/2xPr
 ZwpIO6euF4KFz4OTKRNxg6wfw8bBfb0uGxHKcBoKdCN5PL7hOyslO9BhYCaMcws5gs31sxpnUyHxX
 2qcXaqAt5pCodETY7VDVantZN1K7o6grawOt3Ay8XsgbfC98gOWuRjMeJ+XRXHwJMf0eol5UMTlZI
 S6tdSPU9Zqfs3Q==;
From: =?UTF-8?q?Ludovic=20Court=C3=A8s?= <ludo@HIDDEN>
To: 69780 <at> debbugs.gnu.org
Subject: [PATCH v2 3/5] git authenticate: Print something upon success.
Date: Sun,  7 Apr 2024 22:38:28 +0200
Message-ID: <879165ecce50db273ef575073a215e5da7cdd126.1712522119.git.ludo@HIDDEN>
X-Mailer: git-send-email 2.41.0
In-Reply-To: <ZglWFELwh6vJJlOB@ws>
References: <ZglWFELwh6vJJlOB@ws>
MIME-Version: 1.0
X-Debbugs-Cc: Christopher Baines <guix@HIDDEN>, Josselin Poiret <dev@HIDDEN>, Ludovic Courtès <ludo@HIDDEN>, Mathieu Othacehe <othacehe@HIDDEN>, Ricardo Wurmus <rekado@HIDDEN>, Simon Tournier <zimon.toutoune@HIDDEN>, Tobias Geerinckx-Rice <me@HIDDEN>
Content-Transfer-Encoding: 8bit
X-Spam-Score: -2.3 (--)
X-Debbugs-Envelope-To: 69780
Cc: =?UTF-8?q?Ludovic=20Court=C3=A8s?= <ludo@HIDDEN>
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -3.3 (---)

Until now the command would be silent and exit with 0.

* guix/scripts/git/authenticate.scm (guix-git-authenticate): Print
something upon success.

Change-Id: I08d086c35df6ac74ee847df0479660293c68987d
---
 guix/scripts/git/authenticate.scm | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/guix/scripts/git/authenticate.scm b/guix/scripts/git/authenticate.scm
index d81a0e1ffb..0797cba0b6 100644
--- a/guix/scripts/git/authenticate.scm
+++ b/guix/scripts/git/authenticate.scm
@@ -274,4 +274,7 @@ (define (guix-git-authenticate . args)
                                #:keyring-reference keyring))
 
        (when (and show-stats? (not (null? stats)))
-         (show-stats stats))))))
+         (show-stats stats))
+
+       (info (G_ "successfully authenticated commit ~a~%")
+             (oid->string end))))))
-- 
2.41.0

Message received at 69780 <at> debbugs.gnu.org:

Received: (at 69780) by debbugs.gnu.org; 7 Apr 2024 20:39:11 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Sun Apr 07 16:39:11 2024
Received: from localhost ([127.0.0.1]:44802 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1rtZIE-0000xR-Aq
	for submit <at> debbugs.gnu.org; Sun, 07 Apr 2024 16:39:10 -0400
Received: from eggs.gnu.org ([2001:470:142:3::10]:40928)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <ludo@HIDDEN>) id 1rtZI6-0000v2-F6
 for 69780 <at> debbugs.gnu.org; Sun, 07 Apr 2024 16:39:05 -0400
Received: from fencepost.gnu.org ([2001:470:142:3::e])
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <ludo@HIDDEN>)
 id 1rtZHt-0005px-VS; Sun, 07 Apr 2024 16:38:50 -0400
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org;
 s=fencepost-gnu-org; h=MIME-Version:References:In-Reply-To:Date:Subject:To:
 From; bh=cvGa88s4XJOzrayXoaISyWAvNilcSrEZUuWaY33U+Qc=; b=GmcFKdTR7EdoGqUa45mU
 1tuQO0nGxf6XNWa0fZHYEkS3Po3Ig+mW13fo2OkJvPdAKKy8MIr/PjoUFQtpWO7Mdn41u/DKHwObj
 zrOXe1DOUOWSdR7SWiFrk6VJnz0dztTfjVUL5dMAA/3VxiiswqMyCbizz0U1synvkBtUfT1lJj49L
 XSBTkURnPOPu6EJPBTsoLDGF5yo3J0tnsH600mF2FxjXzDNbwF0ikMMvJqNvr9aFnz00zs9nniXl4
 iWjUgXUKkY7X+yfBTjO5tjbC8xCCCo89C15A0T19D4Pj9Uy8dOGfELsnP6p0XhLF4fLAZS1qQmCY6
 Jq1MBPEReYAEDA==;
From: =?UTF-8?q?Ludovic=20Court=C3=A8s?= <ludo@HIDDEN>
To: 69780 <at> debbugs.gnu.org
Subject: [PATCH v2 2/5] git authenticate: Discover the repository.
Date: Sun,  7 Apr 2024 22:38:27 +0200
Message-ID: <c759c73736ba0d80f105f5970ecf65bf6f7635b5.1712522119.git.ludo@HIDDEN>
X-Mailer: git-send-email 2.41.0
In-Reply-To: <ZglWFELwh6vJJlOB@ws>
References: <ZglWFELwh6vJJlOB@ws>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
X-Debbugs-Cc: Christopher Baines <guix@HIDDEN>, Josselin Poiret <dev@HIDDEN>, Ludovic Courtès <ludo@HIDDEN>, Mathieu Othacehe <othacehe@HIDDEN>, Ricardo Wurmus <rekado@HIDDEN>, Simon Tournier <zimon.toutoune@HIDDEN>, Tobias Geerinckx-Rice <me@HIDDEN>
Content-Transfer-Encoding: 8bit
X-Spam-Score: -2.3 (--)
X-Debbugs-Envelope-To: 69780
Cc: =?UTF-8?q?Ludovic=20Court=C3=A8s?= <ludo@HIDDEN>
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -3.3 (---)

This allows one to run ‘guix git authenticate’ from a sub-directory of
the checkout.

* guix/scripts/git/authenticate.scm (%default-options): Remove
‘directory’ key.
(guix-git-authenticate): Use ‘repository-discover’ when ‘directory’
option is missing.

Change-Id: Ifada00d559254971ed7eeb8c0a8d4ae74ff3defc
---
 guix/scripts/git/authenticate.scm | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/guix/scripts/git/authenticate.scm b/guix/scripts/git/authenticate.scm
index a606f1c146..d81a0e1ffb 100644
--- a/guix/scripts/git/authenticate.scm
+++ b/guix/scripts/git/authenticate.scm
@@ -74,7 +74,7 @@ (define %options
                   (alist-cons 'show-stats? #t result)))))
 
 (define %default-options
-  '((directory . ".")))
+  '())
 
 (define (current-branch repository)
   "Return the name of the checked out branch of REPOSITORY or #f if it could
@@ -236,9 +236,9 @@ (define (guix-git-authenticate . args)
 
   (with-error-handling
     (with-git-error-handling
-     (let* ((directory   (assoc-ref options 'directory))
-            (show-stats? (assoc-ref options 'show-stats?))
-            (repository  (repository-open directory))
+     (let* ((show-stats? (assoc-ref options 'show-stats?))
+            (repository  (repository-open (or (assoc-ref options 'directory)
+                                              (repository-discover "."))))
             (commit signer (match (command-line-arguments options)
                              ((commit signer)
                               (values commit signer))
-- 
2.41.0

Message received at 69780 <at> debbugs.gnu.org:

Received: (at 69780) by debbugs.gnu.org; 7 Apr 2024 20:39:10 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Sun Apr 07 16:39:10 2024
Received: from localhost ([127.0.0.1]:44798 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1rtZIB-0000wv-GQ
	for submit <at> debbugs.gnu.org; Sun, 07 Apr 2024 16:39:10 -0400
Received: from eggs.gnu.org ([2001:470:142:3::10]:52302)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <ludo@HIDDEN>) id 1rtZI4-0000uz-Qy
 for 69780 <at> debbugs.gnu.org; Sun, 07 Apr 2024 16:39:04 -0400
Received: from fencepost.gnu.org ([2001:470:142:3::e])
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <ludo@HIDDEN>)
 id 1rtZHs-0005pf-Hr; Sun, 07 Apr 2024 16:38:48 -0400
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org;
 s=fencepost-gnu-org; h=MIME-Version:References:In-Reply-To:Date:Subject:To:
 From; bh=oqJNVJ9Omjr3msnY+I1fJlXhe/OVASngH3+fDfyPJEQ=; b=YsbCbbt2jK60c7U4ehuX
 1uhapllChxoGUqETn6uLOAXLBu6psqrVA7Cduwd2+9BnfxtnH7lzQboMO600VXRguVV6pJbL5+aB/
 mAQkGZ9bYQnE0wyFf+ehk9KtGAGcEP6fKDj8vgqPtso+wBRZLBpT3aIWJGq1fjN49w5mIYBQSXNif
 Wb0eaT08ZY18MyK2dcCDMYnruj9E1txkb7plWxsqsLHsAy8CiWyTIfq6Q/eTz1J8aZkN90AaBpLGL
 05y3Z76H+asdYxHm3hqU5UwmCNjoZJxVxPAKw45M1y3t7bnhfswPiv8uL48XCrbAyM8SVagqGbUJD
 Hv8gFKkETK5ovw==;
From: =?UTF-8?q?Ludovic=20Court=C3=A8s?= <ludo@HIDDEN>
To: 69780 <at> debbugs.gnu.org
Subject: [PATCH v2 1/5] =?UTF-8?q?git=20authenticate:=20Record=20introduct?=
 =?UTF-8?q?ion=20and=20keyring=20in=20=E2=80=98.git/config=E2=80=99.?=
Date: Sun,  7 Apr 2024 22:38:26 +0200
Message-ID: <4d37936c1b3aed95ca72de2ba112033bafefc2de.1712522118.git.ludo@HIDDEN>
X-Mailer: git-send-email 2.41.0
In-Reply-To: <ZglWFELwh6vJJlOB@ws>
References: <ZglWFELwh6vJJlOB@ws>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
X-Debbugs-Cc: Christopher Baines <guix@HIDDEN>, Josselin Poiret <dev@HIDDEN>, Ludovic Courtès <ludo@HIDDEN>, Mathieu Othacehe <othacehe@HIDDEN>, Ricardo Wurmus <rekado@HIDDEN>, Simon Tournier <zimon.toutoune@HIDDEN>, Tobias Geerinckx-Rice <me@HIDDEN>
Content-Transfer-Encoding: 8bit
X-Spam-Score: -2.3 (--)
X-Debbugs-Envelope-To: 69780
Cc: =?UTF-8?q?Ludovic=20Court=C3=A8s?= <ludo@HIDDEN>
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -3.3 (---)

* guix/scripts/git/authenticate.scm (%default-options): Remove
‘keyring-reference’.
(config-value, configured-introduction, configured-keyring-reference)
(configured?, record-configuration, current-branch): New procedures.
(guix-git-authenticate)[missing-arguments]: New procedure.
Use ‘configured-introduction’ when zero arguments are given.
Use ‘configured-keyring-reference’ when ‘-k’ is not passed.  Add call to
‘record-configuration’.
* doc/guix.texi (Invoking guix git authenticate): Document it.

Change-Id: I66e111a83f50407b52da71662629947f83a78bbc
---
 doc/guix.texi                     |  28 +++++-
 guix/scripts/git/authenticate.scm | 147 +++++++++++++++++++++++-------
 tests/guix-git-authenticate.sh    |   9 +-
 3 files changed, 150 insertions(+), 34 deletions(-)

diff --git a/doc/guix.texi b/doc/guix.texi
index acfe60b47a..6ff0e76d97 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -7667,6 +7667,8 @@ Invoking guix git authenticate
 @section Invoking @command{guix git authenticate}
 
 @cindex @command{guix git authenticate}
+@cindex authentication, of Git checkouts
+@cindex Git checkout authentication
 
 The @command{guix git authenticate} command authenticates a Git checkout
 following the same rule as for channels (@pxref{channel-authentication,
@@ -7686,13 +7688,35 @@ Invoking guix git authenticate
 guix git authenticate @var{commit} @var{signer} [@var{options}@dots{}]
 @end example
 
+@cindex introduction, for Git authentication
 By default, this command authenticates the Git checkout in the current
 directory; it outputs nothing and exits with exit code zero on success
 and non-zero on failure.  @var{commit} above denotes the first commit
 where authentication takes place, and @var{signer} is the OpenPGP
 fingerprint of public key used to sign @var{commit}.  Together, they
-form a ``channel introduction'' (@pxref{channel-authentication, channel
-introduction}).  The options below allow you to fine-tune the process.
+form a @dfn{channel introduction} (@pxref{channel-authentication, channel
+introduction}).  On your first successful run, the introduction is
+recorded in the @file{.git/config} file of your checkout, allowing you
+to omit them from subsequent invocations:
+
+@example
+guix git authenticate [@var{options}@dots{}]
+@end example
+
+Should you have branches that require different introductions, you can
+specify them directly in @file{.git/config}.  For example, if the branch
+called @code{personal-fork} has a different introduction than other
+branches, you can extend @file{.git/config} along these lines:
+
+@smallexample
+[guix "authentication-personal-fork"]
+	introduction-commit = cabba936fd807b096b48283debdcddccfea3900d
+	introduction-signer = C0FF EECA BBA9 E6A8 0D1D  E643 A2A0 6DF2 A33A 54FA
+	keyring = keyring
+@end smallexample
+
+The command-line options described below allow you to fine-tune the
+process.
 
 @table @code
 @item --repository=@var{directory}
diff --git a/guix/scripts/git/authenticate.scm b/guix/scripts/git/authenticate.scm
index def4879e96..a606f1c146 100644
--- a/guix/scripts/git/authenticate.scm
+++ b/guix/scripts/git/authenticate.scm
@@ -31,6 +31,7 @@ (define-module (guix scripts git authenticate)
   #:use-module (srfi srfi-1)
   #:use-module (srfi srfi-26)
   #:use-module (srfi srfi-37)
+  #:use-module (srfi srfi-71)
   #:use-module (ice-9 format)
   #:use-module (ice-9 match)
   #:export (guix-git-authenticate))
@@ -73,8 +74,79 @@ (define %options
                   (alist-cons 'show-stats? #t result)))))
 
 (define %default-options
-  '((directory . ".")
-    (keyring-reference . "keyring")))
+  '((directory . ".")))
+
+(define (current-branch repository)
+  "Return the name of the checked out branch of REPOSITORY or #f if it could
+not be determined."
+  (and (not (repository-head-detached? repository))
+       (let* ((head (repository-head repository))
+              (name (reference-name head)))
+         (and (string-prefix? "refs/heads/" name)
+              (string-drop name (string-length "refs/heads/"))))))
+
+(define (config-value repository key)
+  "Return the config value associated with KEY in the 'guix.authentication' or
+'guix.authentication-BRANCH' name space in REPOSITORY, or #f if no such config
+was found."
+  (let-syntax ((false-if-git-error
+                (syntax-rules ()
+                  ((_ exp)
+                   (catch 'git-error (lambda () exp) (const #f))))))
+    (let* ((config (repository-config repository))
+           (branch (current-branch repository)))
+      ;; First try the BRANCH-specific value, then the generic one.`
+      (or (and branch
+               (false-if-git-error
+                (config-entry-value
+                 (config-get-entry config
+                                   (string-append "guix.authentication-"
+                                                  branch "." key)))))
+          (false-if-git-error
+           (config-entry-value
+            (config-get-entry config
+                              (string-append "guix.authentication."
+                                             key))))))))
+
+(define (configured-introduction repository)
+  "Return two values: the commit and signer fingerprint (strings) as
+configured in REPOSITORY.  Error out if one or both were missing."
+  (let* ((commit (config-value repository "introduction-commit"))
+         (signer (config-value repository "introduction-signer")))
+    (unless (and commit signer)
+      (leave (G_ "unknown introductory commit and signer~%")))
+    (values commit signer)))
+
+(define (configured-keyring-reference repository)
+  "Return the keyring reference configured in REPOSITORY or #f if missing."
+  (config-value repository "keyring"))
+
+(define (configured? repository)
+  "Return true if REPOSITORY already container introduction info in its
+'config' file."
+  (and (config-value repository "introduction-commit")
+       (config-value repository "introduction-signer")))
+
+(define* (record-configuration repository
+                               #:key commit signer keyring-reference)
+  "Record COMMIT, SIGNER, and KEYRING-REFERENCE in the 'config' file of
+REPOSITORY."
+  (define config
+    (repository-config repository))
+
+  ;; Guile-Git < 0.7.0 lacks 'set-config-string'.
+  (if (module-defined? (resolve-interface '(git)) 'set-config-string)
+      (begin
+        (set-config-string config "guix.authentication.introduction-commit"
+                           commit)
+        (set-config-string config "guix.authentication.introduction-signer"
+                           signer)
+        (set-config-string config "guix.authentication.keyring"
+                           keyring-reference)
+        (info (G_ "introduction and keyring recorded \
+in repository configuration file~%")))
+      (warning (G_ "could not record introduction and keyring configuration\
+ (Guile-Git too old?)~%"))))
 
 (define (show-stats stats)
   "Display STATS, an alist containing commit signing stats as returned by
@@ -158,35 +230,48 @@ (define (guix-git-authenticate . args)
         (progress-reporter/bar (length commits))
         progress-reporter/silent))
 
+  (define (missing-arguments)
+    (leave (G_ "wrong number of arguments; \
+expected COMMIT and SIGNER~%")))
+
   (with-error-handling
     (with-git-error-handling
-     (match (command-line-arguments options)
-       ((commit signer)
-        (let* ((directory   (assoc-ref options 'directory))
-               (show-stats? (assoc-ref options 'show-stats?))
-               (keyring     (assoc-ref options 'keyring-reference))
-               (repository  (repository-open directory))
-               (end         (match (assoc-ref options 'end-commit)
-                              (#f  (reference-target
-                                    (repository-head repository)))
-                              (oid oid)))
-               (history     (match (assoc-ref options 'historical-authorizations)
-                              (#f '())
-                              (file (call-with-input-file file
-                                      read-authorizations))))
-               (cache-key   (or (assoc-ref options 'cache-key)
-                                (repository-cache-key repository))))
-          (define stats
-            (authenticate-repository repository (string->oid commit)
-                                     (openpgp-fingerprint* signer)
-                                     #:end end
-                                     #:keyring-reference keyring
-                                     #:historical-authorizations history
-                                     #:cache-key cache-key
-                                     #:make-reporter make-reporter))
+     (let* ((directory   (assoc-ref options 'directory))
+            (show-stats? (assoc-ref options 'show-stats?))
+            (repository  (repository-open directory))
+            (commit signer (match (command-line-arguments options)
+                             ((commit signer)
+                              (values commit signer))
+                             (()
+                              (configured-introduction repository))
+                             (_
+                              (missing-arguments))))
+            (keyring     (or (assoc-ref options 'keyring-reference)
+                             (configured-keyring-reference repository)
+                             "keyring"))
+            (end         (match (assoc-ref options 'end-commit)
+                           (#f  (reference-target
+                                 (repository-head repository)))
+                           (oid oid)))
+            (history     (match (assoc-ref options 'historical-authorizations)
+                           (#f '())
+                           (file (call-with-input-file file
+                                   read-authorizations))))
+            (cache-key   (or (assoc-ref options 'cache-key)
+                             (repository-cache-key repository))))
+       (define stats
+         (authenticate-repository repository (string->oid commit)
+                                  (openpgp-fingerprint* signer)
+                                  #:end end
+                                  #:keyring-reference keyring
+                                  #:historical-authorizations history
+                                  #:cache-key cache-key
+                                  #:make-reporter make-reporter))
 
-          (when (and show-stats? (not (null? stats)))
-            (show-stats stats))))
-       (_
-        (leave (G_ "wrong number of arguments; \
-expected COMMIT and SIGNER~%")))))))
+       (unless (configured? repository)
+         (record-configuration repository
+                               #:commit commit #:signer signer
+                               #:keyring-reference keyring))
+
+       (when (and show-stats? (not (null? stats)))
+         (show-stats stats))))))
diff --git a/tests/guix-git-authenticate.sh b/tests/guix-git-authenticate.sh
index ec89f941e6..7b8951b9aa 100644
--- a/tests/guix-git-authenticate.sh
+++ b/tests/guix-git-authenticate.sh
@@ -1,5 +1,5 @@
 # GNU Guix --- Functional package management for GNU
-# Copyright © 2020, 2022 Ludovic Courtès <ludo@HIDDEN>
+# Copyright © 2020, 2022, 2024 Ludovic Courtès <ludo@HIDDEN>
 #
 # This file is part of GNU Guix.
 #
@@ -46,6 +46,13 @@ guix git authenticate "$intro_commit" "$intro_signer"	\
      --cache-key="$cache_key" --stats			\
      --end="$v1_2_0_commit"
 
+# Check a commit that came soon after v1.2.0.  No need to repeat $intro_commit
+# and $intro_signer because it should have been recorded in '.git/config'.
+after_v1_2_0="be4d9527b55b6829e33a6e0727496af25927a786"
+guix git authenticate				\
+     --cache-key="$cache_key" --stats		\
+     --end="$v1_2_0_commit"
+
 rm "$XDG_CACHE_HOME/guix/authentication/$cache_key"
 
 # Commit and signer of the 'v1.0.0' tag.
-- 
2.41.0

Message received at 69780 <at> debbugs.gnu.org:

Received: (at 69780) by debbugs.gnu.org; 7 Apr 2024 20:39:04 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Sun Apr 07 16:39:04 2024
Received: from localhost ([127.0.0.1]:44790 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1rtZI6-0000vq-8Q
	for submit <at> debbugs.gnu.org; Sun, 07 Apr 2024 16:39:04 -0400
Received: from eggs.gnu.org ([2001:470:142:3::10]:52298)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <ludo@HIDDEN>) id 1rtZI3-0000uw-Fw
 for 69780 <at> debbugs.gnu.org; Sun, 07 Apr 2024 16:39:00 -0400
Received: from fencepost.gnu.org ([2001:470:142:3::e])
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <ludo@HIDDEN>)
 id 1rtZHr-0005pT-6m; Sun, 07 Apr 2024 16:38:47 -0400
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org;
 s=fencepost-gnu-org; h=MIME-Version:References:In-Reply-To:Date:Subject:To:
 From; bh=Ymeua3CMSv8XHXvAfQVDSZIo+L+oNuPxd4arZdVgkdI=; b=I9hTI5C7OGfCJDFrGFbZ
 rCAXYJrcnfmo2hgfLmefSsRKQTv510m7E704DJa7FXIHfmZMptm1v5AQaM+66A9fPMcmFti6s/SIg
 6pNFE2dD/S/VYr1wRpewIzt4PQVKpdNBpJaFg46AvyUdBbxAiCtDGqaTJxxsK2GuyJ7Vg/Z4+5I77
 8vjJ97lAxTzcE9YyPppTWnay7aOQ7NCSXw+yzUT8trlssymwYH+SM56csephzneVl1sKtFdWxrvl7
 rtqhsC4QK8tPOKpaAySJdFVTpCKKgbcjMgAFJF1kQkY1ssudAw9vyJzV6m94eSzDRqJz5lMutQWkU
 KkfAZtL+Rv6F7g==;
From: =?UTF-8?q?Ludovic=20Court=C3=A8s?= <ludo@HIDDEN>
To: 69780 <at> debbugs.gnu.org
Subject: [PATCH v2 0/5] Simplify 'guix git authenticate' usage
Date: Sun,  7 Apr 2024 22:38:25 +0200
Message-ID: <cover.1712522118.git.ludo@HIDDEN>
X-Mailer: git-send-email 2.41.0
In-Reply-To: <ZglWFELwh6vJJlOB@ws>
References: <ZglWFELwh6vJJlOB@ws>
X-Debbugs-Cc: Tomas Volf <~@wolfsden.cz>,
 Skyler Ferris <skyvine@HIDDEN>,
 Florian Pelz <pelzflorian@HIDDEN>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
X-Debbugs-Cc: Florian Pelz <pelzflorian@HIDDEN>,
 Julien Lepiller <julien@HIDDEN>
Content-Transfer-Encoding: 8bit
X-Spam-Score: -2.3 (--)
X-Debbugs-Envelope-To: 69780
Cc: =?UTF-8?q?Ludovic=20Court=C3=A8s?= <ludo@HIDDEN>
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -3.3 (---)

Hello comrades,

This is an update on <https://issues.guix.gnu.org/69780>.

Changes since v1:

  • Write config to the right file using the new
    ‘set-config-string’ procedure of Guile-Git.

  • Write hooks to the right place (again, accounting for
    worktrees) using the new ‘repository-common-directory’
    procedure of Guile-Git.

  • Support branch-specific configuration, as suggested by
    Skyler and Tomas.

  • Create a post-merge hook rather than post-checkout, as
    suggested by Skyler.

  • Add German translation by Florian and French translation
    of the news entry.

Since this requires the latest Guile-Git, you can use this
trick to test locally:

  guix shell -CPW -m manifest.scm \
    guile-git --with-branch=guile-git=master

If we agree on the patch set, I’ll tag Guile-Git 0.7.0 and
update it in Guix before applying these patches.

Feedback welcome!

Ludo’.

Ludovic Courtès (5):
  git authenticate: Record introduction and keyring in ‘.git/config’.
  git authenticate: Discover the repository.
  git authenticate: Print something upon success.
  git authenticate: Install pre-push and post-checkout hooks.
  DRAFT news: Add entry for ‘guix git authenticate’ changes.

 doc/guix.texi                     |  33 ++++-
 etc/news.scm                      |  44 +++++++
 guix/scripts/git/authenticate.scm | 197 +++++++++++++++++++++++++-----
 tests/guix-git-authenticate.sh    |   9 +-
 4 files changed, 249 insertions(+), 34 deletions(-)


base-commit: 9b50a35fc0764f48688974af106fd7a6809f33ee
-- 
2.41.0

Message received at 69780 <at> debbugs.gnu.org:

Received: (at 69780) by debbugs.gnu.org; 31 Mar 2024 12:25:01 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Sun Mar 31 08:25:01 2024
Received: from localhost ([127.0.0.1]:46753 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1rquFB-0003gT-5v
	for submit <at> debbugs.gnu.org; Sun, 31 Mar 2024 08:25:01 -0400
Received: from wolfsden.cz ([37.205.8.62]:40704)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <~@wolfsden.cz>) id 1rquF8-0003ft-1q
 for 69780 <at> debbugs.gnu.org; Sun, 31 Mar 2024 08:24:59 -0400
Received: by wolfsden.cz (Postfix, from userid 104)
 id C52B32A0313; Sun, 31 Mar 2024 12:24:53 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=wolfsden.cz; s=mail;
 t=1711887893; bh=n4yVprRgFN1DpZZ4tqPJt0clxbS3cIc6+52f6mfdrrc=;
 h=Date:From:To:Cc:Subject:References:In-Reply-To;
 b=avBgrPvlhnHVKUSoYcHq2uE1OJ6N/hq2Pjsy9bnzc+Ctnzd6G2NmKY9kxqhosr5xX
 7xFa+tY6OhHdFvk1+ts/7NHotFBvw9CFcxtwqP3sVYl2Jc+G64iWSvdzIKuqKFB67V
 b/AyRO+B+AhhYf7yUMghhqPKisDsAOPtp4DJVvV/GLpLE6fBTSTNAWGC4PyfcjhN0q
 CdbSDchtZME1KF5/v+ULbVxb7QCaz63KWtvjE0XiOVKN6DVRL/9C7QXmSIvi7Ha53k
 GaXikUlsoCs3P41wiHZNTSDRFmox63Wi2j+zqMx8OaqHJfaD+po2NcNoLvD8YWdoss
 znUg9t1eQDI/hOV1rMrbnSPdcDLD7FcH2ch+goTnrds1mUn80EatJnVatkre5XMKM9
 BJNLm1ouVhuRXxJS2ZRpov/RO1Swea9mT044RkKJYv5ybU+sPJSaQuH44mM3/UWaLa
 EojvadGWfBM01qeUygrgtDgmqvgjo9+PIdWDupP2dF2l27z6ghS6jkBjMHa9wh0gmP
 C1RsbhAu6BXi67BrPnuDuiBrY7+SVcAsQBFd2+SOQaZ/DW3jF9e45m5zymjaIw1+KM
 mH/hDYtnY+8AVqYBLFx7OFJ4354TGKh7FC7xIp+XJBdUxcBeLDk0nZXM+2fw/Gl7fG
 G+LQe/+/JmZT5PXwHF8Ws8Zc=
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on wolfsden
X-Spam-Level: 
X-Spam-Status: No, score=-1.2 required=5.0 tests=ALL_TRUSTED,DKIM_SIGNED,
 DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,URIBL_BLOCKED
 autolearn=unavailable autolearn_force=no version=3.4.6
Received: from localhost (unknown [193.32.127.158])
 by wolfsden.cz (Postfix) with ESMTPSA id 5422C29FF53;
 Sun, 31 Mar 2024 12:24:53 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=wolfsden.cz; s=mail;
 t=1711887893; bh=n4yVprRgFN1DpZZ4tqPJt0clxbS3cIc6+52f6mfdrrc=;
 h=Date:From:To:Cc:Subject:References:In-Reply-To;
 b=avBgrPvlhnHVKUSoYcHq2uE1OJ6N/hq2Pjsy9bnzc+Ctnzd6G2NmKY9kxqhosr5xX
 7xFa+tY6OhHdFvk1+ts/7NHotFBvw9CFcxtwqP3sVYl2Jc+G64iWSvdzIKuqKFB67V
 b/AyRO+B+AhhYf7yUMghhqPKisDsAOPtp4DJVvV/GLpLE6fBTSTNAWGC4PyfcjhN0q
 CdbSDchtZME1KF5/v+ULbVxb7QCaz63KWtvjE0XiOVKN6DVRL/9C7QXmSIvi7Ha53k
 GaXikUlsoCs3P41wiHZNTSDRFmox63Wi2j+zqMx8OaqHJfaD+po2NcNoLvD8YWdoss
 znUg9t1eQDI/hOV1rMrbnSPdcDLD7FcH2ch+goTnrds1mUn80EatJnVatkre5XMKM9
 BJNLm1ouVhuRXxJS2ZRpov/RO1Swea9mT044RkKJYv5ybU+sPJSaQuH44mM3/UWaLa
 EojvadGWfBM01qeUygrgtDgmqvgjo9+PIdWDupP2dF2l27z6ghS6jkBjMHa9wh0gmP
 C1RsbhAu6BXi67BrPnuDuiBrY7+SVcAsQBFd2+SOQaZ/DW3jF9e45m5zymjaIw1+KM
 mH/hDYtnY+8AVqYBLFx7OFJ4354TGKh7FC7xIp+XJBdUxcBeLDk0nZXM+2fw/Gl7fG
 G+LQe/+/JmZT5PXwHF8Ws8Zc=
Date: Sun, 31 Mar 2024 14:24:52 +0200
From: Tomas Volf <~@wolfsden.cz>
To: Ludovic =?iso-8859-1?Q?Court=E8s?= <ludo@HIDDEN>
Subject: Re: [bug#69780] [PATCH 1/4] =?utf-8?Q?git_?=
 =?utf-8?Q?authenticate=3A_Record_introduction_and_keyring_in_=E2=80=98=2E?=
 =?utf-8?B?Z2l0L2NvbmZpZ+KAmS4=?=
Message-ID: <ZglWFELwh6vJJlOB@ws>
References: <cover.1710351278.git.ludo@HIDDEN>
 <40858e56cf55b27711d23add5f3cd2ccc6ea5c58.1710351278.git.ludo@HIDDEN>
 <ZfYIVJRAq3-8VG-N@ws> <87sf0m4a9s.fsf@HIDDEN>
 <87frwk28ms.fsf@HIDDEN> <ZftfgnWRf3Gz61sJ@ws>
 <87le61gwdd.fsf@HIDDEN>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha512;
 protocol="application/pgp-signature"; boundary="Sbw78y6226yyyzdw"
Content-Disposition: inline
In-Reply-To: <87le61gwdd.fsf@HIDDEN>
X-Spam-Score: -0.0 (/)
X-Debbugs-Envelope-To: 69780
Cc: 69780 <at> debbugs.gnu.org
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -1.0 (-)


--Sbw78y6226yyyzdw
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On 2024-03-29 11:34:06 +0100, Ludovic Court=C3=A8s wrote:
> > [..]
> >
> > Dunno, was this of any help? :)
>
> Yes, in a way.  :-)
>
> For me the takeaway is that we shouldn=E2=80=99t go to far in attempting =
to
> address this.  The proposal we came up with Skyler, where
> =E2=80=98introduction-commit=E2=80=99 is taken as the default but may be =
overridden by
> =E2=80=98introduction-commit-BRANCH=E2=80=99 sounds reasonable:
>
>   https://issues.guix.gnu.org/69780#17
>
> It does mean that people who need this would have to manually edit their
> =E2=80=98.git/config=E2=80=99, but I think that=E2=80=99s acceptable: tha=
t=E2=80=99s an advanced use
> case.
>
> Thoughts?

Yes, that does sound like a reasonable approach :)

Tomas

--
There are only two hard things in Computer Science:
cache invalidation, naming things and off-by-one errors.

--Sbw78y6226yyyzdw
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEt4NJs4wUfTYpiGikL7/ufbZ/wakFAmYJVhQACgkQL7/ufbZ/
wamyiA/+NUYsbIJJUAWVdAhRhKamV5G8nrU3KKa6G2/AB1VjCdouigt+KjY7M+ai
P63PhdLP0uyzHThHdK3mJxhDOWWFQYIsc4rD5MCpdxS82EmLRleE38QjGnj7qnOM
dfhyv+wrndlTnCbiy0UZscIVaW/GxgfMup8eddW8+h1vqyj5togHzyUnp7BXjezd
xeFiuw0IgAz09/MzJILJeKZGusjm5Zb/EzTDw2BRwpMt2/luKqoQI0+X/WVGS6ka
16VNHB6aFBIAjKn5pBTRuJ1GBX1Zw6bTGeRHrKnBuUvmZFwTAUk+lnHAGp9xfyLv
PZepdrwkXKsCgPc99oopF21Xx7XjRDmRiuZG9YTsJIxEd0HSHwZ+qokkEBrUkmgC
eX0vJRogvQX8DbaVCG1dAx2t6SUKIgBT5EW9mp5FauxYPIXKXEEDSqqijUsIi1SQ
cmeW4BaqsX01YLJtzER6untWi0f5adh4LrzFh8DLMin/oKprdZ2q0e6PCb1HwdI3
baZdx1JCXbsNwzqz9E9vP7bGD8/U8hWDRgZ0MSSUQhjcf+tsf8OeFN+DwT0HcFPF
CCBbPA+MJV13j4eR9gssgTCF9zxmH+Zhk3CS5TlkzkM9Yg/7oxqYQeyLjH1+Nu60
RMgfyGOdDcHOUaJ/OsD+mubxN9px/sHN59nMT5ag3JDZXtJ3KAA=
=wzK2
-----END PGP SIGNATURE-----

--Sbw78y6226yyyzdw--

Message received at 69780 <at> debbugs.gnu.org:

Received: (at 69780) by debbugs.gnu.org; 29 Mar 2024 10:34:21 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Fri Mar 29 06:34:20 2024
Received: from localhost ([127.0.0.1]:41769 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1rq9Yy-000731-IS
	for submit <at> debbugs.gnu.org; Fri, 29 Mar 2024 06:34:20 -0400
Received: from eggs.gnu.org ([2001:470:142:3::10]:55006)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <ludo@HIDDEN>) id 1rq9Yv-00072o-Sa
 for 69780 <at> debbugs.gnu.org; Fri, 29 Mar 2024 06:34:19 -0400
Received: from fencepost.gnu.org ([2001:470:142:3::e])
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <ludo@HIDDEN>)
 id 1rq9Yo-0007Gy-CY; Fri, 29 Mar 2024 06:34:10 -0400
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org;
 s=fencepost-gnu-org; h=MIME-Version:Date:References:In-Reply-To:Subject:To:
 From; bh=Mj/fiqI3VOT+g+MUPjUCYpW2w4pNUp4ZsmTsLvGfegQ=; b=by5hCq0m8Xxc+vIblRlt
 8qXtTOZKWaJtSpKv/b6tQxlUzpH871Sl8iJRQVPJ8H4cbp8RDT/1ckSpyIP7eVar/bFlBMA3LQF6R
 /PoY/W9yzS3sMljvPr/zVWhi6fPXodihE9s7LDx31Yx9a/TepF6UFtWwzwQrfx4HaWX/MiAGeReU8
 oURQ79gQ0UE+Wez8A6pQn8hoUxlhicxJIY/P46kzMDOcgYAHV4LsA8jZlvpkTbUBXmjafCPFy3BBr
 JWEFOQXhPzVEU0E3OjZYfp7BJNb2mWFiSMombAsyvMxOvPGfMkxccbJltGhL8TYRBn0YLNQFWO3kn
 gOcSlbcSKYswzQ==;
From: =?utf-8?Q?Ludovic_Court=C3=A8s?= <ludo@HIDDEN>
To: Tomas Volf <~@wolfsden.cz>
Subject: Re: [bug#69780] [PATCH 1/4] git authenticate: Record introduction
 and keyring in =?utf-8?Q?=E2=80=98=2Egit=2Fconfig=E2=80=99=2E?=
In-Reply-To: <ZftfgnWRf3Gz61sJ@ws> (Tomas Volf's message of "Wed, 20 Mar 2024
 23:13:22 +0100")
References: <cover.1710351278.git.ludo@HIDDEN>
 <40858e56cf55b27711d23add5f3cd2ccc6ea5c58.1710351278.git.ludo@HIDDEN>
 <ZfYIVJRAq3-8VG-N@ws> <87sf0m4a9s.fsf@HIDDEN>
 <87frwk28ms.fsf@HIDDEN> <ZftfgnWRf3Gz61sJ@ws>
Date: Fri, 29 Mar 2024 11:34:06 +0100
Message-ID: <87le61gwdd.fsf@HIDDEN>
User-Agent: Gnus/5.13 (Gnus v5.13)
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
X-Spam-Score: -2.3 (--)
X-Debbugs-Envelope-To: 69780
Cc: 69780 <at> debbugs.gnu.org
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -3.3 (---)

Hi!

Tomas Volf <~@wolfsden.cz> skribis:

>> The only open issue left is branches: how to configure different
>> introductions for different branches.  I=E2=80=99m all ears!
>
> Right, so I have few ideas, not sure if they are any good though.  And I =
myself
> am not really sure which one I like the most, so...

[...]

> The problem here is that any possible "smart" solution leaves something t=
o be
> desired.  Either it is not automated enough (new branches are unconfigure=
d), or
> it is too magical (new branches inherit the config from... something).  5=
. is
> probably the most flexible and covering edge cases, but will not be exact=
ly
> one-line change.
>
> Hm, now when I read it after myself, maybe it is just not a problem worth
> solving.  All of these are likely to complicate the code quite a bit.  No=
t sure.
>
> Dunno, was this of any help? :)

Yes, in a way.  :-)

For me the takeaway is that we shouldn=E2=80=99t go to far in attempting to
address this.  The proposal we came up with Skyler, where
=E2=80=98introduction-commit=E2=80=99 is taken as the default but may be ov=
erridden by
=E2=80=98introduction-commit-BRANCH=E2=80=99 sounds reasonable:

  https://issues.guix.gnu.org/69780#17

It does mean that people who need this would have to manually edit their
=E2=80=98.git/config=E2=80=99, but I think that=E2=80=99s acceptable: that=
=E2=80=99s an advanced use
case.

Thoughts?

Ludo=E2=80=99.

Message received at 69780 <at> debbugs.gnu.org:

Received: (at 69780) by debbugs.gnu.org; 21 Mar 2024 14:16:46 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Thu Mar 21 10:16:45 2024
Received: from localhost ([127.0.0.1]:37009 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1rnJDp-0005oh-CF
	for submit <at> debbugs.gnu.org; Thu, 21 Mar 2024 10:16:45 -0400
Received: from eggs.gnu.org ([209.51.188.92]:57360)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <ludo@HIDDEN>) id 1rnJDl-0005oG-B5
 for 69780 <at> debbugs.gnu.org; Thu, 21 Mar 2024 10:16:44 -0400
Received: from fencepost.gnu.org ([2001:470:142:3::e])
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <ludo@HIDDEN>)
 id 1rnJAs-0000BI-CU; Thu, 21 Mar 2024 10:13:42 -0400
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org;
 s=fencepost-gnu-org; h=MIME-Version:Date:References:In-Reply-To:Subject:To:
 From; bh=KWjn3/qSK4K/HbQBbIJ3vjglCUb7pGBgcT19IZ/RLV8=; b=GRNWwSL7MH5upwoAGhQu
 MPbPgOJCniEhLktrR3XhNSpKiMXxKNcPYxz1Y98UFx+p7ppRJcQQSZUj2+ZYT2Wc6csD69dPZiArY
 m/6gvWUY2W/8LIKJGZemnf+Z0bHIi0I4jsIobiKvnUI5wi9EiF3AtCwgAa403U56xFM57b+yEU9oF
 4Gi931gzL2DSIuJe5Y3KvaD/98+/nVDUp78U2zOagJrpejn6DhJDyeFzYkUl9Md7cI6xlIL0AF28Y
 bUCwT/EcYBKug8Sq6CdkaQipyWprsG+qP5WAl/gSaYYuQXoyrtizeDHsaEPbjcCgOMSVepWQOokRP
 URvyryWmlT7G4A==;
From: =?utf-8?Q?Ludovic_Court=C3=A8s?= <ludo@HIDDEN>
To: Skyler Ferris <skyvine@HIDDEN>
Subject: Re: [bug#69780] [PATCH 4/4] DRAFT news: Add entry for
 =?utf-8?Q?=E2=80=98guix?= git
 =?utf-8?Q?authenticate=E2=80=99?= changes.
In-Reply-To: <7c5370b7-09d6-4614-9b47-eb760c0a95f4@HIDDEN> (Skyler
 Ferris's message of "Thu, 21 Mar 2024 01:43:09 +0000")
References: <cover.1710351278.git.ludo@HIDDEN>
 <e1e5ac9fc790e58a2496d46ccefb5e72daa91e19.1710351278.git.ludo@HIDDEN>
 <73ead80c-9159-4e03-b2a7-68434cade060@HIDDEN>
 <8734sm48f5.fsf@HIDDEN>
 <7c5370b7-09d6-4614-9b47-eb760c0a95f4@HIDDEN>
X-URL: http://www.fdn.fr/~lcourtes/
X-Revolutionary-Date: Duodi 2 Germinal an 232 de la =?utf-8?Q?R=C3=A9volut?=
 =?utf-8?Q?ion=2C?= jour du Platane
X-PGP-Key-ID: 0x090B11993D9AEBB5
X-PGP-Key: http://www.fdn.fr/~lcourtes/ludovic.asc
X-PGP-Fingerprint: 3CE4 6455 8A84 FDC6 9DB4  0CFB 090B 1199 3D9A EBB5
X-OS: x86_64-pc-linux-gnu
Date: Thu, 21 Mar 2024 15:13:39 +0100
Message-ID: <87msqrvfjg.fsf@HIDDEN>
User-Agent: Gnus/5.13 (Gnus v5.13)
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
X-Spam-Score: -2.3 (--)
X-Debbugs-Envelope-To: 69780
Cc: 69780 <at> debbugs.gnu.org, Julien Lepiller <julien@HIDDEN>,
 Florian Pelz <pelzflorian@HIDDEN>
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -3.3 (---)

Hi!

Skyler Ferris <skyvine@HIDDEN> skribis:

> Fair enough, that can be addressed in a separate patch. On a related note=
, this patch reminded me of an idea I mentioned in a private thread with th=
e security team about writing a package that provides `guix git authenticat=
e` as a standalone script, which can be done by extracting the dependent mo=
dules and building just them (I have successfully done this for the "(guix =
build utils)" library, for shell-like guile scripts that have a lighter foo=
tprint than all of guix). This will help people who are installing guix fro=
m source for the first time. They will not have guix itself available, but =
it would be easier for them to use the standalone script than to install al=
l of guix (which they will presumably be replacing anyway). Is there anythi=
ng else around `guix git authenticate` you are working on that might confli=
ct with this? I am starting to look at it now that I have been reminded.

I must say I=E2=80=99m usually focusing on the use case where people buildi=
ng
Guix from source already have a working Guix installation.  In that
case, it=E2=80=99s that installation that provides a source of trust.

For someone building entirely from source, I don=E2=80=99t know what the ri=
ght
solution is.  It could be extracting =E2=80=98guix git authenticate=E2=80=
=99 as you say,
but then we=E2=80=99re just offsetting the problem.  We could just as well
recommend building from a signed tag (or signed source tarball) after
verifying it.  Dunno what a good bootstrapping story might be.

>> I spent time looking for the =E2=80=9Cright=E2=80=9D hook and couldn=E2=
=80=99t find anything
>> really satisfying.  Ideally, I=E2=80=99d want a hook that runs on =E2=80=
=98fetch=E2=80=99, for
>> each new reference.
>>
>> Is post-merge better than post-checkout?  githooks(5) says =E2=80=98post=
-merge=E2=80=99
>> =E2=80=9Cis invoked by git-merge(1), which happens when a git pull is do=
ne on a
>> local repository.=E2=80=9D  Is it actually invoked when =E2=80=98git pul=
l=E2=80=99 does *not*
>> trigger a merge?
>
> That gave me pause too, but I tested it with a pull that caused a fast-fo=
rward (no separate merge commit) and it still ran the hook. I looked for a =
`post-fetch` hook but couldn't find one, I agree that would be ideal.

OK, thanks for checking.

>> Using this configuration format, it seems there=E2=80=99s no room left f=
or a
>> branch name, or am I overlooking something?

[...]

> Hmm, I didn't realize that git limited the number of components available=
 in config names, but it looks like you're correct - my suggestion of appen=
ding `.branch-name` caused git to produce an error that the config was inva=
lid.
>
> But we don't necessarily need git to be aware of the semantic meaning of =
the branch name since the value is calculated by the guile script. So we co=
uld just use a hyphen as a separator and have "introduction-commit-master" =
and "introduction-commit-feature" as separate values unrelated to each othe=
r (aside from being in the "guix authentication" namespace).

Hmm right.  Not pretty, but why not.

We could still have =E2=80=98introduction-commit=E2=80=99 as a default, and
=E2=80=98introduction-commit-BRANCH=E2=80=99 would take precedence over it =
when present.

Thanks for your feedback!

Ludo=E2=80=99.

Message received at 69780 <at> debbugs.gnu.org:

Received: (at 69780) by debbugs.gnu.org; 21 Mar 2024 02:15:43 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Wed Mar 20 22:15:43 2024
Received: from localhost ([127.0.0.1]:46329 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1rn7y2-0003em-LZ
	for submit <at> debbugs.gnu.org; Wed, 20 Mar 2024 22:15:43 -0400
Received: from mail-4322.protonmail.ch ([185.70.43.22]:37439)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <skyvine@HIDDEN>) id 1rn7xz-0003eJ-RK
 for 69780 <at> debbugs.gnu.org; Wed, 20 Mar 2024 22:15:40 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=protonmail.com;
 s=protonmail3; t=1710987293; x=1711246493;
 bh=DTLrobsAWwuwpl932fdiC2rpastO+1uJ6gagt8dqi0s=;
 h=Date:To:From:Cc:Subject:Message-ID:In-Reply-To:References:
 Feedback-ID:From:To:Cc:Date:Subject:Reply-To:Feedback-ID:
 Message-ID:BIMI-Selector;
 b=KavvzLKCAYlvunppm9MQZdOAZYy6s7ccSJlZdiPqTs5NPIntZdkFnI1EnSGkOd2dn
 Oiqd3/le7s9QN2P7qZOeCV/0wmBGjlQsVoKa4t4K9Nd6fIkN8uMttWQ3kw8NBwh3oH
 iFS66To4HlMFZFvDkCTvi6tkTWY1hCWMSJ1E6S3CZ6ue+FVou+JTT5gPAJ3lFdXMkZ
 4+fZeZsIv5D/tmovRn50SrR0PCbbvIfWaQ2hKxbxQzp+dx4XZayvjbVyBFsPruJy6K
 dLWbk1Oy8HmXV0YZmz34GppjgtRHuBqE5tKbpswo2HiiGXUrixNwZvEAIKPKHfzUux
 +Wv8aSuJEnfoA==
Date: Thu, 21 Mar 2024 02:14:50 +0000
To: =?utf-8?Q?Ludovic_Court=C3=A8s?= <ludo@HIDDEN>
From: Skyler Ferris <skyvine@HIDDEN>
Subject: =?utf-8?Q?Re:_[bug#69780]_[PATCH_4/4]_DRAFT_news:_Add_entry_for_=E2=80=98guix_git_authenticate=E2=80=99_changes.?=
Message-ID: <3b76321d-c132-447c-86ec-0e76d4370c43@HIDDEN>
In-Reply-To: <7c5370b7-09d6-4614-9b47-eb760c0a95f4@HIDDEN>
References: <cover.1710351278.git.ludo@HIDDEN>
 <e1e5ac9fc790e58a2496d46ccefb5e72daa91e19.1710351278.git.ludo@HIDDEN>
 <73ead80c-9159-4e03-b2a7-68434cade060@HIDDEN>
 <8734sm48f5.fsf@HIDDEN>
 <7c5370b7-09d6-4614-9b47-eb760c0a95f4@HIDDEN>
Feedback-ID: 40635331:user:proton
MIME-Version: 1.0
Content-Type: multipart/alternative;
 boundary="b1_oXPIprEQN4aNcYSQmX45wb9C3Nx56ZvmGHalDxyJYk"
X-Spam-Score: -0.0 (/)
X-Debbugs-Envelope-To: 69780
Cc: 69780 <at> debbugs.gnu.org, Julien Lepiller <julien@HIDDEN>,
 Florian Pelz <pelzflorian@HIDDEN>
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -1.0 (-)

This is a multi-part message in MIME format.

--b1_oXPIprEQN4aNcYSQmX45wb9C3Nx56ZvmGHalDxyJYk
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: base64

T24gMy8yMC8yNCAxODo0MywgU2t5bGVyIEZlcnJpcyB3cm90ZToKCj4gVGhhdCBnYXZlIG1lIHBh
dXNlIHRvbywgYnV0IEkgdGVzdGVkIGl0IHdpdGggYSBwdWxsIHRoYXQgY2F1c2VkIGEgZmFzdC1m
b3J3YXJkIChubyBzZXBhcmF0ZSBtZXJnZSBjb21taXQpIGFuZCBpdCBzdGlsbCByYW4gdGhlIGhv
b2suIEkgbG9va2VkIGZvciBhIGBwb3N0LWZldGNoYCBob29rIGJ1dCBjb3VsZG4ndCBmaW5kIG9u
ZSwgSSBhZ3JlZSB0aGF0IHdvdWxkIGJlIGlkZWFsLgoKSXQgdHVybnMgb3V0IHRoYXQgYSBwb3N0
LWZldGNoIGhvb2sgaGFzIGJlZW4gZGlzY3Vzc2VkIG9uIHRoZSBnaXQgbWFpbGluZyBsaXN0LiBO
b3RhYmx5LCBzb21lb25lIGFza2VkIGFib3V0IGl0IGZvciBhIHZlcnkgc2ltaWxhciB1c2UtY2Fz
ZSBzdGFydGluZyBhdCAoMSkuIE11Y2ggb2YgdGhlIGRpc2N1c3Npb24gaXMgYWJvdXQgdGhlIHdh
eSB0aGlzIHBlcnNvbiBpbXBsZW1lbnRlZCB0aGUgaG9vaywgYmVjYXVzZSB0aGV5IHdhbnRlZCB0
byBwcmV2ZW50IHJlZnMgZnJvbSBiZWluZyB1cGRhdGVkIGluc3RlYWQgb2Ygc2ltcGx5IGFsZXJ0
aW5nIHRoZSB1c2VyIG9mIHRoZSBwb3RlbnRpYWxseSBiYWQgY29tbWl0cy4gVGhlcmUgaXMgYWxz
byBhIGNhdGVnb3JpY2FsIG9iamVjdGlvbiB0byB0aGUgaWRlYSBvZiBpbXBsZW1lbnRpbmcgYSBw
b3N0LWZldGNoIGhvb2sgKDIpLCBpbiBwYXJ0IGJlY2F1c2UgbW9kaWZ5aW5nIHJlZnMgY291bGQg
bGVhZCB0byBwcm9ibGVtcyBmb3IgdGhlIGVudmlyb25tZW50IChzdWNoIGFzIGNsaWVudHMgcmUt
ZmV0Y2hpbmcsIHRoZW4gcmVqZWN0aW5nLCB0aGUgc2FtZSBjb21taXRzIHJlcGVhdGVkbHkgbGVh
ZGluZyB0byBleGNlc3MgYmFuZHdpZHRoIHVzZSkgKDMpLiBJbiBzcGl0ZSBvZiB0aGlzLCB0aGVy
ZSBhcmUgV0lQIHBhdGNoZXMgYXQgdGhlIGVuZCBvZiB0aGUgdGhyZWFkIGltcGxlbWVudGluZyBh
IHR3ZWFrLWZldGNoIGhvb2sgYXQgdGhlIGVuZCBvZiB0aGUgdGhyZWFkICg0KSwgYnV0IEkgZG9u
J3QgdGhpbmsgdGhleSB3ZXJlIGV2ZXIgY29tcGxldGVkLi4uIGhhdmVuJ3QgbG9va2VkIGF0IHRo
b3NlIHRvbyBjbG9zZWx5IHlldCBidXQgbWF5YmUgdGhlcmUncyBzb21ldGhpbmcgc29tZXdoZXJl
IGVsc2UgYWJvdXQgdGhlbS4KCigxKSBodHRwczovL2xvcmUua2VybmVsLm9yZy9naXQvNTg5OGJl
NjktNDIxMS1kNDQxLTQ5NGQtOTM0NzcxNzljZjBlQGdhc3BhcmQuaW8vCigyKSBodHRwczovL2xv
cmUua2VybmVsLm9yZy9naXQvMjViZDc3MGMtNmE0OC01YjVkLTA0Y2MtNmQwMjc4NGVhM2U3QGdh
c3BhcmQuaW8vCigzKSBodHRwczovL2xvcmUua2VybmVsLm9yZy9naXQvODdsZ2cxYndtaS5mc2ZA
ZXZsZWRyYWFyLmdtYWlsLmNvbS8KKDQpIGh0dHBzOi8vbG9yZS5rZXJuZWwub3JnL2dpdC8zMDc1
M2QxOS1kNzdkLTFhMWEtYmE0Mi1hZmNkNmZiYjQyMjNAZ2FzcGFyZC5pby8=

--b1_oXPIprEQN4aNcYSQmX45wb9C3Nx56ZvmGHalDxyJYk
Content-Type: text/html; charset=utf-8
Content-Transfer-Encoding: base64

PCFET0NUWVBFIGh0bWw+PGh0bWw+PGhlYWQ+DQogICAgPG1ldGEgaHR0cC1lcXVpdj0iQ29udGVu
dC1UeXBlIiBjb250ZW50PSJ0ZXh0L2h0bWw7IGNoYXJzZXQ9VVRGLTgiLz4NCiAgPC9oZWFkPg0K
ICA8Ym9keT4NCiAgICA8YnIvPg0KICAgIDxici8+DQogICAgPGRpdiBjbGFzcz0ibW96LWNpdGUt
cHJlZml4Ij5PbiAzLzIwLzI0IDE4OjQzLCBTa3lsZXIgRmVycmlzIHdyb3RlOjxici8+DQogICAg
PC9kaXY+DQogICAgPGJsb2NrcXVvdGUgdHlwZT0iY2l0ZSIgY2l0ZT0ibWlkOjdjNTM3MGI3LTA5
ZDYtNDYxNC05YjQ3LWViNzYwYzBhOTVmNEBwcm90b25tYWlsLmNvbSI+PHNwYW4gc3R5bGU9Indo
aXRlLXNwYWNlOiBwcmUtd3JhcCI+DQo8L3NwYW4+VGhhdCBnYXZlIG1lIHBhdXNlIHRvbywgYnV0
IEkgdGVzdGVkIGl0IHdpdGggYSBwdWxsIHRoYXQgY2F1c2VkIGENCiAgICAgIGZhc3QtZm9yd2Fy
ZCAobm8gc2VwYXJhdGUgbWVyZ2UgY29tbWl0KSBhbmQgaXQgc3RpbGwgcmFuIHRoZSBob29rLg0K
ICAgICAgSSBsb29rZWQgZm9yIGEgYHBvc3QtZmV0Y2hgIGhvb2sgYnV0IGNvdWxkbiYjMzk7dCBm
aW5kIG9uZSwgSSBhZ3JlZQ0KICAgICAgdGhhdCB3b3VsZCBiZSBpZGVhbC48L2Jsb2NrcXVvdGU+
DQogICAgPGJyLz4NCiAgICBJdCB0dXJucyBvdXQgdGhhdCBhIHBvc3QtZmV0Y2ggaG9vayBoYXMg
YmVlbiBkaXNjdXNzZWQgb24gdGhlIGdpdA0KICAgIG1haWxpbmcgbGlzdC4gTm90YWJseSwgc29t
ZW9uZSBhc2tlZCBhYm91dCBpdCBmb3IgYSB2ZXJ5IHNpbWlsYXINCiAgICB1c2UtY2FzZSBzdGFy
dGluZyBhdCAoMSkuIE11Y2ggb2YgdGhlIGRpc2N1c3Npb24gaXMgYWJvdXQgdGhlIHdheQ0KICAg
IHRoaXMgcGVyc29uIGltcGxlbWVudGVkIHRoZSBob29rLCBiZWNhdXNlIHRoZXkgd2FudGVkIHRv
IHByZXZlbnQNCiAgICByZWZzIGZyb20gYmVpbmcgdXBkYXRlZCBpbnN0ZWFkIG9mIHNpbXBseSBh
bGVydGluZyB0aGUgdXNlciBvZiB0aGUNCiAgICBwb3RlbnRpYWxseSBiYWQgY29tbWl0cy4gVGhl
cmUgaXMgYWxzbyBhIGNhdGVnb3JpY2FsIG9iamVjdGlvbiB0bw0KICAgIHRoZSBpZGVhIG9mIGlt
cGxlbWVudGluZyBhIHBvc3QtZmV0Y2ggaG9vayAoMiksIGluIHBhcnQgYmVjYXVzZQ0KICAgIG1v
ZGlmeWluZyByZWZzIGNvdWxkIGxlYWQgdG8gcHJvYmxlbXMgZm9yIHRoZSBlbnZpcm9ubWVudCAo
c3VjaCBhcw0KICAgIGNsaWVudHMgcmUtZmV0Y2hpbmcsIHRoZW4gcmVqZWN0aW5nLCB0aGUgc2Ft
ZSBjb21taXRzIHJlcGVhdGVkbHkNCiAgICBsZWFkaW5nIHRvIGV4Y2VzcyBiYW5kd2lkdGggdXNl
KSAoMykuIEluIHNwaXRlIG9mIHRoaXMsIHRoZXJlIGFyZQ0KICAgIFdJUCBwYXRjaGVzIGF0IHRo
ZSBlbmQgb2YgdGhlIHRocmVhZCBpbXBsZW1lbnRpbmcgYSB0d2Vhay1mZXRjaCBob29rDQogICAg
YXQgdGhlIGVuZCBvZiB0aGUgdGhyZWFkICg0KSwgYnV0IEkgZG9uJiMzOTt0IHRoaW5rIHRoZXkg
d2VyZSBldmVyDQogICAgY29tcGxldGVkLi4uIGhhdmVuJiMzOTt0IGxvb2tlZCBhdCB0aG9zZSB0
b28gY2xvc2VseSB5ZXQgYnV0IG1heWJlDQogICAgdGhlcmUmIzM5O3Mgc29tZXRoaW5nIHNvbWV3
aGVyZSBlbHNlIGFib3V0IHRoZW0uPGJyLz4NCiAgICA8YnIvPg0KICAgICgxKQ0KPGEgY2xhc3M9
Im1vei10eHQtbGluay1mcmVldGV4dCIgaHJlZj0iaHR0cHM6Ly9sb3JlLmtlcm5lbC5vcmcvZ2l0
LzU4OThiZTY5LTQyMTEtZDQ0MS00OTRkLTkzNDc3MTc5Y2YwZUBnYXNwYXJkLmlvLyI+aHR0cHM6
Ly9sb3JlLmtlcm5lbC5vcmcvZ2l0LzU4OThiZTY5LTQyMTEtZDQ0MS00OTRkLTkzNDc3MTc5Y2Yw
ZUBnYXNwYXJkLmlvLzwvYT48YnIvPg0KICAgICgyKQ0KPGEgY2xhc3M9Im1vei10eHQtbGluay1m
cmVldGV4dCIgaHJlZj0iaHR0cHM6Ly9sb3JlLmtlcm5lbC5vcmcvZ2l0LzI1YmQ3NzBjLTZhNDgt
NWI1ZC0wNGNjLTZkMDI3ODRlYTNlN0BnYXNwYXJkLmlvLyI+aHR0cHM6Ly9sb3JlLmtlcm5lbC5v
cmcvZ2l0LzI1YmQ3NzBjLTZhNDgtNWI1ZC0wNGNjLTZkMDI3ODRlYTNlN0BnYXNwYXJkLmlvLzwv
YT48YnIvPg0KICAgICgzKSA8YSBjbGFzcz0ibW96LXR4dC1saW5rLWZyZWV0ZXh0IiBocmVmPSJo
dHRwczovL2xvcmUua2VybmVsLm9yZy9naXQvODdsZ2cxYndtaS5mc2ZAZXZsZWRyYWFyLmdtYWls
LmNvbS8iPmh0dHBzOi8vbG9yZS5rZXJuZWwub3JnL2dpdC84N2xnZzFid21pLmZzZkBldmxlZHJh
YXIuZ21haWwuY29tLzwvYT48YnIvPg0KICAgICg0KQ0KPGEgY2xhc3M9Im1vei10eHQtbGluay1m
cmVldGV4dCIgaHJlZj0iaHR0cHM6Ly9sb3JlLmtlcm5lbC5vcmcvZ2l0LzMwNzUzZDE5LWQ3N2Qt
MWExYS1iYTQyLWFmY2Q2ZmJiNDIyM0BnYXNwYXJkLmlvLyI+aHR0cHM6Ly9sb3JlLmtlcm5lbC5v
cmcvZ2l0LzMwNzUzZDE5LWQ3N2QtMWExYS1iYTQyLWFmY2Q2ZmJiNDIyM0BnYXNwYXJkLmlvLzwv
YT48YnIvPg0KICANCg0KPC9ib2R5PjwvaHRtbD4=


--b1_oXPIprEQN4aNcYSQmX45wb9C3Nx56ZvmGHalDxyJYk--

Message received at 69780 <at> debbugs.gnu.org:

Received: (at 69780) by debbugs.gnu.org; 21 Mar 2024 01:44:14 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Wed Mar 20 21:44:13 2024
Received: from localhost ([127.0.0.1]:44290 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1rn7TZ-0002Cj-A4
	for submit <at> debbugs.gnu.org; Wed, 20 Mar 2024 21:44:13 -0400
Received: from mail-4316.protonmail.ch ([185.70.43.16]:61861)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <skyvine@HIDDEN>) id 1rn7TX-0002CM-8d
 for 69780 <at> debbugs.gnu.org; Wed, 20 Mar 2024 21:44:11 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=protonmail.com;
 s=protonmail3; t=1710985405; x=1711244605;
 bh=gOrhtnlIynLCvQZmkg8ybytPxjEzJl6anq7kojWtDJ8=;
 h=Date:To:From:Cc:Subject:Message-ID:In-Reply-To:References:
 Feedback-ID:From:To:Cc:Date:Subject:Reply-To:Feedback-ID:
 Message-ID:BIMI-Selector;
 b=J7oz5+TxC5K0+iplWun8Z0xc3njsKxeC1z6dG8vzmBIKzRTjIdsOVoEgtwjHcfebr
 yHA7jTdiJ9yz6K4aok8UweCT+YwciT8j4v5/tAziZsgCu6yPkPQhq8+1U4LL34zLFM
 Sa9VOvGtmjM6TouPEJqpyiUIHexq2EpN3L7MAyxZGwj3Sahln4B5YQY82S5NfqtTmx
 WfztwQNez7q1VB0p+UY+GKDVE8uBYw2nUe/ZTUiio30T2JQjLbcmpurcVJyIg+7OGM
 NsCq9KAdjn/D1kWx9wMz0ys6z35Po7M1n4k0UCdZUgi6KONPOALk8OBBwB6LdPGzXb
 AAkakbMb7eJoQ==
Date: Thu, 21 Mar 2024 01:43:09 +0000
To: =?utf-8?Q?Ludovic_Court=C3=A8s?= <ludo@HIDDEN>
From: Skyler Ferris <skyvine@HIDDEN>
Subject: =?utf-8?Q?Re:_[bug#69780]_[PATCH_4/4]_DRAFT_news:_Add_entry_for_=E2=80=98guix_git_authenticate=E2=80=99_changes.?=
Message-ID: <7c5370b7-09d6-4614-9b47-eb760c0a95f4@HIDDEN>
In-Reply-To: <8734sm48f5.fsf@HIDDEN>
References: <cover.1710351278.git.ludo@HIDDEN>
 <e1e5ac9fc790e58a2496d46ccefb5e72daa91e19.1710351278.git.ludo@HIDDEN>
 <73ead80c-9159-4e03-b2a7-68434cade060@HIDDEN>
 <8734sm48f5.fsf@HIDDEN>
Feedback-ID: 40635331:user:proton
MIME-Version: 1.0
Content-Type: multipart/alternative;
 boundary="b1_TjDQQ8TcN6tmUPyISJ6uAkGV8lm76kSzvVsEQWrI"
X-Spam-Score: -0.0 (/)
X-Debbugs-Envelope-To: 69780
Cc: 69780 <at> debbugs.gnu.org, Julien Lepiller <julien@HIDDEN>,
 Florian Pelz <pelzflorian@HIDDEN>
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -1.0 (-)

This is a multi-part message in MIME format.

--b1_TjDQQ8TcN6tmUPyISJ6uAkGV8lm76kSzvVsEQWrI
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: base64

T24gMy8xOS8yNCAwNzoxMiwgTHVkb3ZpYyBDb3VydMOocyB3cm90ZToKCj4gUmlnaHQuICBMaWtl
IEkgd3JvdGUgd2hlbiByZXBseWluZyB0byBUb21hcywgSSB2aWV3IHRoaXMgYXMgYSBoZWxwZXIK
PiBwcmltYXJpbHkgZm9yIHBlb3BsZSBvdXRzaWRlIEd1aXggaXRzZWxmLCBiZWNhdXNlIEd1aXgg
YWxyZWFkeSBoYXMgaXRzCj4gb3duIGhvb2tzIGluc3RhbGxlZCBhcyB5b3Ugd3JpdGUuCj4KPiBX
ZSBjb3VsZCBkaXNjdXNzIHdoYXQgdG8gZG8gd2l0aCBHdWl44oCZcyBvd24gaG9va3MsIGJ1dCB0
byBtZSB0aGF04oCZcyBhCj4gc2VwYXJhdGUgaXNzdWUuCgpGYWlyIGVub3VnaCwgdGhhdCBjYW4g
YmUgYWRkcmVzc2VkIGluIGEgc2VwYXJhdGUgcGF0Y2guIE9uIGEgcmVsYXRlZCBub3RlLCB0aGlz
IHBhdGNoIHJlbWluZGVkIG1lIG9mIGFuIGlkZWEgSSBtZW50aW9uZWQgaW4gYSBwcml2YXRlIHRo
cmVhZCB3aXRoIHRoZSBzZWN1cml0eSB0ZWFtIGFib3V0IHdyaXRpbmcgYSBwYWNrYWdlIHRoYXQg
cHJvdmlkZXMgYGd1aXggZ2l0IGF1dGhlbnRpY2F0ZWAgYXMgYSBzdGFuZGFsb25lIHNjcmlwdCwg
d2hpY2ggY2FuIGJlIGRvbmUgYnkgZXh0cmFjdGluZyB0aGUgZGVwZW5kZW50IG1vZHVsZXMgYW5k
IGJ1aWxkaW5nIGp1c3QgdGhlbSAoSSBoYXZlIHN1Y2Nlc3NmdWxseSBkb25lIHRoaXMgZm9yIHRo
ZSAiKGd1aXggYnVpbGQgdXRpbHMpIiBsaWJyYXJ5LCBmb3Igc2hlbGwtbGlrZSBndWlsZSBzY3Jp
cHRzIHRoYXQgaGF2ZSBhIGxpZ2h0ZXIgZm9vdHByaW50IHRoYW4gYWxsIG9mIGd1aXgpLiBUaGlz
IHdpbGwgaGVscCBwZW9wbGUgd2hvIGFyZSBpbnN0YWxsaW5nIGd1aXggZnJvbSBzb3VyY2UgZm9y
IHRoZSBmaXJzdCB0aW1lLiBUaGV5IHdpbGwgbm90IGhhdmUgZ3VpeCBpdHNlbGYgYXZhaWxhYmxl
LCBidXQgaXQgd291bGQgYmUgZWFzaWVyIGZvciB0aGVtIHRvIHVzZSB0aGUgc3RhbmRhbG9uZSBz
Y3JpcHQgdGhhbiB0byBpbnN0YWxsIGFsbCBvZiBndWl4ICh3aGljaCB0aGV5IHdpbGwgcHJlc3Vt
YWJseSBiZSByZXBsYWNpbmcgYW55d2F5KS4gSXMgdGhlcmUgYW55dGhpbmcgZWxzZSBhcm91bmQg
YGd1aXggZ2l0IGF1dGhlbnRpY2F0ZWAgeW91IGFyZSB3b3JraW5nIG9uIHRoYXQgbWlnaHQgY29u
ZmxpY3Qgd2l0aCB0aGlzPyBJIGFtIHN0YXJ0aW5nIHRvIGxvb2sgYXQgaXQgbm93IHRoYXQgSSBo
YXZlIGJlZW4gcmVtaW5kZWQuCgo+IEkgc3BlbnQgdGltZSBsb29raW5nIGZvciB0aGUg4oCccmln
aHTigJ0gaG9vayBhbmQgY291bGRu4oCZdCBmaW5kIGFueXRoaW5nCj4gcmVhbGx5IHNhdGlzZnlp
bmcuICBJZGVhbGx5LCBJ4oCZZCB3YW50IGEgaG9vayB0aGF0IHJ1bnMgb24g4oCYZmV0Y2jigJks
IGZvcgo+IGVhY2ggbmV3IHJlZmVyZW5jZS4KPgo+IElzIHBvc3QtbWVyZ2UgYmV0dGVyIHRoYW4g
cG9zdC1jaGVja291dD8gIGdpdGhvb2tzKDUpIHNheXMg4oCYcG9zdC1tZXJnZeKAmQo+IOKAnGlz
IGludm9rZWQgYnkgZ2l0LW1lcmdlKDEpLCB3aGljaCBoYXBwZW5zIHdoZW4gYSBnaXQgcHVsbCBp
cyBkb25lIG9uIGEKPiBsb2NhbCByZXBvc2l0b3J5LuKAnSAgSXMgaXQgYWN0dWFsbHkgaW52b2tl
ZCB3aGVuIOKAmGdpdCBwdWxs4oCZIGRvZXMgKm5vdCoKPiB0cmlnZ2VyIGEgbWVyZ2U/CgpUaGF0
IGdhdmUgbWUgcGF1c2UgdG9vLCBidXQgSSB0ZXN0ZWQgaXQgd2l0aCBhIHB1bGwgdGhhdCBjYXVz
ZWQgYSBmYXN0LWZvcndhcmQgKG5vIHNlcGFyYXRlIG1lcmdlIGNvbW1pdCkgYW5kIGl0IHN0aWxs
IHJhbiB0aGUgaG9vay4gSSBsb29rZWQgZm9yIGEgYHBvc3QtZmV0Y2hgIGhvb2sgYnV0IGNvdWxk
bid0IGZpbmQgb25lLCBJIGFncmVlIHRoYXQgd291bGQgYmUgaWRlYWwuCgo+IFZlcnkgZ29vZCBw
b2ludC4gIE5vdywgd2hhdCB3b3VsZCBpdCBsb29rIGxpa2U/Cj4KPiBDdXJyZW50bHkgd2UgaGF2
ZToKPgo+IC0tODwtLS0tLS0tLS0tLS0tLS1jdXQgaGVyZS0tLS0tLS0tLS0tLS0tLXN0YXJ0LS0t
LS0tLS0tLS0tLT44LS0tCj4gW2d1aXggImF1dGhlbnRpY2F0aW9uIl0KPiAgICAgICAgIGludHJv
ZHVjdGlvbi1jb21taXQgPSA5ZWRiM2Y2NmZkODA3YjA5NmI0ODI4M2RlYmRjZGRjY2ZlYTM0YmFk
Cj4gICAgICAgICBpbnRyb2R1Y3Rpb24tc2lnbmVyID0gQkJCMCAyRERGIDJDRUEgRjZBOCAwRDFE
ICBFNjQzIEEyQTAgNkRGMiBBMzNBIDU0RkEKPiAgICAgICAgIGtleXJpbmcgPSBrZXlyaW5nCj4g
LS04PC0tLS0tLS0tLS0tLS0tLWN1dCBoZXJlLS0tLS0tLS0tLS0tLS0tZW5kLS0tLS0tLS0tLS0t
LS0tPjgtLS0KPgo+IFVzaW5nIHRoaXMgY29uZmlndXJhdGlvbiBmb3JtYXQsIGl0IHNlZW1zIHRo
ZXJl4oCZcyBubyByb29tIGxlZnQgZm9yIGEKPiBicmFuY2ggbmFtZSwgb3IgYW0gSSBvdmVybG9v
a2luZyBzb21ldGhpbmc/Cj4KPiBPciB3ZSBjb3VsZCB0YWtlIHRoZSByaXNrIG9mIHJlbW92aW5n
IOKAmGd1aXjigJkgYW5kIG1ha2UgaXQ6Cj4KPiAtLTg8LS0tLS0tLS0tLS0tLS0tY3V0IGhlcmUt
LS0tLS0tLS0tLS0tLS1zdGFydC0tLS0tLS0tLS0tLS0+OC0tLQo+IFthdXRoZW50aWNhdGlvbiAi
bWFzdGVyIl0KPiAgICAgICAgIGludHJvZHVjdGlvbi1jb21taXQgPSA5ZWRiM2Y2NmZkODA3YjA5
NmI0ODI4M2RlYmRjZGRjY2ZlYTM0YmFkCj4gICAgICAgICBpbnRyb2R1Y3Rpb24tc2lnbmVyID0g
QkJCMCAyRERGIDJDRUEgRjZBOCAwRDFEICBFNjQzIEEyQTAgNkRGMiBBMzNBIDU0RkEKPiAgICAg
ICAgIGtleXJpbmcgPSBrZXlyaW5nCj4gLS04PC0tLS0tLS0tLS0tLS0tLWN1dCBoZXJlLS0tLS0t
LS0tLS0tLS0tZW5kLS0tLS0tLS0tLS0tLS0tPjgtLS0KPgo+IFdEWVQ/CgpIbW0sIEkgZGlkbid0
IHJlYWxpemUgdGhhdCBnaXQgbGltaXRlZCB0aGUgbnVtYmVyIG9mIGNvbXBvbmVudHMgYXZhaWxh
YmxlIGluIGNvbmZpZyBuYW1lcywgYnV0IGl0IGxvb2tzIGxpa2UgeW91J3JlIGNvcnJlY3QgLSBt
eSBzdWdnZXN0aW9uIG9mIGFwcGVuZGluZyBgLmJyYW5jaC1uYW1lYCBjYXVzZWQgZ2l0IHRvIHBy
b2R1Y2UgYW4gZXJyb3IgdGhhdCB0aGUgY29uZmlnIHdhcyBpbnZhbGlkLgoKQnV0IHdlIGRvbid0
IG5lY2Vzc2FyaWx5IG5lZWQgZ2l0IHRvIGJlIGF3YXJlIG9mIHRoZSBzZW1hbnRpYyBtZWFuaW5n
IG9mIHRoZSBicmFuY2ggbmFtZSBzaW5jZSB0aGUgdmFsdWUgaXMgY2FsY3VsYXRlZCBieSB0aGUg
Z3VpbGUgc2NyaXB0LiBTbyB3ZSBjb3VsZCBqdXN0IHVzZSBhIGh5cGhlbiBhcyBhIHNlcGFyYXRv
ciBhbmQgaGF2ZSAiaW50cm9kdWN0aW9uLWNvbW1pdC1tYXN0ZXIiIGFuZCAiaW50cm9kdWN0aW9u
LWNvbW1pdC1mZWF0dXJlIiBhcyBzZXBhcmF0ZSB2YWx1ZXMgdW5yZWxhdGVkIHRvIGVhY2ggb3Ro
ZXIgKGFzaWRlIGZyb20gYmVpbmcgaW4gdGhlICJndWl4IGF1dGhlbnRpY2F0aW9uIiBuYW1lc3Bh
Y2UpLgoKUmVnYXJkcywKU2t5bGVy

--b1_TjDQQ8TcN6tmUPyISJ6uAkGV8lm76kSzvVsEQWrI
Content-Type: text/html; charset=utf-8
Content-Transfer-Encoding: base64

PCFET0NUWVBFIGh0bWw+PGh0bWw+PGhlYWQ+DQogICAgPG1ldGEgaHR0cC1lcXVpdj0iQ29udGVu
dC1UeXBlIiBjb250ZW50PSJ0ZXh0L2h0bWw7IGNoYXJzZXQ9VVRGLTgiLz4NCiAgPC9oZWFkPg0K
ICA8Ym9keT4NCiAgICBPbiAzLzE5LzI0IDA3OjEyLCBMdWRvdmljIENvdXJ0w6hzIHdyb3RlOjxi
ci8+DQogICAgPGJsb2NrcXVvdGUgdHlwZT0iY2l0ZSIgY2l0ZT0ibWlkOjg3MzRzbTQ4ZjUuZnNm
QGdudS5vcmciPjxzcGFuIHN0eWxlPSJ3aGl0ZS1zcGFjZTogcHJlLXdyYXAiPg0KPC9zcGFuPg0K
ICAgICAgPHByZSBjbGFzcz0ibW96LXF1b3RlLXByZSIgd3JhcD0iIj5SaWdodC4gIExpa2UgSSB3
cm90ZSB3aGVuIHJlcGx5aW5nIHRvIFRvbWFzLCBJIHZpZXcgdGhpcyBhcyBhIGhlbHBlcg0KcHJp
bWFyaWx5IGZvciBwZW9wbGUgb3V0c2lkZSBHdWl4IGl0c2VsZiwgYmVjYXVzZSBHdWl4IGFscmVh
ZHkgaGFzIGl0cw0Kb3duIGhvb2tzIGluc3RhbGxlZCBhcyB5b3Ugd3JpdGUuDQoNCldlIGNvdWxk
IGRpc2N1c3Mgd2hhdCB0byBkbyB3aXRoIEd1aXjigJlzIG93biBob29rcywgYnV0IHRvIG1lIHRo
YXTigJlzIGENCnNlcGFyYXRlIGlzc3VlLjwvcHJlPg0KICAgIDwvYmxvY2txdW90ZT4NCiAgICBG
YWlyIGVub3VnaCwgdGhhdCBjYW4gYmUgYWRkcmVzc2VkIGluIGEgc2VwYXJhdGUgcGF0Y2guIE9u
IGEgcmVsYXRlZA0KICAgIG5vdGUsIHRoaXMgcGF0Y2ggcmVtaW5kZWQgbWUgb2YgYW4gaWRlYSBJ
IG1lbnRpb25lZCBpbiBhIHByaXZhdGUNCiAgICB0aHJlYWQgd2l0aCB0aGUgc2VjdXJpdHkgdGVh
bSBhYm91dCB3cml0aW5nIGEgcGFja2FnZSB0aGF0IHByb3ZpZGVzDQogICAgYGd1aXggZ2l0IGF1
dGhlbnRpY2F0ZWAgYXMgYSBzdGFuZGFsb25lIHNjcmlwdCwgd2hpY2ggY2FuIGJlIGRvbmUgYnkN
CiAgICBleHRyYWN0aW5nIHRoZSBkZXBlbmRlbnQgbW9kdWxlcyBhbmQgYnVpbGRpbmcganVzdCB0
aGVtIChJIGhhdmUNCiAgICBzdWNjZXNzZnVsbHkgZG9uZSB0aGlzIGZvciB0aGUgJiMzNDsoZ3Vp
eCBidWlsZCB1dGlscykmIzM0OyBsaWJyYXJ5LCBmb3INCiAgICBzaGVsbC1saWtlIGd1aWxlIHNj
cmlwdHMgdGhhdCBoYXZlIGEgbGlnaHRlciBmb290cHJpbnQgdGhhbiBhbGwgb2YNCiAgICBndWl4
KS4gVGhpcyB3aWxsIGhlbHAgcGVvcGxlIHdobyBhcmUgaW5zdGFsbGluZyBndWl4IGZyb20gc291
cmNlIGZvcg0KICAgIHRoZSBmaXJzdCB0aW1lLiBUaGV5IHdpbGwgbm90IGhhdmUgZ3VpeCBpdHNl
bGYgYXZhaWxhYmxlLCBidXQgaXQNCiAgICB3b3VsZCBiZSBlYXNpZXIgZm9yIHRoZW0gdG8gdXNl
IHRoZSBzdGFuZGFsb25lIHNjcmlwdCB0aGFuIHRvDQogICAgaW5zdGFsbCBhbGwgb2YgZ3VpeCAo
d2hpY2ggdGhleSB3aWxsIHByZXN1bWFibHkgYmUgcmVwbGFjaW5nDQogICAgYW55d2F5KS4gSXMg
dGhlcmUgYW55dGhpbmcgZWxzZSBhcm91bmQgYGd1aXggZ2l0IGF1dGhlbnRpY2F0ZWAgeW91DQog
ICAgYXJlIHdvcmtpbmcgb24gdGhhdCBtaWdodCBjb25mbGljdCB3aXRoIHRoaXM/IEkgYW0gc3Rh
cnRpbmcgdG8gbG9vaw0KICAgIGF0IGl0IG5vdyB0aGF0IEkgaGF2ZSBiZWVuIHJlbWluZGVkLjxz
cGFuIHN0eWxlPSJ3aGl0ZS1zcGFjZTogcHJlLXdyYXAiPg0KPC9zcGFuPg0KICAgIDxibG9ja3F1
b3RlIHR5cGU9ImNpdGUiIGNpdGU9Im1pZDo4NzM0c200OGY1LmZzZkBnbnUub3JnIj48c3BhbiBz
dHlsZT0id2hpdGUtc3BhY2U6IHByZS13cmFwIj4NCjwvc3Bhbj4NCiAgICAgIDxwcmUgY2xhc3M9
Im1vei1xdW90ZS1wcmUiIHdyYXA9IiI+SSBzcGVudCB0aW1lIGxvb2tpbmcgZm9yIHRoZSDigJxy
aWdodOKAnSBob29rIGFuZCBjb3VsZG7igJl0IGZpbmQgYW55dGhpbmcNCnJlYWxseSBzYXRpc2Z5
aW5nLiAgSWRlYWxseSwgSeKAmWQgd2FudCBhIGhvb2sgdGhhdCBydW5zIG9uIOKAmGZldGNo4oCZ
LCBmb3INCmVhY2ggbmV3IHJlZmVyZW5jZS4NCg0KSXMgcG9zdC1tZXJnZSBiZXR0ZXIgdGhhbiBw
b3N0LWNoZWNrb3V0PyAgZ2l0aG9va3MoNSkgc2F5cyDigJhwb3N0LW1lcmdl4oCZDQrigJxpcyBp
bnZva2VkIGJ5IGdpdC1tZXJnZSgxKSwgd2hpY2ggaGFwcGVucyB3aGVuIGEgZ2l0IHB1bGwgaXMg
ZG9uZSBvbiBhDQpsb2NhbCByZXBvc2l0b3J5LuKAnSAgSXMgaXQgYWN0dWFsbHkgaW52b2tlZCB3
aGVuIOKAmGdpdCBwdWxs4oCZIGRvZXMgKm5vdCoNCnRyaWdnZXIgYSBtZXJnZT8NCjwvcHJlPg0K
ICAgIDwvYmxvY2txdW90ZT4NCiAgICBUaGF0IGdhdmUgbWUgcGF1c2UgdG9vLCBidXQgSSB0ZXN0
ZWQgaXQgd2l0aCBhIHB1bGwgdGhhdCBjYXVzZWQgYQ0KICAgIGZhc3QtZm9yd2FyZCAobm8gc2Vw
YXJhdGUgbWVyZ2UgY29tbWl0KSBhbmQgaXQgc3RpbGwgcmFuIHRoZSBob29rLiBJDQogICAgbG9v
a2VkIGZvciBhIGBwb3N0LWZldGNoYCBob29rIGJ1dCBjb3VsZG4mIzM5O3QgZmluZCBvbmUsIEkg
YWdyZWUgdGhhdA0KICAgIHdvdWxkIGJlIGlkZWFsLjxzcGFuIHN0eWxlPSJ3aGl0ZS1zcGFjZTog
cHJlLXdyYXAiPg0KPC9zcGFuPg0KICAgIDxibG9ja3F1b3RlIHR5cGU9ImNpdGUiIGNpdGU9Im1p
ZDo4NzM0c200OGY1LmZzZkBnbnUub3JnIj48c3BhbiBzdHlsZT0id2hpdGUtc3BhY2U6IHByZS13
cmFwIj4NCjwvc3Bhbj48c3BhbiBzdHlsZT0id2hpdGUtc3BhY2U6IHByZS13cmFwIj4NCjwvc3Bh
bj4NCiAgICAgIDxwcmUgY2xhc3M9Im1vei1xdW90ZS1wcmUiIHdyYXA9IiI+VmVyeSBnb29kIHBv
aW50LiAgTm93LCB3aGF0IHdvdWxkIGl0IGxvb2sgbGlrZT8NCg0KQ3VycmVudGx5IHdlIGhhdmU6
DQoNCi0tOCZsdDstLS0tLS0tLS0tLS0tLS1jdXQgaGVyZS0tLS0tLS0tLS0tLS0tLXN0YXJ0LS0t
LS0tLS0tLS0tLSZndDs4LS0tDQpbZ3VpeCAmIzM0O2F1dGhlbnRpY2F0aW9uJiMzNDtdDQogICAg
ICAgIGludHJvZHVjdGlvbi1jb21taXQgPSA5ZWRiM2Y2NmZkODA3YjA5NmI0ODI4M2RlYmRjZGRj
Y2ZlYTM0YmFkDQogICAgICAgIGludHJvZHVjdGlvbi1zaWduZXIgPSBCQkIwIDJEREYgMkNFQSBG
NkE4IDBEMUQgIEU2NDMgQTJBMCA2REYyIEEzM0EgNTRGQQ0KICAgICAgICBrZXlyaW5nID0ga2V5
cmluZw0KLS04Jmx0Oy0tLS0tLS0tLS0tLS0tLWN1dCBoZXJlLS0tLS0tLS0tLS0tLS0tZW5kLS0t
LS0tLS0tLS0tLS0tJmd0OzgtLS0NCg0KVXNpbmcgdGhpcyBjb25maWd1cmF0aW9uIGZvcm1hdCwg
aXQgc2VlbXMgdGhlcmXigJlzIG5vIHJvb20gbGVmdCBmb3IgYQ0KYnJhbmNoIG5hbWUsIG9yIGFt
IEkgb3Zlcmxvb2tpbmcgc29tZXRoaW5nPw0KDQpPciB3ZSBjb3VsZCB0YWtlIHRoZSByaXNrIG9m
IHJlbW92aW5nIOKAmGd1aXjigJkgYW5kIG1ha2UgaXQ6DQoNCi0tOCZsdDstLS0tLS0tLS0tLS0t
LS1jdXQgaGVyZS0tLS0tLS0tLS0tLS0tLXN0YXJ0LS0tLS0tLS0tLS0tLSZndDs4LS0tDQpbYXV0
aGVudGljYXRpb24gJiMzNDttYXN0ZXImIzM0O10NCiAgICAgICAgaW50cm9kdWN0aW9uLWNvbW1p
dCA9IDllZGIzZjY2ZmQ4MDdiMDk2YjQ4MjgzZGViZGNkZGNjZmVhMzRiYWQNCiAgICAgICAgaW50
cm9kdWN0aW9uLXNpZ25lciA9IEJCQjAgMkRERiAyQ0VBIEY2QTggMEQxRCAgRTY0MyBBMkEwIDZE
RjIgQTMzQSA1NEZBDQogICAgICAgIGtleXJpbmcgPSBrZXlyaW5nDQotLTgmbHQ7LS0tLS0tLS0t
LS0tLS0tY3V0IGhlcmUtLS0tLS0tLS0tLS0tLS1lbmQtLS0tLS0tLS0tLS0tLS0mZ3Q7OC0tLQ0K
DQpXRFlUPw0KPC9wcmU+DQogICAgPC9ibG9ja3F1b3RlPg0KICAgIEhtbSwgSSBkaWRuJiMzOTt0
IHJlYWxpemUgdGhhdCBnaXQgbGltaXRlZCB0aGUgbnVtYmVyIG9mIGNvbXBvbmVudHMNCiAgICBh
dmFpbGFibGUgaW4gY29uZmlnIG5hbWVzLCBidXQgaXQgbG9va3MgbGlrZSB5b3UmIzM5O3JlIGNv
cnJlY3QgLSBteQ0KICAgIHN1Z2dlc3Rpb24gb2YgYXBwZW5kaW5nIGAuYnJhbmNoLW5hbWVgIGNh
dXNlZCBnaXQgdG8gcHJvZHVjZSBhbg0KICAgIGVycm9yIHRoYXQgdGhlIGNvbmZpZyB3YXMgaW52
YWxpZC48YnIvPg0KICAgIDxici8+DQogICAgQnV0IHdlIGRvbiYjMzk7dCBuZWNlc3NhcmlseSBu
ZWVkIGdpdCB0byBiZSBhd2FyZSBvZiB0aGUgc2VtYW50aWMNCiAgICBtZWFuaW5nIG9mIHRoZSBi
cmFuY2ggbmFtZSBzaW5jZSB0aGUgdmFsdWUgaXMgY2FsY3VsYXRlZCBieSB0aGUNCiAgICBndWls
ZSBzY3JpcHQuIFNvIHdlIGNvdWxkIGp1c3QgdXNlIGEgaHlwaGVuIGFzIGEgc2VwYXJhdG9yIGFu
ZCBoYXZlDQogICAgJiMzNDtpbnRyb2R1Y3Rpb24tY29tbWl0LW1hc3RlciYjMzQ7IGFuZCAmIzM0
O2ludHJvZHVjdGlvbi1jb21taXQtZmVhdHVyZSYjMzQ7IGFzDQogICAgc2VwYXJhdGUgdmFsdWVz
IHVucmVsYXRlZCB0byBlYWNoIG90aGVyIChhc2lkZSBmcm9tIGJlaW5nIGluIHRoZQ0KICAgICYj
MzQ7Z3VpeCBhdXRoZW50aWNhdGlvbiYjMzQ7IG5hbWVzcGFjZSkuPGJyLz4NCiAgICA8YnIvPg0K
ICAgIFJlZ2FyZHMsPGJyLz4NCiAgICBTa3lsZXI8YnIvPg0KICANCg0KPC9ib2R5PjwvaHRtbD4=


--b1_TjDQQ8TcN6tmUPyISJ6uAkGV8lm76kSzvVsEQWrI--

Message received at 69780 <at> debbugs.gnu.org:

Received: (at 69780) by debbugs.gnu.org; 20 Mar 2024 22:14:08 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Wed Mar 20 18:14:07 2024
Received: from localhost ([127.0.0.1]:36197 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1rn4CF-0002H7-Ei
	for submit <at> debbugs.gnu.org; Wed, 20 Mar 2024 18:14:07 -0400
Received: from wolfsden.cz ([37.205.8.62]:55064)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <~@wolfsden.cz>) id 1rn4CD-0002Gx-3W
 for 69780 <at> debbugs.gnu.org; Wed, 20 Mar 2024 18:14:07 -0400
Received: by wolfsden.cz (Postfix, from userid 104)
 id D2C132934D4; Wed, 20 Mar 2024 22:13:23 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=wolfsden.cz; s=mail;
 t=1710972803; bh=xk7IdY+tSDIoKmjAy5HVVc7C9gtCANzvwzs+8U9e2CU=;
 h=Date:From:To:Cc:Subject:References:In-Reply-To;
 b=b2RqyFk4D5wPltUdoVF5Z3B0yrc+7l738fv1xXRv0PI7tj4TgVP4SLXhid4Rwfi36
 r8fGu7WSFc7kH71G7gp2xZ4LXk0Ph27jGRmSmahlK3tAy94t9dG9KBON3nrwPtQ/wc
 BLcMF/s2nlo+r9yzi9MsErP8zjVW4JZVuEbQEVzFYShEPeQ8X3eZbvqT9XwWDpllkR
 OS/M+G6Q/bUQO47ntsRjnAXmbnj5epv+eh8KRSxcQitpct6HsgdgfgmqCLrVKciWLA
 KayQUwOMtK8rKepNb7Gukjx0bD+tXWwc49BR1fcisDXRuH8eDWpXljQATc54k+jfSV
 rL6EQrkTFnGyAiZfEbIQ9Dfe7hbSicSd7lLQGBvJ9o3pF58ILZDag3O1aNZuvSdFwK
 eRV2rLX2ZZY8Q5iHew1RU0tgQME4QYwJF+lZZjm3l8dJQ62Si5dTVawsQk+evdFUFR
 V1og0aFiGQK7GRsWd9rgh3ODyzwcahFi+JNxii3UL0Pb1UvBN4D1+tlKr1epBvqD1U
 NyARnxNyEa+UThpF+shtwdt+CPweSqg2J6EP9TSxFZMIioFLU9pNznjtEpC7VhIAhh
 Jgx5NaaFDrsAJg+clUjWh3G1MtelGzybzbjvDKVvSF2bV5L8BuaXzX8x8IwRhFMq2S
 OPtoJYX55q76gs+vemACM3EQ=
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on wolfsden
X-Spam-Level: 
X-Spam-Status: No, score=-1.2 required=5.0 tests=ALL_TRUSTED,DKIM_SIGNED,
 DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,T_SCC_BODY_TEXT_LINE,
 URIBL_BLOCKED autolearn=unavailable autolearn_force=no version=3.4.6
Received: from localhost (unknown [81.17.16.82])
 by wolfsden.cz (Postfix) with ESMTPSA id D64E4294532;
 Wed, 20 Mar 2024 22:13:22 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=wolfsden.cz; s=mail;
 t=1710972802; bh=xk7IdY+tSDIoKmjAy5HVVc7C9gtCANzvwzs+8U9e2CU=;
 h=Date:From:To:Cc:Subject:References:In-Reply-To;
 b=EI43X+gzuHGhGhDeQ5rinDhj5DvxmOYiuLzsXYSSQFVJyt9AkIRVfV877boNfAwWC
 PUOrd5gLlPDC9aDh6uH4/5BkwkSFITiFxKyPTDGTOIhpBxH8FEe35t4faDWbLLlUlL
 ofNN2GCff8k1b2Y+03lIuXZ+lu/PxqWy+mQpsg6sOMTmbi6p4y5/Rwt3COZ9+iSyYh
 9ONOiQBu9sr/Llo6T+LkXUI4M0ZR93kPLheLITPVD4SGQzc9QGuiEaauaBCKp8IrBE
 jzV18C9V1P7lVaAyLLBn7VpllqP6P1Ui8Fflh87bHBAB18zsv2BVxHRcEjdC1HzUpx
 X4xBJEIBqjssreh70dvYRTvxAaYTFysVkvZqd7/uxdonyfdJgdy4wTtsTxhwHAn6gj
 P/AMx8vEy56OYAbTK2zfygfJWNWMKh7CziRGJ21p7abjPoBUdrWr7kjFokgbnwoVGc
 f81g6NZuWxPkYUOieY2bNjGxNSlzTkpsKavaaMRo66oOwz0+UkM/Ltq9nxReQaQGGQ
 +9qUBwGfnOWbnE8Tv13g3JU9pWy1xTGYQWCD6IxK7UEiKWkxSuB/5ZHbBBX8IAMw6d
 UGNBbtDHYbv1LRezerEQ6IqkuSHgGbebAV2BltwIDoghR6dZ5xoefdC63vTjLdNLf6
 dQasX3Jcv57aRo4ZmhxKjwB0=
Date: Wed, 20 Mar 2024 23:13:22 +0100
From: Tomas Volf <~@wolfsden.cz>
To: Ludovic =?iso-8859-1?Q?Court=E8s?= <ludo@HIDDEN>
Subject: Re: [bug#69780] [PATCH 1/4] =?utf-8?Q?git_?=
 =?utf-8?Q?authenticate=3A_Record_introduction_and_keyring_in_=E2=80=98=2E?=
 =?utf-8?B?Z2l0L2NvbmZpZ+KAmS4=?=
Message-ID: <ZftfgnWRf3Gz61sJ@ws>
References: <cover.1710351278.git.ludo@HIDDEN>
 <40858e56cf55b27711d23add5f3cd2ccc6ea5c58.1710351278.git.ludo@HIDDEN>
 <ZfYIVJRAq3-8VG-N@ws> <87sf0m4a9s.fsf@HIDDEN>
 <87frwk28ms.fsf@HIDDEN>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha512;
 protocol="application/pgp-signature"; boundary="F9nWdP19H3XWVgkX"
Content-Disposition: inline
In-Reply-To: <87frwk28ms.fsf@HIDDEN>
X-Spam-Score: -0.0 (/)
X-Debbugs-Envelope-To: 69780
Cc: 69780 <at> debbugs.gnu.org
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -1.0 (-)


--F9nWdP19H3XWVgkX
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On 2024-03-20 17:03:23 +0100, Ludovic Court=C3=A8s wrote:
> Hi,
>
> Ludovic Court=C3=A8s <ludo@HIDDEN> skribis:
>
> > Tomas Volf <~@wolfsden.cz> skribis:
> >
> >>> +(define* (record-configuration repository
> >>> +                               #:key commit signer keyring-reference)
> >>> +  "Record COMMIT, SIGNER, and KEYRING-REFERENCE in the 'config' file=
 of
> >>> +REPOSITORY."
> >>> +  (define directory
> >>> +    (repository-directory repository))
> >>> +
> >>> +  (define config-file
> >>> +    (in-vicinity directory "config"))
> >>
> >> I do not think this will work with worktrees.  It will create the conf=
ig file in
> >> the worktree's git directory, but that file will be ignored by git.
> >>
> >>     scheme@(guile-user)> (repository-discover "/home/xx/src/guix-wt/pa=
tch-1")
> >>     $7 =3D "/home/xx/src/guix/.git/worktrees/orig/"
> >>     scheme@(guile-user)> (repository-open $7)
> >>     $8 =3D #<git-repository 128cbe0>
> >>     scheme@(guile-user)> (repository-directory $8)
> >>     $9 =3D "/home/xx/src/guix/.git/worktrees/orig/"
> >>     scheme@(guile-user)> (in-vicinity $9 "config")
> >>     $10 =3D "/home/xx/src/guix/.git/worktrees/orig/config"
> >>
> >> The $10 should be "/home/xx/src/guix/.git/config" instead.
> >
> > Damn it.  So hmm, I can see two options:
> >
> >   1. Add more bindings to (git config) in Guile-Git so we can populate
> >      that file =E2=80=9Cthe right way=E2=80=9D.  But then we=E2=80=99ll=
 have to require that
> >      newer version of Guile-Git.
> >
> >   2. Bail out when the =E2=80=98.git/config=E2=80=99 isn=E2=80=99t foun=
d, as in the case of
> >      worktrees; we can change that to use the proper (git config)
> >      eventually.
> >
> > Maybe we should go straight to #1 though.  Thoughts?
>
> Done:
>
>   https://gitlab.com/guile-git/guile-git/-/commit/b3be1dd752682b2b6c9a7c1=
1ccdbfc0f0b5cf4e7
>   https://gitlab.com/guile-git/guile-git/-/commit/d38c09230467ca5cca7faab=
b0c3a43c61a1e2c05

Oh, that looks really nice.

>
> I can cut a new Guile-Git release soonish and we=E2=80=99d use these new
> bindings.
>
> The only open issue left is branches: how to configure different
> introductions for different branches.  I=E2=80=99m all ears!

Right, so I have few ideas, not sure if they are any good though.  And I my=
self
am not really sure which one I like the most, so...

0. Not care about it.  Since the explicit values override the stored ones, =
my
scripting will still work.

1. Record the success only when on the master branch.  That assumes that *m=
ost*
branches will share authentication parameters with the master.  That holds =
for
my repository (only orig-master branch differs), not sure if generally.

2. Store authentication per branch (guix.authentication.BRANCH. prefix) and
periodically clean up stale configuration (if BRANCH no longer exist, delet=
e all
config for it).

3. Add guix.authenticate.do-not-record config defaulting to false.  That wo=
uld
allow people like me to just turn if off.

4. Store the authentication on *each* success, so last-wins approach.

5. Expand the 2. to allow pattern (regex? or at least list of branches), so=
 I
(as a user) could configure (using git config) which branch should use diff=
erent
authentication from the globally recorded "default" from master branch (see=
 1.).

The problem here is that any possible "smart" solution leaves something to =
be
desired.  Either it is not automated enough (new branches are unconfigured)=
, or
it is too magical (new branches inherit the config from... something).  5. =
is
probably the most flexible and covering edge cases, but will not be exactly
one-line change.

Hm, now when I read it after myself, maybe it is just not a problem worth
solving.  All of these are likely to complicate the code quite a bit.  Not =
sure.

Dunno, was this of any help? :)

Tomas

--
There are only two hard things in Computer Science:
cache invalidation, naming things and off-by-one errors.

--F9nWdP19H3XWVgkX
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEt4NJs4wUfTYpiGikL7/ufbZ/wakFAmX7X4IACgkQL7/ufbZ/
wakTZxAAkmZPJ8ZQ5lb4ljkSfxJWx+9XPLbe5xg40Rjm2gS6n2+DO7LfLufMubeY
PmXgzoibdHPDjWqEbp2L+wXJW9VLjhpZAFD9lac1OnDgUN7pW0njTbyZ62YbJQun
WgNGVProeMNm9bvoypb1jpvLYHzBkFsBEPVeeGuDliVu1jFcA68Nr4ck+2Zpy8ii
U3LM2gGO3GCOYu5Qn2FiHPjiLIjaZojF0v0InSwlmkd1V4zkU8xY9nskepOF/UOo
JCnQ1IMZnDPUverYTWCKfUq6RdIGdjkovAVrpdedYtyvjphhETA7bd0HNdeFCBNF
gU84AyyOZdwtxRgrQ4tTHmxdME5cOj97WIDp9AP2WJR1sxU3HFM/dfR340vkBO8G
7j46MAC7OtD6gZsObVBMsi6DcjDT2aKQluheap9jpHeZKAX6qr/B6BBEtRC1/Ysb
qBa2qbKXB4mE1tMmTnvtPwkLNk0dt1W27KueWGcfz86SV2BdVjiw+FhkL66co33D
T6QCIY9VkZgccC5dnVXnBGEquEtF3MrbxPFyT3PAbQzSHgSTpNThElm5BlIyEtHQ
trGguxY5AbUFClcTcwgZPM3UHtGbX+hRqPVDsmipnIDE9kTo1ZsFtjrKGXaiiOt4
FHcJaZg4qLGgKvhldxQRka2xPehTBjdXIdMW0MDHtZtDS0EhB8c=
=X5II
-----END PGP SIGNATURE-----

--F9nWdP19H3XWVgkX--

Message received at 69780 <at> debbugs.gnu.org:

Received: (at 69780) by debbugs.gnu.org; 20 Mar 2024 16:06:25 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Wed Mar 20 12:06:25 2024
Received: from localhost ([127.0.0.1]:48974 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1rmySO-0000cI-PB
	for submit <at> debbugs.gnu.org; Wed, 20 Mar 2024 12:06:25 -0400
Received: from eggs.gnu.org ([209.51.188.92]:53016)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <ludo@HIDDEN>) id 1rmySL-0000c3-VW
 for 69780 <at> debbugs.gnu.org; Wed, 20 Mar 2024 12:06:23 -0400
Received: from fencepost.gnu.org ([2001:470:142:3::e])
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <ludo@HIDDEN>)
 id 1rmyPW-00019I-SO; Wed, 20 Mar 2024 12:03:26 -0400
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org;
 s=fencepost-gnu-org; h=MIME-Version:Date:References:In-Reply-To:Subject:To:
 From; bh=LHuwsTddY32M5g2n2z8DZIhwGj95xQWPkEAfdldEGKM=; b=pdDHa7NpLJRRWcdfBEDR
 eMRMVR8hCQ7Hq17XqMQyHU+oJ5o9uvVuPEI+oF7XPNLXMm+uSBomgo7Qgl6IPtkYrHAFg5x6vb4qV
 4jb7tRB7qUtCvOSFx5sVdG5EAJzpvufQM/wail1y/sMkQ9pNaoF1t8wFjGyROSEtGhKh367oJ5ARV
 T6f6VwvogqXVXtZADCbo9Cn0w5Ux4kHFVbkSVE7QUcNgD4VcexU/zXtiP9JSc2rl3so2pGd/RYjdf
 NLz+bbUW4Hare9ujIra2SDggZVJ4M1aQqi7cIMjjuiWWufIpyHgYLpBV6QuOQhV/4pjOk+Us472sl
 s5B1BfewSehAQw==;
From: =?utf-8?Q?Ludovic_Court=C3=A8s?= <ludo@HIDDEN>
To: Tomas Volf <~@wolfsden.cz>
Subject: Re: [bug#69780] [PATCH 1/4] git authenticate: Record introduction
 and keyring in =?utf-8?Q?=E2=80=98=2Egit=2Fconfig=E2=80=99=2E?=
In-Reply-To: <87sf0m4a9s.fsf@HIDDEN> ("Ludovic =?utf-8?Q?Court=C3=A8s=22'?=
 =?utf-8?Q?s?= message of "Tue, 19 Mar 2024 14:32:47 +0100")
References: <cover.1710351278.git.ludo@HIDDEN>
 <40858e56cf55b27711d23add5f3cd2ccc6ea5c58.1710351278.git.ludo@HIDDEN>
 <ZfYIVJRAq3-8VG-N@ws> <87sf0m4a9s.fsf@HIDDEN>
Date: Wed, 20 Mar 2024 17:03:23 +0100
Message-ID: <87frwk28ms.fsf@HIDDEN>
User-Agent: Gnus/5.13 (Gnus v5.13)
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
X-Spam-Score: -2.3 (--)
X-Debbugs-Envelope-To: 69780
Cc: 69780 <at> debbugs.gnu.org
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -3.3 (---)

Hi,

Ludovic Court=C3=A8s <ludo@HIDDEN> skribis:

> Tomas Volf <~@wolfsden.cz> skribis:
>
>>> +(define* (record-configuration repository
>>> +                               #:key commit signer keyring-reference)
>>> +  "Record COMMIT, SIGNER, and KEYRING-REFERENCE in the 'config' file of
>>> +REPOSITORY."
>>> +  (define directory
>>> +    (repository-directory repository))
>>> +
>>> +  (define config-file
>>> +    (in-vicinity directory "config"))
>>
>> I do not think this will work with worktrees.  It will create the config=
 file in
>> the worktree's git directory, but that file will be ignored by git.
>>
>>     scheme@(guile-user)> (repository-discover "/home/xx/src/guix-wt/patc=
h-1")
>>     $7 =3D "/home/xx/src/guix/.git/worktrees/orig/"
>>     scheme@(guile-user)> (repository-open $7)
>>     $8 =3D #<git-repository 128cbe0>
>>     scheme@(guile-user)> (repository-directory $8)
>>     $9 =3D "/home/xx/src/guix/.git/worktrees/orig/"
>>     scheme@(guile-user)> (in-vicinity $9 "config")
>>     $10 =3D "/home/xx/src/guix/.git/worktrees/orig/config"
>>
>> The $10 should be "/home/xx/src/guix/.git/config" instead.
>
> Damn it.  So hmm, I can see two options:
>
>   1. Add more bindings to (git config) in Guile-Git so we can populate
>      that file =E2=80=9Cthe right way=E2=80=9D.  But then we=E2=80=99ll h=
ave to require that
>      newer version of Guile-Git.
>
>   2. Bail out when the =E2=80=98.git/config=E2=80=99 isn=E2=80=99t found,=
 as in the case of
>      worktrees; we can change that to use the proper (git config)
>      eventually.
>
> Maybe we should go straight to #1 though.  Thoughts?

Done:

  https://gitlab.com/guile-git/guile-git/-/commit/b3be1dd752682b2b6c9a7c11c=
cdbfc0f0b5cf4e7
  https://gitlab.com/guile-git/guile-git/-/commit/d38c09230467ca5cca7faabb0=
c3a43c61a1e2c05

I can cut a new Guile-Git release soonish and we=E2=80=99d use these new
bindings.

The only open issue left is branches: how to configure different
introductions for different branches.  I=E2=80=99m all ears!

Ludo=E2=80=99.

Message received at 69780 <at> debbugs.gnu.org:

Received: (at 69780) by debbugs.gnu.org; 19 Mar 2024 14:13:56 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Tue Mar 19 10:13:56 2024
Received: from localhost ([127.0.0.1]:50993 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1rmaDw-00040S-EI
	for submit <at> debbugs.gnu.org; Tue, 19 Mar 2024 10:13:56 -0400
Received: from eggs.gnu.org ([209.51.188.92]:60948)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <ludo@HIDDEN>) id 1rmaDp-0003zd-Oq
 for 69780 <at> debbugs.gnu.org; Tue, 19 Mar 2024 10:13:51 -0400
Received: from fencepost.gnu.org ([2001:470:142:3::e])
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <ludo@HIDDEN>)
 id 1rmaD2-0002UI-Iy; Tue, 19 Mar 2024 10:12:57 -0400
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org;
 s=fencepost-gnu-org; h=MIME-Version:Date:References:In-Reply-To:Subject:To:
 From; bh=ozDcReHTikOLG5FmTNR2IdQo6QGME83kA6GRsdVDLVI=; b=kas3uznJRq9m4GAma1dT
 BEgccqz9p8CF0piYWta88EyhBNcvCwcSxAKBxLX5CVc0iG23Gus90Z8419br5zE0hb4W0AYUbIOn6
 FQH7cqpOLGCi9t1tzU4iuNgFw+smiMv7AwJWUW5ZVWChe1PyoW63qYks+/GRW5cdbnjj3LSPv9RaW
 xn4xtL32w7zP1ChgXl7AizJvtCye5NNEkODir7PBqXfCvU1TMUBmtBSLaL7OxABKsk+W/WzhGjAZB
 PRLtqW9jXxRGQiIszCpFw3KASXoPaNQNJpAZy1TuwAPqbteJWKnALBQnYS9hxLw+QG70lzzoH9zMq
 Xw0L1lVVy4McpA==;
From: =?utf-8?Q?Ludovic_Court=C3=A8s?= <ludo@HIDDEN>
To: Skyler Ferris <skyvine@HIDDEN>
Subject: Re: [bug#69780] [PATCH 4/4] DRAFT news: Add entry for
 =?utf-8?Q?=E2=80=98guix?= git
 =?utf-8?Q?authenticate=E2=80=99?= changes.
In-Reply-To: <73ead80c-9159-4e03-b2a7-68434cade060@HIDDEN> (Skyler
 Ferris's message of "Fri, 15 Mar 2024 00:58:03 +0000")
References: <cover.1710351278.git.ludo@HIDDEN>
 <e1e5ac9fc790e58a2496d46ccefb5e72daa91e19.1710351278.git.ludo@HIDDEN>
 <73ead80c-9159-4e03-b2a7-68434cade060@HIDDEN>
Date: Tue, 19 Mar 2024 15:12:46 +0100
Message-ID: <8734sm48f5.fsf@HIDDEN>
User-Agent: Gnus/5.13 (Gnus v5.13)
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
X-Spam-Score: -2.3 (--)
X-Debbugs-Envelope-To: 69780
Cc: 69780 <at> debbugs.gnu.org, Julien Lepiller <julien@HIDDEN>,
 Florian Pelz <pelzflorian@HIDDEN>
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -3.3 (---)

Hi Skyler,

Skyler Ferris <skyvine@HIDDEN> skribis:

>> +  (if (or (file-exists? pre-push-hook)
>> +          (file-exists? fpost-checkout-hook))
>> +      (begin
>> +        (warning (G_ "not overriding pre-existing hooks '~a' and '~a'~%=
")
>> +                 pre-push-hook post-checkout-hook)
>> +        (display-hint (G_ "Consider running @command{guix git authentic=
ate}
>> +from your pre-push and update hooks so your repository is automatically
>> +authenticated before you push or receive updates.")))
>
> When the developer builds guix a pre-push hook is already installed,
> from etc/git/pre-push.

Right.  Like I wrote when replying to Tomas, I view this as a helper
primarily for people outside Guix itself, because Guix already has its
own hooks installed as you write.

We could discuss what to do with Guix=E2=80=99s own hooks, but to me that=
=E2=80=99s a
separate issue.

>> +  (define post-checkout-hook
>> +    (in-vicinity directory "hooks/post-checkout"))
>
> The post-checkout hook does not run when `git pull` is called. Instead, t=
he post-merge hook is called. Note that post-merge does not receive the sam=
e set of arguments as post-checkout. I had success replacing "$newrev" with=
 "$(git rev-parse HEAD)". We could leave out the value completely for post-=
merge because the script will use HEAD by default if no end is given. But m=
aybe we don't want to rely on default behavior for a script that will not b=
e automatically updated with the tool.
>
> I can think of more ways that a developer could end up on a new commit. F=
or example, running `git fetch` followed by `git reset --hard`. I'm not sur=
e if it makes to support every possible case because that could get complic=
ated very quickly. But git pull is the most common way to get updates (at l=
east in my experience, which could have a sample bias) so I think it makes =
sense to at least support that.

I spent time looking for the =E2=80=9Cright=E2=80=9D hook and couldn=E2=80=
=99t find anything
really satisfying.  Ideally, I=E2=80=99d want a hook that runs on =E2=80=98=
fetch=E2=80=99, for
each new reference.

Is post-merge better than post-checkout?  githooks(5) says =E2=80=98post-me=
rge=E2=80=99
=E2=80=9Cis invoked by git-merge(1), which happens when a git pull is done =
on a
local repository.=E2=80=9D  Is it actually invoked when =E2=80=98git pull=
=E2=80=99 does *not*
trigger a merge?

>> +while read local_ref local_oid remote_ref remote_oid
>> +do
>> +  guix git authenticate --end=3D\"$local_ref\"
>> +done\n")
>
> I believe this should be "$local_oid", not "$local_ref".

Oops, noted.

>> +(define (configured-introduction repository)
>> +  "Return two values: the commit and signer fingerprint (strings) as
>> +configured in REPOSITORY.  Error out if one or both were missing."
>> +  (let* ((config (repository-config repository))
>> +         (commit (config-value config "guix.authentication.introduction=
-commit"))
>> +         (signer (config-value config "guix.authentication.introduction=
-signer")))
>> +    (unless (and commit signer)
>> +      (leave (G_ "unknown introductory commit and signer~%")))
>> +    (values commit signer)))
>
> I am wondering how this would work if somebody is working with multiple b=
ranches, in particular if they do not all use the same introduction. Maybe =
that doesn't need to be addressed in this patch series but it might be easi=
er to address it in the future if the branch name was included in the confi=
g file instead assuming that a specific introduction applies to every branc=
h in a given checkout (for example, by using "guix.authentication.introduct=
ion-commit.branch-name"). This is probably more relevant to external users =
of the tool than to the guix repository itself. The logistics of using unre=
lated branches simultaneously seems complicated and not very helpful, espec=
ially when channels are such an appealing alternative. But it could be usef=
ul for other projects.

Very good point.  Now, what would it look like?

Currently we have:

--8<---------------cut here---------------start------------->8---
[guix "authentication"]
        introduction-commit =3D 9edb3f66fd807b096b48283debdcddccfea34bad
        introduction-signer =3D BBB0 2DDF 2CEA F6A8 0D1D  E643 A2A0 6DF2 A3=
3A 54FA
        keyring =3D keyring
--8<---------------cut here---------------end--------------->8---

Using this configuration format, it seems there=E2=80=99s no room left for a
branch name, or am I overlooking something?

Or we could take the risk of removing =E2=80=98guix=E2=80=99 and make it:

--8<---------------cut here---------------start------------->8---
[authentication "master"]
        introduction-commit =3D 9edb3f66fd807b096b48283debdcddccfea34bad
        introduction-signer =3D BBB0 2DDF 2CEA F6A8 0D1D  E643 A2A0 6DF2 A3=
3A 54FA
        keyring =3D keyring
--8<---------------cut here---------------end--------------->8---

WDYT?

Thanks for your feedback!

Ludo=E2=80=99.

Message received at 69780 <at> debbugs.gnu.org:

Received: (at 69780) by debbugs.gnu.org; 19 Mar 2024 14:03:46 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Tue Mar 19 10:03:46 2024
Received: from localhost ([127.0.0.1]:50920 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1rma4A-00035e-Ax
	for submit <at> debbugs.gnu.org; Tue, 19 Mar 2024 10:03:46 -0400
Received: from eggs.gnu.org ([209.51.188.92]:54142)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <ludo@HIDDEN>) id 1rma48-00035L-CH
 for 69780 <at> debbugs.gnu.org; Tue, 19 Mar 2024 10:03:45 -0400
Received: from fencepost.gnu.org ([2001:470:142:3::e])
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <ludo@HIDDEN>)
 id 1rma3M-0007OJ-LO; Tue, 19 Mar 2024 10:02:56 -0400
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org;
 s=fencepost-gnu-org; h=MIME-Version:Date:References:In-Reply-To:Subject:To:
 From; bh=Wges0L1X1gXDUKO3G0ybkh/FM066BvvakBI3/D0WgOo=; b=ZNMALnQl+g9DW76pgHa0
 3BUjxq4M5d4VEohkkC2ojGMSLJwI+MDgIvFFz34bYBLjgClH+cy0zmF3jDbYnDn6yuw2/FkZzpTcd
 GiZ1DN5gyQ5QsT/cNHZXVkcmfNjGum4l5mCsWcDYuczPavY+1GOiwzih5emJ9kIHvFa1uh85t9enQ
 CmF9nISiPhjH194Je9t6Bwgtk4czUFjv4B/97Frhz0ozl7dkp+vvzFpA1SOtaNTddQCmW40YRhrot
 3i/oM14QKeNBqYm7acdsNy3VmafEnK+U1SroeTLcP17laJpO8gE2+rwL8x/r1wVWlxz+fPLaLJHdA
 H6YG7Je07DzjKA==;
From: =?utf-8?Q?Ludovic_Court=C3=A8s?= <ludo@HIDDEN>
To: "pelzflorian (Florian Pelz)" <pelzflorian@HIDDEN>
Subject: Re: [bug#69780] [PATCH 4/4] DRAFT news: Add entry for
 =?utf-8?Q?=E2=80=98guix?= git
 =?utf-8?Q?authenticate=E2=80=99?= changes.
In-Reply-To: <87o7bgq32c.fsf@HIDDEN> (pelzflorian@HIDDEN's
 message of "Thu, 14 Mar 2024 15:51:39 +0100")
References: <cover.1710351278.git.ludo@HIDDEN>
 <e1e5ac9fc790e58a2496d46ccefb5e72daa91e19.1710351278.git.ludo@HIDDEN>
 <87o7bgq32c.fsf@HIDDEN>
Date: Tue, 19 Mar 2024 15:02:54 +0100
Message-ID: <87cyrq48vl.fsf@HIDDEN>
User-Agent: Gnus/5.13 (Gnus v5.13)
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
X-Spam-Score: -2.3 (--)
X-Debbugs-Envelope-To: 69780
Cc: 69780 <at> debbugs.gnu.org, Julien Lepiller <julien@HIDDEN>
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -3.3 (---)

Hi!

"pelzflorian (Florian Pelz)" <pelzflorian@HIDDEN> skribis:

> Haven=E2=80=99t tested, but looks like now I won=E2=80=99t get confused w=
hich guix git
> authenticate command from my bash history is the right one for which
> repository. :)

Heheh.  :-)

> Could you add this German translation:

Will do, thanks!

Ludo=E2=80=99.

Message received at 69780 <at> debbugs.gnu.org:

Received: (at 69780) by debbugs.gnu.org; 19 Mar 2024 14:03:21 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Tue Mar 19 10:03:21 2024
Received: from localhost ([127.0.0.1]:50914 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1rma3k-00033k-UM
	for submit <at> debbugs.gnu.org; Tue, 19 Mar 2024 10:03:21 -0400
Received: from eggs.gnu.org ([209.51.188.92]:55072)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <ludo@HIDDEN>) id 1rma3f-00032W-52
 for 69780 <at> debbugs.gnu.org; Tue, 19 Mar 2024 10:03:19 -0400
Received: from fencepost.gnu.org ([2001:470:142:3::e])
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <ludo@HIDDEN>)
 id 1rma2v-0007KK-Nx; Tue, 19 Mar 2024 10:02:29 -0400
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org;
 s=fencepost-gnu-org; h=MIME-Version:Date:References:In-Reply-To:Subject:To:
 From; bh=G59/4ha7Dh2Id1eJ8FUszRK46dVtLzIIdj0xSHX/ius=; b=sdQWMVZDa+ZjSvb48eQq
 PcwoeBvdRxxsuDOk7QrLjr4PWwabERpWRpRKq0vCptx+ngDB9PHiul4illrV2QbxjsfdRCoFqIS2E
 J5WyzTozT5n7QiwTA63KTCda+UBYNkne3Jlt5rqSbqogmGlQlpq5wPJTte45Dha1EWC8oUFRwlbrM
 kVmTN7nGSl34Y2DxEU1oWmMgHcM6J+D8vCVfYsyZpQ9bMQDFAWosU/NbqLiIwoVkyYTBBQ0DX75Gp
 wu1udOI00u1ghhMIOj4i0TghqirSHCL0MNJ7WuufiSL8k7aQrkYbwtl92z7JmVemuewcF8o7r2Q9l
 PKVHcIw0jfQtRA==;
From: =?utf-8?Q?Ludovic_Court=C3=A8s?= <ludo@HIDDEN>
To: Tomas Volf <~@wolfsden.cz>
Subject: Re: [bug#69780] [PATCH 3/4] git authenticate: Install pre-push and
 post-checkout hooks.
In-Reply-To: <ZfYKgIcaEyNANVOU@ws> (Tomas Volf's message of "Sat, 16 Mar 2024
 22:09:20 +0100")
References: <cover.1710351278.git.ludo@HIDDEN>
 <6a556beb2566aa401d5064049e136ff2a7669b63.1710351278.git.ludo@HIDDEN>
 <ZfYKgIcaEyNANVOU@ws>
Date: Tue, 19 Mar 2024 15:02:11 +0100
Message-ID: <87h6h248ws.fsf@HIDDEN>
User-Agent: Gnus/5.13 (Gnus v5.13)
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
X-Spam-Score: -2.3 (--)
X-Debbugs-Envelope-To: 69780
Cc: 69780 <at> debbugs.gnu.org
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -3.3 (---)

Tomas Volf <~@wolfsden.cz> skribis:

> On 2024-03-13 18:42:21 +0100, Ludovic Court=C3=A8s wrote:
>> * guix/scripts/git/authenticate.scm (install-hooks): New procedure.
>> (guix-git-authenticate): Use it.
>> * doc/guix.texi (Invoking guix git authenticate): Document it.
>>
>> Change-Id: I4464a33193186e85b476a12740e54412bd58429c

[...]

>> +  (define directory
>> +    (repository-directory repository))
>> +
>> +  (define pre-push-hook
>> +    (in-vicinity directory "hooks/pre-push"))
>> +
>> +  (define post-checkout-hook
>> +    (in-vicinity directory "hooks/post-checkout"))
>
> I think these will not work with worktrees.

Right.  I=E2=80=99m not sure Guile-Git can help here.

>> +while read local_ref local_oid remote_ref remote_oid
>> +do
>> +  guix git authenticate --end=3D\"$local_ref\"
>
> Am I right in believing that the --end does solve #69541?  Shame it (--en=
d) is
> not documented in the --help.

Indeed, I=E2=80=99ll add it.

>> +done\n")
>> +            (chmod port #o755)))
>
> What is role of etc/git/pre-push now?  Should it be removed?  Should it be
> updated to run this code instead?

We could discuss it, but this is orthogonal.  The changes here are meant
for broad usage of =E2=80=98guix git authenticate=E2=80=99, not (or not jus=
t) within
Guix.

Ludo=E2=80=99.

Message received at 69780 <at> debbugs.gnu.org:

Received: (at 69780) by debbugs.gnu.org; 19 Mar 2024 13:33:39 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Tue Mar 19 09:33:39 2024
Received: from localhost ([127.0.0.1]:49461 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1rmZb0-0000L5-TP
	for submit <at> debbugs.gnu.org; Tue, 19 Mar 2024 09:33:39 -0400
Received: from eggs.gnu.org ([209.51.188.92]:35238)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <ludo@HIDDEN>) id 1rmZax-0000KA-IM
 for 69780 <at> debbugs.gnu.org; Tue, 19 Mar 2024 09:33:37 -0400
Received: from fencepost.gnu.org ([2001:470:142:3::e])
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <ludo@HIDDEN>)
 id 1rmZaE-0001Tx-KN; Tue, 19 Mar 2024 09:32:50 -0400
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org;
 s=fencepost-gnu-org; h=MIME-Version:Date:References:In-Reply-To:Subject:To:
 From; bh=vzyl/t1DwN8w2qlmLoqzMQcuqog/HEwoFOUSEET3H8o=; b=b3xZrqbxYsOsgWbmH+3Z
 +Z30sniFluUjXMgHpcEA26j4rEDXErMV+bN1Kv7YbeoNKX9RGThG+Y+rCKBRfr9QphRLmkyvPNKQc
 TxV3/23en1b4WR89Q27H9HWZBiO7PTxcAQQT3wqEE0PyI7gnmnnSYOXGq2+6m6/IMZ0cgtre75LtF
 322xpVs3in7Br6cZ64PcomABo3CI8hdcEX9/rWt5VedwU1SqRmbEGki3vdAbcxb90QenoEu+uTD6p
 w/6dj0yGLvtysyvfzekLuxA4P/r4xuNMW/c0YfTy8/zNoYz7Efb+GdzUxIRccnNXVSnlDUogJTUTT
 l/3Rzl+lrNBAGQ==;
From: =?utf-8?Q?Ludovic_Court=C3=A8s?= <ludo@HIDDEN>
To: Tomas Volf <~@wolfsden.cz>
Subject: Re: [bug#69780] [PATCH 1/4] git authenticate: Record introduction
 and keyring in =?utf-8?Q?=E2=80=98=2Egit=2Fconfig=E2=80=99=2E?=
In-Reply-To: <ZfYIVJRAq3-8VG-N@ws> (Tomas Volf's message of "Sat, 16 Mar 2024
 22:00:04 +0100")
References: <cover.1710351278.git.ludo@HIDDEN>
 <40858e56cf55b27711d23add5f3cd2ccc6ea5c58.1710351278.git.ludo@HIDDEN>
 <ZfYIVJRAq3-8VG-N@ws>
Date: Tue, 19 Mar 2024 14:32:47 +0100
Message-ID: <87sf0m4a9s.fsf@HIDDEN>
User-Agent: Gnus/5.13 (Gnus v5.13)
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
X-Spam-Score: -2.3 (--)
X-Debbugs-Envelope-To: 69780
Cc: 69780 <at> debbugs.gnu.org
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -3.3 (---)

Hi Tomas!

Tomas Volf <~@wolfsden.cz> skribis:

>> +(define* (record-configuration repository
>> +                               #:key commit signer keyring-reference)
>> +  "Record COMMIT, SIGNER, and KEYRING-REFERENCE in the 'config' file of
>> +REPOSITORY."
>> +  (define directory
>> +    (repository-directory repository))
>> +
>> +  (define config-file
>> +    (in-vicinity directory "config"))
>
> I do not think this will work with worktrees.  It will create the config =
file in
> the worktree's git directory, but that file will be ignored by git.
>
>     scheme@(guile-user)> (repository-discover "/home/xx/src/guix-wt/patch=
-1")
>     $7 =3D "/home/xx/src/guix/.git/worktrees/orig/"
>     scheme@(guile-user)> (repository-open $7)
>     $8 =3D #<git-repository 128cbe0>
>     scheme@(guile-user)> (repository-directory $8)
>     $9 =3D "/home/xx/src/guix/.git/worktrees/orig/"
>     scheme@(guile-user)> (in-vicinity $9 "config")
>     $10 =3D "/home/xx/src/guix/.git/worktrees/orig/config"
>
> The $10 should be "/home/xx/src/guix/.git/config" instead.

Damn it.  So hmm, I can see two options:

  1. Add more bindings to (git config) in Guile-Git so we can populate
     that file =E2=80=9Cthe right way=E2=80=9D.  But then we=E2=80=99ll hav=
e to require that
     newer version of Guile-Git.

  2. Bail out when the =E2=80=98.git/config=E2=80=99 isn=E2=80=99t found, a=
s in the case of
     worktrees; we can change that to use the proper (git config)
     eventually.

Maybe we should go straight to #1 though.  Thoughts?

>> +  (call-with-port (open-file config-file "a")
>> +    (lambda (port)
>> +      (format port "
>> +# Added by 'guix git authenticate'.
>> +[guix \"authentication\"]
>> +        introduction-commit =3D ~a
>> +        introduction-signer =3D ~a
>> +        keyring =3D ~a~%"
>> +              commit signer keyring-reference)))
>
> I guess these specific values might not need any escaping?  But the escap=
ing
> (and the previous problem) would be solved by just shelling out to the `g=
it
> config --local ...' to set the value.  Something to consider.

No escaping is needed in this case.  Things will be even clearer if/when
we switch to (git config).

>> +       (unless (configured? repository)
>> +         (record-configuration repository
>> +                               #:commit commit #:signer signer
>> +                               #:keyring-reference keyring))
>
> Hm, so this records the information only on the very first successful
> authentication?

Right.

> So if I re-run with different values (e.g. I am creating a new channel
> and `git commit --amend'-ed after checking the authorization), I am
> stuck with the (now) invalid values forever until I edit the
> .git/config by hand?

You mean if you change the introduction?  Yes.

> Also (as Skyler Ferris already mentioned) this ignores the case of multip=
le
> branches with different authentication origins (I actually do have such u=
se
> case), so the suggested option of storing it per-branch might be nice.  N=
ot sure
> how to deal with pruning of old values though (if at all?).

Oh right.  Needs some thought.

Thanks for your feedback!

Ludo=E2=80=99.

Message received at 69780 <at> debbugs.gnu.org:

Received: (at 69780) by debbugs.gnu.org; 16 Mar 2024 21:10:04 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Sat Mar 16 17:10:04 2024
Received: from localhost ([127.0.0.1]:57216 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1rlbI4-00087x-9I
	for submit <at> debbugs.gnu.org; Sat, 16 Mar 2024 17:10:04 -0400
Received: from wolfsden.cz ([37.205.8.62]:36926)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <~@wolfsden.cz>) id 1rlbI1-00087S-Bt
 for 69780 <at> debbugs.gnu.org; Sat, 16 Mar 2024 17:10:02 -0400
Received: by wolfsden.cz (Postfix, from userid 104)
 id 13F87290528; Sat, 16 Mar 2024 21:09:23 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=wolfsden.cz; s=mail;
 t=1710623363; bh=4DMKf3ngK7SrmcaZ8BWgZXygGaIJkM1b6NyWyU0MGnQ=;
 h=Date:From:To:Cc:Subject:References:In-Reply-To;
 b=uL6G91lj1lh29Xiomituby+uTaH9Ks6ACwDrcVrOVaAmzDwBJ/BzTG8s88YcmM0QB
 YXj0sOvbNj7HKw8yjNMOWI2s5R9UsQb25bbIOXI7XJ2FZjMQsCM6iqFHpkNXV9FBLc
 pa74tpKff9dRvJTqDPcecqFhnzcFHEiiQ6Sf7Rsfh4QRpMH3eRfx8a3+KzLN1US4iN
 SrHWdrzGEPaEt21cX4yEmtiZtoosx0TWRGoN610EYIkxiYqA8C+aCO1IwWQ7xglUkY
 Qq1xJ5iUlMJ4YMi9WZ9sEay8qrXRsAE69hUqO3uk+8imBRQuz+BqDEpv6WPMp4tIAN
 EI8avSHJuxB1VbRIbmiLcb24VdmOZfzgt3mbA9QUb01jfDfWGU+786U6MDo3nJ7d0y
 QuLS820dVvQeFqXEhlw2JFcMi2KuLf0BYaA5376/FFEF0mtNU91TKQQnigln+QAQum
 1ArEZG8S7sRpl2KmNihXMyqsbe736UHAFtn4c3gD14yKnU/5WYtaLqFkK276MvH/rB
 wbCgbhp4M8VG5Wx5GqV8rR2LBUoJ/uEN7VCSwbqGAayv4tbAC42tm9anMItGRKxd2t
 gDrmLsrK7k6nI6LCnRRQiitZLEHBPEYsAoAgLVwk2J0MUfnSYHtft/7AAarArvlWgh
 PjdocLvT4639NloYxCsz33N8=
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on wolfsden
X-Spam-Level: 
X-Spam-Status: No, score=-1.2 required=5.0 tests=ALL_TRUSTED,DKIM_SIGNED,
 DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,T_SCC_BODY_TEXT_LINE,
 URIBL_BLOCKED autolearn=unavailable autolearn_force=no version=3.4.6
Received: from localhost (unknown [146.70.134.188])
 by wolfsden.cz (Postfix) with ESMTPSA id E0A7A291094;
 Sat, 16 Mar 2024 21:09:21 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=wolfsden.cz; s=mail;
 t=1710623362; bh=4DMKf3ngK7SrmcaZ8BWgZXygGaIJkM1b6NyWyU0MGnQ=;
 h=Date:From:To:Cc:Subject:References:In-Reply-To;
 b=bXSjIAzWGnKsyGmvwLR8p6hBeefjWAOp1AYsd1ws5MucC/umt8nlCXYppcwOrZRHa
 RV3K60LcbD42VSiooy0S3+2WG2/iwGwZTjfr+HLSSwT/ui6Efu6O5gVK8r2Z7lQ81s
 FZwhoDb6drHk52LayKGsr4AACVrvnKen/BXmFNSq10YF+a3x16qlScR1uTqc4KIQl0
 G2dwFBjUi7lsTDgRWhJzb6iM8oUTcR0yKiLvmNZZ8VBj3dmxX25bmcdzFpx+KmBCrr
 HlfQhUtxgP4DfsU+noAbC2iyo1IG158DlMVTxgs14ANPUHkX/xOnyRUwjm0uK3lMrl
 SZDybHZ0gVPuhUv3oRz8mqd1b7GT87a3joYJvICbdz6WQTPnMBECHK4/Sw4qvGafqJ
 VdnlVguLh6KKQFd7+G7zenz02XA6B2KyUQO3ZgJ9bfnFBKDhztvDO7zimJIOQ9A6Rm
 GD7u6nVr82PbqcArlTg5I9kjvbrJHQUhXK+kaCQIyNmMBE29dOvuw375S9+9i5eFwq
 7OxK9oHub4R/xJwukorEJwF8aSLH77xSubAVv4DlhcIJyvP4le3gdKkmuNPr4ZKUWV
 R8yuHETXnb5umWiNE+Kl2BMlGgfDBRr+ot0mgWY9BXtKP5EjIbA3BcKKknh1wMs9De
 Q+1Y6oOhmCiNIcmVW5swX6SU=
Date: Sat, 16 Mar 2024 22:09:20 +0100
From: Tomas Volf <~@wolfsden.cz>
To: Ludovic =?iso-8859-1?Q?Court=E8s?= <ludo@HIDDEN>
Subject: Re: [PATCH 3/4] git authenticate: Install pre-push and post-checkout
 hooks.
Message-ID: <ZfYKgIcaEyNANVOU@ws>
References: <cover.1710351278.git.ludo@HIDDEN>
 <6a556beb2566aa401d5064049e136ff2a7669b63.1710351278.git.ludo@HIDDEN>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha512;
 protocol="application/pgp-signature"; boundary="qM+sevcVU42crcO3"
Content-Disposition: inline
In-Reply-To: <6a556beb2566aa401d5064049e136ff2a7669b63.1710351278.git.ludo@HIDDEN>
X-Spam-Score: -0.0 (/)
X-Debbugs-Envelope-To: 69780
Cc: 69780 <at> debbugs.gnu.org
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -1.0 (-)


--qM+sevcVU42crcO3
Content-Type: text/plain; charset=iso-8859-1
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On 2024-03-13 18:42:21 +0100, Ludovic Court=E8s wrote:
> * guix/scripts/git/authenticate.scm (install-hooks): New procedure.
> (guix-git-authenticate): Use it.
> * doc/guix.texi (Invoking guix git authenticate): Document it.
>
> Change-Id: I4464a33193186e85b476a12740e54412bd58429c
> ---
>  doc/guix.texi                     |  5 ++++
>  guix/scripts/git/authenticate.scm | 43 ++++++++++++++++++++++++++++++-
>  2 files changed, 47 insertions(+), 1 deletion(-)
>
> diff --git a/doc/guix.texi b/doc/guix.texi
> index ac0766b98c..b1672803c0 100644
> --- a/doc/guix.texi
> +++ b/doc/guix.texi
> @@ -7624,6 +7624,11 @@ Invoking guix git authenticate
>  guix git authenticate [@var{options}@dots{}]
>  @end example
>
> +The first run also attempts to install pre-push and post-checkout hooks,
> +such that @command{guix git authenticate} is invoked as soon as you run
> +@command{git push}, @command{git checkout}, and related commands; it
> +does not overwrite preexisting hooks though.
> +
>  The options below allow you to fine-tune the process.
>
>  @table @code
> diff --git a/guix/scripts/git/authenticate.scm b/guix/scripts/git/authent=
icate.scm
> index 36e1aa6228..13e1de3099 100644
> --- a/guix/scripts/git/authenticate.scm
> +++ b/guix/scripts/git/authenticate.scm
> @@ -129,6 +129,46 @@ (define* (record-configuration repository
>    (info (G_ "introduction and keyring configuration recorded in '~a'~%")
>          config-file))
>
> +(define (install-hooks repository)
> +  "Attempt to install in REPOSITORY pre-push and update hooks that invoke
> +'guix git authenticate'.  Bail out if one of these already exists."
> +  (define directory
> +    (repository-directory repository))
> +
> +  (define pre-push-hook
> +    (in-vicinity directory "hooks/pre-push"))
> +
> +  (define post-checkout-hook
> +    (in-vicinity directory "hooks/post-checkout"))

I think these will not work with worktrees.

> +
> +  (if (or (file-exists? pre-push-hook)
> +          (file-exists? post-checkout-hook))
> +      (begin
> +        (warning (G_ "not overriding pre-existing hooks '~a' and '~a'~%")
> +                 pre-push-hook post-checkout-hook)
> +        (display-hint (G_ "Consider running @command{guix git authentica=
te}
> +from your pre-push and update hooks so your repository is automatically
> +authenticated before you push or receive updates.")))
> +      (begin
> +        (call-with-output-file pre-push-hook
> +          (lambda (port)
> +            (format port "#!/bin/sh
> +set -e
> +while read local_ref local_oid remote_ref remote_oid
> +do
> +  guix git authenticate --end=3D\"$local_ref\"

Am I right in believing that the --end does solve #69541?  Shame it (--end)=
 is
not documented in the --help.

> +done\n")
> +            (chmod port #o755)))

What is role of etc/git/pre-push now?  Should it be removed?  Should it be
updated to run this code instead?

> +        (call-with-output-file post-checkout-hook
> +          (lambda (port)
> +            (format port "#!/bin/sh
> +oldrev=3D\"$1\"
> +newrev=3D\"$2\"
> +exec guix git authenticate --end=3D\"$newrev\"\n")
> +            (chmod port #o755)))
> +        (info (G_ "installed hooks '~a' and '~a'~%")
> +              pre-push-hook post-checkout-hook))))
> +
>  (define (show-stats stats)
>    "Display STATS, an alist containing commit signing stats as returned by
>  'authenticate-repository'."
> @@ -250,7 +290,8 @@ (define (guix-git-authenticate . args)
>         (unless (configured? repository)
>           (record-configuration repository
>                                 #:commit commit #:signer signer
> -                               #:keyring-reference keyring))
> +                               #:keyring-reference keyring)
> +         (install-hooks repository))
>
>         (when (and show-stats? (not (null? stats)))
>           (show-stats stats))))))
> --
> 2.41.0
>
>
>
>

Have a nice day,
Tomas Volf

--
There are only two hard things in Computer Science:
cache invalidation, naming things and off-by-one errors.

--qM+sevcVU42crcO3
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEt4NJs4wUfTYpiGikL7/ufbZ/wakFAmX2CoAACgkQL7/ufbZ/
waksVBAAopZKVDHb6En2Zy86WkS4z0MIm3nf68OmSP1zaFrbw52+R3jrgo6kHMAh
QK6VTZUi7jc7uuZ8THs509Yt+ceTlYk0IYeIuXT2u38MiKpdeC5Od2yIjYKvF7KQ
qnIFPnKOsGGhSWd7Lic7JtiyfVGV79ZgOIFBgDsHyAN49D/3ATiY7e0GitVMTTE4
7tpQKimui0TtK2nT+E+r8uvHSuPSoxsi8ebBsBu+RcYyAyonST3Qm5rcTuZTtkoy
GN2n3Pig72RMC6INNtOYOMaPlHQTPw1dvsRR2rQUD1DF9uDo0WL3DjINui5qUVw8
/w5eXc6r//kDIM8hbEeHQ73rI6/lnspPN0Aux/Q7/ck0QYkzfCD6UYMASMAQn/CK
FWGFFGPGYkad+a1B7t9MYbrR4L5OAvADdjG9w0hp/YCoGb29YjoehDbYQr8Om6gt
fT8bXQSOTBVLa76shVmhVFdDwT2P2DcmDfpFvzi1218lMlnxKFQ8vCerGWU+aQdT
62dimdGHIzNXsobLWANuuVKUqmX+Zw3OzQsDs9sNxy10h+5AxC/ax/J4kILl0fLz
SRUFpEokN2PtEP0NqFEiQ7ejHtUPIFIFf7nlT/BpTQIYpRIQ6iFOGL5PpxdAZMYB
BKzecBZcXn+xi0IHvQwf6MSiB25TpPv/L+XuOResZDSkS2LNG9k=
=zj28
-----END PGP SIGNATURE-----

--qM+sevcVU42crcO3--

Message received at 69780 <at> debbugs.gnu.org:

Received: (at 69780) by debbugs.gnu.org; 16 Mar 2024 21:00:49 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Sat Mar 16 17:00:49 2024
Received: from localhost ([127.0.0.1]:57209 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1rlb96-0007ux-N8
	for submit <at> debbugs.gnu.org; Sat, 16 Mar 2024 17:00:49 -0400
Received: from wolfsden.cz ([37.205.8.62]:50620)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <~@wolfsden.cz>) id 1rlb93-0007um-Ap
 for 69780 <at> debbugs.gnu.org; Sat, 16 Mar 2024 17:00:47 -0400
Received: by wolfsden.cz (Postfix, from userid 104)
 id 613CE28F2F7; Sat, 16 Mar 2024 21:00:06 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=wolfsden.cz; s=mail;
 t=1710622806; bh=dWi21Ofh+GVZQVs0TKy+KMsnwM8f+Xj9Lx/s+BVhpi8=;
 h=Date:From:To:Cc:Subject:References:In-Reply-To;
 b=xdlnK2vaLDTgbabMkMYQN2FjaN6jgnGwJIuyGwqF1eqXBMzuC+cQlUhujdOTSJ4pL
 JZPZ5JXABhLtg/VFGuc0auy97dGaXAtLUadyySWfRcY7OQSF562NfVAFcwLvOWXvZw
 pab/GpqoegFfUIgRVZvUpLHNCnQ20HZaaPouvo37Fb9vGETnpVaiJfpkOPU2pvogqB
 BP1E+e95NaaoMwu3ODkYDogfkckgpHgXUuFTSrw3BTyWumqLIBJzYV90QWs834zegl
 ZNihLupZe/UMIMizCKw8yD3Ep/F0BMkZ7Vlxc0QeLEUnisxE2Tp/msgT/QCe8Drsqb
 k3X9tNAi6y8t5Znlaw0XghYpP8QSFJKv8yTYmLqqV5vJH9Etmo9Y6WRKGgrmyPMWyU
 CYGpb3RaHQSPweTd6+7fiipscXqC+s7l0ZmTQCcb201dBhJzSWopbc/NOpjOt0JYJG
 w/xdvS+x1eH2W8VfLW35+2wbMc2eh/pekIX0iO9v6nrIjBvRICQ8fAzlFnEgp+yjyZ
 0ytgsGv1mh0HRKVGm4QOyW+LhSEI887vQWzUz3isXK5pkQ+U3PU/h439VKGJsSTv2R
 zYgZI918if7hwZFB2YgVOsOvXgkkz3zPFDVy4lMRcgcz2dIvInTaqlc6wjZq6Dm040
 3oduSLFN/hqAgZijHX9J2fGo=
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on wolfsden
X-Spam-Level: 
X-Spam-Status: No, score=-1.2 required=5.0 tests=ALL_TRUSTED,DKIM_SIGNED,
 DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,T_SCC_BODY_TEXT_LINE,
 URIBL_BLOCKED autolearn=unavailable autolearn_force=no version=3.4.6
Received: from localhost (unknown [146.70.134.188])
 by wolfsden.cz (Postfix) with ESMTPSA id 442A02902C6;
 Sat, 16 Mar 2024 21:00:05 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=wolfsden.cz; s=mail;
 t=1710622805; bh=dWi21Ofh+GVZQVs0TKy+KMsnwM8f+Xj9Lx/s+BVhpi8=;
 h=Date:From:To:Cc:Subject:References:In-Reply-To;
 b=Kz33lTUBqRbOYi9tmRkGCgTogUV8NIBCpa6PueHPdVTMUMHR1Sow1yakszrQ8QqTA
 Hz005B7OR6QvcI88aPcFSHY/2s8AtfVJ1uoxuZ2zXGc3KGQNjeATJjBbFN8NBT513B
 o36dmRYjIvkxJWHDupN1oXT13f+KqRejd4CVFHfaRpuRgnP5fM6YoVLsQlmISpmXOA
 aDEWwewRYcx5O/Zmu9BugrqPiR6Pj8AnlS4BwHjBiSu9f9YLifT2DbP+u1Ns8PX6rD
 ncqZXgOAi8LRiPnwBeAjtsiIWsJjTwshtbXM7OLF3TS9WcIgMvsY1i8aNnRn3L5crV
 ExIdN6WAC+jgQwddxkRxuzEfGSP3ZJRknIA0TEKzlkxs00uDRsS0dlMbXe6x+jAp6J
 7/3vwwg6GB8bmiG4FY8GZyZ5oMCaFrtxdIs8R1r5ur5s0+k1FtQ+V1Il9JmnAsjiuo
 7PiEI1HCbxBOj32A9+fm6nj4Zei1GbBKQiiHfOfJXPBXLps/JlJinrAvd+fk7f65au
 UbyD6SNVpxpHPBxJQ5vHODR6BkPB0cmd4YrZSEbOXHiwrUFdhq1HAhhZ9PIBOn91Np
 vnWGOJcRQFlT2Cqgl6wAe2ZM8xuolmPAY4W+MTpitsJiSofqjeEaJByTHS7NQxYDtq
 q+W3bzNDub7ytzg0RawZWaVQ=
Date: Sat, 16 Mar 2024 22:00:04 +0100
From: Tomas Volf <~@wolfsden.cz>
To: Ludovic =?iso-8859-1?Q?Court=E8s?= <ludo@HIDDEN>
Subject: Re: [PATCH 1/4] git =?utf-8?Q?authenticate?=
 =?utf-8?Q?=3A_Record_introduction_and_keyring_in_=E2=80=98=2Egit=2Fconfig?=
 =?utf-8?B?4oCZLg==?=
Message-ID: <ZfYIVJRAq3-8VG-N@ws>
References: <cover.1710351278.git.ludo@HIDDEN>
 <40858e56cf55b27711d23add5f3cd2ccc6ea5c58.1710351278.git.ludo@HIDDEN>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha512;
 protocol="application/pgp-signature"; boundary="pHVZfNUnR6Ndid6e"
Content-Disposition: inline
In-Reply-To: <40858e56cf55b27711d23add5f3cd2ccc6ea5c58.1710351278.git.ludo@HIDDEN>
X-Spam-Score: -0.0 (/)
X-Debbugs-Envelope-To: 69780
Cc: 69780 <at> debbugs.gnu.org
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -1.0 (-)


--pHVZfNUnR6Ndid6e
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On 2024-03-13 18:42:19 +0100, Ludovic Court=C3=A8s wrote:
> * guix/scripts/git/authenticate.scm (%default-options): Remove
> =E2=80=98keyring-reference=E2=80=99.
> (config-value, configured-introduction, configured-keyring-reference)
> (configured?, record-configuration): New procedures.
> (guix-git-authenticate)[missing-arguments]: New procedure.
> Use =E2=80=98configured-introduction=E2=80=99 when zero arguments are giv=
en.
> Use =E2=80=98configured-keyring-reference=E2=80=99 when =E2=80=98-k=E2=80=
=99 is not passed.  Add call to
> =E2=80=98record-configuration=E2=80=99.
> * doc/guix.texi (Invoking guix git authenticate): Document it.
>
> Change-Id: I66e111a83f50407b52da71662629947f83a78bbc
> ---
>  doc/guix.texi                     |  12 ++-
>  guix/scripts/git/authenticate.scm | 128 ++++++++++++++++++++++--------
>  tests/guix-git-authenticate.sh    |   9 ++-
>  3 files changed, 112 insertions(+), 37 deletions(-)
>
> diff --git a/doc/guix.texi b/doc/guix.texi
> index 858d5751bf..ac0766b98c 100644
> --- a/doc/guix.texi
> +++ b/doc/guix.texi
> @@ -7615,8 +7615,16 @@ Invoking guix git authenticate
>  and non-zero on failure.  @var{commit} above denotes the first commit
>  where authentication takes place, and @var{signer} is the OpenPGP
>  fingerprint of public key used to sign @var{commit}.  Together, they
> -form a ``channel introduction'' (@pxref{channel-authentication, channel
> -introduction}).  The options below allow you to fine-tune the process.
> +form a @dfn{channel introduction} (@pxref{channel-authentication, channel
> +introduction}).  On your first successful run, the introduction is
> +recorded in the @file{.git/config} file of your checkout, allowing you
> +to omit them from subsequent invocations:
> +
> +@example
> +guix git authenticate [@var{options}@dots{}]
> +@end example
> +
> +The options below allow you to fine-tune the process.
>
>  @table @code
>  @item --repository=3D@var{directory}
> diff --git a/guix/scripts/git/authenticate.scm b/guix/scripts/git/authent=
icate.scm
> index 6ff5cee682..d3cc4065df 100644
> --- a/guix/scripts/git/authenticate.scm
> +++ b/guix/scripts/git/authenticate.scm
> @@ -31,6 +31,7 @@ (define-module (guix scripts git authenticate)
>    #:use-module (srfi srfi-1)
>    #:use-module (srfi srfi-26)
>    #:use-module (srfi srfi-37)
> +  #:use-module (srfi srfi-71)
>    #:use-module (ice-9 format)
>    #:use-module (ice-9 match)
>    #:export (guix-git-authenticate))
> @@ -73,8 +74,60 @@ (define %options
>                    (alist-cons 'show-stats? #t result)))))
>
>  (define %default-options
> -  '((directory . ".")
> -    (keyring-reference . "keyring")))
> +  '((directory . ".")))
> +
> +(define (config-value config key)
> +  "Return the config value associated with KEY, or #f if no such config =
was
> +found."
> +  (catch 'git-error
> +    (lambda ()
> +      (config-entry-value (config-get-entry config key)))
> +    (const #f)))
> +
> +(define (configured-introduction repository)
> +  "Return two values: the commit and signer fingerprint (strings) as
> +configured in REPOSITORY.  Error out if one or both were missing."
> +  (let* ((config (repository-config repository))
> +         (commit (config-value config "guix.authentication.introduction-=
commit"))
> +         (signer (config-value config "guix.authentication.introduction-=
signer")))
> +    (unless (and commit signer)
> +      (leave (G_ "unknown introductory commit and signer~%")))
> +    (values commit signer)))
> +
> +(define (configured-keyring-reference repository)
> +  "Return the keyring reference configured in REPOSITORY or #f if missin=
g."
> +  (let ((config (repository-config repository)))
> +    (config-value config "guix.authentication.keyring")))
> +
> +(define (configured? repository)
> +  "Return true if REPOSITORY already container introduction info in its
> +'config' file."
> +  (let ((config (repository-config repository)))
> +    (and (config-value config "guix.authentication.introduction-commit")
> +         (config-value config "guix.authentication.introduction-signer")=
)))
> +
> +(define* (record-configuration repository
> +                               #:key commit signer keyring-reference)
> +  "Record COMMIT, SIGNER, and KEYRING-REFERENCE in the 'config' file of
> +REPOSITORY."
> +  (define directory
> +    (repository-directory repository))
> +
> +  (define config-file
> +    (in-vicinity directory "config"))

I do not think this will work with worktrees.  It will create the config fi=
le in
the worktree's git directory, but that file will be ignored by git.

    scheme@(guile-user)> (repository-discover "/home/xx/src/guix-wt/patch-1=
")
    $7 =3D "/home/xx/src/guix/.git/worktrees/orig/"
    scheme@(guile-user)> (repository-open $7)
    $8 =3D #<git-repository 128cbe0>
    scheme@(guile-user)> (repository-directory $8)
    $9 =3D "/home/xx/src/guix/.git/worktrees/orig/"
    scheme@(guile-user)> (in-vicinity $9 "config")
    $10 =3D "/home/xx/src/guix/.git/worktrees/orig/config"

The $10 should be "/home/xx/src/guix/.git/config" instead.

> +
> +  (call-with-port (open-file config-file "a")
> +    (lambda (port)
> +      (format port "
> +# Added by 'guix git authenticate'.
> +[guix \"authentication\"]
> +        introduction-commit =3D ~a
> +        introduction-signer =3D ~a
> +        keyring =3D ~a~%"
> +              commit signer keyring-reference)))

I guess these specific values might not need any escaping?  But the escaping
(and the previous problem) would be solved by just shelling out to the `git
config --local ...' to set the value.  Something to consider.

> +
> +  (info (G_ "introduction and keyring configuration recorded in '~a'~%")
> +        config-file))
>
>  (define (show-stats stats)
>    "Display STATS, an alist containing commit signing stats as returned by
> @@ -156,35 +209,48 @@ (define (guix-git-authenticate . args)
>          (progress-reporter/bar (length commits))
>          progress-reporter/silent))
>
> +  (define (missing-arguments)
> +    (leave (G_ "wrong number of arguments; \
> +expected COMMIT and SIGNER~%")))
> +
>    (with-error-handling
>      (with-git-error-handling
> -     (match (command-line-arguments options)
> -       ((commit signer)
> -        (let* ((directory   (assoc-ref options 'directory))
> -               (show-stats? (assoc-ref options 'show-stats?))
> -               (keyring     (assoc-ref options 'keyring-reference))
> -               (repository  (repository-open directory))
> -               (end         (match (assoc-ref options 'end-commit)
> -                              (#f  (reference-target
> -                                    (repository-head repository)))
> -                              (oid oid)))
> -               (history     (match (assoc-ref options 'historical-author=
izations)
> -                              (#f '())
> -                              (file (call-with-input-file file
> -                                      read-authorizations))))
> -               (cache-key   (or (assoc-ref options 'cache-key)
> -                                (repository-cache-key repository))))
> -          (define stats
> -            (authenticate-repository repository (string->oid commit)
> -                                     (openpgp-fingerprint* signer)
> -                                     #:end end
> -                                     #:keyring-reference keyring
> -                                     #:historical-authorizations history
> -                                     #:cache-key cache-key
> -                                     #:make-reporter make-reporter))
> +     (let* ((directory   (assoc-ref options 'directory))
> +            (show-stats? (assoc-ref options 'show-stats?))
> +            (repository  (repository-open directory))
> +            (commit signer (match (command-line-arguments options)
> +                             ((commit signer)
> +                              (values commit signer))
> +                             (()
> +                              (configured-introduction repository))
> +                             (_
> +                              (missing-arguments))))
> +            (keyring     (or (assoc-ref options 'keyring-reference)
> +                             (configured-keyring-reference repository)
> +                             "keyring"))
> +            (end         (match (assoc-ref options 'end-commit)
> +                           (#f  (reference-target
> +                                 (repository-head repository)))
> +                           (oid oid)))
> +            (history     (match (assoc-ref options 'historical-authoriza=
tions)
> +                           (#f '())
> +                           (file (call-with-input-file file
> +                                   read-authorizations))))
> +            (cache-key   (or (assoc-ref options 'cache-key)
> +                             (repository-cache-key repository))))
> +       (define stats
> +         (authenticate-repository repository (string->oid commit)
> +                                  (openpgp-fingerprint* signer)
> +                                  #:end end
> +                                  #:keyring-reference keyring
> +                                  #:historical-authorizations history
> +                                  #:cache-key cache-key
> +                                  #:make-reporter make-reporter))
>
> -          (when (and show-stats? (not (null? stats)))
> -            (show-stats stats))))
> -       (_
> -        (leave (G_ "wrong number of arguments; \
> -expected COMMIT and SIGNER~%")))))))
> +       (unless (configured? repository)
> +         (record-configuration repository
> +                               #:commit commit #:signer signer
> +                               #:keyring-reference keyring))

Hm, so this records the information only on the very first successful
authentication?  So if I re-run with different values (e.g. I am creating a=
 new
channel and `git commit --amend'-ed after checking the authorization), I am
stuck with the (now) invalid values forever until I edit the .git/config by
hand?

Also (as Skyler Ferris already mentioned) this ignores the case of multiple
branches with different authentication origins (I actually do have such use
case), so the suggested option of storing it per-branch might be nice.  Not=
 sure
how to deal with pruning of old values though (if at all?).

> +
> +       (when (and show-stats? (not (null? stats)))
> +         (show-stats stats))))))
> diff --git a/tests/guix-git-authenticate.sh b/tests/guix-git-authenticate=
=2Esh
> index ec89f941e6..db60816d45 100644
> --- a/tests/guix-git-authenticate.sh
> +++ b/tests/guix-git-authenticate.sh
> @@ -1,5 +1,5 @@
>  # GNU Guix --- Functional package management for GNU
> -# Copyright =C2=A9 2020, 2022 Ludovic Court=C3=A8s <ludo@HIDDEN>
> +# Copyright =C2=A9 2020, 2022, 2024 Ludovic Court=C3=A8s <ludo@HIDDEN>
>  #
>  # This file is part of GNU Guix.
>  #
> @@ -40,10 +40,11 @@ guix git authenticate "$intro_commit" "$intro_signer"=
	\
>       --end=3D9549f0283a78fe36f2d4ff2a04ef8ad6b0c02604 && false
>
>  # The v1.2.0 commit is a descendant of $intro_commit and it satisfies the
> -# authorization invariant.
> +# authorization invariant.  No need to repeat $intro_commit and $intro_s=
igner
> +# because it should have been recorded in '.git/config'.
>  v1_2_0_commit=3D"a099685659b4bfa6b3218f84953cbb7ff9e88063"
> -guix git authenticate "$intro_commit" "$intro_signer"	\
> -     --cache-key=3D"$cache_key" --stats			\
> +guix git authenticate				\
> +     --cache-key=3D"$cache_key" --stats		\
>       --end=3D"$v1_2_0_commit"
>
>  rm "$XDG_CACHE_HOME/guix/authentication/$cache_key"
> --
> 2.41.0

Have a nice day,
Tomas Volf

--
There are only two hard things in Computer Science:
cache invalidation, naming things and off-by-one errors.

--pHVZfNUnR6Ndid6e
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEt4NJs4wUfTYpiGikL7/ufbZ/wakFAmX2CFMACgkQL7/ufbZ/
wan28A//SXbmEJzadgWsHAh6eY5EVyar+IcNpVePx7neWN2svVpxMqI2M86G8ny9
evfMcpQEd+5z/p/r56wMo3o1ZWMcaIYdwK7l5s7W1EgA3wa8Sl49Z/E43tJuW4oc
uLmpjmpuQocAie1M0CHHJOFo4pioLhyMZVpXXl8e/pU6kJxNDzaPdz++oivU9+U7
IGYDCFkEmnafpT/D4v9nZrcgyOA81txMgMYi7f78KU9WE+SNnrU2dtluWFAZ6V2k
92O/0gaZzw4E1nPcBy+uBiCyv8DMFzQ9UJWjYiiRI/1kpL7ea5j5Q7RJB73DP0kR
WkbYXdagwOh40Sxw0ciWNXXMhUKjIlv4BzwsQhevcLWf5K5iw8jcEr51NvUKlTs7
lpdqIpYr1d8CnQsnEwoBvBF7Yl4jidD7raWYqMWUJAkuoaDbjjI52gj2c8pmD0+H
q7XO6p9GR9MLNOa09a84EHnMPMioHCOuymM4WZEBLMWaRC1piyL0GwgV2eyHiLRH
4lgFbI4A8aWM40bqrvXp12U6AXwvr1qIpNDLLGk4caJzBF6RweaAp0Yy37MDykHv
CugkMjARjc0UAaLe4zdIOnxZ7V162Nt0Ylvv6pB1hWNQlqiR8W7D1CmkSJ50yHD5
gU7mZSegn5KaQk8ygMWGkfq1nnDjSLkjTifh6pJ9evwJFLI4wwE=
=ntVX
-----END PGP SIGNATURE-----

--pHVZfNUnR6Ndid6e--

Message received at 69780 <at> debbugs.gnu.org:

Received: (at 69780) by debbugs.gnu.org; 15 Mar 2024 00:59:08 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Thu Mar 14 20:59:08 2024
Received: from localhost ([127.0.0.1]:50979 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1rkvue-0002oe-4Q
	for submit <at> debbugs.gnu.org; Thu, 14 Mar 2024 20:59:08 -0400
Received: from mail-4316.protonmail.ch ([185.70.43.16]:45803)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <skyvine@HIDDEN>) id 1rkvuY-0002o5-F4
 for 69780 <at> debbugs.gnu.org; Thu, 14 Mar 2024 20:59:06 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=protonmail.com;
 s=protonmail3; t=1710464300; x=1710723500;
 bh=4qLivqm7sQYe5zaMlVzxs7CjZrIDLLo5aiNg6z6MrVY=;
 h=Date:To:From:Cc:Subject:Message-ID:In-Reply-To:References:
 Feedback-ID:From:To:Cc:Date:Subject:Reply-To:Feedback-ID:
 Message-ID:BIMI-Selector;
 b=IesZI34+lIe83AIByT//6mvIV8Q1M5us+rra+zTDSdAP77qiQIutMo4z5zc8oJ5tm
 hiviiefYVOWgI7QVTEAtbh6f5cyYTFIkv7A3YsBJMGnWLRI+LLcFnEUjD7Hi2Cp658
 xhvNA4hEifAY9J2qOYvUOezCcDd6uPt/0qpQFuNPbwdoIPL+gSf2lk6xRGVvwAd+1G
 bWxWM3IOPSPihe3vbmWrrYJ4C6SmsMbd7viopjti9sKNGQWYfxNmLd4MebjA1uzGem
 9KPF2ZTPlKaS4mt3g3+TaupuhiOx4ZNuAZG84soJcQjJ1eGPpWEZ/VbXpg4n8tDU0h
 nYIeqheES6MXw==
Date: Fri, 15 Mar 2024 00:58:03 +0000
To: =?utf-8?Q?Ludovic_Court=C3=A8s?= <ludo@HIDDEN>, 69780 <at> debbugs.gnu.org
From: Skyler Ferris <skyvine@HIDDEN>
Subject: =?utf-8?Q?Re:_[bug#69780]_[PATCH_4/4]_DRAFT_news:_Add_entry_for_=E2=80=98guix_git_authenticate=E2=80=99_changes.?=
Message-ID: <73ead80c-9159-4e03-b2a7-68434cade060@HIDDEN>
In-Reply-To: <e1e5ac9fc790e58a2496d46ccefb5e72daa91e19.1710351278.git.ludo@HIDDEN>
References: <cover.1710351278.git.ludo@HIDDEN>
 <e1e5ac9fc790e58a2496d46ccefb5e72daa91e19.1710351278.git.ludo@HIDDEN>
Feedback-ID: 40635331:user:proton
MIME-Version: 1.0
Content-Type: multipart/alternative;
 boundary="b1_AUDLpjDInzbAhMDX0M6TqRjhCUqBxhcQ7YIQTmmrU8"
X-Spam-Score: -0.0 (/)
X-Debbugs-Envelope-To: 69780
Cc: Julien Lepiller <julien@HIDDEN>,
 Florian Pelz <pelzflorian@HIDDEN>
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -1.0 (-)

This is a multi-part message in MIME format.

--b1_AUDLpjDInzbAhMDX0M6TqRjhCUqBxhcQ7YIQTmmrU8
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: base64

SGVsbG8gTHVkb+KAmSwKVGhpcyBsb29rcyBsaWtlIGEgZ3JlYXQgd2F5IHRvIGltcHJvdmUgcHJv
dGVjdGlvbiBmb3IgZ3VpeCBkZXZlbG9wZXJzLiBTYXZpbmcgdGhlIGlucHV0LCB3aGljaCBzdGls
bCBpbml0aWFsbHkgY29tZXMgZnJvbSB0aGUgZGV2ZWxvcGVyLCBhbmQgdXNpbmcgaXQgYXV0b21h
dGljYWxseSBpbiB0aGUgZnV0dXJlIG1lYW5zIGxlc3Mgb3ZlcmhlYWQgZm9yIGRldmVsb3BlcnMg
YW5kIGxlc3MgY2hhbmNlcyBmb3Igc29tZXRoaW5nIHRvIGdvIHdyb25nIGluIHRoZSBwcm9jZXNz
LiBJJ20gdHJ5aW5nIGl0IGxvY2FsbHkgb24gbXkgbWFjaGluZSBhbmQgdGhlcmUgYXJlIGEgZmV3
IHRoaW5ncyBJIG5vdGljZWQuCgo+ICsgIChpZiAob3IgKGZpbGUtZXhpc3RzPyBwcmUtcHVzaC1o
b29rKQo+ICsgICAgICAgICAgKGZpbGUtZXhpc3RzPyBmcG9zdC1jaGVja291dC1ob29rKSkKPiAr
ICAgICAgKGJlZ2luCj4gKyAgICAgICAgKHdhcm5pbmcgKEdfICJub3Qgb3ZlcnJpZGluZyBwcmUt
ZXhpc3RpbmcgaG9va3MgJ35hJyBhbmQgJ35hJ34lIikKPiArICAgICAgICAgICAgICAgICBwcmUt
cHVzaC1ob29rIHBvc3QtY2hlY2tvdXQtaG9vaykKPiArICAgICAgICAoZGlzcGxheS1oaW50IChH
XyAiQ29uc2lkZXIgcnVubmluZyBAY29tbWFuZHtndWl4IGdpdCBhdXRoZW50aWNhdGV9Cj4gK2Zy
b20geW91ciBwcmUtcHVzaCBhbmQgdXBkYXRlIGhvb2tzIHNvIHlvdXIgcmVwb3NpdG9yeSBpcyBh
dXRvbWF0aWNhbGx5Cj4gK2F1dGhlbnRpY2F0ZWQgYmVmb3JlIHlvdSBwdXNoIG9yIHJlY2VpdmUg
dXBkYXRlcy4iKSkpCgpXaGVuIHRoZSBkZXZlbG9wZXIgYnVpbGRzIGd1aXggYSBwcmUtcHVzaCBo
b29rIGlzIGFscmVhZHkgaW5zdGFsbGVkLCBmcm9tIGV0Yy9naXQvcHJlLXB1c2guIFRoaXMgcnVu
cyBgbWFrZSBhdXRoZW50aWNhdGVgIGl0c2VsZiBidXQgYWxzbyBydW5zIGBtYWtlIGNoZWNrLWNo
YW5uZWwtbmV3c2AuIEkgZG9uJ3QgdGhpbmsgd2UgY2FuIGp1c3QgZ2V0IHJpZCBvZiB0aGF0IGZp
bGUgYmVjYXVzZSB0aGVuIHBlb3BsZSB3b3VsZCBsb3NlIGNoZWNrLWNoYW5uZWwtbmV3cywgYnV0
IGl0IHNlZW1zIHVzZWZ1bCB0byBoYXZlIHRoaXMgZnVuY3Rpb25hbGl0eSBidWlsdCBpbnRvIHRo
ZSBhdXRoZW50aWNhdGUgc2NyaXB0IHNvIHRoYXQgb3RoZXIgcHJvamVjdHMgY2FuIHVzZSBpdC4g
VW5mb3J0dW5hdGVseSwgdW5jb25kaXRpb25hbGx5IGFwcGVuZGluZyB0byB0aGUgc2NyaXB0IGNv
dWxkIGNhdXNlIHByb2JsZW1zIGJlY2F1c2UgdGhlIGRldmVsb3BlciBjb3VsZCBoYXZlIGFkZGVk
IHRoZWlyIG93biBob29rIHdoaWNoIGNvdWxkIGhhdmUgYmVlbiB3cml0dGVuIGluIGFueSBsYW5n
dWFnZS4gUGVyaGFwcyB3ZSBjb3VsZCB1cGRhdGUgZXRjL2dpdC9wcmUtcHVzaCB0byBjYWxsIHRo
ZSBhdXRoZW50aWNhdGUgc2NyaXB0IGluIHRoZSBuZXcgd2F5IGFuZCBpbnN0YWxsIGFueSBob29r
cyB0aGF0IGRvIG5vdCBjbG9iYmVyIChlZywgaWYgcHJlLXB1c2ggZXhpc3RzIHRoZW4gd2Ugc2tp
cCB0aGF0IGhvb2sgYnV0IGluc3RhbGwgdGhlIHJlc3QpPwoKPiArICAoZGVmaW5lIHBvc3QtY2hl
Y2tvdXQtaG9vawo+ICsgICAgKGluLXZpY2luaXR5IGRpcmVjdG9yeSAiaG9va3MvcG9zdC1jaGVj
a291dCIpKQoKVGhlIHBvc3QtY2hlY2tvdXQgaG9vayBkb2VzIG5vdCBydW4gd2hlbiBgZ2l0IHB1
bGxgIGlzIGNhbGxlZC4gSW5zdGVhZCwgdGhlIHBvc3QtbWVyZ2UgaG9vayBpcyBjYWxsZWQuIE5v
dGUgdGhhdCBwb3N0LW1lcmdlIGRvZXMgbm90IHJlY2VpdmUgdGhlIHNhbWUgc2V0IG9mIGFyZ3Vt
ZW50cyBhcyBwb3N0LWNoZWNrb3V0LiBJIGhhZCBzdWNjZXNzIHJlcGxhY2luZyAiJG5ld3JldiIg
d2l0aCAiJChnaXQgcmV2LXBhcnNlIEhFQUQpIi4gV2UgY291bGQgbGVhdmUgb3V0IHRoZSB2YWx1
ZSBjb21wbGV0ZWx5IGZvciBwb3N0LW1lcmdlIGJlY2F1c2UgdGhlIHNjcmlwdCB3aWxsIHVzZSBI
RUFEIGJ5IGRlZmF1bHQgaWYgbm8gZW5kIGlzIGdpdmVuLiBCdXQgbWF5YmUgd2UgZG9uJ3Qgd2Fu
dCB0byByZWx5IG9uIGRlZmF1bHQgYmVoYXZpb3IgZm9yIGEgc2NyaXB0IHRoYXQgd2lsbCBub3Qg
YmUgYXV0b21hdGljYWxseSB1cGRhdGVkIHdpdGggdGhlIHRvb2wuCgpJIGNhbiB0aGluayBvZiBt
b3JlIHdheXMgdGhhdCBhIGRldmVsb3BlciBjb3VsZCBlbmQgdXAgb24gYSBuZXcgY29tbWl0LiBG
b3IgZXhhbXBsZSwgcnVubmluZyBgZ2l0IGZldGNoYCBmb2xsb3dlZCBieSBgZ2l0IHJlc2V0IC0t
aGFyZGAuIEknbSBub3Qgc3VyZSBpZiBpdCBtYWtlcyB0byBzdXBwb3J0IGV2ZXJ5IHBvc3NpYmxl
IGNhc2UgYmVjYXVzZSB0aGF0IGNvdWxkIGdldCBjb21wbGljYXRlZCB2ZXJ5IHF1aWNrbHkuIEJ1
dCBnaXQgcHVsbCBpcyB0aGUgbW9zdCBjb21tb24gd2F5IHRvIGdldCB1cGRhdGVzIChhdCBsZWFz
dCBpbiBteSBleHBlcmllbmNlLCB3aGljaCBjb3VsZCBoYXZlIGEgc2FtcGxlIGJpYXMpIHNvIEkg
dGhpbmsgaXQgbWFrZXMgc2Vuc2UgdG8gYXQgbGVhc3Qgc3VwcG9ydCB0aGF0LgoKPiArd2hpbGUg
cmVhZCBsb2NhbF9yZWYgbG9jYWxfb2lkIHJlbW90ZV9yZWYgcmVtb3RlX29pZAo+ICtkbwo+ICsg
IGd1aXggZ2l0IGF1dGhlbnRpY2F0ZSAtLWVuZD1cIiRsb2NhbF9yZWZcIgo+ICtkb25lXG4iKQoK
SSBiZWxpZXZlIHRoaXMgc2hvdWxkIGJlICIkbG9jYWxfb2lkIiwgbm90ICIkbG9jYWxfcmVmIi4K
Cj4gKyhkZWZpbmUgKGNvbmZpZ3VyZWQtaW50cm9kdWN0aW9uIHJlcG9zaXRvcnkpCj4gKyAgIlJl
dHVybiB0d28gdmFsdWVzOiB0aGUgY29tbWl0IGFuZCBzaWduZXIgZmluZ2VycHJpbnQgKHN0cmlu
Z3MpIGFzCj4gK2NvbmZpZ3VyZWQgaW4gUkVQT1NJVE9SWS4gIEVycm9yIG91dCBpZiBvbmUgb3Ig
Ym90aCB3ZXJlIG1pc3NpbmcuIgo+ICsgIChsZXQqICgoY29uZmlnIChyZXBvc2l0b3J5LWNvbmZp
ZyByZXBvc2l0b3J5KSkKPiArICAgICAgICAgKGNvbW1pdCAoY29uZmlnLXZhbHVlIGNvbmZpZyAi
Z3VpeC5hdXRoZW50aWNhdGlvbi5pbnRyb2R1Y3Rpb24tY29tbWl0IikpCj4gKyAgICAgICAgIChz
aWduZXIgKGNvbmZpZy12YWx1ZSBjb25maWcgImd1aXguYXV0aGVudGljYXRpb24uaW50cm9kdWN0
aW9uLXNpZ25lciIpKSkKPiArICAgICh1bmxlc3MgKGFuZCBjb21taXQgc2lnbmVyKQo+ICsgICAg
ICAobGVhdmUgKEdfICJ1bmtub3duIGludHJvZHVjdG9yeSBjb21taXQgYW5kIHNpZ25lcn4lIikp
KQo+ICsgICAgKHZhbHVlcyBjb21taXQgc2lnbmVyKSkpCgpJIGFtIHdvbmRlcmluZyBob3cgdGhp
cyB3b3VsZCB3b3JrIGlmIHNvbWVib2R5IGlzIHdvcmtpbmcgd2l0aCBtdWx0aXBsZSBicmFuY2hl
cywgaW4gcGFydGljdWxhciBpZiB0aGV5IGRvIG5vdCBhbGwgdXNlIHRoZSBzYW1lIGludHJvZHVj
dGlvbi4gTWF5YmUgdGhhdCBkb2Vzbid0IG5lZWQgdG8gYmUgYWRkcmVzc2VkIGluIHRoaXMgcGF0
Y2ggc2VyaWVzIGJ1dCBpdCBtaWdodCBiZSBlYXNpZXIgdG8gYWRkcmVzcyBpdCBpbiB0aGUgZnV0
dXJlIGlmIHRoZSBicmFuY2ggbmFtZSB3YXMgaW5jbHVkZWQgaW4gdGhlIGNvbmZpZyBmaWxlIGlu
c3RlYWQgYXNzdW1pbmcgdGhhdCBhIHNwZWNpZmljIGludHJvZHVjdGlvbiBhcHBsaWVzIHRvIGV2
ZXJ5IGJyYW5jaCBpbiBhIGdpdmVuIGNoZWNrb3V0IChmb3IgZXhhbXBsZSwgYnkgdXNpbmcgImd1
aXguYXV0aGVudGljYXRpb24uaW50cm9kdWN0aW9uLWNvbW1pdC5icmFuY2gtbmFtZSIpLiBUaGlz
IGlzIHByb2JhYmx5IG1vcmUgcmVsZXZhbnQgdG8gZXh0ZXJuYWwgdXNlcnMgb2YgdGhlIHRvb2wg
dGhhbiB0byB0aGUgZ3VpeCByZXBvc2l0b3J5IGl0c2VsZi4gVGhlIGxvZ2lzdGljcyBvZiB1c2lu
ZyB1bnJlbGF0ZWQgYnJhbmNoZXMgc2ltdWx0YW5lb3VzbHkgc2VlbXMgY29tcGxpY2F0ZWQgYW5k
IG5vdCB2ZXJ5IGhlbHBmdWwsIGVzcGVjaWFsbHkgd2hlbiBjaGFubmVscyBhcmUgc3VjaCBhbiBh
cHBlYWxpbmcgYWx0ZXJuYXRpdmUuIEJ1dCBpdCBjb3VsZCBiZSB1c2VmdWwgZm9yIG90aGVyIHBy
b2plY3RzLgoKPiArKGRlZmluZSAoY29uZmlndXJlZD8gcmVwb3NpdG9yeSkKPiArICAiUmV0dXJu
IHRydWUgaWYgUkVQT1NJVE9SWSBhbHJlYWR5IGNvbnRhaW5lciBpbnRyb2R1Y3Rpb24gaW5mbyBp
biBpdHMKPiArJ2NvbmZpZycgZmlsZS4iCgpUeXBvOiB0aGlzIHNob3VsZCBiZSAiY29udGFpbnMi
LCBub3QgImNvbnRhaW5lciIKClJlZ2FyZHMsClNreWxlcg==

--b1_AUDLpjDInzbAhMDX0M6TqRjhCUqBxhcQ7YIQTmmrU8
Content-Type: text/html; charset=utf-8
Content-Transfer-Encoding: base64

PCFET0NUWVBFIGh0bWw+PGh0bWw+PGhlYWQ+DQogICAgPG1ldGEgaHR0cC1lcXVpdj0iQ29udGVu
dC1UeXBlIiBjb250ZW50PSJ0ZXh0L2h0bWw7IGNoYXJzZXQ9VVRGLTgiLz4NCiAgPC9oZWFkPg0K
ICA8Ym9keT4NCiAgICBIZWxsbyBMdWRv4oCZLDxzcGFuIHN0eWxlPSJ3aGl0ZS1zcGFjZTogcHJl
LXdyYXAiPg0KPC9zcGFuPjxici8+DQogICAgVGhpcyBsb29rcyBsaWtlIGEgZ3JlYXQgd2F5IHRv
IGltcHJvdmUgcHJvdGVjdGlvbiBmb3IgZ3VpeA0KICAgIGRldmVsb3BlcnMuIFNhdmluZyB0aGUg
aW5wdXQsIHdoaWNoIHN0aWxsIGluaXRpYWxseSBjb21lcyBmcm9tIHRoZQ0KICAgIGRldmVsb3Bl
ciwgYW5kIHVzaW5nIGl0IGF1dG9tYXRpY2FsbHkgaW4gdGhlIGZ1dHVyZSBtZWFucyBsZXNzDQog
ICAgb3ZlcmhlYWQgZm9yIGRldmVsb3BlcnMgYW5kIGxlc3MgY2hhbmNlcyBmb3Igc29tZXRoaW5n
IHRvIGdvIHdyb25nDQogICAgaW4gdGhlIHByb2Nlc3MuIEkmIzM5O20gdHJ5aW5nIGl0IGxvY2Fs
bHkgb24gbXkgbWFjaGluZSBhbmQgdGhlcmUgYXJlIGENCiAgICBmZXcgdGhpbmdzIEkgbm90aWNl
ZC48YnIvPg0KICAgIDxici8+DQogICAgPGJsb2NrcXVvdGUgdHlwZT0iY2l0ZSI+DQogICAgICA8
cHJlIGNsYXNzPSJtb3otcXVvdGUtcHJlIiB3cmFwPSIiPisgIChpZiAob3IgKGZpbGUtZXhpc3Rz
PyBwcmUtcHVzaC1ob29rKQ0KKyAgICAgICAgICAoZmlsZS1leGlzdHM/IGZwb3N0LWNoZWNrb3V0
LWhvb2spKQ0KKyAgICAgIChiZWdpbg0KKyAgICAgICAgKHdhcm5pbmcgKEdfICYjMzQ7bm90IG92
ZXJyaWRpbmcgcHJlLWV4aXN0aW5nIGhvb2tzICYjMzk7fmEmIzM5OyBhbmQgJiMzOTt+YSYjMzk7
fiUmIzM0OykNCisgICAgICAgICAgICAgICAgIHByZS1wdXNoLWhvb2sgcG9zdC1jaGVja291dC1o
b29rKQ0KKyAgICAgICAgKGRpc3BsYXktaGludCAoR18gJiMzNDtDb25zaWRlciBydW5uaW5nIEBj
b21tYW5ke2d1aXggZ2l0IGF1dGhlbnRpY2F0ZX0NCitmcm9tIHlvdXIgcHJlLXB1c2ggYW5kIHVw
ZGF0ZSBob29rcyBzbyB5b3VyIHJlcG9zaXRvcnkgaXMgYXV0b21hdGljYWxseQ0KK2F1dGhlbnRp
Y2F0ZWQgYmVmb3JlIHlvdSBwdXNoIG9yIHJlY2VpdmUgdXBkYXRlcy4mIzM0OykpKTwvcHJlPg0K
ICAgIDwvYmxvY2txdW90ZT4NCiAgICA8YnIvPg0KICAgIFdoZW4gdGhlIGRldmVsb3BlciBidWls
ZHMgZ3VpeCBhIHByZS1wdXNoIGhvb2sgaXMgYWxyZWFkeSBpbnN0YWxsZWQsDQogICAgZnJvbSBl
dGMvZ2l0L3ByZS1wdXNoLiBUaGlzIHJ1bnMgYG1ha2UgYXV0aGVudGljYXRlYCBpdHNlbGYgYnV0
IGFsc28NCiAgICBydW5zIGBtYWtlIGNoZWNrLWNoYW5uZWwtbmV3c2AuIEkgZG9uJiMzOTt0IHRo
aW5rIHdlIGNhbiBqdXN0IGdldCByaWQgb2YNCiAgICB0aGF0IGZpbGUgYmVjYXVzZSB0aGVuIHBl
b3BsZSB3b3VsZCBsb3NlIGNoZWNrLWNoYW5uZWwtbmV3cywgYnV0IGl0DQogICAgc2VlbXMgdXNl
ZnVsIHRvIGhhdmUgdGhpcyBmdW5jdGlvbmFsaXR5IGJ1aWx0IGludG8gdGhlIGF1dGhlbnRpY2F0
ZQ0KICAgIHNjcmlwdCBzbyB0aGF0IG90aGVyIHByb2plY3RzIGNhbiB1c2UgaXQuIFVuZm9ydHVu
YXRlbHksDQogICAgdW5jb25kaXRpb25hbGx5IGFwcGVuZGluZyB0byB0aGUgc2NyaXB0IGNvdWxk
IGNhdXNlIHByb2JsZW1zIGJlY2F1c2UNCiAgICB0aGUgZGV2ZWxvcGVyIGNvdWxkIGhhdmUgYWRk
ZWQgdGhlaXIgb3duIGhvb2sgd2hpY2ggY291bGQgaGF2ZSBiZWVuDQogICAgd3JpdHRlbiBpbiBh
bnkgbGFuZ3VhZ2UuIFBlcmhhcHMgd2UgY291bGQgdXBkYXRlIGV0Yy9naXQvcHJlLXB1c2ggdG8N
CiAgICBjYWxsIHRoZSBhdXRoZW50aWNhdGUgc2NyaXB0IGluIHRoZSBuZXcgd2F5IGFuZCBpbnN0
YWxsIGFueSBob29rcw0KICAgIHRoYXQgZG8gbm90IGNsb2JiZXIgKGVnLCBpZiBwcmUtcHVzaCBl
eGlzdHMgdGhlbiB3ZSBza2lwIHRoYXQgaG9vaw0KICAgIGJ1dCBpbnN0YWxsIHRoZSByZXN0KT88
YnIvPg0KICAgIDxici8+DQogICAgPGJsb2NrcXVvdGUgdHlwZT0iY2l0ZSI+DQogICAgICA8cHJl
IGNsYXNzPSJtb3otcXVvdGUtcHJlIiB3cmFwPSIiPisgIChkZWZpbmUgcG9zdC1jaGVja291dC1o
b29rDQorICAgIChpbi12aWNpbml0eSBkaXJlY3RvcnkgJiMzNDtob29rcy9wb3N0LWNoZWNrb3V0
JiMzNDspKTwvcHJlPg0KICAgIDwvYmxvY2txdW90ZT4NCiAgICA8YnIvPg0KICAgIFRoZSBwb3N0
LWNoZWNrb3V0IGhvb2sgZG9lcyBub3QgcnVuIHdoZW4gYGdpdCBwdWxsYCBpcyBjYWxsZWQuDQog
ICAgSW5zdGVhZCwgdGhlIHBvc3QtbWVyZ2UgaG9vayBpcyBjYWxsZWQuIE5vdGUgdGhhdCBwb3N0
LW1lcmdlIGRvZXMNCiAgICBub3QgcmVjZWl2ZSB0aGUgc2FtZSBzZXQgb2YgYXJndW1lbnRzIGFz
IHBvc3QtY2hlY2tvdXQuIEkgaGFkDQogICAgc3VjY2VzcyByZXBsYWNpbmcgJiMzNDskbmV3cmV2
JiMzNDsgd2l0aCAmIzM0OyQoZ2l0IHJldi1wYXJzZSBIRUFEKSYjMzQ7LiBXZSBjb3VsZA0KICAg
IGxlYXZlIG91dCB0aGUgdmFsdWUgY29tcGxldGVseSBmb3IgcG9zdC1tZXJnZSBiZWNhdXNlIHRo
ZSBzY3JpcHQNCiAgICB3aWxsIHVzZSBIRUFEIGJ5IGRlZmF1bHQgaWYgbm8gZW5kIGlzIGdpdmVu
LiBCdXQgbWF5YmUgd2UgZG9uJiMzOTt0IHdhbnQNCiAgICB0byByZWx5IG9uIGRlZmF1bHQgYmVo
YXZpb3IgZm9yIGEgc2NyaXB0IHRoYXQgd2lsbCBub3QgYmUNCiAgICBhdXRvbWF0aWNhbGx5IHVw
ZGF0ZWQgd2l0aCB0aGUgdG9vbC48YnIvPg0KICAgIDxici8+DQogICAgSSBjYW4gdGhpbmsgb2Yg
bW9yZSB3YXlzIHRoYXQgYSBkZXZlbG9wZXIgY291bGQgZW5kIHVwIG9uIGEgbmV3DQogICAgY29t
bWl0LiBGb3IgZXhhbXBsZSwgcnVubmluZyBgZ2l0IGZldGNoYCBmb2xsb3dlZCBieSBgZ2l0IHJl
c2V0DQogICAgLS1oYXJkYC4gSSYjMzk7bSBub3Qgc3VyZSBpZiBpdCBtYWtlcyB0byBzdXBwb3J0
IGV2ZXJ5IHBvc3NpYmxlIGNhc2UNCiAgICBiZWNhdXNlIHRoYXQgY291bGQgZ2V0IGNvbXBsaWNh
dGVkIHZlcnkgcXVpY2tseS4gQnV0IGdpdCBwdWxsIGlzIHRoZQ0KICAgIG1vc3QgY29tbW9uIHdh
eSB0byBnZXQgdXBkYXRlcyAoYXQgbGVhc3QgaW4gbXkgZXhwZXJpZW5jZSwgd2hpY2gNCiAgICBj
b3VsZCBoYXZlIGEgc2FtcGxlIGJpYXMpIHNvIEkgdGhpbmsgaXQgbWFrZXMgc2Vuc2UgdG8gYXQg
bGVhc3QNCiAgICBzdXBwb3J0IHRoYXQuPGJyLz4NCiAgICA8YnIvPg0KICAgIDxibG9ja3F1b3Rl
IHR5cGU9ImNpdGUiPg0KICAgICAgPHByZSBjbGFzcz0ibW96LXF1b3RlLXByZSIgd3JhcD0iIj4r
d2hpbGUgcmVhZCBsb2NhbF9yZWYgbG9jYWxfb2lkIHJlbW90ZV9yZWYgcmVtb3RlX29pZA0KK2Rv
DQorICBndWl4IGdpdCBhdXRoZW50aWNhdGUgLS1lbmQ9XCYjMzQ7JGxvY2FsX3JlZlwmIzM0Ow0K
K2RvbmVcbiYjMzQ7KTwvcHJlPg0KICAgIDwvYmxvY2txdW90ZT4NCiAgICA8YnIvPg0KICAgIEkg
YmVsaWV2ZSB0aGlzIHNob3VsZCBiZSAmIzM0OyRsb2NhbF9vaWQmIzM0Oywgbm90ICYjMzQ7JGxv
Y2FsX3JlZiYjMzQ7Ljxici8+DQogICAgPGJyLz4NCiAgICA8YmxvY2txdW90ZSB0eXBlPSJjaXRl
Ij4NCiAgICAgIDxwcmUgY2xhc3M9Im1vei1xdW90ZS1wcmUiIHdyYXA9IiI+KyhkZWZpbmUgKGNv
bmZpZ3VyZWQtaW50cm9kdWN0aW9uIHJlcG9zaXRvcnkpDQorICAmIzM0O1JldHVybiB0d28gdmFs
dWVzOiB0aGUgY29tbWl0IGFuZCBzaWduZXIgZmluZ2VycHJpbnQgKHN0cmluZ3MpIGFzDQorY29u
ZmlndXJlZCBpbiBSRVBPU0lUT1JZLiAgRXJyb3Igb3V0IGlmIG9uZSBvciBib3RoIHdlcmUgbWlz
c2luZy4mIzM0Ow0KKyAgKGxldCogKChjb25maWcgKHJlcG9zaXRvcnktY29uZmlnIHJlcG9zaXRv
cnkpKQ0KKyAgICAgICAgIChjb21taXQgKGNvbmZpZy12YWx1ZSBjb25maWcgJiMzNDtndWl4LmF1
dGhlbnRpY2F0aW9uLmludHJvZHVjdGlvbi1jb21taXQmIzM0OykpDQorICAgICAgICAgKHNpZ25l
ciAoY29uZmlnLXZhbHVlIGNvbmZpZyAmIzM0O2d1aXguYXV0aGVudGljYXRpb24uaW50cm9kdWN0
aW9uLXNpZ25lciYjMzQ7KSkpDQorICAgICh1bmxlc3MgKGFuZCBjb21taXQgc2lnbmVyKQ0KKyAg
ICAgIChsZWF2ZSAoR18gJiMzNDt1bmtub3duIGludHJvZHVjdG9yeSBjb21taXQgYW5kIHNpZ25l
cn4lJiMzNDspKSkNCisgICAgKHZhbHVlcyBjb21taXQgc2lnbmVyKSkpPC9wcmU+DQogICAgPC9i
bG9ja3F1b3RlPg0KICAgIDxici8+DQogICAgSSBhbSB3b25kZXJpbmcgaG93IHRoaXMgd291bGQg
d29yayBpZiBzb21lYm9keSBpcyB3b3JraW5nIHdpdGgNCiAgICBtdWx0aXBsZSBicmFuY2hlcywg
aW4gcGFydGljdWxhciBpZiB0aGV5IGRvIG5vdCBhbGwgdXNlIHRoZSBzYW1lDQogICAgaW50cm9k
dWN0aW9uLiBNYXliZSB0aGF0IGRvZXNuJiMzOTt0IG5lZWQgdG8gYmUgYWRkcmVzc2VkIGluIHRo
aXMgcGF0Y2gNCiAgICBzZXJpZXMgYnV0IGl0IG1pZ2h0IGJlIGVhc2llciB0byBhZGRyZXNzIGl0
IGluIHRoZSBmdXR1cmUgaWYgdGhlDQogICAgYnJhbmNoIG5hbWUgd2FzIGluY2x1ZGVkIGluIHRo
ZSBjb25maWcgZmlsZSBpbnN0ZWFkIGFzc3VtaW5nIHRoYXQgYQ0KICAgIHNwZWNpZmljIGludHJv
ZHVjdGlvbiBhcHBsaWVzIHRvIGV2ZXJ5IGJyYW5jaCBpbiBhIGdpdmVuIGNoZWNrb3V0DQogICAg
KGZvciBleGFtcGxlLCBieSB1c2luZw0KICAgICYjMzQ7Z3VpeC5hdXRoZW50aWNhdGlvbi5pbnRy
b2R1Y3Rpb24tY29tbWl0LmJyYW5jaC1uYW1lJiMzNDspLiBUaGlzIGlzDQogICAgcHJvYmFibHkg
bW9yZSByZWxldmFudCB0byBleHRlcm5hbCB1c2VycyBvZiB0aGUgdG9vbCB0aGFuIHRvIHRoZQ0K
ICAgIGd1aXggcmVwb3NpdG9yeSBpdHNlbGYuIFRoZSBsb2dpc3RpY3Mgb2YgdXNpbmcgdW5yZWxh
dGVkIGJyYW5jaGVzDQogICAgc2ltdWx0YW5lb3VzbHkgc2VlbXMgY29tcGxpY2F0ZWQgYW5kIG5v
dCB2ZXJ5IGhlbHBmdWwsIGVzcGVjaWFsbHkNCiAgICB3aGVuIGNoYW5uZWxzIGFyZSBzdWNoIGFu
IGFwcGVhbGluZyBhbHRlcm5hdGl2ZS4gQnV0IGl0IGNvdWxkIGJlDQogICAgdXNlZnVsIGZvciBv
dGhlciBwcm9qZWN0cy48YnIvPg0KICAgIDxici8+DQogICAgPGJsb2NrcXVvdGUgdHlwZT0iY2l0
ZSI+DQogICAgICA8cHJlIGNsYXNzPSJtb3otcXVvdGUtcHJlIiB3cmFwPSIiPisoZGVmaW5lIChj
b25maWd1cmVkPyByZXBvc2l0b3J5KQ0KKyAgJiMzNDtSZXR1cm4gdHJ1ZSBpZiBSRVBPU0lUT1JZ
IGFscmVhZHkgY29udGFpbmVyIGludHJvZHVjdGlvbiBpbmZvIGluIGl0cw0KKyYjMzk7Y29uZmln
JiMzOTsgZmlsZS4mIzM0OzwvcHJlPg0KICAgIDwvYmxvY2txdW90ZT4NCiAgICBUeXBvOiB0aGlz
IHNob3VsZCBiZSAmIzM0O2NvbnRhaW5zJiMzNDssIG5vdCAmIzM0O2NvbnRhaW5lciYjMzQ7PGJy
Lz4NCiAgICA8YnIvPg0KICAgIFJlZ2FyZHMsPGJyLz4NCiAgICBTa3lsZXI8YnIvPg0KICANCg0K
PC9ib2R5PjwvaHRtbD4=


--b1_AUDLpjDInzbAhMDX0M6TqRjhCUqBxhcQ7YIQTmmrU8--

Message received at 69780 <at> debbugs.gnu.org:

Received: (at 69780) by debbugs.gnu.org; 14 Mar 2024 14:52:41 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Thu Mar 14 10:52:41 2024
Received: from localhost ([127.0.0.1]:50430 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1rkmRl-0005RA-1Q
	for submit <at> debbugs.gnu.org; Thu, 14 Mar 2024 10:52:41 -0400
Received: from relay.yourmailgateway.de ([188.68.63.162]:37341)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <pelzflorian@HIDDEN>) id 1rkmRg-0005Qv-6h
 for 69780 <at> debbugs.gnu.org; Thu, 14 Mar 2024 10:52:39 -0400
Received: from mors-relay-8201.netcup.net (localhost [127.0.0.1])
 by mors-relay-8201.netcup.net (Postfix) with ESMTPS id 4TwVhY2x1fz3rrK;
 Thu, 14 Mar 2024 15:51:57 +0100 (CET)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=pelzflorian.de;
 s=key2; t=1710427917;
 bh=06ufhVJY9zt+jBwpQLeabUMr7Mh2IJRt9ZqvPT2cD/s=;
 h=From:To:Cc:Subject:In-Reply-To:References:Date:From;
 b=DvY7LqN0G4Bznx0LRdS4vV85TloKKUYxj6Ya4R0GAaqL44I+cy+QoDO/CykbbTHSl
 98QhNCmpVpT81pMBdeoBgWqz5ue+rQuDofF06by8NzRZJjhyfdfna78/7JQAfnMHe4
 NrBJcT5oOWC86nNMvOtBz6zFVt/Kw0EZzJnNAXk7+IrBYCos8xjQoQbkh5EAbD1Rfh
 kF/8PV+DIYdakJf19qLJTdsNJpa0seay7+bmdcYmyvtUp0ukcUc31X5QdhrVYtxldK
 nn0gopODe1Zov33XM6TiYa/XYU82h9Mb64gzBItQtEymSSZqOFG663ihkRij58GqV8
 VZpasVd/ynzbg==
Received: from policy01-mors.netcup.net (unknown [46.38.225.35])
 by mors-relay-8201.netcup.net (Postfix) with ESMTPS id 4TwVhY2CKfz3rKh;
 Thu, 14 Mar 2024 15:51:57 +0100 (CET)
X-Virus-Scanned: Debian amavisd-new at policy01-mors.netcup.net
X-Spam-Flag: NO
X-Spam-Score: -2.899
X-Spam-Level: 
X-Spam-Status: No, score=-2.899 required=6.31 tests=[ALL_TRUSTED=-1,
 BAYES_00=-1.9, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mxe217.netcup.net (unknown [10.243.12.53])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (No client certificate requested)
 by policy01-mors.netcup.net (Postfix) with ESMTPS id 4TwVhP45pHz8sZy;
 Thu, 14 Mar 2024 15:51:49 +0100 (CET)
Received: from florianrock64 (ip92344de0.dynamic.kabel-deutschland.de
 [146.52.77.224])
 by mxe217.netcup.net (Postfix) with ESMTPSA id B53F882A35;
 Thu, 14 Mar 2024 15:51:41 +0100 (CET)
From: "pelzflorian (Florian Pelz)" <pelzflorian@HIDDEN>
To: Ludovic =?utf-8?Q?Court=C3=A8s?= <ludo@HIDDEN>
Subject: Re: [bug#69780] [PATCH 4/4] DRAFT news: Add entry for
 =?utf-8?Q?=E2=80=98guix?= git
 =?utf-8?Q?authenticate=E2=80=99?= changes.
In-Reply-To: <e1e5ac9fc790e58a2496d46ccefb5e72daa91e19.1710351278.git.ludo@HIDDEN>
 ("Ludovic =?utf-8?Q?Court=C3=A8s=22's?= message of "Wed, 13 Mar 2024
 18:42:22 +0100")
References: <cover.1710351278.git.ludo@HIDDEN>
 <e1e5ac9fc790e58a2496d46ccefb5e72daa91e19.1710351278.git.ludo@HIDDEN>
Date: Thu, 14 Mar 2024 15:51:39 +0100
Message-ID: <87o7bgq32c.fsf@HIDDEN>
User-Agent: Gnus/5.13 (Gnus v5.13)
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
X-Rspamd-Queue-Id: B53F882A35
X-Rspamd-Server: rspamd-worker-8404
X-NC-CID: DDJlLw06UjcZwbtR3eHJ6qeozlQ+OqvW+Zxv2q35NVZBtBsd8YFJqdLd
X-Spam-Score: -0.0 (/)
X-Debbugs-Envelope-To: 69780
Cc: 69780 <at> debbugs.gnu.org, Julien Lepiller <julien@HIDDEN>
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -1.0 (-)

Hi there.

Haven=E2=80=99t tested, but looks like now I won=E2=80=99t get confused whi=
ch guix git
authenticate command from my bash history is the right one for which
repository. :)

Could you add this German translation:

Ludovic Court=C3=A8s <ludo@HIDDEN> writes:
> +        (title
> +         (en "@command{guix git authenticate} usage simplified")

          (de "@command{guix git authenticate} ist leichter nutzbar"))


> )
> +        (body
> +         (en "Usage of the @command{guix git authenticate} command

          (de "Der Befehl @command{guix git authenticate} kann jetzt einfac=
her
benutzt werden.  Mit dem Befehl k=C3=B6nnen Kanalautoren und Entwickler die
Provenienz ihres Codes =C3=BCberpr=C3=BCfen.

Beim ersten Gebrauch speichert @command{guix git authenticate} Commit und
Unterzeichner (wie in der @dfn{Kanaleinf=C3=BChrung}) in der Datei
@file{.git/config} Ihres Repositorys, so dass Sie sie bei sp=C3=A4teren
Ausf=C3=BChrungen nicht mehr auf der Befehlszeile angeben m=C3=BCssen.  Auc=
h werden
Git-Hooks f=C3=BCr pre-push und post-checkout installiert, wenn es bisher k=
eine
Hooks dieser Art gibt.

F=C3=BChren Sie @command{info \"(guix.de) Aufruf von guix git authenticate\=
"}
aus, wenn Sie mehr wissen wollen.")))




Regards,
Florian

Message received at 69780 <at> debbugs.gnu.org:

Received: (at 69780) by debbugs.gnu.org; 13 Mar 2024 17:45:48 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Wed Mar 13 13:45:48 2024
Received: from localhost ([127.0.0.1]:47364 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1rkSfk-0008JQ-8b
	for submit <at> debbugs.gnu.org; Wed, 13 Mar 2024 13:45:48 -0400
Received: from eggs.gnu.org ([209.51.188.92]:49660)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <ludo@HIDDEN>) id 1rkSfS-0008IL-8H
 for 69780 <at> debbugs.gnu.org; Wed, 13 Mar 2024 13:45:31 -0400
Received: from fencepost.gnu.org ([2001:470:142:3::e])
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <ludo@HIDDEN>)
 id 1rkSch-0000wV-HX; Wed, 13 Mar 2024 13:42:39 -0400
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org;
 s=fencepost-gnu-org; h=MIME-Version:References:In-Reply-To:Date:Subject:To:
 From; bh=sMdFZ1EBRTOTh9ZxnBP3vT8aaWLmy4pTEAPrmSyOYXM=; b=VytH3LM5aPxsrsmJNgYW
 lMSsM4Yfzgor0jLgB0mcT9fGJAHk7XjZLCyo0NHjiLl8fpVumCOModYvK46AH3umH8Mb316SAXBzf
 R+d0L7rmF/IgYbGeTSQbQzKLKSek4Sc9CY+qnI9Or01OxUqyqFj8or7hWbEXQ3hdGikPgitrqDA5q
 TvLNJdqM+EwitkorkDlE8W1jaCTQydVQ+G7DJNdVA+vTKIISEd6VtdWrd343ZukJy3bpoOyUdH9uX
 M95jT6cyQzXO72Z3Hmqi8DRDCtGnKEYhFiQjDUuXElPmpX15JAciS/aPk93W8G0OMQ1ryuIxOG+fb
 8CsaSv2NljgbkQ==;
From: =?UTF-8?q?Ludovic=20Court=C3=A8s?= <ludo@HIDDEN>
To: 69780 <at> debbugs.gnu.org
Subject: [PATCH 4/4] =?UTF-8?q?DRAFT=20news:=20Add=20entry=20for=20?=
 =?UTF-8?q?=E2=80=98guix=20git=20authenticate=E2=80=99=20changes.?=
Date: Wed, 13 Mar 2024 18:42:22 +0100
Message-ID: <e1e5ac9fc790e58a2496d46ccefb5e72daa91e19.1710351278.git.ludo@HIDDEN>
X-Mailer: git-send-email 2.41.0
In-Reply-To: <cover.1710351278.git.ludo@HIDDEN>
References: <cover.1710351278.git.ludo@HIDDEN>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
X-Debbugs-Cc: Florian Pelz <pelzflorian@HIDDEN>,
 Julien Lepiller <julien@HIDDEN>
Content-Transfer-Encoding: 8bit
X-Spam-Score: -2.3 (--)
X-Debbugs-Envelope-To: 69780
Cc: =?UTF-8?q?Ludovic=20Court=C3=A8s?= <ludo@HIDDEN>
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -3.3 (---)

* etc/news.scm: Add entry.

Change-Id: I661a0c0bfc373b87a70508ad9a735315c96ba4a5
---
 etc/news.scm | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)

diff --git a/etc/news.scm b/etc/news.scm
index ab7fa4c0d5..ff0428be29 100644
--- a/etc/news.scm
+++ b/etc/news.scm
@@ -28,6 +28,22 @@
 (channel-news
  (version 0)
 
+ (entry (commit "TODO")
+        (title
+         (en "@command{guix git authenticate} usage simplified"))
+        (body
+         (en "Usage of the @command{guix git authenticate} command has been
+simplified.  The command is useful to channel authors and to developers
+willing to validate the provenance of their code.
+
+On your first use, @command{guix git authenticate} will now record the commit
+and signer (the @dfn{introduction}) in the @file{.git/config} file of your
+repository so that you don't have to pass them on the command line in
+subsequent runs.  It will also install pre-push and post-checkout hooks,
+unless preexisting hooks are found.
+
+Run @command{info \"(guix) Invoking guix authenticate\"} for more info.")))
+
  (entry (commit "ff1251de0bc327ec478fc66a562430fbf35aef42")
         (title
          (en "Daemon vulnerability allowing store corruption has been fixed")
-- 
2.41.0

Message received at 69780 <at> debbugs.gnu.org:

Received: (at 69780) by debbugs.gnu.org; 13 Mar 2024 17:45:48 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Wed Mar 13 13:45:48 2024
Received: from localhost ([127.0.0.1]:47362 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1rkSfj-0008JI-Mb
	for submit <at> debbugs.gnu.org; Wed, 13 Mar 2024 13:45:48 -0400
Received: from eggs.gnu.org ([209.51.188.92]:49644)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <ludo@HIDDEN>) id 1rkSfS-0008IK-8H
 for 69780 <at> debbugs.gnu.org; Wed, 13 Mar 2024 13:45:30 -0400
Received: from fencepost.gnu.org ([2001:470:142:3::e])
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <ludo@HIDDEN>)
 id 1rkScg-0000w8-Jh; Wed, 13 Mar 2024 13:42:38 -0400
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org;
 s=fencepost-gnu-org; h=MIME-Version:References:In-Reply-To:Date:Subject:To:
 From; bh=p1AjpATHK4VP0ER2YWQgDYbrKLAnCVuCnH6/9qgSQyA=; b=XS8HWCkqC8hbQiUAkMC8
 JqOnnL7Eziv4z5OYtDVjXx54+WY7DVguQhDsOSWGznMDx5cY/2HmTbvfZ9LgRGHHtiqge5ZK0jTDq
 Cvg4qHSGoueftoTbS1no9S5C1DFK9PTY0bq8HDtUkDJ+392BKINr+zS7xAOduzo25kBDnqXNcIE41
 7FjzIQCswAdg1uFpE/F5tQ0UlxyiMmgCxEj9WOBkpbjmovAB2rvNo4BQzq13c3JWskPq8f0T3Jqk7
 U8O2SCtctvsK0gOhsLVsL99Fp9dR7NNt3EEUPSla3HaRPe5U+C004IQme9ws5TOIXiI+u1moGc5H7
 yWEpMKmtgj0inw==;
From: =?UTF-8?q?Ludovic=20Court=C3=A8s?= <ludo@HIDDEN>
To: 69780 <at> debbugs.gnu.org
Subject: [PATCH 3/4] git authenticate: Install pre-push and post-checkout
 hooks.
Date: Wed, 13 Mar 2024 18:42:21 +0100
Message-ID: <6a556beb2566aa401d5064049e136ff2a7669b63.1710351278.git.ludo@HIDDEN>
X-Mailer: git-send-email 2.41.0
In-Reply-To: <cover.1710351278.git.ludo@HIDDEN>
References: <cover.1710351278.git.ludo@HIDDEN>
MIME-Version: 1.0
X-Debbugs-Cc: Christopher Baines <guix@HIDDEN>, Josselin Poiret <dev@HIDDEN>, Ludovic Courtès <ludo@HIDDEN>, Mathieu Othacehe <othacehe@HIDDEN>, Ricardo Wurmus <rekado@HIDDEN>, Simon Tournier <zimon.toutoune@HIDDEN>, Tobias Geerinckx-Rice <me@HIDDEN>
Content-Transfer-Encoding: 8bit
X-Spam-Score: -2.3 (--)
X-Debbugs-Envelope-To: 69780
Cc: =?UTF-8?q?Ludovic=20Court=C3=A8s?= <ludo@HIDDEN>
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -3.3 (---)

* guix/scripts/git/authenticate.scm (install-hooks): New procedure.
(guix-git-authenticate): Use it.
* doc/guix.texi (Invoking guix git authenticate): Document it.

Change-Id: I4464a33193186e85b476a12740e54412bd58429c
---
 doc/guix.texi                     |  5 ++++
 guix/scripts/git/authenticate.scm | 43 ++++++++++++++++++++++++++++++-
 2 files changed, 47 insertions(+), 1 deletion(-)

diff --git a/doc/guix.texi b/doc/guix.texi
index ac0766b98c..b1672803c0 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -7624,6 +7624,11 @@ Invoking guix git authenticate
 guix git authenticate [@var{options}@dots{}]
 @end example
 
+The first run also attempts to install pre-push and post-checkout hooks,
+such that @command{guix git authenticate} is invoked as soon as you run
+@command{git push}, @command{git checkout}, and related commands; it
+does not overwrite preexisting hooks though.
+
 The options below allow you to fine-tune the process.
 
 @table @code
diff --git a/guix/scripts/git/authenticate.scm b/guix/scripts/git/authenticate.scm
index 36e1aa6228..13e1de3099 100644
--- a/guix/scripts/git/authenticate.scm
+++ b/guix/scripts/git/authenticate.scm
@@ -129,6 +129,46 @@ (define* (record-configuration repository
   (info (G_ "introduction and keyring configuration recorded in '~a'~%")
         config-file))
 
+(define (install-hooks repository)
+  "Attempt to install in REPOSITORY pre-push and update hooks that invoke
+'guix git authenticate'.  Bail out if one of these already exists."
+  (define directory
+    (repository-directory repository))
+
+  (define pre-push-hook
+    (in-vicinity directory "hooks/pre-push"))
+
+  (define post-checkout-hook
+    (in-vicinity directory "hooks/post-checkout"))
+
+  (if (or (file-exists? pre-push-hook)
+          (file-exists? post-checkout-hook))
+      (begin
+        (warning (G_ "not overriding pre-existing hooks '~a' and '~a'~%")
+                 pre-push-hook post-checkout-hook)
+        (display-hint (G_ "Consider running @command{guix git authenticate}
+from your pre-push and update hooks so your repository is automatically
+authenticated before you push or receive updates.")))
+      (begin
+        (call-with-output-file pre-push-hook
+          (lambda (port)
+            (format port "#!/bin/sh
+set -e
+while read local_ref local_oid remote_ref remote_oid
+do
+  guix git authenticate --end=\"$local_ref\"
+done\n")
+            (chmod port #o755)))
+        (call-with-output-file post-checkout-hook
+          (lambda (port)
+            (format port "#!/bin/sh
+oldrev=\"$1\"
+newrev=\"$2\"
+exec guix git authenticate --end=\"$newrev\"\n")
+            (chmod port #o755)))
+        (info (G_ "installed hooks '~a' and '~a'~%")
+              pre-push-hook post-checkout-hook))))
+
 (define (show-stats stats)
   "Display STATS, an alist containing commit signing stats as returned by
 'authenticate-repository'."
@@ -250,7 +290,8 @@ (define (guix-git-authenticate . args)
        (unless (configured? repository)
          (record-configuration repository
                                #:commit commit #:signer signer
-                               #:keyring-reference keyring))
+                               #:keyring-reference keyring)
+         (install-hooks repository))
 
        (when (and show-stats? (not (null? stats)))
          (show-stats stats))))))
-- 
2.41.0

Message received at 69780 <at> debbugs.gnu.org:

Received: (at 69780) by debbugs.gnu.org; 13 Mar 2024 17:45:47 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Wed Mar 13 13:45:47 2024
Received: from localhost ([127.0.0.1]:47360 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1rkSfU-0008Iz-IX
	for submit <at> debbugs.gnu.org; Wed, 13 Mar 2024 13:45:47 -0400
Received: from eggs.gnu.org ([209.51.188.92]:48740)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <ludo@HIDDEN>) id 1rkSfQ-0008IH-6s
 for 69780 <at> debbugs.gnu.org; Wed, 13 Mar 2024 13:45:29 -0400
Received: from fencepost.gnu.org ([2001:470:142:3::e])
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <ludo@HIDDEN>)
 id 1rkSce-0000vN-Jr; Wed, 13 Mar 2024 13:42:36 -0400
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org;
 s=fencepost-gnu-org; h=MIME-Version:References:In-Reply-To:Date:Subject:To:
 From; bh=YvXcRRDgEoNDdlU53IdnOj4kZdeeqjFBZC/dS6UTqkw=; b=Txy1ADQCEp0jeutXgq6F
 zXFXDjKlYbkS+WVyQAk6QupjE3ESQLRS5Baf/7IN1/PkHj0yMTLvnyqpY4l8L924482PIdPxG3WZJ
 PHhqesDfe9pCP0usXfvJdb6wVRF29hxanujX3Mdn0bMn4B5/ZrW02pX/j/pTJJ7aEIwQ4NuID6tk4
 v2p7zJEfkDjO+71I+IZpDbzMDQ2hxOHP9qpGlQbR0kS2JyOi4quZ+c1K/vA95/5VFykSAxYDZloz1
 5Hutxm+yr8l65dHMEoKVP7lY8pM/KmbS8gW0pXVIxy8BCs5nyQpuljYTDDuYrHT7cTfJUXnJSq0uJ
 MF1MmsZq60M9nw==;
From: =?UTF-8?q?Ludovic=20Court=C3=A8s?= <ludo@HIDDEN>
To: 69780 <at> debbugs.gnu.org
Subject: [PATCH 1/4] =?UTF-8?q?git=20authenticate:=20Record=20introduction?=
 =?UTF-8?q?=20and=20keyring=20in=20=E2=80=98.git/config=E2=80=99.?=
Date: Wed, 13 Mar 2024 18:42:19 +0100
Message-ID: <40858e56cf55b27711d23add5f3cd2ccc6ea5c58.1710351278.git.ludo@HIDDEN>
X-Mailer: git-send-email 2.41.0
In-Reply-To: <cover.1710351278.git.ludo@HIDDEN>
References: <cover.1710351278.git.ludo@HIDDEN>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
X-Debbugs-Cc: Christopher Baines <guix@HIDDEN>, Josselin Poiret <dev@HIDDEN>, Ludovic Courtès <ludo@HIDDEN>, Mathieu Othacehe <othacehe@HIDDEN>, Ricardo Wurmus <rekado@HIDDEN>, Simon Tournier <zimon.toutoune@HIDDEN>, Tobias Geerinckx-Rice <me@HIDDEN>
Content-Transfer-Encoding: 8bit
X-Spam-Score: -2.3 (--)
X-Debbugs-Envelope-To: 69780
Cc: =?UTF-8?q?Ludovic=20Court=C3=A8s?= <ludo@HIDDEN>
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -1.0 (-)

* guix/scripts/git/authenticate.scm (%default-options): Remove
‘keyring-reference’.
(config-value, configured-introduction, configured-keyring-reference)
(configured?, record-configuration): New procedures.
(guix-git-authenticate)[missing-arguments]: New procedure.
Use ‘configured-introduction’ when zero arguments are given.
Use ‘configured-keyring-reference’ when ‘-k’ is not passed.  Add call to
‘record-configuration’.
* doc/guix.texi (Invoking guix git authenticate): Document it.

Change-Id: I66e111a83f50407b52da71662629947f83a78bbc
---
 doc/guix.texi                     |  12 ++-
 guix/scripts/git/authenticate.scm | 128 ++++++++++++++++++++++--------
 tests/guix-git-authenticate.sh    |   9 ++-
 3 files changed, 112 insertions(+), 37 deletions(-)

diff --git a/doc/guix.texi b/doc/guix.texi
index 858d5751bf..ac0766b98c 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -7615,8 +7615,16 @@ Invoking guix git authenticate
 and non-zero on failure.  @var{commit} above denotes the first commit
 where authentication takes place, and @var{signer} is the OpenPGP
 fingerprint of public key used to sign @var{commit}.  Together, they
-form a ``channel introduction'' (@pxref{channel-authentication, channel
-introduction}).  The options below allow you to fine-tune the process.
+form a @dfn{channel introduction} (@pxref{channel-authentication, channel
+introduction}).  On your first successful run, the introduction is
+recorded in the @file{.git/config} file of your checkout, allowing you
+to omit them from subsequent invocations:
+
+@example
+guix git authenticate [@var{options}@dots{}]
+@end example
+
+The options below allow you to fine-tune the process.
 
 @table @code
 @item --repository=@var{directory}
diff --git a/guix/scripts/git/authenticate.scm b/guix/scripts/git/authenticate.scm
index 6ff5cee682..d3cc4065df 100644
--- a/guix/scripts/git/authenticate.scm
+++ b/guix/scripts/git/authenticate.scm
@@ -31,6 +31,7 @@ (define-module (guix scripts git authenticate)
   #:use-module (srfi srfi-1)
   #:use-module (srfi srfi-26)
   #:use-module (srfi srfi-37)
+  #:use-module (srfi srfi-71)
   #:use-module (ice-9 format)
   #:use-module (ice-9 match)
   #:export (guix-git-authenticate))
@@ -73,8 +74,60 @@ (define %options
                   (alist-cons 'show-stats? #t result)))))
 
 (define %default-options
-  '((directory . ".")
-    (keyring-reference . "keyring")))
+  '((directory . ".")))
+
+(define (config-value config key)
+  "Return the config value associated with KEY, or #f if no such config was
+found."
+  (catch 'git-error
+    (lambda ()
+      (config-entry-value (config-get-entry config key)))
+    (const #f)))
+
+(define (configured-introduction repository)
+  "Return two values: the commit and signer fingerprint (strings) as
+configured in REPOSITORY.  Error out if one or both were missing."
+  (let* ((config (repository-config repository))
+         (commit (config-value config "guix.authentication.introduction-commit"))
+         (signer (config-value config "guix.authentication.introduction-signer")))
+    (unless (and commit signer)
+      (leave (G_ "unknown introductory commit and signer~%")))
+    (values commit signer)))
+
+(define (configured-keyring-reference repository)
+  "Return the keyring reference configured in REPOSITORY or #f if missing."
+  (let ((config (repository-config repository)))
+    (config-value config "guix.authentication.keyring")))
+
+(define (configured? repository)
+  "Return true if REPOSITORY already container introduction info in its
+'config' file."
+  (let ((config (repository-config repository)))
+    (and (config-value config "guix.authentication.introduction-commit")
+         (config-value config "guix.authentication.introduction-signer"))))
+
+(define* (record-configuration repository
+                               #:key commit signer keyring-reference)
+  "Record COMMIT, SIGNER, and KEYRING-REFERENCE in the 'config' file of
+REPOSITORY."
+  (define directory
+    (repository-directory repository))
+
+  (define config-file
+    (in-vicinity directory "config"))
+
+  (call-with-port (open-file config-file "a")
+    (lambda (port)
+      (format port "
+# Added by 'guix git authenticate'.
+[guix \"authentication\"]
+        introduction-commit = ~a
+        introduction-signer = ~a
+        keyring = ~a~%"
+              commit signer keyring-reference)))
+
+  (info (G_ "introduction and keyring configuration recorded in '~a'~%")
+        config-file))
 
 (define (show-stats stats)
   "Display STATS, an alist containing commit signing stats as returned by
@@ -156,35 +209,48 @@ (define (guix-git-authenticate . args)
         (progress-reporter/bar (length commits))
         progress-reporter/silent))
 
+  (define (missing-arguments)
+    (leave (G_ "wrong number of arguments; \
+expected COMMIT and SIGNER~%")))
+
   (with-error-handling
     (with-git-error-handling
-     (match (command-line-arguments options)
-       ((commit signer)
-        (let* ((directory   (assoc-ref options 'directory))
-               (show-stats? (assoc-ref options 'show-stats?))
-               (keyring     (assoc-ref options 'keyring-reference))
-               (repository  (repository-open directory))
-               (end         (match (assoc-ref options 'end-commit)
-                              (#f  (reference-target
-                                    (repository-head repository)))
-                              (oid oid)))
-               (history     (match (assoc-ref options 'historical-authorizations)
-                              (#f '())
-                              (file (call-with-input-file file
-                                      read-authorizations))))
-               (cache-key   (or (assoc-ref options 'cache-key)
-                                (repository-cache-key repository))))
-          (define stats
-            (authenticate-repository repository (string->oid commit)
-                                     (openpgp-fingerprint* signer)
-                                     #:end end
-                                     #:keyring-reference keyring
-                                     #:historical-authorizations history
-                                     #:cache-key cache-key
-                                     #:make-reporter make-reporter))
+     (let* ((directory   (assoc-ref options 'directory))
+            (show-stats? (assoc-ref options 'show-stats?))
+            (repository  (repository-open directory))
+            (commit signer (match (command-line-arguments options)
+                             ((commit signer)
+                              (values commit signer))
+                             (()
+                              (configured-introduction repository))
+                             (_
+                              (missing-arguments))))
+            (keyring     (or (assoc-ref options 'keyring-reference)
+                             (configured-keyring-reference repository)
+                             "keyring"))
+            (end         (match (assoc-ref options 'end-commit)
+                           (#f  (reference-target
+                                 (repository-head repository)))
+                           (oid oid)))
+            (history     (match (assoc-ref options 'historical-authorizations)
+                           (#f '())
+                           (file (call-with-input-file file
+                                   read-authorizations))))
+            (cache-key   (or (assoc-ref options 'cache-key)
+                             (repository-cache-key repository))))
+       (define stats
+         (authenticate-repository repository (string->oid commit)
+                                  (openpgp-fingerprint* signer)
+                                  #:end end
+                                  #:keyring-reference keyring
+                                  #:historical-authorizations history
+                                  #:cache-key cache-key
+                                  #:make-reporter make-reporter))
 
-          (when (and show-stats? (not (null? stats)))
-            (show-stats stats))))
-       (_
-        (leave (G_ "wrong number of arguments; \
-expected COMMIT and SIGNER~%")))))))
+       (unless (configured? repository)
+         (record-configuration repository
+                               #:commit commit #:signer signer
+                               #:keyring-reference keyring))
+
+       (when (and show-stats? (not (null? stats)))
+         (show-stats stats))))))
diff --git a/tests/guix-git-authenticate.sh b/tests/guix-git-authenticate.sh
index ec89f941e6..db60816d45 100644
--- a/tests/guix-git-authenticate.sh
+++ b/tests/guix-git-authenticate.sh
@@ -1,5 +1,5 @@
 # GNU Guix --- Functional package management for GNU
-# Copyright © 2020, 2022 Ludovic Courtès <ludo@HIDDEN>
+# Copyright © 2020, 2022, 2024 Ludovic Courtès <ludo@HIDDEN>
 #
 # This file is part of GNU Guix.
 #
@@ -40,10 +40,11 @@ guix git authenticate "$intro_commit" "$intro_signer"	\
      --end=9549f0283a78fe36f2d4ff2a04ef8ad6b0c02604 && false
 
 # The v1.2.0 commit is a descendant of $intro_commit and it satisfies the
-# authorization invariant.
+# authorization invariant.  No need to repeat $intro_commit and $intro_signer
+# because it should have been recorded in '.git/config'.
 v1_2_0_commit="a099685659b4bfa6b3218f84953cbb7ff9e88063"
-guix git authenticate "$intro_commit" "$intro_signer"	\
-     --cache-key="$cache_key" --stats			\
+guix git authenticate				\
+     --cache-key="$cache_key" --stats		\
      --end="$v1_2_0_commit"
 
 rm "$XDG_CACHE_HOME/guix/authentication/$cache_key"
-- 
2.41.0

Message received at 69780 <at> debbugs.gnu.org:

Received: (at 69780) by debbugs.gnu.org; 13 Mar 2024 17:45:30 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Wed Mar 13 13:45:30 2024
Received: from localhost ([127.0.0.1]:47354 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1rkSfS-0008Ia-3R
	for submit <at> debbugs.gnu.org; Wed, 13 Mar 2024 13:45:30 -0400
Received: from eggs.gnu.org ([209.51.188.92]:48732)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <ludo@HIDDEN>) id 1rkSfQ-0008IG-6s
 for 69780 <at> debbugs.gnu.org; Wed, 13 Mar 2024 13:45:28 -0400
Received: from fencepost.gnu.org ([2001:470:142:3::e])
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <ludo@HIDDEN>)
 id 1rkScf-0000vc-Gr; Wed, 13 Mar 2024 13:42:37 -0400
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org;
 s=fencepost-gnu-org; h=MIME-Version:References:In-Reply-To:Date:Subject:To:
 From; bh=wYNpMwy3YvfILQnVZiWDF4E+radtE/xWwh0rzUXvgCE=; b=FMb8R1hHalOuy0m9ucPx
 5/qztgEv8zjWe3kpIkuKb4S4/At6PC7cM//ptKr9hoThslbCbPLkAkAcmrbTyi/kXMU9kTm/4gTG1
 EbgmSR2c0KKjb13XPisT27nqp1hSZ2qswvmK7KIjEnDlK5h+ql0OlPFwX1EHudR/J+YzQqhu33ROs
 zarWmKUE4AOcdt6cDfuVQH5qRqvw9laAz+fuNCnSOiq/ntdBnQXqaz8E4AaT8z+fttZk5vMkSibT3
 MB64ukxAIHOC6hG1XWwVn4It63RPNYWBYlce8YQd5j9L6q+xYB9X7yNd6Pdh90R9ahS+A3/r018Fs
 JpW6WS2+tl4HZw==;
From: =?UTF-8?q?Ludovic=20Court=C3=A8s?= <ludo@HIDDEN>
To: 69780 <at> debbugs.gnu.org
Subject: [PATCH 2/4] git authenticate: Discover the repository.
Date: Wed, 13 Mar 2024 18:42:20 +0100
Message-ID: <f7c717157875cc500f2621ae8e9b12f4654c1e97.1710351278.git.ludo@HIDDEN>
X-Mailer: git-send-email 2.41.0
In-Reply-To: <cover.1710351278.git.ludo@HIDDEN>
References: <cover.1710351278.git.ludo@HIDDEN>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
X-Debbugs-Cc: Christopher Baines <guix@HIDDEN>, Josselin Poiret <dev@HIDDEN>, Ludovic Courtès <ludo@HIDDEN>, Mathieu Othacehe <othacehe@HIDDEN>, Ricardo Wurmus <rekado@HIDDEN>, Simon Tournier <zimon.toutoune@HIDDEN>, Tobias Geerinckx-Rice <me@HIDDEN>
Content-Transfer-Encoding: 8bit
X-Spam-Score: -2.3 (--)
X-Debbugs-Envelope-To: 69780
Cc: =?UTF-8?q?Ludovic=20Court=C3=A8s?= <ludo@HIDDEN>
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -3.3 (---)

This allows one to run ‘guix git authenticate’ from a sub-directory of
the checkout.

* guix/scripts/git/authenticate.scm (%default-options): Remove
‘directory’ key.
(guix-git-authenticate): Use ‘repository-discover’ when ‘directory’
option is missing.

Change-Id: Ifada00d559254971ed7eeb8c0a8d4ae74ff3defc
---
 guix/scripts/git/authenticate.scm | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/guix/scripts/git/authenticate.scm b/guix/scripts/git/authenticate.scm
index d3cc4065df..36e1aa6228 100644
--- a/guix/scripts/git/authenticate.scm
+++ b/guix/scripts/git/authenticate.scm
@@ -74,7 +74,7 @@ (define %options
                   (alist-cons 'show-stats? #t result)))))
 
 (define %default-options
-  '((directory . ".")))
+  '())
 
 (define (config-value config key)
   "Return the config value associated with KEY, or #f if no such config was
@@ -215,9 +215,9 @@ (define (guix-git-authenticate . args)
 
   (with-error-handling
     (with-git-error-handling
-     (let* ((directory   (assoc-ref options 'directory))
-            (show-stats? (assoc-ref options 'show-stats?))
-            (repository  (repository-open directory))
+     (let* ((show-stats? (assoc-ref options 'show-stats?))
+            (repository  (repository-open (or (assoc-ref options 'directory)
+                                              (repository-discover "."))))
             (commit signer (match (command-line-arguments options)
                              ((commit signer)
                               (values commit signer))
-- 
2.41.0

Message received at submit <at> debbugs.gnu.org:

Received: (at submit) by debbugs.gnu.org; 13 Mar 2024 17:41:09 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Wed Mar 13 13:41:09 2024
Received: from localhost ([127.0.0.1]:47339 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1rkSbF-0008BX-6I
	for submit <at> debbugs.gnu.org; Wed, 13 Mar 2024 13:41:09 -0400
Received: from lists.gnu.org ([209.51.188.17]:33294)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <ludo@HIDDEN>) id 1rkSbD-0008BP-QP
 for submit <at> debbugs.gnu.org; Wed, 13 Mar 2024 13:41:08 -0400
Received: from eggs.gnu.org ([2001:470:142:3::10])
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <ludo@HIDDEN>) id 1rkSac-00088t-86
 for guix-patches@HIDDEN; Wed, 13 Mar 2024 13:40:32 -0400
Received: from fencepost.gnu.org ([2001:470:142:3::e])
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <ludo@HIDDEN>)
 id 1rkSab-0000dv-Jq; Wed, 13 Mar 2024 13:40:29 -0400
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org;
 s=fencepost-gnu-org; h=MIME-Version:Date:Subject:To:From:in-reply-to:
 references; bh=sJlTr3+Ii215G+CjDDL3OiOFrsW8eh2+V+u/KZNXTC4=; b=moLUMexv+QN/n+
 j9dVgncGPNaCCMCUdihAgASu6+Bb9OHCo/0P41pEdqHrBXry+wpE5c+gS0JjMAlFHh70q6dZSOVK7
 v9wnTeNrxFaO3zlLxeSb5tDiwcMd70nyx/cbBAbdnj6ESwcL3ipppVj07jTQTm7DooCYnvWp9TLsp
 idhT5HeIJCz/LeDWabd1efS7H/ATYLVooS6UX8fLuYkVk0TH5ZbDM9r2XKEeOpdrb2luJzn9HMtwB
 KVJQiySz5DNu6+5tEn7+2/gTPghIQkTzq48I0UpBCC12Eyr0zmQ9uW7GeSY/DluSbw4eI7Px1ZLwG
 R1NB4O99b17vNqPS5LpA==;
From: =?UTF-8?q?Ludovic=20Court=C3=A8s?= <ludo@HIDDEN>
To: guix-patches@HIDDEN
Subject: [PATCH 0/4] Simplify 'guix git authenticate' usage
Date: Wed, 13 Mar 2024 18:40:13 +0100
Message-ID: <cover.1710351278.git.ludo@HIDDEN>
X-Mailer: git-send-email 2.41.0
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
X-Debbugs-Cc: Florian Pelz <pelzflorian@HIDDEN>,
 Julien Lepiller <julien@HIDDEN>
Content-Transfer-Encoding: 8bit
X-Spam-Score: -2.3 (--)
X-Debbugs-Envelope-To: submit
Cc: =?UTF-8?q?Ludovic=20Court=C3=A8s?= <ludo@HIDDEN>
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -3.3 (---)

Hello Git! :-)

‘guix git authenticate’ has always been inconvenient because one
has to provide the introduction (commit and signer) on the command
line.

Only recently did I realize that we could store that info in
‘.git/config’.  This is the main goal of this patch set.

The rest further simplifies its use by discovering the repo and
installing pre-push and post-checkout hooks.

Thoughts?

Ludo’.

Ludovic Courtès (4):
  git authenticate: Record introduction and keyring in ‘.git/config’.
  git authenticate: Discover the repository.
  git authenticate: Install pre-push and post-checkout hooks.
  DRAFT news: Add entry for ‘guix git authenticate’ changes.

 doc/guix.texi                     |  17 ++-
 etc/news.scm                      |  16 +++
 guix/scripts/git/authenticate.scm | 169 ++++++++++++++++++++++++------
 tests/guix-git-authenticate.sh    |   9 +-
 4 files changed, 174 insertions(+), 37 deletions(-)


base-commit: 7b5c030684020282a690322b558f86718eb148a7
-- 
2.41.0