GNU bug report logs - #42048
[PATCH 0/6] Authenticated channels for everyone!

Please note: This is a static page, with minimal formatting, updated once a day.
Click here to see this page with the latest information and nicer formatting.

Package: guix-patches; Reported by: Ludovic Courtès <ludo@HIDDEN>; Keywords: patch; dated Thu, 25 Jun 2020 21:05:02 UTC; Maintainer for guix-patches is guix-patches@HIDDEN.

Message received at 42048 <at> debbugs.gnu.org:


Received: (at 42048) by debbugs.gnu.org; 30 Jun 2020 14:35:29 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Tue Jun 30 10:35:29 2020
Received: from localhost ([127.0.0.1]:51378 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1jqHM9-0003Ce-8u
	for submit <at> debbugs.gnu.org; Tue, 30 Jun 2020 10:35:29 -0400
Received: from sender4-of-o51.zoho.com ([136.143.188.51]:21141)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <rekado@HIDDEN>) id 1jqHM7-0003CW-3w
 for 42048 <at> debbugs.gnu.org; Tue, 30 Jun 2020 10:35:27 -0400
ARC-Seal: i=1; a=rsa-sha256; t=1593527721; cv=none; 
 d=zohomail.com; s=zohoarc; 
 b=f9tHU7QVuH8j++bm353K+BRfGkgPWiLq9SeFGs8PvA+B7I10FT2N03F+jAh+z7PV9jCsKkjBSo37b9lrVgbhoVEAZM/rdeF6xdACewR2rukfnaTTPj/CtpGjdvUHnKX/TcUp+kcZoep2qNOUePC7U3E8H10bkYXZZ1VBRzbKwJY=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com;
 s=zohoarc; t=1593527721;
 h=Content-Type:Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:MIME-Version:Message-ID:References:Subject:To;
 bh=eluen0/Xwz1QvcJ6rzl0K4tk4CSFOtH6RKduptvVQ4E=; 
 b=oLtlS6QdpKJENzGQVbMNJre3AE4OxvjLEVIeDnqoUW9aK/hiq+FiamqvPn4Qc61Q9GtKifTyQdgys3PQiRLE8IG+lh2ZEHKmVEohldZPSRGTGoYH92F6SuJ4M56HyCwSAT3O5gKh+BTdX3h1zVZamtn7J4jcChuEAjeIvVpBQFI=
ARC-Authentication-Results: i=1; mx.zohomail.com;
 dkim=pass  header.i=elephly.net;
 spf=pass  smtp.mailfrom=rekado@HIDDEN;
 dmarc=pass header.from=<rekado@HIDDEN> header.from=<rekado@HIDDEN>
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; t=1593527721; 
 s=zoho; d=elephly.net; i=rekado@HIDDEN;
 h=References:From:To:Cc:Subject:In-reply-to:Date:Message-ID:MIME-Version:Content-Type:Content-Transfer-Encoding;
 bh=eluen0/Xwz1QvcJ6rzl0K4tk4CSFOtH6RKduptvVQ4E=;
 b=f5xK9VFnjatCCAW7HfXlPyPDSu3ZIRbADmZShofSO+mr9i8NfEKt8XXl/gmdF/bp
 g782YvIXUNQVZ11KhfFyyBRve1hnZzQE0/iNwkLQ6Gt1CmKfjFCOD/Wyh2NX+TRlN3P
 faOkS8vMGNg0x7hrK7MG1dy9/EJh13BSakiwlLq4=
Received: from localhost (p54ad4df8.dip0.t-ipconnect.de [84.173.77.248]) by
 mx.zohomail.com with SMTPS id 1593527717790391.9461373074156;
 Tue, 30 Jun 2020 07:35:17 -0700 (PDT)
References: <20200625211605.29316-1-ludo@HIDDEN>
 <20200625211605.29316-3-ludo@HIDDEN>
User-agent: mu4e 1.4.10; emacs 26.3
From: Ricardo Wurmus <rekado@HIDDEN>
To: Ludovic =?utf-8?Q?Court=C3=A8s?= <ludo@HIDDEN>
Subject: Re: [bug#42048] [PATCH 3/6] channels: Remove 'signature' from
 <channel-introduction>.
In-reply-to: <20200625211605.29316-3-ludo@HIDDEN>
X-URL: https://elephly.net
X-PGP-Key: https://elephly.net/rekado.pubkey
X-PGP-Fingerprint: BCA6 89B6 3655 3801 C3C6  2150 197A 5888 235F ACAC
Date: Tue, 30 Jun 2020 16:35:14 +0200
Message-ID: <871rlwoc4d.fsf@HIDDEN>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
X-ZohoMailClient: External
X-Spam-Score: 0.0 (/)
X-Debbugs-Envelope-To: 42048
Cc: 42048 <at> debbugs.gnu.org
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -1.0 (-)


Ludovic Court=C3=A8s <ludo@HIDDEN> writes:

> In the end signing the commit/key pair does not buy us much.  Someone
> publishing a valid but different commit/key pair would effectively be
> publishing a different channel, which could be a fork (made by a former
> authorized developer) or simply a mirror.  In the latter case, there's
> nothing to be gained by publishing a different commit/key pair.
>
> * guix/channels.scm (<channel-introduction>)[signature]: Remove.
> (make-channel-introduction): Adjust accordingly.
> ---
[=E2=80=A6]
>  (define (make-channel-introduction commit signer)
>    "Return a new channel introduction: COMMIT is the introductory where
>  authentication starts, and SIGNER is the OpenPGP fingerprint (a bytevect=
or) of
>  the signer of that commit."
> -  (%make-channel-introduction commit signer #f))
> +  (%make-channel-introduction commit signer))

Do we still need this procedure at all?  Looks like
%make-channel-introduction could simply be renamed to make-channel-introduc=
tion.

--=20
Ricardo




Information forwarded to guix-patches@HIDDEN:
bug#42048; Package guix-patches. Full text available.

Message received at 42048 <at> debbugs.gnu.org:


Received: (at 42048) by debbugs.gnu.org; 27 Jun 2020 17:07:26 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Sat Jun 27 13:07:26 2020
Received: from localhost ([127.0.0.1]:44510 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1jpEIY-00084x-DE
	for submit <at> debbugs.gnu.org; Sat, 27 Jun 2020 13:07:26 -0400
Received: from eggs.gnu.org ([209.51.188.92]:47948)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <ludo@HIDDEN>) id 1jpEIW-00084k-7P
 for 42048 <at> debbugs.gnu.org; Sat, 27 Jun 2020 13:07:24 -0400
Received: from fencepost.gnu.org ([2001:470:142:3::e]:59196)
 by eggs.gnu.org with esmtp (Exim 4.90_1)
 (envelope-from <ludo@HIDDEN>)
 id 1jpEIQ-0006eb-UM; Sat, 27 Jun 2020 13:07:18 -0400
Received: from [2a01:e0a:1d:7270:af76:b9b:ca24:c465] (port=37606 helo=ribbon)
 by fencepost.gnu.org with esmtpsa (TLS1.2:RSA_AES_256_CBC_SHA1:256)
 (Exim 4.82) (envelope-from <ludo@HIDDEN>)
 id 1jpEIQ-0000fP-Ek; Sat, 27 Jun 2020 13:07:18 -0400
From: =?utf-8?Q?Ludovic_Court=C3=A8s?= <ludo@HIDDEN>
To: Kyle Meyer <kyle@HIDDEN>
Subject: Re: [bug#42048] [PATCH 2/6] channels: Make channel introductions
 public.
References: <20200625211605.29316-1-ludo@HIDDEN>
 <20200625211605.29316-2-ludo@HIDDEN> <87h7uy7p57.fsf@HIDDEN>
Date: Sat, 27 Jun 2020 19:07:16 +0200
In-Reply-To: <87h7uy7p57.fsf@HIDDEN> (Kyle Meyer's message of "Thu, 25 Jun
 2020 22:32:20 +0000")
Message-ID: <87v9jcl9ob.fsf@HIDDEN>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/26.3 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
X-Spam-Score: -2.3 (--)
X-Debbugs-Envelope-To: 42048
Cc: 42048 <at> debbugs.gnu.org
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -3.3 (---)

Kyle Meyer <kyle@HIDDEN> skribis:

> Ludovic Court=C3=A8s writes:
>
>> diff --git a/doc/guix.texi b/doc/guix.texi
> [...]
>> +As a user, you must be @dfn{introduced} to a channel so you can start
>> +pulling from it and authenticate its code.  The @dfn{channel
>> +introduction} tells Guix how to authenticate the first commit of that
>> +channel:
>
> Given the colon, it looks like something is missing here.  Based on what
> comes next...
>
>> +
>> +As a user, you must provide a @dfn{channel introduction} in your
>> +channels file so that Guix knows how to authenticate its first commit.
>> +A channel specification, including its introduction, looks something
>> +along these lines:
>> +
>> +@lisp
>> +(channel
>> +  (name 'my-channel)
>> +  (url "https://example.org/my-channel.git")
>> +  (introduction
>> +   (make-channel-introduction
>> +    "6f0d8cc0d88abb59c324b2990bfee2876016bb86"
>> +    (openpgp-fingerprint
>> +     "CABB A931 C0FF EEC6 900D  0CFB 090B 1199 3D9A EBB5"))))
>> +@end lisp
>
> ... perhaps the second "As a user" paragraph was supposed to replace the
> first?

Yes, you were right.  I=E2=80=99ve changed it locally (not resending the wh=
ole
series).

Thanks!

Ludo=E2=80=99.




Information forwarded to guix-patches@HIDDEN:
bug#42048; Package guix-patches. Full text available.

Message received at 42048 <at> debbugs.gnu.org:


Received: (at 42048) by debbugs.gnu.org; 26 Jun 2020 08:17:50 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Fri Jun 26 04:17:50 2020
Received: from localhost ([127.0.0.1]:41790 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1jojYU-000427-A5
	for submit <at> debbugs.gnu.org; Fri, 26 Jun 2020 04:17:50 -0400
Received: from eggs.gnu.org ([209.51.188.92]:55272)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <ludo@HIDDEN>) id 1jojYP-00041s-Im
 for 42048 <at> debbugs.gnu.org; Fri, 26 Jun 2020 04:17:49 -0400
Received: from fencepost.gnu.org ([2001:470:142:3::e]:52575)
 by eggs.gnu.org with esmtp (Exim 4.90_1)
 (envelope-from <ludo@HIDDEN>)
 id 1jojYJ-00026A-H3; Fri, 26 Jun 2020 04:17:39 -0400
Received: from [2a01:e0a:1d:7270:af76:b9b:ca24:c465] (port=34076 helo=ribbon)
 by fencepost.gnu.org with esmtpsa (TLS1.2:RSA_AES_256_CBC_SHA1:256)
 (Exim 4.82) (envelope-from <ludo@HIDDEN>)
 id 1jojYJ-0007Hb-2T; Fri, 26 Jun 2020 04:17:39 -0400
From: =?utf-8?Q?Ludovic_Court=C3=A8s?= <ludo@HIDDEN>
To: Kyle Meyer <kyle@HIDDEN>
Subject: Re: [bug#42048] [PATCH 2/6] channels: Make channel introductions
 public.
References: <20200625211605.29316-1-ludo@HIDDEN>
 <20200625211605.29316-2-ludo@HIDDEN> <87h7uy7p57.fsf@HIDDEN>
X-URL: http://www.fdn.fr/~lcourtes/
X-Revolutionary-Date: 9 Messidor an 228 de la =?utf-8?Q?R=C3=A9volution?=
X-PGP-Key-ID: 0x090B11993D9AEBB5
X-PGP-Key: http://www.fdn.fr/~lcourtes/ludovic.asc
X-PGP-Fingerprint: 3CE4 6455 8A84 FDC6 9DB4  0CFB 090B 1199 3D9A EBB5
X-OS: x86_64-pc-linux-gnu
Date: Fri, 26 Jun 2020 10:17:37 +0200
In-Reply-To: <87h7uy7p57.fsf@HIDDEN> (Kyle Meyer's message of "Thu, 25 Jun
 2020 22:32:20 +0000")
Message-ID: <87y2oansv2.fsf@HIDDEN>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/26.3 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
X-Spam-Score: -2.3 (--)
X-Debbugs-Envelope-To: 42048
Cc: 42048 <at> debbugs.gnu.org
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -3.3 (---)

Hello Kyle,

Kyle Meyer <kyle@HIDDEN> skribis:

> Ludovic Court=C3=A8s writes:
>
>> diff --git a/doc/guix.texi b/doc/guix.texi
> [...]
>> +As a user, you must be @dfn{introduced} to a channel so you can start
>> +pulling from it and authenticate its code.  The @dfn{channel
>> +introduction} tells Guix how to authenticate the first commit of that
>> +channel:
>
> Given the colon, it looks like something is missing here.  Based on what
> comes next...
>
>> +
>> +As a user, you must provide a @dfn{channel introduction} in your
>> +channels file so that Guix knows how to authenticate its first commit.
>> +A channel specification, including its introduction, looks something
>> +along these lines:
>> +
>> +@lisp
>> +(channel
>> +  (name 'my-channel)
>> +  (url "https://example.org/my-channel.git")
>> +  (introduction
>> +   (make-channel-introduction
>> +    "6f0d8cc0d88abb59c324b2990bfee2876016bb86"
>> +    (openpgp-fingerprint
>> +     "CABB A931 C0FF EEC6 900D  0CFB 090B 1199 3D9A EBB5"))))
>> +@end lisp
>
> ... perhaps the second "As a user" paragraph was supposed to replace the
> first?

Oops, thanks for the heads-up.  I guess I got distracted as I was
reorganizing this.  I=E2=80=99ll post a v2 soonish!

Ludo=E2=80=99.




Information forwarded to guix-patches@HIDDEN:
bug#42048; Package guix-patches. Full text available.

Message received at 42048 <at> debbugs.gnu.org:


Received: (at 42048) by debbugs.gnu.org; 25 Jun 2020 22:32:30 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Thu Jun 25 18:32:30 2020
Received: from localhost ([127.0.0.1]:41456 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1joaQ1-0006dS-ON
	for submit <at> debbugs.gnu.org; Thu, 25 Jun 2020 18:32:29 -0400
Received: from pb-smtp20.pobox.com ([173.228.157.52]:59787)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <kyle@HIDDEN>) id 1joaPy-0006dJ-Pu
 for 42048 <at> debbugs.gnu.org; Thu, 25 Jun 2020 18:32:28 -0400
Received: from pb-smtp20.pobox.com (unknown [127.0.0.1])
 by pb-smtp20.pobox.com (Postfix) with ESMTP id E9E67E39FE;
 Thu, 25 Jun 2020 18:32:25 -0400 (EDT) (envelope-from kyle@HIDDEN)
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=pobox.com; h=from:to:cc
 :subject:in-reply-to:references:date:message-id:mime-version
 :content-type:content-transfer-encoding; s=sasl; bh=asaGpIyrk2po
 9A/vjKNqYwCKY5w=; b=V2TfX+0s40zZELnEhZXLx8ZQ2VjY2QcTuf6GDCvHdFuA
 bT8lAttQhtzEpwIUmkUyIV/mtP6kFpTnM58GkS5Yn/HJCViFkCOstmvMk0pqo6gq
 wQ9JrfEWx4xp+1Ann7lGXaBYwBZ6SSzAtkM+dQBLr6e12FHECSYPhtJkFRPx1Zc=
Received: from pb-smtp20.sea.icgroup.com (unknown [127.0.0.1])
 by pb-smtp20.pobox.com (Postfix) with ESMTP id E23B4E39FD;
 Thu, 25 Jun 2020 18:32:25 -0400 (EDT) (envelope-from kyle@HIDDEN)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed; d=kyleam.com;
 h=from:to:cc:subject:in-reply-to:references:date:message-id:mime-version:content-type:content-transfer-encoding;
 s=mesmtp; bh=zvlSKKkskViO4WWMnBpv2jP6WYtx3c/1Rf4OjvCoc8U=;
 b=2uF0u11JsT77kzWpo5AK4pRG7E1DiqKacAE+7yLz8ZcyJLaUaHSx1Lnn1JCXgCjSDd4iwb+oQzijIkQL+wCiC1hxZr/FpIUh4/XjVfhVljIfQUQuTNmQFY2DuJQ6T1tC+/+/kD/s0W+ZZMrTfmWDoAMRwtBmIM4Bt1Szrqrvbdg=
Received: from localhost (unknown [45.33.91.115])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (No client certificate requested)
 by pb-smtp20.pobox.com (Postfix) with ESMTPSA id 37844E39FA;
 Thu, 25 Jun 2020 18:32:23 -0400 (EDT) (envelope-from kyle@HIDDEN)
From: Kyle Meyer <kyle@HIDDEN>
To: Ludovic =?utf-8?Q?Court=C3=A8s?= <ludo@HIDDEN>
Subject: Re: [bug#42048] [PATCH 2/6] channels: Make channel introductions
 public.
In-Reply-To: <20200625211605.29316-2-ludo@HIDDEN>
References: <20200625211605.29316-1-ludo@HIDDEN>
 <20200625211605.29316-2-ludo@HIDDEN>
Date: Thu, 25 Jun 2020 22:32:20 +0000
Message-ID: <87h7uy7p57.fsf@HIDDEN>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
X-Pobox-Relay-ID: BD1FD292-B733-11EA-B264-B0405B776F7B-24757444!pb-smtp20.pobox.com
X-Spam-Score: -0.7 (/)
X-Debbugs-Envelope-To: 42048
Cc: 42048 <at> debbugs.gnu.org
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -1.7 (-)

Ludovic Court=C3=A8s writes:

> diff --git a/doc/guix.texi b/doc/guix.texi
[...]
> +As a user, you must be @dfn{introduced} to a channel so you can start
> +pulling from it and authenticate its code.  The @dfn{channel
> +introduction} tells Guix how to authenticate the first commit of that
> +channel:

Given the colon, it looks like something is missing here.  Based on what
comes next...

> +
> +As a user, you must provide a @dfn{channel introduction} in your
> +channels file so that Guix knows how to authenticate its first commit.
> +A channel specification, including its introduction, looks something
> +along these lines:
> +
> +@lisp
> +(channel
> +  (name 'my-channel)
> +  (url "https://example.org/my-channel.git")
> +  (introduction
> +   (make-channel-introduction
> +    "6f0d8cc0d88abb59c324b2990bfee2876016bb86"
> +    (openpgp-fingerprint
> +     "CABB A931 C0FF EEC6 900D  0CFB 090B 1199 3D9A EBB5"))))
> +@end lisp

... perhaps the second "As a user" paragraph was supposed to replace the
first?




Information forwarded to guix-patches@HIDDEN:
bug#42048; Package guix-patches. Full text available.

Message received at 42048 <at> debbugs.gnu.org:


Received: (at 42048) by debbugs.gnu.org; 25 Jun 2020 21:16:34 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Thu Jun 25 17:16:34 2020
Received: from localhost ([127.0.0.1]:41363 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1joZEY-0002Ui-2j
	for submit <at> debbugs.gnu.org; Thu, 25 Jun 2020 17:16:34 -0400
Received: from eggs.gnu.org ([209.51.188.92]:34556)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <ludo@HIDDEN>) id 1joZES-0002TS-OE
 for 42048 <at> debbugs.gnu.org; Thu, 25 Jun 2020 17:16:29 -0400
Received: from fencepost.gnu.org ([2001:470:142:3::e]:45255)
 by eggs.gnu.org with esmtp (Exim 4.90_1)
 (envelope-from <ludo@HIDDEN>)
 id 1joZEN-0000Yd-Hc; Thu, 25 Jun 2020 17:16:23 -0400
Received: from [2a01:e0a:1d:7270:af76:b9b:ca24:c465] (port=59608 helo=gnu.org)
 by fencepost.gnu.org with esmtpsa
 (TLS1.2:DHE_RSA_AES_256_CBC_SHA1:256) (Exim 4.82)
 (envelope-from <ludo@HIDDEN>)
 id 1joZEM-0006HK-NK; Thu, 25 Jun 2020 17:16:23 -0400
From: =?UTF-8?q?Ludovic=20Court=C3=A8s?= <ludo@HIDDEN>
To: 42048 <at> debbugs.gnu.org
Subject: [PATCH 6/6] services: provenance: Save channel introductions.
Date: Thu, 25 Jun 2020 23:16:05 +0200
Message-Id: <20200625211605.29316-6-ludo@HIDDEN>
X-Mailer: git-send-email 2.26.2
In-Reply-To: <20200625211605.29316-1-ludo@HIDDEN>
References: <20200625211605.29316-1-ludo@HIDDEN>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Spam-Score: -2.3 (--)
X-Debbugs-Envelope-To: 42048
Cc: =?UTF-8?q?Ludovic=20Court=C3=A8s?= <ludo@HIDDEN>
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -3.3 (---)

* gnu/services.scm (channel->code): Include CHANNEL's introduction, if
any, unless CHANNEL is the singleton %DEFAULT-CHANNELS.
(channel->sexp): Add comment.
* guix/scripts/system.scm (sexp->channel): Change pattern to allow for
extensibility.
---
 gnu/services.scm        | 26 ++++++++++++++++++++++----
 guix/scripts/system.scm |  4 +++-
 2 files changed, 25 insertions(+), 5 deletions(-)

diff --git a/gnu/services.scm b/gnu/services.scm
index 27e5558231..f6dc56d940 100644
--- a/gnu/services.scm
+++ b/gnu/services.scm
@@ -31,6 +31,7 @@
   #:use-module (guix sets)
   #:use-module (guix ui)
   #:use-module ((guix utils) #:select (source-properties->location))
+  #:autoload   (guix openpgp) (openpgp-format-fingerprint)
   #:use-module (guix modules)
   #:use-module (gnu packages base)
   #:use-module (gnu packages bash)
@@ -392,14 +393,31 @@ by the initrd once the root file system is mounted.")))
 (define (channel->code channel)
   "Return code to build CHANNEL, ready to be dropped in a 'channels.scm'
 file."
-  `(channel (name ',(channel-name channel))
-            (url ,(channel-url channel))
-            (branch ,(channel-branch channel))
-            (commit ,(channel-commit channel))))
+  ;; Since the 'introduction' field is backward-incompatible, and since it's
+  ;; optional when using the "official" 'guix channel, include it if and only
+  ;; if we're referring to a different channel.
+  (let ((intro (and (not (equal? (list channel) %default-channels))
+                    (channel-introduction channel))))
+    `(channel (name ',(channel-name channel))
+              (url ,(channel-url channel))
+              (branch ,(channel-branch channel))
+              (commit ,(channel-commit channel))
+              ,@(if intro
+                    `((introduction
+                       (make-channel-introduction
+                        ,(channel-introduction-first-signed-commit intro)
+                        (openpgp-fingerprint
+                         ,(openpgp-format-fingerprint
+                           (channel-introduction-first-commit-signer
+                            intro))))))
+                    '()))))
 
 (define (channel->sexp channel)
   "Return an sexp describing CHANNEL.  The sexp is _not_ code and is meant to
 be parsed by tools; it's potentially more future-proof than code."
+  ;; TODO: Add CHANNEL's introduction.  Currently we can't do that because
+  ;; older 'guix system describe' expect exactly name/url/branch/commit
+  ;; without any additional fields.
   `(channel (name ,(channel-name channel))
             (url ,(channel-url channel))
             (branch ,(channel-branch channel))
diff --git a/guix/scripts/system.scm b/guix/scripts/system.scm
index 212b49f008..cfefe8a8a8 100644
--- a/guix/scripts/system.scm
+++ b/guix/scripts/system.scm
@@ -452,7 +452,9 @@ list of services."
     (('channel ('name name)
                ('url url)
                ('branch branch)
-               ('commit commit))
+               ('commit commit)
+               rest ...)
+     ;; XXX: In the future REST may include a channel introduction.
      (channel (name name) (url url)
               (branch branch) (commit commit)))))
 
-- 
2.26.2





Information forwarded to guix-patches@HIDDEN:
bug#42048; Package guix-patches. Full text available.

Message received at 42048 <at> debbugs.gnu.org:


Received: (at 42048) by debbugs.gnu.org; 25 Jun 2020 21:16:34 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Thu Jun 25 17:16:34 2020
Received: from localhost ([127.0.0.1]:41361 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1joZEX-0002UZ-FF
	for submit <at> debbugs.gnu.org; Thu, 25 Jun 2020 17:16:34 -0400
Received: from eggs.gnu.org ([209.51.188.92]:34548)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <ludo@HIDDEN>) id 1joZER-0002TK-JX
 for 42048 <at> debbugs.gnu.org; Thu, 25 Jun 2020 17:16:28 -0400
Received: from fencepost.gnu.org ([2001:470:142:3::e]:45254)
 by eggs.gnu.org with esmtp (Exim 4.90_1)
 (envelope-from <ludo@HIDDEN>)
 id 1joZEM-0000Xx-DF; Thu, 25 Jun 2020 17:16:22 -0400
Received: from [2a01:e0a:1d:7270:af76:b9b:ca24:c465] (port=59608 helo=gnu.org)
 by fencepost.gnu.org with esmtpsa
 (TLS1.2:DHE_RSA_AES_256_CBC_SHA1:256) (Exim 4.82)
 (envelope-from <ludo@HIDDEN>)
 id 1joZEL-0006HK-Um; Thu, 25 Jun 2020 17:16:22 -0400
From: =?UTF-8?q?Ludovic=20Court=C3=A8s?= <ludo@HIDDEN>
To: 42048 <at> debbugs.gnu.org
Subject: [PATCH 5/6] guix describe: Display channel introductions and add
 'channels-sans-intro'.
Date: Thu, 25 Jun 2020 23:16:04 +0200
Message-Id: <20200625211605.29316-5-ludo@HIDDEN>
X-Mailer: git-send-email 2.26.2
In-Reply-To: <20200625211605.29316-1-ludo@HIDDEN>
References: <20200625211605.29316-1-ludo@HIDDEN>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Spam-Score: -2.3 (--)
X-Debbugs-Envelope-To: 42048
Cc: =?UTF-8?q?Ludovic=20Court=C3=A8s?= <ludo@HIDDEN>
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -3.3 (---)

* guix/scripts/describe.scm (%available-formats): Add "channels-sans-intro".
(channel->sexp): Add #:include-introduction?.  Emit CHANNEL's intro if
INCLUDE-INTRODUCTION? is true and CHANNEL has an introduction.
(channel->json): Include CHANNEL's introduction, if any.
(channel->recutils): Likewise.
(display-profile-info): Add 'channels-sans-intro' case.
* doc/guix.texi (Invoking guix describe): Add introduction in example.
Add 'channels-sans-intro' case.
---
 doc/guix.texi             | 13 ++++++++-
 guix/scripts/describe.scm | 56 ++++++++++++++++++++++++++++++++-------
 2 files changed, 58 insertions(+), 11 deletions(-)

diff --git a/doc/guix.texi b/doc/guix.texi
index a4bb52bb24..fcf67bd718 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -4613,7 +4613,12 @@ $ guix describe -f channels
         (name 'guix)
         (url "https://git.savannah.gnu.org/git/guix.git")
         (commit
-          "e0fa68c7718fffd33d81af415279d6ddb518f727")))
+          "e0fa68c7718fffd33d81af415279d6ddb518f727")
+        (introduction
+          (make-channel-introduction
+            "9edb3f66fd807b096b48283debdcddccfea34bad"
+            (openpgp-fingerprint
+              "BBB0 2DDF 2CEA F6A8 0D1D  E643 A2A0 6DF2 A33A 54FA")))))
 @end example
 
 @noindent
@@ -4639,6 +4644,12 @@ produce human-readable output;
 produce a list of channel specifications that can be passed to @command{guix
 pull -C} or installed as @file{~/.config/guix/channels.scm} (@pxref{Invoking
 guix pull});
+@item channels-sans-intro
+like @code{channels}, but omit the @code{introduction} field; use it to
+produce a channel specification suitable for Guix version 1.1.0 or
+earlier---the @code{introduction} field has to do with channel
+authentication (@pxref{Channels, Channel Authentication}) and is not
+supported by these older versions;
 @item json
 @cindex JSON
 produce a list of channel specifications in JSON format;
diff --git a/guix/scripts/describe.scm b/guix/scripts/describe.scm
index 7a2dbc453a..39e096a9a4 100644
--- a/guix/scripts/describe.scm
+++ b/guix/scripts/describe.scm
@@ -26,9 +26,11 @@
   #:use-module (guix scripts)
   #:use-module (guix describe)
   #:use-module (guix profiles)
+  #:autoload   (guix openpgp) (openpgp-format-fingerprint)
   #:use-module (git)
   #:use-module (json)
   #:use-module (srfi srfi-1)
+  #:use-module (srfi srfi-26)
   #:use-module (srfi srfi-37)
   #:use-module (ice-9 match)
   #:autoload   (ice-9 pretty-print) (pretty-print)
@@ -42,7 +44,8 @@
 ;;;
 ;;; Command-line options.
 ;;;
-(define %available-formats '("human" "channels" "json" "recutils"))
+(define %available-formats
+  '("human" "channels" "channels-sans-intro" "json" "recutils"))
 
 (define (list-formats)
   (display (G_ "The available formats are:\n"))
@@ -109,21 +112,50 @@ Display information about the channels currently in use.\n"))
        (_
         (warning (G_ "'GUIX_PACKAGE_PATH' is set but it is not captured~%")))))))
 
-(define (channel->sexp channel)
-  `(channel
-    (name ',(channel-name channel))
-    (url ,(channel-url channel))
-    (commit ,(channel-commit channel))))
+(define* (channel->sexp channel #:key (include-introduction? #t))
+  (let ((intro (and include-introduction?
+                    (channel-introduction channel))))
+    `(channel
+      (name ',(channel-name channel))
+      (url ,(channel-url channel))
+      (commit ,(channel-commit channel))
+      ,@(if intro
+            `((introduction (make-channel-introduction
+                             ,(channel-introduction-first-signed-commit intro)
+                             (openpgp-fingerprint
+                              ,(openpgp-format-fingerprint
+                                (channel-introduction-first-commit-signer
+                                 intro))))))
+            '()))))
 
 (define (channel->json channel)
-  (scm->json-string `((name . ,(channel-name channel))
-                      (url . ,(channel-url channel))
-                      (commit . ,(channel-commit channel)))))
+  (scm->json-string
+   (let ((intro (channel-introduction channel)))
+     `((name . ,(channel-name channel))
+       (url . ,(channel-url channel))
+       (commit . ,(channel-commit channel))
+       ,@(if intro
+             `((introduction
+                . ((commit . ,(channel-introduction-first-signed-commit
+                               intro))
+                   (signer . ,(openpgp-format-fingerprint
+                               (channel-introduction-first-commit-signer
+                                intro))))))
+             '())))))
 
 (define (channel->recutils channel port)
+  (define intro
+    (channel-introduction channel))
+
   (format port "name: ~a~%" (channel-name channel))
   (format port "url: ~a~%" (channel-url channel))
-  (format port "commit: ~a~%" (channel-commit channel)))
+  (format port "commit: ~a~%" (channel-commit channel))
+  (when intro
+    (format port "introductioncommit: ~a~%"
+            (channel-introduction-first-signed-commit intro))
+    (format port "introductionsigner: ~a~%"
+            (openpgp-format-fingerprint
+             (channel-introduction-first-commit-signer intro)))))
 
 (define (display-checkout-info fmt)
   "Display information about the current checkout according to FMT, a symbol
@@ -181,6 +213,10 @@ in the format specified by FMT."
      (display-profile-content profile number))
     ('channels
      (pretty-print `(list ,@(map channel->sexp channels))))
+    ('channels-sans-intro
+     (pretty-print `(list ,@(map (cut channel->sexp <>
+                                      #:include-introduction? #f)
+                                 channels))))
     ('json
      (format #t "[~a]~%" (string-join (map channel->json channels) ",")))
     ('recutils
-- 
2.26.2





Information forwarded to guix-patches@HIDDEN:
bug#42048; Package guix-patches. Full text available.

Message received at 42048 <at> debbugs.gnu.org:


Received: (at 42048) by debbugs.gnu.org; 25 Jun 2020 21:16:33 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Thu Jun 25 17:16:33 2020
Received: from localhost ([127.0.0.1]:41359 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1joZEX-0002UX-5s
	for submit <at> debbugs.gnu.org; Thu, 25 Jun 2020 17:16:33 -0400
Received: from eggs.gnu.org ([209.51.188.92]:34536)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <ludo@HIDDEN>) id 1joZER-0002TH-5t
 for 42048 <at> debbugs.gnu.org; Thu, 25 Jun 2020 17:16:27 -0400
Received: from fencepost.gnu.org ([2001:470:142:3::e]:45253)
 by eggs.gnu.org with esmtp (Exim 4.90_1)
 (envelope-from <ludo@HIDDEN>)
 id 1joZEL-0000XE-Kg; Thu, 25 Jun 2020 17:16:21 -0400
Received: from [2a01:e0a:1d:7270:af76:b9b:ca24:c465] (port=59608 helo=gnu.org)
 by fencepost.gnu.org with esmtpsa
 (TLS1.2:DHE_RSA_AES_256_CBC_SHA1:256) (Exim 4.82)
 (envelope-from <ludo@HIDDEN>)
 id 1joZEK-0006HK-L3; Thu, 25 Jun 2020 17:16:21 -0400
From: =?UTF-8?q?Ludovic=20Court=C3=A8s?= <ludo@HIDDEN>
To: 42048 <at> debbugs.gnu.org
Subject: [PATCH 4/6] channels: Save and interpret 'introduction' field in
 provenance data.
Date: Thu, 25 Jun 2020 23:16:03 +0200
Message-Id: <20200625211605.29316-4-ludo@HIDDEN>
X-Mailer: git-send-email 2.26.2
In-Reply-To: <20200625211605.29316-1-ludo@HIDDEN>
References: <20200625211605.29316-1-ludo@HIDDEN>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Spam-Score: -2.3 (--)
X-Debbugs-Envelope-To: 42048
Cc: =?UTF-8?q?Ludovic=20Court=C3=A8s?= <ludo@HIDDEN>
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -3.3 (---)

With this change, profiles created by 'guix pull' & co. include channel
introductions as part of the channel metadata of each manifest entry.

* guix/channels.scm (channel-instances->manifest)[instance->entry]: Add
'introduction' field when CHANNEL has an introduction.
(profile-channels)[sexp->channel-introduction]: New procedure.
Use it to initialize the 'introduction' field.
---
 guix/channels.scm | 36 +++++++++++++++++++++++++++++++-----
 1 file changed, 31 insertions(+), 5 deletions(-)

diff --git a/guix/channels.scm b/guix/channels.scm
index 05b2661445..02800733dd 100644
--- a/guix/channels.scm
+++ b/guix/channels.scm
@@ -844,8 +844,9 @@ derivation."
   "Return a profile manifest with entries for all of INSTANCES, a list of
 channel instances."
   (define (instance->entry instance drv)
-    (let ((commit  (channel-instance-commit instance))
-          (channel (channel-instance-channel instance)))
+    (let* ((commit  (channel-instance-commit instance))
+           (channel (channel-instance-channel instance))
+           (intro   (channel-introduction channel)))
       (manifest-entry
         (name (symbol->string (channel-name channel)))
         (version (string-take commit 7))
@@ -860,7 +861,19 @@ channel instances."
                     (version 0)
                     (url ,(channel-url channel))
                     (branch ,(channel-branch channel))
-                    (commit ,commit))))))))
+                    (commit ,commit)
+                    ,@(if intro
+                          `((introduction
+                             (channel-introduction
+                              (version 0)
+                              (commit
+                               ,(channel-introduction-first-signed-commit
+                                 intro))
+                              (signer
+                               ,(openpgp-format-fingerprint
+                                 (channel-introduction-first-commit-signer
+                                  intro))))))
+                          '()))))))))
 
   (mlet* %store-monad ((derivations (channel-instance-derivations instances))
                        (entries ->  (map instance->entry instances derivations)))
@@ -928,17 +941,30 @@ to 'latest-channel-instances'."
 (define (profile-channels profile)
   "Return the list of channels corresponding to entries in PROFILE.  If
 PROFILE is not a profile created by 'guix pull', return the empty list."
+  (define sexp->channel-introduction
+    (match-lambda
+      (('channel-introduction ('version 0)
+                              ('commit commit) ('signer signer)
+                              _ ...)
+       (make-channel-introduction commit (openpgp-fingerprint signer)))
+      (x #f)))
+
   (filter-map (lambda (entry)
                 (match (assq 'source (manifest-entry-properties entry))
                   (('source ('repository ('version 0)
                                          ('url url)
                                          ('branch branch)
                                          ('commit commit)
-                                         _ ...))
+                                         rest ...))
                    (channel (name (string->symbol
                                    (manifest-entry-name entry)))
                             (url url)
-                            (commit commit)))
+                            (commit commit)
+                            (introduction
+                             (match (assq 'introduction rest)
+                               (#f #f)
+                               (('introduction intro)
+                                (sexp->channel-introduction intro))))))
 
                   ;; No channel information for this manifest entry.
                   ;; XXX: Pre-0.15.0 Guix did not provide that information,
-- 
2.26.2





Information forwarded to guix-patches@HIDDEN:
bug#42048; Package guix-patches. Full text available.

Message received at 42048 <at> debbugs.gnu.org:


Received: (at 42048) by debbugs.gnu.org; 25 Jun 2020 21:16:29 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Thu Jun 25 17:16:29 2020
Received: from localhost ([127.0.0.1]:41356 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1joZES-0002U7-P7
	for submit <at> debbugs.gnu.org; Thu, 25 Jun 2020 17:16:29 -0400
Received: from eggs.gnu.org ([209.51.188.92]:34512)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <ludo@HIDDEN>) id 1joZEP-0002TD-HH
 for 42048 <at> debbugs.gnu.org; Thu, 25 Jun 2020 17:16:25 -0400
Received: from fencepost.gnu.org ([2001:470:142:3::e]:45251)
 by eggs.gnu.org with esmtp (Exim 4.90_1)
 (envelope-from <ludo@HIDDEN>)
 id 1joZEK-0000WI-Ay; Thu, 25 Jun 2020 17:16:20 -0400
Received: from [2a01:e0a:1d:7270:af76:b9b:ca24:c465] (port=59608 helo=gnu.org)
 by fencepost.gnu.org with esmtpsa
 (TLS1.2:DHE_RSA_AES_256_CBC_SHA1:256) (Exim 4.82)
 (envelope-from <ludo@HIDDEN>)
 id 1joZEJ-0006HK-2z; Thu, 25 Jun 2020 17:16:19 -0400
From: =?UTF-8?q?Ludovic=20Court=C3=A8s?= <ludo@HIDDEN>
To: 42048 <at> debbugs.gnu.org
Subject: [PATCH 3/6] channels: Remove 'signature' from <channel-introduction>.
Date: Thu, 25 Jun 2020 23:16:02 +0200
Message-Id: <20200625211605.29316-3-ludo@HIDDEN>
X-Mailer: git-send-email 2.26.2
In-Reply-To: <20200625211605.29316-1-ludo@HIDDEN>
References: <20200625211605.29316-1-ludo@HIDDEN>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Spam-Score: -2.3 (--)
X-Debbugs-Envelope-To: 42048
Cc: =?UTF-8?q?Ludovic=20Court=C3=A8s?= <ludo@HIDDEN>
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -3.3 (---)

In the end signing the commit/key pair does not buy us much.  Someone
publishing a valid but different commit/key pair would effectively be
publishing a different channel, which could be a fork (made by a former
authorized developer) or simply a mirror.  In the latter case, there's
nothing to be gained by publishing a different commit/key pair.

* guix/channels.scm (<channel-introduction>)[signature]: Remove.
(make-channel-introduction): Adjust accordingly.
---
 guix/channels.scm | 15 ++++++---------
 1 file changed, 6 insertions(+), 9 deletions(-)

diff --git a/guix/channels.scm b/guix/channels.scm
index 9859bfdda8..05b2661445 100644
--- a/guix/channels.scm
+++ b/guix/channels.scm
@@ -128,22 +128,19 @@
 
 ;; Channel introductions.  A "channel introduction" provides a commit/signer
 ;; pair that specifies the first commit of the authentication process as well
-;; as its signer's fingerprint.  The pair must be signed by the signer of that
-;; commit so that only them may emit this introduction.  Introductions are
-;; used to bootstrap trust in a channel.
+;; as its signer's fingerprint.  Introductions are used to bootstrap trust in
+;; a channel.
 (define-record-type <channel-introduction>
-  (%make-channel-introduction first-signed-commit first-commit-signer
-                              signature)
+  (%make-channel-introduction first-signed-commit first-commit-signer)
   channel-introduction?
-  (first-signed-commit  channel-introduction-first-signed-commit) ;hex string
-  (first-commit-signer  channel-introduction-first-commit-signer) ;bytevector
-  (signature            channel-introduction-signature))          ;string
+  (first-signed-commit  channel-introduction-first-signed-commit)  ;hex string
+  (first-commit-signer  channel-introduction-first-commit-signer)) ;bytevector
 
 (define (make-channel-introduction commit signer)
   "Return a new channel introduction: COMMIT is the introductory where
 authentication starts, and SIGNER is the OpenPGP fingerprint (a bytevector) of
 the signer of that commit."
-  (%make-channel-introduction commit signer #f))
+  (%make-channel-introduction commit signer))
 
 (define (openpgp-fingerprint->bytevector str)
   "Convert STR, an OpenPGP fingerprint (hexadecimal string with whitespace),
-- 
2.26.2





Information forwarded to guix-patches@HIDDEN:
bug#42048; Package guix-patches. Full text available.

Message received at 42048 <at> debbugs.gnu.org:


Received: (at 42048) by debbugs.gnu.org; 25 Jun 2020 21:16:28 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Thu Jun 25 17:16:28 2020
Received: from localhost ([127.0.0.1]:41354 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1joZES-0002Tz-2q
	for submit <at> debbugs.gnu.org; Thu, 25 Jun 2020 17:16:28 -0400
Received: from eggs.gnu.org ([209.51.188.92]:34500)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <ludo@HIDDEN>) id 1joZEN-0002T9-W4
 for 42048 <at> debbugs.gnu.org; Thu, 25 Jun 2020 17:16:25 -0400
Received: from fencepost.gnu.org ([2001:470:142:3::e]:45250)
 by eggs.gnu.org with esmtp (Exim 4.90_1)
 (envelope-from <ludo@HIDDEN>)
 id 1joZEI-0000Uq-PM; Thu, 25 Jun 2020 17:16:18 -0400
Received: from [2a01:e0a:1d:7270:af76:b9b:ca24:c465] (port=59608 helo=gnu.org)
 by fencepost.gnu.org with esmtpsa
 (TLS1.2:DHE_RSA_AES_256_CBC_SHA1:256) (Exim 4.82)
 (envelope-from <ludo@HIDDEN>)
 id 1joZEG-0006HK-IB; Thu, 25 Jun 2020 17:16:17 -0400
From: =?UTF-8?q?Ludovic=20Court=C3=A8s?= <ludo@HIDDEN>
To: 42048 <at> debbugs.gnu.org
Subject: [PATCH 2/6] channels: Make channel introductions public.
Date: Thu, 25 Jun 2020 23:16:01 +0200
Message-Id: <20200625211605.29316-2-ludo@HIDDEN>
X-Mailer: git-send-email 2.26.2
In-Reply-To: <20200625211605.29316-1-ludo@HIDDEN>
References: <20200625211605.29316-1-ludo@HIDDEN>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Spam-Score: -2.3 (--)
X-Debbugs-Envelope-To: 42048
Cc: =?UTF-8?q?Ludovic=20Court=C3=A8s?= <ludo@HIDDEN>
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -3.3 (---)

* guix/channels.scm (<channel-introduction>): Rename constructor to
'%make-channel-introduction'.
(make-channel-introduction): New procedure.
* tests/channels.scm ("authenticate-channel, wrong first commit signer")
("authenticate-channel, .guix-authorizations"): Use
'make-channel-introduction' without '@@' and without third argument.
* doc/guix.texi (Channels)[Channel Authentication, Specifying Channel
Authorizations]: New subsections.
---
 doc/guix.texi      | 117 ++++++++++++++++++++++++++++++++++++++++++++-
 guix/channels.scm  |  14 ++++--
 tests/channels.scm |  10 ++--
 3 files changed, 130 insertions(+), 11 deletions(-)

diff --git a/doc/guix.texi b/doc/guix.texi
index 5b854ccbd4..a4bb52bb24 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -3975,8 +3975,52 @@ deploys Guix itself from the official GNU@tie{}Guix repository.  This can be
 customized by defining @dfn{channels} in the
 @file{~/.config/guix/channels.scm} file.  A channel specifies a URL and branch
 of a Git repository to be deployed, and @command{guix pull} can be instructed
-to pull from one or more channels.  In other words, channels can be used to
-@emph{customize} and to @emph{extend} Guix, as we will see below.
+to pull from one or more channels.  In other words, channels can be used
+to @emph{customize} and to @emph{extend} Guix, as we will see below.
+Before that, some security considerations.
+
+@subsection Channel Authentication
+
+@cindex authentication, of channel code
+The @command{guix pull} and @command{guix time-machine} commands
+@dfn{authenticate} the code retrieved from channels: they make sure each
+commit that is fetched is signed by an authorized developer.  The goal
+is to protect from unauthorized modifications to the channel that would
+lead users to run malicious code.
+
+As a user, you must be @dfn{introduced} to a channel so you can start
+pulling from it and authenticate its code.  The @dfn{channel
+introduction} tells Guix how to authenticate the first commit of that
+channel:
+
+As a user, you must provide a @dfn{channel introduction} in your
+channels file so that Guix knows how to authenticate its first commit.
+A channel specification, including its introduction, looks something
+along these lines:
+
+@lisp
+(channel
+  (name 'my-channel)
+  (url "https://example.org/my-channel.git")
+  (introduction
+   (make-channel-introduction
+    "6f0d8cc0d88abb59c324b2990bfee2876016bb86"
+    (openpgp-fingerprint
+     "CABB A931 C0FF EEC6 900D  0CFB 090B 1199 3D9A EBB5"))))
+@end lisp
+
+The specification above shows the name and URL of the channel.  The call
+to @code{make-channel-introduction} above specifies that authentication
+of this channel starts at commit @code{6f0d8cc@dots{}}, which is signed
+by the OpenPGP key with fingerprint @code{CABB A931@dots{}}.
+
+For the main channel, called @code{guix}, you automatically get that
+information from your Guix installation.  For other channels, include
+the channel introduction provided by the channel authors in your
+@file{channels.scm} file.  Make sure you retrieve the channel
+introduction from a trusted source since that is the root of your trust.
+
+If you're curious about the authentication mechanics, read on!
 
 @subsection Using a Custom Guix Channel
 
@@ -4150,6 +4194,75 @@ add a meta-data file @file{.guix-channel} that contains:
   (directory "guix"))
 @end lisp
 
+@cindex channel authorizations
+@subsection Specifying Channel Authorizations
+
+As we saw above, Guix ensures the source code it pulls from channels
+comes from authorized developers.  As a channel author, you need to
+specify the list of authorized developers in the
+@file{.guix-authorizations} file in the channel's Git repository.  The
+authentication rule is simple: each commit must be signed by a key
+listed in the @file{.guix-authorizations} file of its parent
+commit(s)@footnote{Git commits form a @dfn{directed acyclic graph}
+(DAG).  Each commit can have zero or more parents; ``regular'' commits
+have one parent and merge commits have two parent commits.  Read
+@uref{https://eagain.net/articles/git-for-computer-scientists/, @i{Git
+for Computer Scientists}} for a great overview.}  The
+@file{.guix-authorizations} file looks like this:
+
+@lisp
+;; Example '.guix-authorizations' file.
+
+(authorizations
+ (version 0)               ;current file format version
+
+ (("AD17 A21E F8AE D8F1 CC02  DBD9 F8AE D8F1 765C 61E3"
+   (name "alice"))
+  ("2A39 3FFF 68F4 EF7A 3D29  12AF 68F4 EF7A 22FB B2D5"
+   (name "bob"))
+  ("CABB A931 C0FF EEC6 900D  0CFB 090B 1199 3D9A EBB5"
+   (name "charlie"))))
+@end lisp
+
+Each fingerprint is followed by optional key/value pairs, as in the
+example above.  Currently these key/value pairs are ignored.
+
+This authentication rule creates a chicken-and-egg issue: how do we
+authenticate the first commit?  Related to that: how do we deal with
+channels whose repository history contains unsigned commits and lack
+@file{.guix-authorizations}?  And how do we fork existing channels?
+
+@cindex channel introduction
+Channel introductions answer these questions by describing the first
+commit of a channel that should be authenticated.  The first time a
+channel is fetched with @command{guix pull} or @command{guix
+time-machine}, the command looks up the introductory commit and verifies
+that it is signed by the specified OpenPGP key.  From then on, it
+authenticates commits according to the rule above.
+
+To summarize, as the author of a channel, there are two things you have
+to do to allow users to authenticate your code:
+
+@enumerate
+@item
+Introduce an initial @file{.guix-authorizations} in the channel's
+repository.  Do that in a signed commit (@pxref{Commit Access}, for
+information on how to sign Git commits.)
+
+@item
+Advertise the channel introduction, for instance on your channel's web
+page.  The channel introduction, as we saw above, is the commit/key
+pair---i.e., the commit that introduced @file{.guix-authorizations}, and
+the fingerprint of the OpenPGP used to sign it.
+@end enumerate
+
+Publishing a signed channel requires discipline: any mistake, such as an
+unsigned commit or a commit signed by an unauthorized key, will prevent
+users from pulling from your channel---well, that's the whole point of
+authentication!  Pay attention to merges in particular: merge commits
+are considered authentic if and only if they are signed by a key present
+in the @file{.guix-authorizations} file of @emph{both} branches.
+
 @cindex primary URL, channels
 @subsection Primary URL
 
diff --git a/guix/channels.scm b/guix/channels.scm
index 1d4b50aa48..9859bfdda8 100644
--- a/guix/channels.scm
+++ b/guix/channels.scm
@@ -69,7 +69,9 @@
             channel-location
 
             channel-introduction?
-            ;; <channel-introduction> accessors purposefully omitted for now.
+            make-channel-introduction
+            channel-introduction-first-signed-commit
+            channel-introduction-first-commit-signer
 
             openpgp-fingerprint->bytevector
             openpgp-fingerprint
@@ -130,13 +132,19 @@
 ;; commit so that only them may emit this introduction.  Introductions are
 ;; used to bootstrap trust in a channel.
 (define-record-type <channel-introduction>
-  (make-channel-introduction first-signed-commit first-commit-signer
-                             signature)
+  (%make-channel-introduction first-signed-commit first-commit-signer
+                              signature)
   channel-introduction?
   (first-signed-commit  channel-introduction-first-signed-commit) ;hex string
   (first-commit-signer  channel-introduction-first-commit-signer) ;bytevector
   (signature            channel-introduction-signature))          ;string
 
+(define (make-channel-introduction commit signer)
+  "Return a new channel introduction: COMMIT is the introductory where
+authentication starts, and SIGNER is the OpenPGP fingerprint (a bytevector) of
+the signer of that commit."
+  (%make-channel-introduction commit signer #f))
+
 (define (openpgp-fingerprint->bytevector str)
   "Convert STR, an OpenPGP fingerprint (hexadecimal string with whitespace),
 to the corresponding bytevector."
diff --git a/tests/channels.scm b/tests/channels.scm
index 3a2c1d429b..016c3ad9db 100644
--- a/tests/channels.scm
+++ b/tests/channels.scm
@@ -430,12 +430,11 @@
       (with-repository directory repository
         (let* ((commit1 (find-commit repository "first"))
                (commit2 (find-commit repository "second"))
-               (intro   ((@@ (guix channels) make-channel-introduction)
+               (intro   (make-channel-introduction
                          (commit-id-string commit1)
                          (openpgp-public-key-fingerprint
                           (read-openpgp-packet
-                           %ed25519bis-public-key-file)) ;different key
-                         #f))                     ;no signature
+                           %ed25519bis-public-key-file)))) ;different key
                (channel (channel (name 'example)
                                  (url (string-append "file://" directory))
                                  (introduction intro))))
@@ -486,12 +485,11 @@
         (let* ((commit1 (find-commit repository "first"))
                (commit2 (find-commit repository "second"))
                (commit3 (find-commit repository "third"))
-               (intro   ((@@ (guix channels) make-channel-introduction)
+               (intro   (make-channel-introduction
                          (commit-id-string commit1)
                          (openpgp-public-key-fingerprint
                           (read-openpgp-packet
-                           %ed25519-public-key-file))
-                         #f))                     ;no signature
+                           %ed25519-public-key-file))))
                (channel (channel (name 'example)
                                  (url (string-append "file://" directory))
                                  (introduction intro))))
-- 
2.26.2





Information forwarded to guix-patches@HIDDEN:
bug#42048; Package guix-patches. Full text available.

Message received at 42048 <at> debbugs.gnu.org:


Received: (at 42048) by debbugs.gnu.org; 25 Jun 2020 21:16:25 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Thu Jun 25 17:16:25 2020
Received: from localhost ([127.0.0.1]:41349 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1joZEO-0002TV-Qp
	for submit <at> debbugs.gnu.org; Thu, 25 Jun 2020 17:16:25 -0400
Received: from eggs.gnu.org ([209.51.188.92]:34486)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <ludo@HIDDEN>) id 1joZEM-0002T3-4b
 for 42048 <at> debbugs.gnu.org; Thu, 25 Jun 2020 17:16:23 -0400
Received: from fencepost.gnu.org ([2001:470:142:3::e]:45248)
 by eggs.gnu.org with esmtp (Exim 4.90_1)
 (envelope-from <ludo@HIDDEN>)
 id 1joZEG-0000Tb-85; Thu, 25 Jun 2020 17:16:16 -0400
Received: from [2a01:e0a:1d:7270:af76:b9b:ca24:c465] (port=59608 helo=gnu.org)
 by fencepost.gnu.org with esmtpsa
 (TLS1.2:DHE_RSA_AES_256_CBC_SHA1:256) (Exim 4.82)
 (envelope-from <ludo@HIDDEN>)
 id 1joZEF-0006HK-7C; Thu, 25 Jun 2020 17:16:15 -0400
From: =?UTF-8?q?Ludovic=20Court=C3=A8s?= <ludo@HIDDEN>
To: 42048 <at> debbugs.gnu.org
Subject: [PATCH 1/6] channels: Add 'openpgp-fingerprint->bytevector'.
Date: Thu, 25 Jun 2020 23:16:00 +0200
Message-Id: <20200625211605.29316-1-ludo@HIDDEN>
X-Mailer: git-send-email 2.26.2
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Spam-Score: -2.3 (--)
X-Debbugs-Envelope-To: 42048
Cc: =?UTF-8?q?Ludovic=20Court=C3=A8s?= <ludo@HIDDEN>
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -3.3 (---)

* guix/channels.scm (openpgp-fingerprint->bytevector): New procedure.
(openpgp-fingerprint): New macro.
(%guix-channel-introduction): Use it.
---
 guix/channels.scm | 27 ++++++++++++++++++++++-----
 1 file changed, 22 insertions(+), 5 deletions(-)

diff --git a/guix/channels.scm b/guix/channels.scm
index 3eec5df883..1d4b50aa48 100644
--- a/guix/channels.scm
+++ b/guix/channels.scm
@@ -71,6 +71,9 @@
             channel-introduction?
             ;; <channel-introduction> accessors purposefully omitted for now.
 
+            openpgp-fingerprint->bytevector
+            openpgp-fingerprint
+
             %default-channels
             guix-channel?
 
@@ -134,6 +137,23 @@
   (first-commit-signer  channel-introduction-first-commit-signer) ;bytevector
   (signature            channel-introduction-signature))          ;string
 
+(define (openpgp-fingerprint->bytevector str)
+  "Convert STR, an OpenPGP fingerprint (hexadecimal string with whitespace),
+to the corresponding bytevector."
+  (base16-string->bytevector
+   (string-downcase (string-filter char-set:hex-digit str))))
+
+(define-syntax openpgp-fingerprint
+  (lambda (s)
+    "Convert STR, an OpenPGP fingerprint (hexadecimal string with whitespace),
+to the corresponding bytevector."
+    (syntax-case s ()
+      ((_ str)
+       (string? (syntax->datum #'str))
+       (openpgp-fingerprint->bytevector (syntax->datum #'str)))
+      ((_ str)
+       #'(openpgp-fingerprint->bytevector str)))))
+
 (define %guix-channel-introduction
   ;; Introduction of the official 'guix channel.  The chosen commit is the
   ;; first one that introduces '.guix-authorizations' on the 'staging'
@@ -142,11 +162,8 @@
   ;; & co.
   (make-channel-introduction
    "9edb3f66fd807b096b48283debdcddccfea34bad"     ;2020-05-26
-   (base16-string->bytevector
-    (string-downcase
-     (string-filter char-set:hex-digit            ;mbakke
-                    "BBB0 2DDF 2CEA F6A8 0D1D  E643 A2A0 6DF2 A33A 54FA")))
-   #f))                   ;TODO: Add an intro signature so it can be exported.
+   (openpgp-fingerprint                           ;mbakke
+    "BBB0 2DDF 2CEA F6A8 0D1D  E643 A2A0 6DF2 A33A 54FA")))
 
 (define %default-channel-url
   ;; URL of the default 'guix' channel.
-- 
2.26.2





Information forwarded to guix-patches@HIDDEN:
bug#42048; Package guix-patches. Full text available.

Message received at submit <at> debbugs.gnu.org:


Received: (at submit) by debbugs.gnu.org; 25 Jun 2020 21:04:16 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Thu Jun 25 17:04:16 2020
Received: from localhost ([127.0.0.1]:41334 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1joZ2d-00026U-WC
	for submit <at> debbugs.gnu.org; Thu, 25 Jun 2020 17:04:16 -0400
Received: from lists.gnu.org ([209.51.188.17]:49286)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <ludo@HIDDEN>) id 1joZ2Y-00026H-Ls
 for submit <at> debbugs.gnu.org; Thu, 25 Jun 2020 17:04:13 -0400
Received: from eggs.gnu.org ([2001:470:142:3::10]:45256)
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <ludo@HIDDEN>) id 1joZ2Y-00087s-FZ
 for guix-patches@HIDDEN; Thu, 25 Jun 2020 17:04:10 -0400
Received: from fencepost.gnu.org ([2001:470:142:3::e]:45143)
 by eggs.gnu.org with esmtp (Exim 4.90_1)
 (envelope-from <ludo@HIDDEN>)
 id 1joZ2X-0002Av-Gr; Thu, 25 Jun 2020 17:04:09 -0400
Received: from [2a01:e0a:1d:7270:af76:b9b:ca24:c465] (port=59592 helo=gnu.org)
 by fencepost.gnu.org with esmtpsa
 (TLS1.2:DHE_RSA_AES_256_CBC_SHA1:256) (Exim 4.82)
 (envelope-from <ludo@HIDDEN>)
 id 1joZ2W-0005LQ-O8; Thu, 25 Jun 2020 17:04:09 -0400
From: =?UTF-8?q?Ludovic=20Court=C3=A8s?= <ludo@HIDDEN>
To: guix-patches@HIDDEN
Subject: [PATCH 0/6] Authenticated channels for everyone!
Date: Thu, 25 Jun 2020 23:04:00 +0200
Message-Id: <20200625210400.29033-1-ludo@HIDDEN>
X-Mailer: git-send-email 2.26.2
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-Spam-Score: -2.3 (--)
X-Debbugs-Envelope-To: submit
Cc: =?UTF-8?q?Ludovic=20Court=C3=A8s?= <ludo@HIDDEN>
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -3.3 (---)

Hello Guix!

This patch series follows up on channel authentication support:

  https://issues.guix.gnu.org/41767

This time the goal is to expose and document the authentication
mechanism so that third-party channel authors can use it.  This
should be the last series on this theme in the foreseeable
future.  :-)

The most visible effect is that channel introductions are now
part of the API and shown by ‘guix describe’.  It becomes a long-term
commitment because we want to be able to pass the output of
‘guix describe -C channels’ or /run/current-system/channels.scm
to ‘guix pull’ and ‘guix time-machine’ in the future.

Contrary to what I initially proposed¹, channel introductions are
stripped to the bare minimum: a commit/fingerprint pair (as is
currently the case on master, internally).  I figured it doesn’t
buy us much to have the commit/fingerprint pair signed; what
matters is that users obtain the introduction from a trusted
source, and the signature wouldn’t help with that.  I also got
rid of the idea of rendering introductions are opaque base64 blobs.

In the manual I tried to distinguish instructions for users
(“what do I need to put in my channels.scm file?”) from
instructions for channel authors (“how do I allow users of my
channel to authenticate it?”).

If people have a channel that they’d like to make “authenticable”,
please do try and report back!  You can even test with master,
you only need to add ‘@@’ to access (guix channels) internals
to create the introduction.

Feedback welcome!

Thanks,
Ludo’.

¹ https://issues.guix.gnu.org/issue/22883#69



Ludovic Courtès (6):
  channels: Add 'openpgp-fingerprint->bytevector'.
  channels: Make channel introductions public.
  channels: Remove 'signature' from <channel-introduction>.
  channels: Save and interpret 'introduction' field in provenance data.
  guix describe: Display channel introductions and add
    'channels-sans-intro'.
  services: provenance: Save channel introductions.

 doc/guix.texi             | 130 +++++++++++++++++++++++++++++++++++++-
 gnu/services.scm          |  26 ++++++--
 guix/channels.scm         |  86 +++++++++++++++++++------
 guix/scripts/describe.scm |  56 +++++++++++++---
 guix/scripts/system.scm   |   4 +-
 tests/channels.scm        |  10 ++-
 6 files changed, 269 insertions(+), 43 deletions(-)

-- 
2.26.2





Acknowledgement sent to Ludovic Courtès <ludo@HIDDEN>:
New bug report received and forwarded. Copy sent to guix-patches@HIDDEN. Full text available.
Report forwarded to guix-patches@HIDDEN:
bug#42048; Package guix-patches. Full text available.
Please note: This is a static page, with minimal formatting, updated once a day.
Click here to see this page with the latest information and nicer formatting.
Last modified: Tue, 30 Jun 2020 14:45:01 UTC

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997 nCipher Corporation Ltd, 1994-97 Ian Jackson.