GNU bug report logs - #50814
[PATCH] guix: git-authenticate: Also authenticate the channel intro commit.

Please note: This is a static page, with minimal formatting, updated once a day.
Click here to see this page with the latest information and nicer formatting.

Package: guix-patches; Severity: important; Reported by: Attila Lendvai <attila@HIDDEN>; Keywords: patch; dated Sun, 26 Sep 2021 10:26:01 UTC; Maintainer for guix-patches is guix-patches@HIDDEN.
Severity set to 'important' from 'grave' Request was from Ludovic Courtès <ludo@HIDDEN> to control <at> debbugs.gnu.org. Full text available.

Message received at 50814 <at> debbugs.gnu.org:


Received: (at 50814) by debbugs.gnu.org; 29 Sep 2021 23:14:54 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Wed Sep 29 19:14:54 2021
Received: from localhost ([127.0.0.1]:50949 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1mVims-0002F5-EO
	for submit <at> debbugs.gnu.org; Wed, 29 Sep 2021 19:14:54 -0400
Received: from michel.telenet-ops.be ([195.130.137.88]:41180)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <maximedevos@HIDDEN>) id 1mVimq-0002Ew-K9
 for 50814 <at> debbugs.gnu.org; Wed, 29 Sep 2021 19:14:53 -0400
Received: from ptr-bvsjgyjmffd7q9timvx.18120a2.ip6.access.telenet.be
 ([IPv6:2a02:1811:8c09:9d00:aaf1:9810:a0b8:a55d])
 by michel.telenet-ops.be with bizsmtp
 id zzEq250080mfAB406zEqNf; Thu, 30 Sep 2021 01:14:50 +0200
Message-ID: <bf6e3898a0df95edd777027767e791fbb91f7cdb.camel@HIDDEN>
Subject: Re: [bug#50814] [PATCH 5/5] guix: git-authenticate: Fix
 authenticate-repository.
From: Maxime Devos <maximedevos@HIDDEN>
To: Attila Lendvai <attila@HIDDEN>, 50814 <at> debbugs.gnu.org
Date: Thu, 30 Sep 2021 01:14:44 +0200
In-Reply-To: <20210928162406.27205-5-attila@HIDDEN>
References: <20210928162406.27205-1-attila@HIDDEN>
 <20210928162406.27205-5-attila@HIDDEN>
Content-Type: multipart/signed; micalg="pgp-sha512";
 protocol="application/pgp-signature"; boundary="=-bw1GYLABH7zY1e7MLO6/"
User-Agent: Evolution 3.34.2 
MIME-Version: 1.0
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=telenet.be; s=r21;
 t=1632957291; bh=lZHk8pZgUEyrOGgC/rByi1ZlvHRjWfnUx6VspRoW6fE=;
 h=Subject:From:To:Date:In-Reply-To:References;
 b=K7QBne2ZJrCe1D2FArpaknC5GsrTtpyyOPiKF+87kQTf72gzg1SiFZL03c3LfwGPx
 gBOC9af3FqgnLJEYkWsJi/vt3T7kJhiy40987COYyZBa8W1hIqzFh5YBEAgsiK0ZD0
 95mMsFh2qXgCXcQRYfPKqh6o1lR341TlWOa1+1CMlorGWCHUOglSnxTa0VcEYbmLO4
 1FM29V4frNCccOu0ac9xR4iTavE1y2bbUGT5kBBP7KYsM5Fo4pLXOtQjx6NqZhxkFx
 v7lrYWg17oWppw4zd36x2nSv78JhMI5hHWQM0hNMRSmmAc/Pw/eWT9B+SvxCQvnwve
 xsYzYT1moxFaA==
X-Spam-Score: -0.7 (/)
X-Debbugs-Envelope-To: 50814
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -1.7 (-)


--=-bw1GYLABH7zY1e7MLO6/
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

Attila Lendvai schreef op di 28-09-2021 om 18:24 [+0200]:
> [...]
> -(define* (commit-authorized-keys repository commit
> -                                 #:optional (default-authorizations '())=
)
> -  "Return the list of OpenPGP fingerprints authorized to sign COMMIT, ba=
sed on
> -authorizations listed in its parent commits.  If one of the parent commi=
ts
> -does not specify anything, fall back to DEFAULT-AUTHORIZATIONS."


> +(define (authorized-keys-at-commit repository commit default-authorizati=
ons)
> +  "Return the list of authorized key fingerprints from the '.guix-author=
izations'
> +file at the given commit."

Could 'default-authorizations' still be documented?

Anyway, I don't see any problems with this patch (ignoring the warning and =
the
docstrings), but I'm completely unfamiliar with the internals of channel
authentication, so I don't know what to look for.  You'll need to find some=
one
else to review this.

Greetings,
Maxime

--=-bw1GYLABH7zY1e7MLO6/
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: This is a digitally signed message part
Content-Transfer-Encoding: 7bit

-----BEGIN PGP SIGNATURE-----

iI0EABYKADUWIQTB8z7iDFKP233XAR9J4+4iGRcl7gUCYVTzZBccbWF4aW1lZGV2
b3NAdGVsZW5ldC5iZQAKCRBJ4+4iGRcl7r1sAPwPBMrVj2xf2/3+qRc2vCdJ99mL
KGQv4vjiAmGOHRA6zAD9FPycoQ3VFncbi4+HCqt6WplEYsgLkw5Nneps9E4mYgU=
=LpmA
-----END PGP SIGNATURE-----

--=-bw1GYLABH7zY1e7MLO6/--





Information forwarded to guix-patches@HIDDEN:
bug#50814; Package guix-patches. Full text available.

Message received at 50814 <at> debbugs.gnu.org:


Received: (at 50814) by debbugs.gnu.org; 29 Sep 2021 22:03:49 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Wed Sep 29 18:03:49 2021
Received: from localhost ([127.0.0.1]:50528 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1mVhg4-00009U-UU
	for submit <at> debbugs.gnu.org; Wed, 29 Sep 2021 18:03:49 -0400
Received: from laurent.telenet-ops.be ([195.130.137.89]:53470)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <maximedevos@HIDDEN>) id 1mVhg0-00009J-Dh
 for 50814 <at> debbugs.gnu.org; Wed, 29 Sep 2021 18:03:48 -0400
Received: from ptr-bvsjgyjmffd7q9timvx.18120a2.ip6.access.telenet.be
 ([IPv6:2a02:1811:8c09:9d00:aaf1:9810:a0b8:a55d])
 by laurent.telenet-ops.be with bizsmtp
 id zy3i250030mfAB401y3ih5; Thu, 30 Sep 2021 00:03:42 +0200
Message-ID: <7a5b17dc857d92520df599bcbc592cd416ad71a2.camel@HIDDEN>
Subject: Re: [bug#50814] [PATCH 4/5] guix: Prepare the UI for continuable
 &warning exceptions.
From: Maxime Devos <maximedevos@HIDDEN>
To: Attila Lendvai <attila@HIDDEN>
Date: Thu, 30 Sep 2021 00:03:36 +0200
In-Reply-To: <FUwKtKPCBTmnvR7XMsNnfXkl-TyoK-YNruBr7HrCoVYZgwcAJUTmQ187kmE28sip2FXjtY17cBMVPT0WVhGgjUjbl2OsHtTDgqIVDEW6PLI=@lendvai.name>
References: <20210928162406.27205-1-attila@HIDDEN>
 <20210928162406.27205-4-attila@HIDDEN>
 <9c093db2d9019ef2fe9b27979a3b51848f179a3b.camel@HIDDEN>
 <KXhKsjTN2gmW0wKMEmBlxgJN40WGeWtZBwW2Pi9T1QJXVdrbM7bG-7xx0gWCTf5uN1wGgSbx8nARju9N8-oV8roXtPM2gQgTi13XwLpIWvc=@lendvai.name>
 <929da16ca45605a5bed718dea5d76db7176cf985.camel@HIDDEN>
 <FUwKtKPCBTmnvR7XMsNnfXkl-TyoK-YNruBr7HrCoVYZgwcAJUTmQ187kmE28sip2FXjtY17cBMVPT0WVhGgjUjbl2OsHtTDgqIVDEW6PLI=@lendvai.name>
Content-Type: multipart/signed; micalg="pgp-sha512";
 protocol="application/pgp-signature"; boundary="=-RsXiQPOkDr9MlkfvjaZJ"
User-Agent: Evolution 3.34.2 
MIME-Version: 1.0
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=telenet.be; s=r21;
 t=1632953022; bh=qiqjP3zbA/FaGu7htsX+CknU0csunBPUmyPDGjzYD0c=;
 h=Subject:From:To:Cc:Date:In-Reply-To:References;
 b=nB1X/X0pX0+N/tMWanPXuFt6IZIFcSnBSBGJNNGJqfj80S1Il/XLEZbGpPrI+LdAT
 sFwjVj04V6nnvGpsf9jh6cC67U4s+1o35KHF8amHb83tBalrDUXuWbWU7D6Zrx6nEo
 AVaC6QHRvNSWnbZtb+vzpqSgDJEH8gsFbDMesyB0bH+gPnwAosLcpLYfQROQIRvLJv
 G05Rpl/1ZYne6bTFZgpQeI1MeB7TUwDhCIKblKbMdzyqqUgh8bKmGNXM4A09p06Jlv
 ucpLNk/tD0Fntu6d/Z1Fjy3rdC9D2igvtvuSTsDV8MVRxfhI7YBwjas3/mjAhYAdUb
 d6w4crhy/tsgw==
X-Spam-Score: -0.7 (/)
X-Debbugs-Envelope-To: 50814
Cc: 50814 <at> debbugs.gnu.org
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -1.7 (-)


--=-RsXiQPOkDr9MlkfvjaZJ
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

Attila Lendvai schreef op wo 29-09-2021 om 21:22 [+0000]:
> >=20
[...]
>=20
> > Conventionally, to emit warnings, the procedure 'warning' from
> > (guix diagnostics) is used. See e.g. (guix ci), (guix deprecation), (gu=
ix gexp),
> > (guix import ...), various modules under (guix scripts ...), (guix upst=
ream) ...
> >=20
> > Is there any reason not to use this pre-existing procedure?
>=20
> in a more advanced UI it might be a different story, but in the
> current setup the only reason is to be able to assert for the warning
> in the tests.
>=20
> is that worth it? shall i just user WARNING and forget about the test?

Testing a warning is emitted seems nice.  You could parameterise guix-warni=
ng-port
and use call-with-output-sting to capture the warning, and use (not (string=
-null? ...))
to verify a warning has been emitted.  From a quick grep, it appears
tests/transformations.scm and tests/substitute.scm are doing things like th=
is.

Greetings,
Maxime.

--=-RsXiQPOkDr9MlkfvjaZJ
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: This is a digitally signed message part
Content-Transfer-Encoding: 7bit

-----BEGIN PGP SIGNATURE-----

iI0EABYKADUWIQTB8z7iDFKP233XAR9J4+4iGRcl7gUCYVTiuBccbWF4aW1lZGV2
b3NAdGVsZW5ldC5iZQAKCRBJ4+4iGRcl7oSWAPwLHsXLqm2umA08K19ScaFaJKFI
gsGMA29dbbdd6ghqKQEAknynqmSt4jLhzkr8HlbM3fhhbaJTtSJFNm1GU+7PQwI=
=D2oU
-----END PGP SIGNATURE-----

--=-RsXiQPOkDr9MlkfvjaZJ--





Information forwarded to guix-patches@HIDDEN:
bug#50814; Package guix-patches. Full text available.

Message received at 50814 <at> debbugs.gnu.org:


Received: (at 50814) by debbugs.gnu.org; 29 Sep 2021 21:22:46 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Wed Sep 29 17:22:46 2021
Received: from localhost ([127.0.0.1]:50476 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1mVh2M-0007Yh-49
	for submit <at> debbugs.gnu.org; Wed, 29 Sep 2021 17:22:46 -0400
Received: from mail-4317.protonmail.ch ([185.70.43.17]:59462)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <attila@HIDDEN>) id 1mVh2H-0007YO-IP
 for 50814 <at> debbugs.gnu.org; Wed, 29 Sep 2021 17:22:45 -0400
Date: Wed, 29 Sep 2021 21:22:33 +0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=lendvai.name;
 s=protonmail2; t=1632950553;
 bh=xIZ983uEEPBKPYoKYhZ8gUvI3b915/T7DvQfvhGKLwE=;
 h=Date:To:From:Cc:Reply-To:Subject:In-Reply-To:References:From;
 b=CKi+DSP0Y/GPgI/uosTU/J8G4fDVhCqOsYBGNjq8mM9jTxWQUzD/qErx1J0a8Kffr
 GqfraV6kC53L+uHfk6yvpRnfS+DnQ4VHy1n5lRGFqi4kpUBcfdeMj90rfMJhhD9i8A
 l+r3GrKKV4xRORqTrrD26qG5CkDHeaWAULAZL8PjheTg6pMcIRkVxqOTDxMSmHFh9O
 8wW7YPzBe9JTK9sw24K6kf/k2xgG44XNYbDIzDmRR3K1zb+nGzXIcLBpL553UjA+Ba
 ql59uxWH57V2q5Axranl1jKS/qBvK7CqFn7tkX/aAEJh+cj8GxC7t2KgZnEDat5WtV
 BuJZX15hpCQYQ==
To: Maxime Devos <maximedevos@HIDDEN>
From: Attila Lendvai <attila@HIDDEN>
Subject: Re: [bug#50814] [PATCH 4/5] guix: Prepare the UI for continuable
 &warning exceptions.
Message-ID: <FUwKtKPCBTmnvR7XMsNnfXkl-TyoK-YNruBr7HrCoVYZgwcAJUTmQ187kmE28sip2FXjtY17cBMVPT0WVhGgjUjbl2OsHtTDgqIVDEW6PLI=@lendvai.name>
In-Reply-To: <929da16ca45605a5bed718dea5d76db7176cf985.camel@HIDDEN>
References: <20210928162406.27205-1-attila@HIDDEN>
 <20210928162406.27205-4-attila@HIDDEN>
 <9c093db2d9019ef2fe9b27979a3b51848f179a3b.camel@HIDDEN>
 <KXhKsjTN2gmW0wKMEmBlxgJN40WGeWtZBwW2Pi9T1QJXVdrbM7bG-7xx0gWCTf5uN1wGgSbx8nARju9N8-oV8roXtPM2gQgTi13XwLpIWvc=@lendvai.name>
 <929da16ca45605a5bed718dea5d76db7176cf985.camel@HIDDEN>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
X-Spam-Status: No, score=-1.2 required=10.0 tests=ALL_TRUSTED,DKIM_SIGNED,
 DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF shortcircuit=no
 autolearn=disabled version=3.4.4
X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on
 mailout.protonmail.ch
X-Spam-Score: -0.0 (/)
X-Debbugs-Envelope-To: 50814
Cc: 50814 <at> debbugs.gnu.org
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Reply-To: Attila Lendvai <attila@HIDDEN>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -1.0 (-)

> About 1): which 'wind part' of dynamic-wind are you referring to?
>
> The in-guard or the out-guard?
>
> If the out-guard is empty, then the reference to the old connection will
> be overwritten when the fiber is paused and resumed, so the old connectio=
n
> will eventually be GC'ed, thus the daemon forgets some GC roots, leading
> to a rare GC bug.
>
> If the in-guard is empty, then the after pausing the fiber and resuming i=
t,
> the connection will be closed while the fiber might still need it.


ok, so this is a no-go. thanks for the clarification!


> Conventionally, to emit warnings, the procedure 'warning' from
> (guix diagnostics) is used. See e.g. (guix ci), (guix deprecation), (guix=
 gexp),
> (guix import ...), various modules under (guix scripts ...), (guix upstre=
am) ...
>
> Is there any reason not to use this pre-existing procedure?


in a more advanced UI it might be a different story, but in the
current setup the only reason is to be able to assert for the warning
in the tests.

is that worth it? shall i just user WARNING and forget about the test?

- attila
PGP:=C2=A05D5F 45C7 DFCD 0A39





Information forwarded to guix-patches@HIDDEN:
bug#50814; Package guix-patches. Full text available.

Message received at 50814 <at> debbugs.gnu.org:


Received: (at 50814) by debbugs.gnu.org; 29 Sep 2021 20:36:39 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Wed Sep 29 16:36:39 2021
Received: from localhost ([127.0.0.1]:50381 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1mVgJj-0006MX-0Y
	for submit <at> debbugs.gnu.org; Wed, 29 Sep 2021 16:36:39 -0400
Received: from albert.telenet-ops.be ([195.130.137.90]:40284)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <maximedevos@HIDDEN>) id 1mVgJe-0006MJ-SY
 for 50814 <at> debbugs.gnu.org; Wed, 29 Sep 2021 16:36:37 -0400
Received: from ptr-bvsjgyjmffd7q9timvx.18120a2.ip6.access.telenet.be
 ([IPv6:2a02:1811:8c09:9d00:aaf1:9810:a0b8:a55d])
 by albert.telenet-ops.be with bizsmtp
 id zwcY2500H0mfAB406wcYHA; Wed, 29 Sep 2021 22:36:33 +0200
Message-ID: <929da16ca45605a5bed718dea5d76db7176cf985.camel@HIDDEN>
Subject: Re: [bug#50814] [PATCH 4/5] guix: Prepare the UI for continuable
 &warning exceptions.
From: Maxime Devos <maximedevos@HIDDEN>
To: Attila Lendvai <attila@HIDDEN>
Date: Wed, 29 Sep 2021 22:36:14 +0200
In-Reply-To: <KXhKsjTN2gmW0wKMEmBlxgJN40WGeWtZBwW2Pi9T1QJXVdrbM7bG-7xx0gWCTf5uN1wGgSbx8nARju9N8-oV8roXtPM2gQgTi13XwLpIWvc=@lendvai.name>
References: <20210928162406.27205-1-attila@HIDDEN>
 <20210928162406.27205-4-attila@HIDDEN>
 <9c093db2d9019ef2fe9b27979a3b51848f179a3b.camel@HIDDEN>
 <KXhKsjTN2gmW0wKMEmBlxgJN40WGeWtZBwW2Pi9T1QJXVdrbM7bG-7xx0gWCTf5uN1wGgSbx8nARju9N8-oV8roXtPM2gQgTi13XwLpIWvc=@lendvai.name>
Content-Type: multipart/signed; micalg="pgp-sha512";
 protocol="application/pgp-signature"; boundary="=-V/4MxGN70x5Z6s40eva8"
User-Agent: Evolution 3.34.2 
MIME-Version: 1.0
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=telenet.be; s=r21;
 t=1632947793; bh=GI22FkuoFEqBMKujaz1eIZPoiDfNNAwOM3ycosZJuQ8=;
 h=Subject:From:To:Cc:Date:In-Reply-To:References;
 b=ELC9mLpRPPdOSh/RFotimQhzBrHJPPvu3F94UnWASdQEhPdHj++D645V5MsfJsVfx
 rfH2fD+YrBX0O8UToRpJvWFbSOA28VvywXLhSF/Vc3yUnN/pXTfrVvtnwIv9YLKN5W
 2hZt0P4Zr43zk/pr/xNOYtjv9CFTtAlPFuTvareheQ7u9I8wkImdDUqI0cq/oKiGq9
 Jnv1vSppUHVQMVKdhnuZnukloteVVH5NZvefpT8gzQklQPpM6go08zRES9ustJJRmH
 3HPjL9xtr4CaJ9t82v2JLrvVq3aJEeIR+/jKbhNL/BcvGEkac9ncy6L9cJbPnOw/sB
 nitTNGO3sitvg==
X-Spam-Score: -0.7 (/)
X-Debbugs-Envelope-To: 50814
Cc: 50814 <at> debbugs.gnu.org
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -1.7 (-)


--=-V/4MxGN70x5Z6s40eva8
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

Attila Lendvai schreef op wo 29-09-2021 om 14:50 [+0000]:
> > Do we really need to close and open the connection again every time
> > a continuation is made and resumed? This seems inefficient if a threadi=
ng
> > mechanism implemented by continuations is used (such as guile-fibers),
> > and there are two threads (=E2=80=98fibers=E2=80=99) communicating and =
waiting with/for
> > each other in a loop, causing many =E2=80=98context switches=E2=80=99 (=
i.e., many captured
> > and resumed continuations).
> >=20
> > Also note that a connection has some state: to the guix-daemon, it acts=
 as
> > a GC root for everything built with the connection, and everything adde=
d to
> > the store (with add-to-store & friends) with that connection ... Simply
> > reconnecting isn't sufficient.
>=20
> pardon my ignorance wrt dynamic-wind and call/cc, but does that^ mean
> that 1) i should simply leave the wind part of the dynamic-wind empty
> and move back the open-connection call into the let... or that 2) the
> entire idea of replacing the exception handler with an unwind-protect
> is flawed?

About 1): which 'wind part' of dynamic-wind are you referring to?
The in-guard or the out-guard?

If the out-guard is empty, then the reference to the old connection will
be overwritten when the fiber is paused and resumed, so the old connection
will eventually be GC'ed, thus the daemon forgets some GC roots, leading
to a rare GC bug.

If the in-guard is empty, then the after pausing the fiber and resuming it,
the connection will be closed while the fiber might still need it.

> if 2) then i'll try to smarten up the handler to use raise-continuable
> if the exception is of type &warning.

That should work.  Or simpler: always use raise-continuable.

> or any better ideas?

Conventionally, to emit warnings, the procedure 'warning' from
(guix diagnostics) is used.  See e.g. (guix ci), (guix deprecation), (guix =
gexp),
(guix import ...), various modules under (guix scripts ...), (guix upstream=
) ...

Is there any reason not to use this pre-existing procedure?

Greetings,
Maxime

--=-V/4MxGN70x5Z6s40eva8
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: This is a digitally signed message part
Content-Transfer-Encoding: 7bit

-----BEGIN PGP SIGNATURE-----

iI0EABYKADUWIQTB8z7iDFKP233XAR9J4+4iGRcl7gUCYVTOPhccbWF4aW1lZGV2
b3NAdGVsZW5ldC5iZQAKCRBJ4+4iGRcl7kuAAQCi8x1NRBBbbxHyFXbLl61sG0ss
PuW6GDFBYCce02bXJQD+KB6Al9UEmjJL54d0ZSqL5GHacy/U1mFVBHwJVrwxFQA=
=C9qm
-----END PGP SIGNATURE-----

--=-V/4MxGN70x5Z6s40eva8--





Information forwarded to guix-patches@HIDDEN:
bug#50814; Package guix-patches. Full text available.

Message received at 50814 <at> debbugs.gnu.org:


Received: (at 50814) by debbugs.gnu.org; 29 Sep 2021 14:50:54 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Wed Sep 29 10:50:53 2021
Received: from localhost ([127.0.0.1]:49809 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1mVav7-0006wG-M4
	for submit <at> debbugs.gnu.org; Wed, 29 Sep 2021 10:50:53 -0400
Received: from mail-40131.protonmail.ch ([185.70.40.131]:30734)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <attila@HIDDEN>) id 1mVav2-0006vj-OT
 for 50814 <at> debbugs.gnu.org; Wed, 29 Sep 2021 10:50:51 -0400
Date: Wed, 29 Sep 2021 14:50:35 +0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=lendvai.name;
 s=protonmail2; t=1632927038;
 bh=ht3REuv6VmcGMLY4mX52yeI26rlq6/P5sLr1HfPS4jA=;
 h=Date:To:From:Cc:Reply-To:Subject:In-Reply-To:References:From;
 b=pro0HByhPC+bAOSTYG2319hfOFO1n6qNw8JWAqLDq3kfW6RvphzCeOYvrVKk05Pjz
 QabnJgkV/LKg/J7jchr+3fYzmoothCRKgPsLxU9ZNkrU0XnIBtWywBQBspkF++Rs1H
 C1y1DlRy04GyxkLnDxCarZ/5A0tByiFAM7Fi01fyYS/oona5gzoUvSh8NCopP05HYg
 K7hAgaf8c83dAYfkTryRkFiWmJ+y8dQbqXwNDlpeezCR8LDWUg4t+qgevQePDDqPof
 3wNEqLvAnFnttr9Fx/zJRZpSbKxwF0dx6puph3QXUXN+E08nCQIFhBtd2w2JNBHtsx
 SWeBrXTJbU/Yw==
To: Maxime Devos <maximedevos@HIDDEN>
From: Attila Lendvai <attila@HIDDEN>
Subject: Re: [bug#50814] [PATCH 4/5] guix: Prepare the UI for continuable
 &warning exceptions.
Message-ID: <KXhKsjTN2gmW0wKMEmBlxgJN40WGeWtZBwW2Pi9T1QJXVdrbM7bG-7xx0gWCTf5uN1wGgSbx8nARju9N8-oV8roXtPM2gQgTi13XwLpIWvc=@lendvai.name>
In-Reply-To: <9c093db2d9019ef2fe9b27979a3b51848f179a3b.camel@HIDDEN>
References: <20210928162406.27205-1-attila@HIDDEN>
 <20210928162406.27205-4-attila@HIDDEN>
 <9c093db2d9019ef2fe9b27979a3b51848f179a3b.camel@HIDDEN>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
X-Spam-Status: No, score=-1.2 required=10.0 tests=ALL_TRUSTED,DKIM_SIGNED,
 DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF shortcircuit=no
 autolearn=disabled version=3.4.4
X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on
 mailout.protonmail.ch
X-Spam-Score: -0.0 (/)
X-Debbugs-Envelope-To: 50814
Cc: 50814 <at> debbugs.gnu.org
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Reply-To: Attila Lendvai <attila@HIDDEN>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -1.0 (-)

> Do we really need to close and open the connection again every time
> a continuation is made and resumed? This seems inefficient if a threading
> mechanism implemented by continuations is used (such as guile-fibers),
> and there are two threads (=E2=80=98fibers=E2=80=99) communicating and wa=
iting with/for
> each other in a loop, causing many =E2=80=98context switches=E2=80=99 (i.=
e., many captured
> and resumed continuations).
>
> Also note that a connection has some state: to the guix-daemon, it acts a=
s
> a GC root for everything built with the connection, and everything added =
to
> the store (with add-to-store & friends) with that connection ... Simply
> reconnecting isn't sufficient.

pardon my ignorance wrt dynamic-wind and call/cc, but does that^ mean
that 1) i should simply leave the wind part of the dynamic-wind empty
and move back the open-connection call into the let... or that 2) the
entire idea of replacing the exception handler with an unwind-protect
is flawed?

if 2) then i'll try to smarten up the handler to use raise-continuable
if the exception is of type &warning.

or any better ideas?

- attila
PGP:=C2=A05D5F 45C7 DFCD 0A39





Information forwarded to guix-patches@HIDDEN:
bug#50814; Package guix-patches. Full text available.

Message received at 50814 <at> debbugs.gnu.org:


Received: (at 50814) by debbugs.gnu.org; 29 Sep 2021 14:13:55 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Wed Sep 29 10:13:55 2021
Received: from localhost ([127.0.0.1]:49667 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1mVaLL-0003iQ-5O
	for submit <at> debbugs.gnu.org; Wed, 29 Sep 2021 10:13:55 -0400
Received: from andre.telenet-ops.be ([195.130.132.53]:44186)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <maximedevos@HIDDEN>) id 1mVaLG-0003iE-Lk
 for 50814 <at> debbugs.gnu.org; Wed, 29 Sep 2021 10:13:53 -0400
Received: from ptr-bvsjgyjmffd7q9timvx.18120a2.ip6.access.telenet.be
 ([IPv6:2a02:1811:8c09:9d00:aaf1:9810:a0b8:a55d])
 by andre.telenet-ops.be with bizsmtp
 id zqDo2500b0mfAB401qDoYM; Wed, 29 Sep 2021 16:13:49 +0200
Message-ID: <9c093db2d9019ef2fe9b27979a3b51848f179a3b.camel@HIDDEN>
Subject: Re: [bug#50814] [PATCH 4/5] guix: Prepare the UI for continuable
 &warning exceptions.
From: Maxime Devos <maximedevos@HIDDEN>
To: Attila Lendvai <attila@HIDDEN>, 50814 <at> debbugs.gnu.org
Date: Wed, 29 Sep 2021 16:13:42 +0200
In-Reply-To: <20210928162406.27205-4-attila@HIDDEN>
References: <20210928162406.27205-1-attila@HIDDEN>
 <20210928162406.27205-4-attila@HIDDEN>
Content-Type: multipart/signed; micalg="pgp-sha512";
 protocol="application/pgp-signature"; boundary="=-fwnIi1rQ1JgQz8m0OazP"
User-Agent: Evolution 3.34.2 
MIME-Version: 1.0
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=telenet.be; s=r21;
 t=1632924829; bh=5Ffj+pQ3MovUAxbPyulRYK4eGVoJqKAIe75r1CDU1+U=;
 h=Subject:From:To:Date:In-Reply-To:References;
 b=NFYv/8D+VxkVevOjOmV83HQa6DBrDMQYCYDJfVV9giBkstHoYPfjb0dndQwfUhYM5
 IHzsgEm6Y8RnCLC4pcu0CKiThnfFetiVjpP8gV7eFeSUJ1AcLQzrU0beM5pD+gN9H/
 8g8TIQTDiP9m38jmyNBPERJN4GHrWE1Ns2GanX/quBll0rCWxtVb4kiqFZymVe3smf
 iRsUrtmkuCi3fIS15Lsy/hJuSFe9B4iMyOv9aAZjtkaKDeIrVziREh8y4CUDM8US/I
 CX/aN2Y7yb66iZDXitgCcsNgwPjLGSxETN6qYOdY6GNJAUPVBJxXpvfcp6oqF+V0he
 dsZSOk9Y4brGw==
X-Spam-Score: -0.7 (/)
X-Debbugs-Envelope-To: 50814
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -1.7 (-)


--=-fwnIi1rQ1JgQz8m0OazP
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

Attila Lendvai schreef op di 28-09-2021 om 18:24 [+0200]:
>  (define (call-with-store proc)
>    "Call PROC with an open store connection."
> -  (let ((store (open-connection)))
> +  (let ((store '()))
>      (define (thunk)
>        (parameterize ((current-store-protocol-version
>                        (store-connection-version store)))
>          (call-with-values (lambda () (proc store))
>            (lambda results
> -            (close-connection store)
>              (apply values results)))))
> =20
> -    (with-exception-handler (lambda (exception)
> -                              (close-connection store)
> -                              (raise-exception exception))
> -      thunk)))
> +    (dynamic-wind
> +      (lambda ()
> +        (set! store (open-connection)))
> +      thunk
> +      (lambda ()
> +        (close-connection store)
> +        (set! store '())))))

Do we really need to close and open the connection again every time
a continuation is made and resumed?  This seems inefficient if a threading
mechanism implemented by continuations is used (such as guile-fibers),
and there are two threads (=E2=80=98fibers=E2=80=99) communicating and wait=
ing with/for
each other in a loop, causing many =E2=80=98context switches=E2=80=99 (i.e.=
, many captured
and resumed continuations).

Also note that a connection has some state: to the guix-daemon, it acts as
a GC root for everything built with the connection, and everything added to
the store (with add-to-store & friends) with that connection ... Simply
reconnecting isn't sufficient.

Greetings,
Maxime

--=-fwnIi1rQ1JgQz8m0OazP
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: This is a digitally signed message part
Content-Transfer-Encoding: 7bit

-----BEGIN PGP SIGNATURE-----

iI0EABYKADUWIQTB8z7iDFKP233XAR9J4+4iGRcl7gUCYVR0lhccbWF4aW1lZGV2
b3NAdGVsZW5ldC5iZQAKCRBJ4+4iGRcl7pHcAP90sSXgTCFgHHH0TfD2dUDxQjys
03G/1Cix0O9jBBSZ2wD+KVvjBBduVO0t/RijZwAYoRDaykNRGY8suWjYft5TKgY=
=887w
-----END PGP SIGNATURE-----

--=-fwnIi1rQ1JgQz8m0OazP--





Information forwarded to guix-patches@HIDDEN:
bug#50814; Package guix-patches. Full text available.

Message received at 50814 <at> debbugs.gnu.org:


Received: (at 50814) by debbugs.gnu.org; 29 Sep 2021 13:58:16 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Wed Sep 29 09:58:16 2021
Received: from localhost ([127.0.0.1]:49641 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1mVa6C-0003Jt-70
	for submit <at> debbugs.gnu.org; Wed, 29 Sep 2021 09:58:16 -0400
Received: from baptiste.telenet-ops.be ([195.130.132.51]:46724)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <maximedevos@HIDDEN>) id 1mVa67-0003Jg-9Z
 for 50814 <at> debbugs.gnu.org; Wed, 29 Sep 2021 09:58:14 -0400
Received: from ptr-bvsjgyjmffd7q9timvx.18120a2.ip6.access.telenet.be
 ([IPv6:2a02:1811:8c09:9d00:aaf1:9810:a0b8:a55d])
 by baptiste.telenet-ops.be with bizsmtp
 id zpy82500D0mfAB401py86Z; Wed, 29 Sep 2021 15:58:08 +0200
Message-ID: <f9e5cc572e6495e2b2a4bd88ef81f84efabda31f.camel@HIDDEN>
Subject: Re: [bug#50814] [PATCH 3/4] tests: Add failing test for
 .guix-authorizations and channel intro.
From: Maxime Devos <maximedevos@HIDDEN>
To: Attila Lendvai <attila@HIDDEN>, 50814 <at> debbugs.gnu.org
Date: Wed, 29 Sep 2021 15:58:08 +0200
In-Reply-To: <20210928010537.4241-3-attila@HIDDEN>
References: <20210928010537.4241-1-attila@HIDDEN>
 <20210928010537.4241-3-attila@HIDDEN>
Content-Type: multipart/signed; micalg="pgp-sha512";
 protocol="application/pgp-signature"; boundary="=-NM6Ajykp1VsLUt3Z5qKU"
User-Agent: Evolution 3.34.2 
MIME-Version: 1.0
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=telenet.be; s=r21;
 t=1632923888; bh=XcjIjwrPSED3o0y7LRGYFAjoPTDbqJEe5Jgk7yX7FtQ=;
 h=Subject:From:To:Date:In-Reply-To:References;
 b=JExjVBZsz/pYkk6B5Iq+A1LH6Eq7eCePVvtB71cgG3R+FGJbsGdZfzJvFhCYvieIs
 clEV8AJXwlkz/+B2F2txHEX21FVrnF/pxrTnA+Z/e2fiq9pxSi1m8YZyNzwxGcD5zF
 CREp737GOUdFG3OwrpysXVg4NI6INOplOf+Do+aFRojvggaJF2wkvfnTvAJNLyVlKD
 Pm3vAeLZc7iFX71vQftlomwkIuVoTjZU3Q6/+gDIMNpZ4ejk15Vh1+nWDeSVpYmyCV
 nNIODHVN+JcE+VaEnz99+JD8e2ocC368ndER2o+L4AuxzDwLjibcpjsxN9VIeWcazv
 0n6sIQRdHNPbA==
X-Spam-Score: -0.7 (/)
X-Debbugs-Envelope-To: 50814
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -1.7 (-)


--=-NM6Ajykp1VsLUt3Z5qKU
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

Attila Lendvai schreef op di 28-09-2021 om 03:05 [+0200]:
> Will be fixed in a subsequent commit.
>=20
> * tests/git-authenticate.scm: New test "signed commits, .guix-authorizati=
ons,
> channel-introduction".

I recommend placing the patch fixing the error before the test,
to aid bisection.

Greetings,
Maxime.

--=-NM6Ajykp1VsLUt3Z5qKU
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: This is a digitally signed message part
Content-Transfer-Encoding: 7bit

-----BEGIN PGP SIGNATURE-----

iI0EABYKADUWIQTB8z7iDFKP233XAR9J4+4iGRcl7gUCYVRw8BccbWF4aW1lZGV2
b3NAdGVsZW5ldC5iZQAKCRBJ4+4iGRcl7qXtAQDO2jsIOIrH3f4Ura6HrvtHRr2b
oairs5IUDmZsMdu37AD+JTr9JPVQWZT5As535QQm0O2i1cBYigwF7hFQ5hz9OAs=
=VqJm
-----END PGP SIGNATURE-----

--=-NM6Ajykp1VsLUt3Z5qKU--





Information forwarded to guix-patches@HIDDEN:
bug#50814; Package guix-patches. Full text available.

Message received at 50814 <at> debbugs.gnu.org:


Received: (at 50814) by debbugs.gnu.org; 28 Sep 2021 16:28:05 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Tue Sep 28 12:28:05 2021
Received: from localhost ([127.0.0.1]:46800 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1mVFxc-0005cy-B6
	for submit <at> debbugs.gnu.org; Tue, 28 Sep 2021 12:28:04 -0400
Received: from mail-ed1-f41.google.com ([209.85.208.41]:36655)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <attila.lendvai@HIDDEN>) id 1mVFxY-0005cD-GS
 for 50814 <at> debbugs.gnu.org; Tue, 28 Sep 2021 12:28:02 -0400
Received: by mail-ed1-f41.google.com with SMTP id y35so34379300ede.3
 for <50814 <at> debbugs.gnu.org>; Tue, 28 Sep 2021 09:28:00 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112;
 h=sender:from:to:cc:subject:date:message-id:in-reply-to:references
 :mime-version:content-transfer-encoding;
 bh=K3gV4fd7UNLEYp1WYaFYa5vcbIbwtvEpYeiR+CxFaIY=;
 b=qGwXbsdTK0YeIShJIQJvxxn2CJZovHDAOTE9jz9xGn2aJNVA0gb6zR0isBV7/ug+Q6
 NPpMJp3MaUa8FuqixBQm8/wpNsWVNafDPwEHsSbv6JN0Xt6z+N41p+W9klnDJviqem9E
 kpmeVNDIVKzO/GYjlpZnvTpT5W25BmR6ISgyZ+c+Pz4Bgqfx6VEGUyoLHkSUcyEQ8WNC
 qdqtbFC7pYMr4aOQcShpgRy/ojJiURfLH3LBhxkXOrm3uwxIUD020mPIYTx42Ox/I4cY
 aNLoRaFoQUP7qJKPTFcYXeTlElSh8uTjdVlp4CySnTXTSHCs2dlGcyI9wo3yduHYc8lE
 2+0w==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20210112;
 h=x-gm-message-state:sender:from:to:cc:subject:date:message-id
 :in-reply-to:references:mime-version:content-transfer-encoding;
 bh=K3gV4fd7UNLEYp1WYaFYa5vcbIbwtvEpYeiR+CxFaIY=;
 b=Ju3S+yEzdHL90bDfZoK1W6/atcnDiFNJ9UrMl5zK1nOjtyhNQscKkLv20wH80G0RCz
 Qk238JNMw+gsGNcv09P8hnKIrl4Se5K8XWZM5B4pNI6u7csaC65UnpqjLph1H/LqsZNx
 JxO5I4b1DHmw/4+ib4zjZFMzYaNTcBnFLUJq+T9LnBMfgvjAsja2w//UUHrmqzc3v6m0
 FRG1Jl+omlz2FwdhGatlNzX6FCp09/7J8lTjltJdM8/lQf/NR2Wh547kqa4krauykMTc
 4RbreXU7sILPVtdE87xMMgZtTYijhSien48xRn8mi9VrWmkiySrdTcStvY3vPUpklZN5
 HHLA==
X-Gm-Message-State: AOAM532CtXHXJrB7UGVoRwETc9TvEhVGIckrhpNWgFYAF17JrVH3ZrO+
 xwjKayMypGBlnox6P1AO+azIadq6CpY=
X-Google-Smtp-Source: ABdhPJzXlVtjKkjrYVmpU/HVspvBWphxDTyKjx1wi5PCfOfV9O/YA8ssXLqYcX/ZWEN/iYVkAed+IA==
X-Received: by 2002:aa7:cd41:: with SMTP id v1mr8494871edw.393.1632846473009; 
 Tue, 28 Sep 2021 09:27:53 -0700 (PDT)
Received: from lelap.lan (catv-213-222-131-28.catv.broadband.hu.
 [213.222.131.28])
 by smtp.gmail.com with ESMTPSA id f4sm3147720ejq.125.2021.09.28.09.27.52
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Tue, 28 Sep 2021 09:27:52 -0700 (PDT)
From: Attila Lendvai <attila@HIDDEN>
To: 50814 <at> debbugs.gnu.org
Subject: [PATCH 5/5] guix: git-authenticate: Fix authenticate-repository.
Date: Tue, 28 Sep 2021 18:24:08 +0200
Message-Id: <20210928162406.27205-5-attila@HIDDEN>
X-Mailer: git-send-email 2.33.0
In-Reply-To: <20210928162406.27205-1-attila@HIDDEN>
References: <20210928162406.27205-1-attila@HIDDEN>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Spam-Score: 0.5 (/)
X-Debbugs-Envelope-To: 50814
Cc: Attila Lendvai <attila@HIDDEN>
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -0.5 (/)

Always verify the channel introduction commit, so that no commit can slip
through that was signed with a different key.

Always update the cache, because it affects the behavior of later calls.

Signal a continuable compound-condition (with type &warning included) when a
channel introduction commit doesn't also update the '.guix-authentications'
file.

* guix/git-authenticate.scm (authenticate-commit): Reword and extend the error
message to point to the relevant part of the manual.
(authenticate-repository): Eliminate optimizations to make the code path less
dependent on the input. Always trust the intro-commit itself. Always call
verify-introductory-commit.
(verify-introductory-commit): Check if the commit contains the key that was
used to sign it, and issue a warning otherwise. This is to avoid the confusion
caused by only the *second* commit yielding an error, because intro-commits
are always trusted.
(authenticate-commit): Clarify error message.
(authorized-keys-at-commit): Factored out to the toplevel from
commit-authorized-keys.
---

An example output with this patch:

$ ./pre-inst-env guix pull --allow-downgrades
Updating channel 'guix' from Git repository at '/path/guix'...
guix pull: warning: moving channel 'guix' from 26a979105a58e99c6e0fbb51cb1500dfa2bc2cec to unrelated commit 17fc5e35699d2219e6fae1f0583bb8c2ec3deb25
guix pull: warning: initial commit 17fc5e35699d2219e6fae1f0583bb8c2ec3deb25 does not add the key it is signed with (2E4F C7F5 07AB F022 36D3  D51F 31EE D3BE 74EC 3A1F) to the '.guix-authorizations' file.
Authenticating channel 'guix', commits 17fc5e3 to 17fc5e3 (0 new commits)...
[...]

 guix/channels.scm         |   4 +-
 guix/git-authenticate.scm | 156 ++++++++++++++++++++++----------------
 2 files changed, 94 insertions(+), 66 deletions(-)

diff --git a/guix/channels.scm b/guix/channels.scm
index e4e0428eb5..b84064537f 100644
--- a/guix/channels.scm
+++ b/guix/channels.scm
@@ -347,8 +347,8 @@ commits)...~%")
     (progress-reporter/bar (length commits)))
 
   (define authentic-commits
-    ;; Consider the currently-used commit of CHANNEL as authentic so
-    ;; authentication can skip it and all its closure.
+    ;; Optimization: consider the currently-used commit of CHANNEL as
+    ;; authentic, so that authentication can skip it and all its closure.
     (match (find (lambda (candidate)
                    (eq? (channel-name candidate) (channel-name channel)))
                  (current-channels))
diff --git a/guix/git-authenticate.scm b/guix/git-authenticate.scm
index ab3fcd8b2f..b2821a45ad 100644
--- a/guix/git-authenticate.scm
+++ b/guix/git-authenticate.scm
@@ -30,6 +30,7 @@
                 #:select (cache-directory with-atomic-file-output))
   #:use-module ((guix build utils)
                 #:select (mkdir-p))
+  #:use-module (guix diagnostics)
   #:use-module (guix progress)
   #:use-module (srfi srfi-1)
   #:use-module (srfi srfi-11)
@@ -37,7 +38,10 @@
   #:use-module (srfi srfi-34)
   #:use-module (srfi srfi-35)
   #:use-module (rnrs bytevectors)
+  #:use-module ((rnrs exceptions)
+                #:select (raise-continuable))
   #:use-module (rnrs io ports)
+  #:use-module (ice-9 exceptions)
   #:use-module (ice-9 match)
   #:autoload   (ice-9 pretty-print) (pretty-print)
   #:export (read-authorizations
@@ -159,11 +163,10 @@ return a list of authorized fingerprints."
              (string-downcase (string-filter char-set:graphic fingerprint))))
           fingerprints))))
 
-(define* (commit-authorized-keys repository commit
-                                 #:optional (default-authorizations '()))
-  "Return the list of OpenPGP fingerprints authorized to sign COMMIT, based on
-authorizations listed in its parent commits.  If one of the parent commits
-does not specify anything, fall back to DEFAULT-AUTHORIZATIONS."
+(define (authorized-keys-at-commit repository commit default-authorizations)
+  "Return the list of authorized key fingerprints from the '.guix-authorizations'
+file at the given commit."
+
   (define (parents-have-authorizations-file? commit)
     ;; Return true if at least one of the parents of COMMIT has the
     ;; '.guix-authorizations' file.
@@ -185,28 +188,35 @@ does not specify anything, fall back to DEFAULT-AUTHORIZATIONS."
 to remove '.guix-authorizations' file")
                                  (oid->string (commit-id commit)))))))
 
-  (define (commit-authorizations commit)
-    (catch 'git-error
-      (lambda ()
-        (let* ((tree  (commit-tree commit))
-               (entry (tree-entry-bypath tree ".guix-authorizations"))
-               (blob  (blob-lookup repository (tree-entry-id entry))))
-          (read-authorizations
-           (open-bytevector-input-port (blob-content blob)))))
-      (lambda (key error)
-        (if (= (git-error-code error) GIT_ENOTFOUND)
-            (begin
-              ;; Prevent removal of '.guix-authorizations' since it would make
-              ;; it trivial to force a fallback to DEFAULT-AUTHORIZATIONS.
-              (assert-parents-lack-authorizations commit)
-              default-authorizations)
-            (throw key error)))))
+  (catch 'git-error
+    (lambda ()
+      (let* ((tree  (commit-tree commit))
+             (entry (tree-entry-bypath tree ".guix-authorizations"))
+             (blob  (blob-lookup repository (tree-entry-id entry))))
+        (read-authorizations
+         (open-bytevector-input-port (blob-content blob)))))
+    (lambda (key error)
+      (if (= (git-error-code error) GIT_ENOTFOUND)
+          (begin
+            ;; Prevent removal of '.guix-authorizations' since it would make
+            ;; it trivial to force a fallback to DEFAULT-AUTHORIZATIONS.
+            (assert-parents-lack-authorizations commit)
+            default-authorizations)
+          (throw key error)))))
 
+(define* (commit-authorized-keys repository commit
+                                 #:optional (default-authorizations '()))
+  "Return the list of OpenPGP fingerprints authorized to sign COMMIT, based on
+authorizations listed in its parent commits.  If one of the parent commits
+does not specify anything, fall back to DEFAULT-AUTHORIZATIONS."
   (match (commit-parents commit)
     (() default-authorizations)
     (parents
      (apply lset-intersection bytevector=?
-            (map commit-authorizations parents)))))
+            (map (lambda (commit)
+                   (authorized-keys-at-commit repository commit
+                                              default-authorizations))
+                 parents)))))
 
 (define* (authenticate-commit repository commit keyring
                               #:key (default-authorizations '()))
@@ -236,8 +246,8 @@ not specify anything, fall back to DEFAULT-AUTHORIZATIONS."
             (condition
              (&unauthorized-commit-error (commit id)
                                          (signing-key signing-key)))
-            (formatted-message (G_ "commit ~a not signed by an authorized \
-key: ~a")
+            (formatted-message (G_ "commit ~a is signed by an unauthorized \
+key: ~a\nSee info guix \"Specifying Channel Authorizations\".")
                                (oid->string id)
                                (openpgp-format-fingerprint
                                 (openpgp-public-key-fingerprint
@@ -356,7 +366,8 @@ authenticated (only COMMIT-ID is written to cache, though)."
                  (base64-encode
                   (sha256 (string->utf8 (repository-directory repository))))))
 
-(define (verify-introductory-commit repository keyring commit expected-signer)
+(define (verify-introductory-commit repository commit expected-signer keyring
+                                    authorizations)
   "Look up COMMIT in REPOSITORY, and raise an exception if it is not signed by
 EXPECTED-SIGNER."
   (define actual-signer
@@ -364,13 +375,26 @@ EXPECTED-SIGNER."
      (commit-signing-key repository (commit-id commit) keyring)))
 
   (unless (bytevector=? expected-signer actual-signer)
-    (raise (formatted-message (G_ "initial commit ~a is signed by '~a' \
+    (raise (make-compound-condition
+            (condition (&unauthorized-commit-error (commit (commit-id commit))
+                                                   (signing-key actual-signer)))
+            (formatted-message (G_ "initial commit ~a is signed by '~a' \
 instead of '~a'")
-                              (oid->string (commit-id commit))
-                              (openpgp-format-fingerprint actual-signer)
-                              (openpgp-format-fingerprint expected-signer)))))
-
-(define* (authenticate-repository repository start signer
+                               (oid->string (commit-id commit))
+                               (openpgp-format-fingerprint actual-signer)
+                               (openpgp-format-fingerprint expected-signer)))))
+  (unless (member actual-signer
+                  (authorized-keys-at-commit repository commit authorizations)
+                  bytevector=?)
+    (raise-continuable
+     (make-compound-condition
+      (condition (&warning))
+      (formatted-message (G_ "initial commit ~a does not add \
+the key it is signed with (~a) to the '.guix-authorizations' file.")
+                         (oid->string (commit-id commit))
+                         (openpgp-format-fingerprint actual-signer))))))
+
+(define* (authenticate-repository repository intro-commit-hash intro-signer
                                   #:key
                                   (keyring-reference "keyring")
                                   (cache-key (repository-cache-key repository))
@@ -380,11 +404,12 @@ instead of '~a'")
                                   (historical-authorizations '())
                                   (make-reporter
                                    (const progress-reporter/silent)))
-  "Authenticate REPOSITORY up to commit END, an OID.  Authentication starts
-with commit START, an OID, which must be signed by SIGNER; an exception is
-raised if that is not the case.  Commits listed in AUTHENTIC-COMMITS and their
-closure are considered authentic.  Return an alist mapping OpenPGP public keys
-to the number of commits signed by that key that have been traversed.
+  "Authenticate REPOSITORY up to commit END, an OID.  Authentication starts with
+commit INTRO-COMMIT-HASH, an OID, which must be signed by INTRO-SIGNER; an
+exception is raised if that is not the case.  Commits listed in
+AUTHENTIC-COMMITS and their closure are considered authentic.  Return an
+alist mapping OpenPGP public keys to the number of commits signed by that
+key that have been traversed.
 
 The OpenPGP keyring is loaded from KEYRING-REFERENCE in REPOSITORY, where
 KEYRING-REFERENCE is the name of a branch.  The list of authenticated commits
@@ -393,8 +418,10 @@ is cached in the authentication cache under CACHE-KEY.
 HISTORICAL-AUTHORIZATIONS must be a list of OpenPGP fingerprints (bytevectors)
 denoting the authorized keys for commits whose parent lack the
 '.guix-authorizations' file."
-  (define start-commit
-    (commit-lookup repository start))
+
+  (define intro-commit
+    (commit-lookup repository intro-commit-hash))
+
   (define end-commit
     (commit-lookup repository end))
 
@@ -404,36 +431,37 @@ denoting the authorized keys for commits whose parent lack the
   (define authenticated-commits
     ;; Previously-authenticated commits that don't need to be checked again.
     (filter-map (lambda (id)
+                  ;; We need to tolerate when cached commits disappear due to
+                  ;; --allow-downgrades.
                   (false-if-git-not-found
                    (commit-lookup repository (string->oid id))))
                 (append (previously-authenticated-commits cache-key)
-                        authentic-commits)))
+                        authentic-commits
+                        ;; The intro commit is unconditionally trusted.
+                        (list (oid->string intro-commit-hash)))))
 
   (define commits
     ;; Commits to authenticate, excluding the closure of
     ;; AUTHENTICATED-COMMITS.
-    (commit-difference end-commit start-commit
-                       authenticated-commits))
-
-  ;; When COMMITS is empty, it's because END-COMMIT is in the closure of
-  ;; START-COMMIT and/or AUTHENTICATED-COMMITS, in which case it's known to
-  ;; be authentic already.
-  (if (null? commits)
-      '()
-      (let ((reporter (make-reporter start-commit end-commit commits)))
-        ;; If it's our first time, verify START-COMMIT's signature.
-        (when (null? authenticated-commits)
-          (verify-introductory-commit repository keyring
-                                      start-commit signer))
-
-        (let ((stats (call-with-progress-reporter reporter
-                       (lambda (report)
-                         (authenticate-commits repository commits
-                                               #:keyring keyring
-                                               #:default-authorizations
-                                               historical-authorizations
-                                               #:report-progress report)))))
-          (cache-authenticated-commit cache-key
-                                      (oid->string (commit-id end-commit)))
-
-          stats))))
+    (commit-difference end-commit intro-commit
+                             authenticated-commits))
+
+  (verify-introductory-commit repository intro-commit
+                              intro-signer keyring
+                              historical-authorizations)
+
+  (let* ((reporter (make-reporter intro-commit end-commit commits))
+         (stats (call-with-progress-reporter reporter
+                  (lambda (report)
+                    (authenticate-commits repository commits
+                                          #:keyring keyring
+                                          #:default-authorizations
+                                          historical-authorizations
+                                          #:report-progress report)))))
+    ;; Note that this will make the then current end commit of any channel,
+    ;; that has been used/trusted in the past with a channel introduction,
+    ;; remain trusted until the cache is cleared.
+    (cache-authenticated-commit cache-key
+                                (oid->string (commit-id end-commit)))
+
+    stats))
-- 
2.33.0





Information forwarded to guix-patches@HIDDEN:
bug#50814; Package guix-patches. Full text available.

Message received at 50814 <at> debbugs.gnu.org:


Received: (at 50814) by debbugs.gnu.org; 28 Sep 2021 16:27:01 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Tue Sep 28 12:27:01 2021
Received: from localhost ([127.0.0.1]:46787 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1mVFwb-0005a8-1h
	for submit <at> debbugs.gnu.org; Tue, 28 Sep 2021 12:27:01 -0400
Received: from mail-ed1-f52.google.com ([209.85.208.52]:38784)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <attila.lendvai@HIDDEN>) id 1mVFwY-0005Zi-SN
 for 50814 <at> debbugs.gnu.org; Tue, 28 Sep 2021 12:26:59 -0400
Received: by mail-ed1-f52.google.com with SMTP id dj4so85972042edb.5
 for <50814 <at> debbugs.gnu.org>; Tue, 28 Sep 2021 09:26:58 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112;
 h=sender:from:to:cc:subject:date:message-id:in-reply-to:references
 :mime-version:content-transfer-encoding;
 bh=Rjf4e4gbvvXnkiZqzq7K+EMEhoVB7jqYYfKwKV96M0c=;
 b=fqUOctpvf5IRH2IolRHtaz3SHCv80Syj88dNvRMOdW0Y42GLX4vG/2Ij7TPk/1c0Li
 eiSpdfQRNFkv7Bpvdj92qcHmdLOcMsRp4lBOx7hzdxsrJOjlXYX1sNiyK8L5wQTqRkI+
 WjFxLhyP50vQaEAYOsFDG/Eh92OPETXN7XKNi1R9T0WlI8wdOXAfkQhBqwnxXR96d/CX
 9TJpXz2mT0R+4if0ZrnvlMTlkXb+O0/fp39u+BDuVS7qRr/fI+C3qQQeEaRxdmsje9y8
 txxueQGT4/Tnp4T6qXDK9FJQINSDJUiC+dQZcaXg5+flczSQ5Fs5zfQwlXIq10+2B4BG
 KKlw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20210112;
 h=x-gm-message-state:sender:from:to:cc:subject:date:message-id
 :in-reply-to:references:mime-version:content-transfer-encoding;
 bh=Rjf4e4gbvvXnkiZqzq7K+EMEhoVB7jqYYfKwKV96M0c=;
 b=kabtJJkdTf+Vrut+xdjVG6T7dmXzVVeKMZ5eJ6sZyOTEusYYdM/8M7adV8DfEc4KFu
 RRJLLE8gGr3RE6TYkmmR44kQ651YrhKeG+B9OqAK3kYkRHC8ttJoBTC8TRU46gKvzmbs
 NuLULefZsGpKDeLpo2HM96C153XlggtOgu1/tsctBswDmU3PLi62p0La2TpfeSpEf1Zg
 fwWrOUwUB92mL/D22UvWloWsnB9VFRiz3vOEETYPkV+WT2GXxV4ecKaGCdc6Z0tSlTjr
 BdxBN+q2Col5nQyf+7BZKbk5QvnpAD/M4id04GVwMz9OArSczPIcgCFVeYXevCRw3RNB
 H+aA==
X-Gm-Message-State: AOAM531AYyBHa97Eo3xKsUcDxvLBQZ/ayFifYlbrENVnOvjnXbjio59L
 mjlqGWFlS9eKqcIMPT9yO4hU991hV9o=
X-Google-Smtp-Source: ABdhPJxt5u2NcW+1G+w8vC2WZMhZkHv9OkpLEjcrel8aMhjMkgMFT5x0lvJD8G4zCzphwBz0xAHwOg==
X-Received: by 2002:a17:907:9686:: with SMTP id
 hd6mr3608988ejc.331.1632846412631; 
 Tue, 28 Sep 2021 09:26:52 -0700 (PDT)
Received: from lelap.lan (catv-213-222-131-28.catv.broadband.hu.
 [213.222.131.28])
 by smtp.gmail.com with ESMTPSA id f4sm3147720ejq.125.2021.09.28.09.26.51
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Tue, 28 Sep 2021 09:26:52 -0700 (PDT)
From: Attila Lendvai <attila@HIDDEN>
To: 50814 <at> debbugs.gnu.org
Subject: [PATCH 4/5] guix: Prepare the UI for continuable &warning exceptions.
Date: Tue, 28 Sep 2021 18:24:06 +0200
Message-Id: <20210928162406.27205-4-attila@HIDDEN>
X-Mailer: git-send-email 2.33.0
In-Reply-To: <20210928162406.27205-1-attila@HIDDEN>
References: <20210928162406.27205-1-attila@HIDDEN>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Spam-Score: 0.5 (/)
X-Debbugs-Envelope-To: 50814
Cc: Attila Lendvai <attila@HIDDEN>
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -0.5 (/)

* guix/store.scm (call-with-store): Use dynamic-wind so that continuable
exceptions are not broken by being re-raised as non-continuable.  This is
needed for a later commit that uses continuable exceptions from within
git-authenticate to signal warnings to the user.  The reason for this is that
this way tests can explicitly check that a warning was signalled in certain
situations.
* guix/ui.scm (call-with-error-handling): Handle &warning type exceptions by
printing them to the user, and then continuing at the place they were
signalled at.
* guix/diagnostics.scm (emit-formatted-warning): New exported
function.
---
 guix/diagnostics.scm |  4 ++++
 guix/store.scm       | 16 ++++++++++------
 guix/ui.scm          | 11 ++++++++++-
 3 files changed, 24 insertions(+), 7 deletions(-)

diff --git a/guix/diagnostics.scm b/guix/diagnostics.scm
index 6a792febd4..343213fb45 100644
--- a/guix/diagnostics.scm
+++ b/guix/diagnostics.scm
@@ -48,6 +48,7 @@
             formatted-message?
             formatted-message-string
             formatted-message-arguments
+            emit-formatted-warning
 
             &fix-hint
             fix-hint?
@@ -161,6 +162,9 @@ messages."
     (report-error args ...)
     (exit 1)))
 
+(define* (emit-formatted-warning fmt . args)
+  (emit-diagnostic fmt args #:prefix (G_ "warning: ") #:colors %warning-color))
+
 (define* (emit-diagnostic fmt args
                           #:key location (colors (color)) (prefix ""))
   "Report diagnostic message FMT with the given ARGS and the specified
diff --git a/guix/store.scm b/guix/store.scm
index 89a719bcfc..33d4039037 100644
--- a/guix/store.scm
+++ b/guix/store.scm
@@ -45,6 +45,8 @@
   #:use-module (srfi srfi-34)
   #:use-module (srfi srfi-35)
   #:use-module (srfi srfi-39)
+  #:use-module ((rnrs conditions)
+                #:select (warning?))
   #:use-module (ice-9 match)
   #:use-module (ice-9 vlist)
   #:use-module (ice-9 popen)
@@ -651,19 +653,21 @@ connection.  Use with care."
 
 (define (call-with-store proc)
   "Call PROC with an open store connection."
-  (let ((store (open-connection)))
+  (let ((store '()))
     (define (thunk)
       (parameterize ((current-store-protocol-version
                       (store-connection-version store)))
         (call-with-values (lambda () (proc store))
           (lambda results
-            (close-connection store)
             (apply values results)))))
 
-    (with-exception-handler (lambda (exception)
-                              (close-connection store)
-                              (raise-exception exception))
-      thunk)))
+    (dynamic-wind
+      (lambda ()
+        (set! store (open-connection)))
+      thunk
+      (lambda ()
+        (close-connection store)
+        (set! store '())))))
 
 (define-syntax-rule (with-store store exp ...)
   "Bind STORE to an open connection to the store and evaluate EXPs;
diff --git a/guix/ui.scm b/guix/ui.scm
index 1428c254b3..88940f99ef 100644
--- a/guix/ui.scm
+++ b/guix/ui.scm
@@ -69,6 +69,8 @@
   #:use-module (srfi srfi-31)
   #:use-module (srfi srfi-34)
   #:use-module (srfi srfi-35)
+  #:use-module ((rnrs conditions)
+                #:select (warning?))
   #:autoload   (ice-9 ftw)  (scandir)
   #:use-module (ice-9 match)
   #:use-module (ice-9 format)
@@ -689,7 +691,14 @@ evaluating the tests and bodies of CLAUSES."
     (and (not (port-closed? port))
          (port-filename port)))
 
-  (guard* (c ((package-input-error? c)
+  (guard* (c ((warning? c)
+              (if (formatted-message? c)
+                  (apply emit-formatted-warning
+                         (formatted-message-string c)
+                         (formatted-message-arguments c))
+                  (emit-formatted-warning "~a" c))
+              '())
+             ((package-input-error? c)
               (let* ((package  (package-error-package c))
                      (input    (package-error-invalid-input c))
                      (location (package-location package))
-- 
2.33.0





Information forwarded to guix-patches@HIDDEN:
bug#50814; Package guix-patches. Full text available.

Message received at 50814 <at> debbugs.gnu.org:


Received: (at 50814) by debbugs.gnu.org; 28 Sep 2021 16:26:54 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Tue Sep 28 12:26:54 2021
Received: from localhost ([127.0.0.1]:46784 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1mVFwS-0005Zc-SY
	for submit <at> debbugs.gnu.org; Tue, 28 Sep 2021 12:26:53 -0400
Received: from mail-ed1-f48.google.com ([209.85.208.48]:40505)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <attila.lendvai@HIDDEN>) id 1mVFwA-0005Yq-VL
 for 50814 <at> debbugs.gnu.org; Tue, 28 Sep 2021 12:26:45 -0400
Received: by mail-ed1-f48.google.com with SMTP id g8so85616091edt.7
 for <50814 <at> debbugs.gnu.org>; Tue, 28 Sep 2021 09:26:34 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112;
 h=sender:from:to:cc:subject:date:message-id:in-reply-to:references
 :mime-version:content-transfer-encoding;
 bh=ehPXitTA4IgX56axlK+Gjj8Y8tVcsNgNkZrYKPg+/D8=;
 b=NS3hgsDHYRnLx0UGOdIjj5rlxxiSjcd91R+HQyZ7xyegTyqaRwpJ/JaWLd1UT4nN39
 08C/W9BEMryBz5lv1jgDiK4OiHpXC+iGjxfTd/6avSfWkNZvd2ugnttTFlxMh8/9h98P
 pSzuu6Ymwg5olr7bXjl/JMmbeUyeXMnmbaaiQMPiDPEwPWTV2LFGmRO2mxKIuSzRg2Pj
 qTD4vWTHGAiImZgrmNWH+gWnIHkQDAvPUn8Iu8haSUBYD89MgV+AaW8KwZSqHLE/iWI/
 38szv2Qa67KHXVEZ5W6iQ6Ku1AOQbuHpe8bZn3WtLi9SGNtAX7VRmUT7iT2z25edDR+A
 FieQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20210112;
 h=x-gm-message-state:sender:from:to:cc:subject:date:message-id
 :in-reply-to:references:mime-version:content-transfer-encoding;
 bh=ehPXitTA4IgX56axlK+Gjj8Y8tVcsNgNkZrYKPg+/D8=;
 b=F3ijefci5STuIEJ+pkgYYvdI7BRbUkvqpmkyhs70IlCZDMuaT1prNihytuMWM8DaEP
 mwSomf6IaOKZ7hBxJGJW+fgqwPMKMTmFYSVECnGE2/xmfnW90lP4WhV6QLYWJS7zjaYX
 FMaOD1XrI0XGNpTrzZxFeb/zp7LasNAyMl0KvVw4NKieqKuCNMb2dCkmjeGl5tUtPVxG
 CnnCEB+EJu1ePdrYGY19KtLxAO4qQlMWTFE8f1nP6LcCgC4AeP+D6UvgUO8nxAZI1yYI
 h5BwQEbagBJ89il1sEaHLbCqmXo/IoZYblSjdLZk5osKRvT3VndXhAjtV1ZmsJjtMLFI
 U0SQ==
X-Gm-Message-State: AOAM530jsuHeXc6HxYF6b2xoO02/Ty0fzmTRI1rrTL8VElhVXvB+/Itc
 4ao7gf/3R9eIlAKvw2W4CZhESjpV8S8=
X-Google-Smtp-Source: ABdhPJzhmQ5AhYja/d9vS+L6sc0uPIY4LJakLIi1lYUS4XERsaSsrRZ5SpYbeI+A2V3CJcUkTOniBg==
X-Received: by 2002:a05:6402:1503:: with SMTP id
 f3mr8670227edw.24.1632846388247; 
 Tue, 28 Sep 2021 09:26:28 -0700 (PDT)
Received: from lelap.lan (catv-213-222-131-28.catv.broadband.hu.
 [213.222.131.28])
 by smtp.gmail.com with ESMTPSA id f4sm3147720ejq.125.2021.09.28.09.26.27
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Tue, 28 Sep 2021 09:26:27 -0700 (PDT)
From: Attila Lendvai <attila@HIDDEN>
To: 50814 <at> debbugs.gnu.org
Subject: [PATCH 2/5] tests: Move keys into ./tests/keys/ and add a third
 ed25519 key.
Date: Tue, 28 Sep 2021 18:24:04 +0200
Message-Id: <20210928162406.27205-2-attila@HIDDEN>
X-Mailer: git-send-email 2.33.0
In-Reply-To: <20210928162406.27205-1-attila@HIDDEN>
References: <20210928162406.27205-1-attila@HIDDEN>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Spam-Score: 0.6 (/)
X-Debbugs-Envelope-To: 50814
Cc: Attila Lendvai <attila@HIDDEN>
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -0.4 (/)

The third key will be used in an upcoming commit.

Rename public keys to .pub.

* guix/tests/gnupg.scm (%ed25519-3-public-key-file): New variable.
(%ed25519-3-secret-key-file): New variable.
(%ed25519-2-public-key-file): Renamed from %ed25519bis-public-key-file.
(%ed25519-2-secret-key-file): Renamed from %ed25519bis-secret-key-file.
* tests/keys/ed25519-3.key: New file.
* tests/keys/ed25519-3.sec: New file.
---
 Makefile.am                                  | 20 +++++-----
 build-aux/test-env.in                        |  6 +--
 guix/tests/gnupg.scm                         | 22 ++++++----
 tests/channels.scm                           | 18 ++++-----
 tests/git-authenticate.scm                   | 23 +++++------
 tests/guix-authenticate.sh                   |  4 +-
 tests/{civodul.key => keys/civodul.pub}      |  0
 tests/{dsa.key => keys/dsa.pub}              |  0
 tests/{ed25519bis.key => keys/ed25519-2.pub} |  0
 tests/{ed25519bis.sec => keys/ed25519-2.sec} |  0
 tests/keys/ed25519-3.pub                     |  9 +++++
 tests/keys/ed25519-3.sec                     | 10 +++++
 tests/{ed25519.key => keys/ed25519.pub}      |  0
 tests/{ => keys}/ed25519.sec                 |  0
 tests/{rsa.key => keys/rsa.pub}              |  0
 tests/{ => keys}/signing-key.pub             |  0
 tests/{ => keys}/signing-key.sec             |  0
 tests/openpgp.scm                            | 42 +++++++++++---------
 18 files changed, 93 insertions(+), 61 deletions(-)
 rename tests/{civodul.key => keys/civodul.pub} (100%)
 rename tests/{dsa.key => keys/dsa.pub} (100%)
 rename tests/{ed25519bis.key => keys/ed25519-2.pub} (100%)
 rename tests/{ed25519bis.sec => keys/ed25519-2.sec} (100%)
 create mode 100644 tests/keys/ed25519-3.pub
 create mode 100644 tests/keys/ed25519-3.sec
 rename tests/{ed25519.key => keys/ed25519.pub} (100%)
 rename tests/{ => keys}/ed25519.sec (100%)
 rename tests/{rsa.key => keys/rsa.pub} (100%)
 rename tests/{ => keys}/signing-key.pub (100%)
 rename tests/{ => keys}/signing-key.sec (100%)

diff --git a/Makefile.am b/Makefile.am
index b66789fa0b..00604f2f93 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -643,16 +643,18 @@ EXTRA_DIST +=						\
   build-aux/update-guix-package.scm			\
   build-aux/update-NEWS.scm				\
   tests/test.drv					\
-  tests/signing-key.pub					\
-  tests/signing-key.sec					\
   tests/cve-sample.json					\
-  tests/civodul.key					\
-  tests/rsa.key						\
-  tests/dsa.key						\
-  tests/ed25519.key					\
-  tests/ed25519.sec					\
-  tests/ed25519bis.key					\
-  tests/ed25519bis.sec					\
+  tests/keys/signing-key.pub				\
+  tests/keys/signing-key.sec				\
+  tests/keys/civodul.pub				\
+  tests/keys/rsa.pub					\
+  tests/keys/dsa.pub					\
+  tests/keys/ed25519.pub				\
+  tests/keys/ed25519.sec				\
+  tests/keys/ed25519-2.pub				\
+  tests/keys/ed25519-2.sec				\
+  tests/keys/ed25519-3.pub				\
+  tests/keys/ed25519-3.sec				\
   build-aux/config.rpath				\
   bootstrap						\
   doc/build.scm						\
diff --git a/build-aux/test-env.in b/build-aux/test-env.in
index 7efc43206c..ca786437e9 100644
--- a/build-aux/test-env.in
+++ b/build-aux/test-env.in
@@ -73,9 +73,9 @@ then
 	# Copy the keys so that the secret key has the right permissions (the
 	# daemon errors out when this is not the case.)
 	mkdir -p "$GUIX_CONFIGURATION_DIRECTORY"
-	cp "@abs_top_srcdir@/tests/signing-key.sec"	\
-	    "@abs_top_srcdir@/tests/signing-key.pub"	\
-	    "$GUIX_CONFIGURATION_DIRECTORY"
+	cp "@abs_top_srcdir@/tests/keys/signing-key.sec"	\
+	   "@abs_top_srcdir@/tests/keys/signing-key.pub"	\
+	   "$GUIX_CONFIGURATION_DIRECTORY"
 	chmod 400 "$GUIX_CONFIGURATION_DIRECTORY/signing-key.sec"
     fi
 
diff --git a/guix/tests/gnupg.scm b/guix/tests/gnupg.scm
index c7630db912..09f02a2b67 100644
--- a/guix/tests/gnupg.scm
+++ b/guix/tests/gnupg.scm
@@ -28,8 +28,10 @@
 
             %ed25519-public-key-file
             %ed25519-secret-key-file
-            %ed25519bis-public-key-file
-            %ed25519bis-secret-key-file
+            %ed25519-2-public-key-file
+            %ed25519-2-secret-key-file
+            %ed25519-3-public-key-file
+            %ed25519-3-secret-key-file
 
             read-openpgp-packet
             key-fingerprint
@@ -64,13 +66,17 @@ process is terminated afterwards."
   (call-with-fresh-gnupg-setup imported (lambda () exp ...)))
 
 (define %ed25519-public-key-file
-  (search-path %load-path "tests/ed25519.key"))
+  (search-path %load-path "tests/keys/ed25519.pub"))
 (define %ed25519-secret-key-file
-  (search-path %load-path "tests/ed25519.sec"))
-(define %ed25519bis-public-key-file
-  (search-path %load-path "tests/ed25519bis.key"))
-(define %ed25519bis-secret-key-file
-  (search-path %load-path "tests/ed25519bis.sec"))
+  (search-path %load-path "tests/keys/ed25519.sec"))
+(define %ed25519-2-public-key-file
+  (search-path %load-path "tests/keys/ed25519-2.pub"))
+(define %ed25519-2-secret-key-file
+  (search-path %load-path "tests/keys/ed25519-2.sec"))
+(define %ed25519-3-public-key-file
+  (search-path %load-path "tests/keys/ed25519-3.pub"))
+(define %ed25519-3-secret-key-file
+  (search-path %load-path "tests/keys/ed25519-3.sec"))
 
 (define (read-openpgp-packet file)
   (get-openpgp-packet
diff --git a/tests/channels.scm b/tests/channels.scm
index 3e82315b0c..d45c450241 100644
--- a/tests/channels.scm
+++ b/tests/channels.scm
@@ -480,8 +480,8 @@
   #t
   (with-fresh-gnupg-setup (list %ed25519-public-key-file
                                 %ed25519-secret-key-file
-                                %ed25519bis-public-key-file
-                                %ed25519bis-secret-key-file)
+                                %ed25519-2-public-key-file
+                                %ed25519-2-secret-key-file)
     (with-temporary-git-repository directory
         `((add ".guix-channel"
                ,(object->string
@@ -507,7 +507,7 @@
                          (commit-id-string commit1)
                          (openpgp-public-key-fingerprint
                           (read-openpgp-packet
-                           %ed25519bis-public-key-file)))) ;different key
+                           %ed25519-2-public-key-file)))) ;different key
                (channel (channel (name 'example)
                                  (url (string-append "file://" directory))
                                  (introduction intro))))
@@ -519,7 +519,7 @@
                                    (oid->string (commit-id commit1))
                                    (key-fingerprint %ed25519-public-key-file)
                                    (key-fingerprint
-                                    %ed25519bis-public-key-file))))))
+                                    %ed25519-2-public-key-file))))))
             (authenticate-channel channel directory
                                   (commit-id-string commit2)
                                   #:keyring-reference-prefix "")
@@ -530,8 +530,8 @@
   #t
   (with-fresh-gnupg-setup (list %ed25519-public-key-file
                                 %ed25519-secret-key-file
-                                %ed25519bis-public-key-file
-                                %ed25519bis-secret-key-file)
+                                %ed25519-2-public-key-file
+                                %ed25519-2-secret-key-file)
     (with-temporary-git-repository directory
         `((add ".guix-channel"
                ,(object->string
@@ -552,12 +552,12 @@
                   (signer ,(key-fingerprint %ed25519-public-key-file)))
           (add "c.txt" "C")
           (commit "third commit"
-                  (signer ,(key-fingerprint %ed25519bis-public-key-file)))
+                  (signer ,(key-fingerprint %ed25519-2-public-key-file)))
           (branch "channel-keyring")
           (checkout "channel-keyring")
           (add "signer.key" ,(call-with-input-file %ed25519-public-key-file
                                get-string-all))
-          (add "other.key" ,(call-with-input-file %ed25519bis-public-key-file
+          (add "other.key" ,(call-with-input-file %ed25519-2-public-key-file
                               get-string-all))
           (commit "keyring commit")
           (checkout "master"))
@@ -588,7 +588,7 @@
                                  (unauthorized-commit-error-signing-key c))
                                 (openpgp-public-key-fingerprint
                                  (read-openpgp-packet
-                                  %ed25519bis-public-key-file))))))
+                                  %ed25519-2-public-key-file))))))
                  (authenticate-channel channel directory
                                        (commit-id-string commit3)
                                        #:keyring-reference-prefix "")
diff --git a/tests/git-authenticate.scm b/tests/git-authenticate.scm
index d87eacc659..f66ef191b0 100644
--- a/tests/git-authenticate.scm
+++ b/tests/git-authenticate.scm
@@ -161,14 +161,14 @@
 (test-assert "signed commits, .guix-authorizations, unauthorized merge"
   (with-fresh-gnupg-setup (list %ed25519-public-key-file
                                 %ed25519-secret-key-file
-                                %ed25519bis-public-key-file
-                                %ed25519bis-secret-key-file)
+                                %ed25519-2-public-key-file
+                                %ed25519-2-secret-key-file)
     (with-temporary-git-repository directory
         `((add "signer1.key"
                ,(call-with-input-file %ed25519-public-key-file
                   get-string-all))
           (add "signer2.key"
-               ,(call-with-input-file %ed25519bis-public-key-file
+               ,(call-with-input-file %ed25519-2-public-key-file
                   get-string-all))
           (add ".guix-authorizations"
                ,(object->string
@@ -184,7 +184,7 @@
           (checkout "devel")
           (add "devel/1.txt" "1")
           (commit "first devel commit"
-                  (signer ,(key-fingerprint %ed25519bis-public-key-file)))
+                  (signer ,(key-fingerprint %ed25519-2-public-key-file)))
           (checkout "master")
           (add "b.txt" "B")
           (commit "second commit"
@@ -203,7 +203,7 @@
                   (openpgp-public-key-fingerprint
                    (unauthorized-commit-error-signing-key c))
                   (openpgp-public-key-fingerprint
-                   (read-openpgp-packet %ed25519bis-public-key-file)))))
+                   (read-openpgp-packet %ed25519-2-public-key-file)))))
 
           (and (authenticate-commits repository (list master1 master2)
                                      #:keyring-reference "master")
@@ -230,14 +230,14 @@
 (test-assert "signed commits, .guix-authorizations, authorized merge"
   (with-fresh-gnupg-setup (list %ed25519-public-key-file
                                 %ed25519-secret-key-file
-                                %ed25519bis-public-key-file
-                                %ed25519bis-secret-key-file)
+                                %ed25519-2-public-key-file
+                                %ed25519-2-secret-key-file)
     (with-temporary-git-repository directory
         `((add "signer1.key"
                ,(call-with-input-file %ed25519-public-key-file
                   get-string-all))
           (add "signer2.key"
-               ,(call-with-input-file %ed25519bis-public-key-file
+               ,(call-with-input-file %ed25519-2-public-key-file
                   get-string-all))
           (add ".guix-authorizations"
                ,(object->string
@@ -258,12 +258,12 @@
                                       %ed25519-public-key-file)
                                     (name "Alice"))
                                    (,(key-fingerprint
-                                      %ed25519bis-public-key-file))))))
+                                      %ed25519-2-public-key-file))))))
           (commit "first devel commit"
                   (signer ,(key-fingerprint %ed25519-public-key-file)))
           (add "devel/2.txt" "2")
           (commit "second devel commit"
-                  (signer ,(key-fingerprint %ed25519bis-public-key-file)))
+                  (signer ,(key-fingerprint %ed25519-2-public-key-file)))
           (checkout "master")
           (add "b.txt" "B")
           (commit "second commit"
@@ -273,7 +273,7 @@
           ;; After the merge, the second signer is authorized.
           (add "c.txt" "C")
           (commit "third commit"
-                  (signer ,(key-fingerprint %ed25519bis-public-key-file))))
+                  (signer ,(key-fingerprint %ed25519-2-public-key-file))))
       (with-repository directory repository
         (let ((master1 (find-commit repository "first commit"))
               (master2 (find-commit repository "second commit"))
@@ -328,4 +328,3 @@
                  'failed)))))))
 
 (test-end "git-authenticate")
-
diff --git a/tests/guix-authenticate.sh b/tests/guix-authenticate.sh
index 3a05b232c1..0de6da1878 100644
--- a/tests/guix-authenticate.sh
+++ b/tests/guix-authenticate.sh
@@ -28,7 +28,7 @@ rm -f "$sig" "$hash"
 
 trap 'rm -f "$sig" "$hash"' EXIT
 
-key="$abs_top_srcdir/tests/signing-key.sec"
+key="$abs_top_srcdir/tests/keys/signing-key.sec"
 key_len="`echo -n $key | wc -c`"
 
 # A hexadecimal string as long as a sha256 hash.
@@ -67,7 +67,7 @@ test "$code" -ne 0
 # encoded independently of the current locale: <https://bugs.gnu.org/43421>.
 hash="636166e9636166e9636166e9636166e9636166e9636166e9636166e9636166e9"
 latin1_cafe="caf$(printf '\351')"
-echo "sign 21:tests/signing-key.sec 64:$hash" | guix authenticate \
+echo "sign 26:tests/keys/signing-key.sec 64:$hash" | guix authenticate \
     | LC_ALL=C grep "hash sha256 \"$latin1_cafe"
 
 # Test for <http://bugs.gnu.org/17312>: make sure 'guix authenticate' produces
diff --git a/tests/civodul.key b/tests/keys/civodul.pub
similarity index 100%
rename from tests/civodul.key
rename to tests/keys/civodul.pub
diff --git a/tests/dsa.key b/tests/keys/dsa.pub
similarity index 100%
rename from tests/dsa.key
rename to tests/keys/dsa.pub
diff --git a/tests/ed25519bis.key b/tests/keys/ed25519-2.pub
similarity index 100%
rename from tests/ed25519bis.key
rename to tests/keys/ed25519-2.pub
diff --git a/tests/ed25519bis.sec b/tests/keys/ed25519-2.sec
similarity index 100%
rename from tests/ed25519bis.sec
rename to tests/keys/ed25519-2.sec
diff --git a/tests/keys/ed25519-3.pub b/tests/keys/ed25519-3.pub
new file mode 100644
index 0000000000..72f311984c
--- /dev/null
+++ b/tests/keys/ed25519-3.pub
@@ -0,0 +1,9 @@
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+
+mDMEYVH/7xYJKwYBBAHaRw8BAQdALMLeUhjEG2/UPCJj2j/debFwwAK5gT3G0l5d
+ILfFldm0FTxleGFtcGxlQGV4YW1wbGUuY29tPoiWBBMWCAA+FiEEjO6M85jMSK68
+7tINGBzA7NyoagkFAmFR/+8CGwMFCQPCZwAFCwkIBwIGFQoJCAsCBBYCAwECHgEC
+F4AACgkQGBzA7Nyoagl3lgEAw6yqIlX11lTqwxBGhZk/Oy34O13cbJSZCGv+m0ja
++hcA/3DCNOmT+oXjgO/w6enQZUQ1m/d6dUjCc2wOLlLz+ZoG
+=+r3i
+-----END PGP PUBLIC KEY BLOCK-----
diff --git a/tests/keys/ed25519-3.sec b/tests/keys/ed25519-3.sec
new file mode 100644
index 0000000000..04128a4131
--- /dev/null
+++ b/tests/keys/ed25519-3.sec
@@ -0,0 +1,10 @@
+-----BEGIN PGP PRIVATE KEY BLOCK-----
+
+lFgEYVH/7xYJKwYBBAHaRw8BAQdALMLeUhjEG2/UPCJj2j/debFwwAK5gT3G0l5d
+ILfFldkAAP92goSbbzQ0ttElr9lr5Cm6rmQtqUZ2Cu/Jk9fvfZROwxI0tBU8ZXhh
+bXBsZUBleGFtcGxlLmNvbT6IlgQTFggAPhYhBIzujPOYzEiuvO7SDRgcwOzcqGoJ
+BQJhUf/vAhsDBQkDwmcABQsJCAcCBhUKCQgLAgQWAgMBAh4BAheAAAoJEBgcwOzc
+qGoJd5YBAMOsqiJV9dZU6sMQRoWZPzst+Dtd3GyUmQhr/ptI2voXAP9wwjTpk/qF
+44Dv8Onp0GVENZv3enVIwnNsDi5S8/maBg==
+=EmOt
+-----END PGP PRIVATE KEY BLOCK-----
diff --git a/tests/ed25519.key b/tests/keys/ed25519.pub
similarity index 100%
rename from tests/ed25519.key
rename to tests/keys/ed25519.pub
diff --git a/tests/ed25519.sec b/tests/keys/ed25519.sec
similarity index 100%
rename from tests/ed25519.sec
rename to tests/keys/ed25519.sec
diff --git a/tests/rsa.key b/tests/keys/rsa.pub
similarity index 100%
rename from tests/rsa.key
rename to tests/keys/rsa.pub
diff --git a/tests/signing-key.pub b/tests/keys/signing-key.pub
similarity index 100%
rename from tests/signing-key.pub
rename to tests/keys/signing-key.pub
diff --git a/tests/signing-key.sec b/tests/keys/signing-key.sec
similarity index 100%
rename from tests/signing-key.sec
rename to tests/keys/signing-key.sec
diff --git a/tests/openpgp.scm b/tests/openpgp.scm
index c2be26fa49..1f20466772 100644
--- a/tests/openpgp.scm
+++ b/tests/openpgp.scm
@@ -59,18 +59,22 @@ vBSFjNSiVHsuAA==
 (define %civodul-fingerprint
   "3CE4 6455 8A84 FDC6 9DB4  0CFB 090B 1199 3D9A EBB5")
 
-(define %civodul-key-id #x090B11993D9AEBB5)       ;civodul.key
-
-;; Test keys.  They were generated in a container along these lines:
-;;    guix environment -CP --ad-hoc gnupg pinentry
-;; then, within the container:
-;;    mkdir ~/.gnupg
-;;    echo pinentry-program ~/.guix-profile/bin/pinentry-tty > ~/.gnupg/gpg-agent.conf
-;;    gpg --quick-gen-key '<ludo+test-rsa@HIDDEN>' rsa
-;; or similar.
-(define %rsa-key-id      #xAE25DA2A70DEED59)      ;rsa.key
-(define %dsa-key-id      #x587918047BE8BD2C)      ;dsa.key
-(define %ed25519-key-id  #x771F49CBFAAE072D)      ;ed25519.key
+(define %civodul-key-id #x090B11993D9AEBB5)       ;civodul.pub
+
+#|
+Test keys in ./tests/keys.  They were generated in a container along these lines:
+  guix environment -CP --ad-hoc gnupg pinentry coreutils
+then, within the container:
+  mkdir ~/.gnupg && chmod -R og-rwx ~/.gnupg
+  gpg --batch --passphrase '' --quick-gen-key '<example@HIDDEN>' ed25519
+  gpg --armor --export example@HIDDEN
+  gpg --armor --export-secret-key example@HIDDEN
+  # echo pinentry-program ~/.guix-profile/bin/pinentry-curses > ~/.gnupg/gpg-agent.conf
+or similar.
+|#
+(define %rsa-key-id      #xAE25DA2A70DEED59)      ;rsa.pub
+(define %dsa-key-id      #x587918047BE8BD2C)      ;dsa.pub
+(define %ed25519-key-id  #x771F49CBFAAE072D)      ;ed25519.pub
 
 (define %rsa-key-fingerprint
   (base16-string->bytevector
@@ -168,7 +172,7 @@ Pz7oopeN72xgggYUNT37ezqN3MeCqw0=
   (not (port-ascii-armored? (open-bytevector-input-port %binary-sample))))
 
 (test-assert "get-openpgp-keyring"
-  (let* ((key (search-path %load-path "tests/civodul.key"))
+  (let* ((key (search-path %load-path "tests/keys/civodul.pub"))
          (keyring (get-openpgp-keyring
                    (open-bytevector-input-port
                     (call-with-input-file key read-radix-64)))))
@@ -228,8 +232,10 @@ Pz7oopeN72xgggYUNT37ezqN3MeCqw0=
                          (verify-openpgp-signature signature keyring
                                                    (open-input-string "Hello!\n"))))
              (list status (openpgp-public-key-id key)))))
-       (list "tests/rsa.key" "tests/dsa.key"
-             "tests/ed25519.key" "tests/ed25519.key" "tests/ed25519.key")
+       (list "tests/keys/rsa.pub" "tests/keys/dsa.pub"
+             "tests/keys/ed25519.pub"
+             "tests/keys/ed25519.pub"
+             "tests/keys/ed25519.pub")
        (list %hello-signature/rsa %hello-signature/dsa
              %hello-signature/ed25519/sha256
              %hello-signature/ed25519/sha512
@@ -248,9 +254,9 @@ Pz7oopeN72xgggYUNT37ezqN3MeCqw0=
                              (call-with-input-file key read-radix-64))
                             keyring)))
                        %empty-keyring
-                       '("tests/rsa.key" "tests/dsa.key"
-                         "tests/ed25519.key" "tests/ed25519.key"
-                         "tests/ed25519.key"))))
+                       '("tests/keys/rsa.pub" "tests/keys/dsa.pub"
+                         "tests/keys/ed25519.pub" "tests/keys/ed25519.pub"
+                         "tests/keys/ed25519.pub"))))
     (map (lambda (signature)
            (let ((signature (string->openpgp-packet signature)))
              (let-values (((status key)
-- 
2.33.0





Information forwarded to guix-patches@HIDDEN:
bug#50814; Package guix-patches. Full text available.

Message received at 50814 <at> debbugs.gnu.org:


Received: (at 50814) by debbugs.gnu.org; 28 Sep 2021 16:26:53 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Tue Sep 28 12:26:52 2021
Received: from localhost ([127.0.0.1]:46782 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1mVFwL-0005ZL-1B
	for submit <at> debbugs.gnu.org; Tue, 28 Sep 2021 12:26:52 -0400
Received: from mail-ed1-f50.google.com ([209.85.208.50]:34582)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <attila.lendvai@HIDDEN>) id 1mVFwJ-0005Z8-29
 for 50814 <at> debbugs.gnu.org; Tue, 28 Sep 2021 12:26:43 -0400
Received: by mail-ed1-f50.google.com with SMTP id g7so25673236edv.1
 for <50814 <at> debbugs.gnu.org>; Tue, 28 Sep 2021 09:26:42 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112;
 h=sender:from:to:cc:subject:date:message-id:in-reply-to:references
 :mime-version:content-transfer-encoding;
 bh=iyVyh8aNQhO1YnroHwnFh+hZH3qqySXJk9STUCbsOLI=;
 b=oJpmnnky8u3ixED27vsi0xQpEsvmlm3nZHzfXwX+Tq0iQHIfxArnuZCpuMRrZrbn3X
 teBJRCtYXavs7DeoMW5izs8rvRwRnrRjvNZEKbvQbIowwrNGHQ7pafa5qLVhGBXTKbkb
 BCKnE+59zH+yKgDrlc3tD3vfvDiDy/HIG4B5SdjEtyt7iiz0MfLYPB9ktpC56rGaUPV4
 Sy1vf26bONv5hEXwyZ5DQSXLfBy1+e0TysXYHbbMgpwB9/O7hoWX/WqDTtqFRMSLfzjo
 ZxfnVy4dwyVJ1NiNv1hkWDvmv7p8Hr4eFXsMNH6t7eNWsJhsujoHDrf75hhFK2Qa13Rd
 I0Lg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20210112;
 h=x-gm-message-state:sender:from:to:cc:subject:date:message-id
 :in-reply-to:references:mime-version:content-transfer-encoding;
 bh=iyVyh8aNQhO1YnroHwnFh+hZH3qqySXJk9STUCbsOLI=;
 b=MNCEK4rtZpfrtdENA0I5LHTKvA1jaRB7mrfVd1/H6wneBX+Lqe8AWIzI7nUENQw33R
 lmxo4jeILkWig+VymCDtXM+TQxcn/EuaEpUPA58fXIv41qiarneokZY+CEiIIm0a/ky9
 tDCPVPZEQ4c9V9zNSIkfy10ca/JlRF4IThXG6jfK3yPTKk2YDzX6AmZKXUByYi9sGtnn
 ++H6WZUhHgkmttgt+B6mk5w7ALnWqZwZLxjB6uTe67OkcxGriadKazWCMqH8f/oD5TKY
 26YFRKwucAF93o1bvb1N3fKgoKBTi7uVPuvtwXtCCkXS8wDoj51YFiy3afu/cROAuz9k
 4xTA==
X-Gm-Message-State: AOAM533NrixhSiEzoPgwGD+sxQYHU0pdD6jzPWEQCIc6+BfuZvUuQzEz
 GW0qzI6q252UfXiMv0zC4yG3Tk+8c/s=
X-Google-Smtp-Source: ABdhPJzFQaLBwPVpFX6MoMGcme8mjn8JK0mmJq/K6l00Y+57wBCsTTnLQ8Y5bojNxHf6mLlkKsefdQ==
X-Received: by 2002:aa7:d78e:: with SMTP id s14mr8334007edq.171.1632846395045; 
 Tue, 28 Sep 2021 09:26:35 -0700 (PDT)
Received: from lelap.lan (catv-213-222-131-28.catv.broadband.hu.
 [213.222.131.28])
 by smtp.gmail.com with ESMTPSA id f4sm3147720ejq.125.2021.09.28.09.26.34
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Tue, 28 Sep 2021 09:26:34 -0700 (PDT)
From: Attila Lendvai <attila@HIDDEN>
To: 50814 <at> debbugs.gnu.org
Subject: [PATCH 3/5] tests: Add failing test for .guix-authorizations and
 channel intro.
Date: Tue, 28 Sep 2021 18:24:05 +0200
Message-Id: <20210928162406.27205-3-attila@HIDDEN>
X-Mailer: git-send-email 2.33.0
In-Reply-To: <20210928162406.27205-1-attila@HIDDEN>
References: <20210928162406.27205-1-attila@HIDDEN>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Spam-Score: 0.5 (/)
X-Debbugs-Envelope-To: 50814
Cc: Attila Lendvai <attila@HIDDEN>
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -0.5 (/)

Will be fixed in a subsequent commit.

* tests/git-authenticate.scm: New test "signed commits, .guix-authorizations,
channel-introduction".
---
 tests/git-authenticate.scm | 132 +++++++++++++++++++++++++++++++++++++
 1 file changed, 132 insertions(+)

diff --git a/tests/git-authenticate.scm b/tests/git-authenticate.scm
index f66ef191b0..745a6d6dbe 100644
--- a/tests/git-authenticate.scm
+++ b/tests/git-authenticate.scm
@@ -18,6 +18,7 @@
 
 (define-module (test-git-authenticate)
   #:use-module (git)
+  #:use-module (guix diagnostics)
   #:use-module (guix git)
   #:use-module (guix git-authenticate)
   #:use-module (guix openpgp)
@@ -28,6 +29,10 @@
   #:use-module (srfi srfi-34)
   #:use-module (srfi srfi-64)
   #:use-module (rnrs bytevectors)
+  #:use-module ((rnrs conditions)
+                #:select (warning?))
+  #:use-module ((rnrs exceptions)
+                #:select (with-exception-handler))
   #:use-module (rnrs io ports))
 
 ;; Test the (guix git-authenticate) tools.
@@ -226,6 +231,133 @@
                                        #:keyring-reference "master")
                  #f)))))))
 
+(unless (gpg+git-available?) (test-skip 1))
+(test-assert "signed commits, .guix-authorizations, channel-introduction"
+  (let* ((result   #true)
+         (key1     %ed25519-public-key-file)
+         (key2     %ed25519-2-public-key-file)
+         (key3     %ed25519-3-public-key-file))
+    (with-fresh-gnupg-setup (list key1 %ed25519-secret-key-file
+                                  key2 %ed25519-2-secret-key-file
+                                  key3 %ed25519-3-secret-key-file)
+      (with-temporary-git-repository dir
+          `((checkout "keyring" orphan)
+            (add "signer1.key" ,(call-with-input-file key1 get-string-all))
+            (add "signer2.key" ,(call-with-input-file key2 get-string-all))
+            (add "signer3.key" ,(call-with-input-file key3 get-string-all))
+            (commit "keyring commit")
+
+            (checkout "main" orphan)
+            (add "noise0")
+            (add ".guix-authorizations"
+                 ,(object->string
+                   `(authorizations
+                     (version 0)
+                     ((,(key-fingerprint key1) (name "Alice"))
+                      (,(key-fingerprint key3) (name "Charlie"))))))
+            (commit "commit 0" (signer ,(key-fingerprint key3)))
+            (add "noise1")
+            (commit "commit 1" (signer ,(key-fingerprint key1)))
+            (add "noise2")
+            (commit "commit 2" (signer ,(key-fingerprint key1))))
+        (with-repository dir repo
+          (let* ((commit-0 (find-commit repo "commit 0"))
+                 (check-from
+                  (lambda* (commit #:key (should-fail? #false) (key key1)
+                                   (historical-authorizations
+                                    ;; key3 is trusted to authorize commit 0
+                                    (list (key-fingerprint-vector key3))))
+                    (guard (c ((unauthorized-commit-error? c)
+                               (if should-fail?
+                                   c
+                                   (let ((port (current-output-port)))
+                                     (format port "FAILURE: Unexpected exception at commit '~s':~%"
+                                             commit)
+                                     (print-exception port (stack-ref (make-stack #t) 1)
+                                                      c (exception-args c))
+                                     (set! result #false)
+                                     '()))))
+                      (format #true "~%~%Checking ~s, should-fail? ~s, repo commits:~%"
+                              commit should-fail?)
+                      ;; to be able to inspect in the logs
+                      (invoke "git" "-C" dir "log" "--reverse" "--pretty=oneline" "main")
+                      (set! commit (find-commit repo commit))
+                      (authenticate-repository
+                       repo
+                       (commit-id commit)
+                       (key-fingerprint-vector key)
+                       #:historical-authorizations historical-authorizations)
+                      (when should-fail?
+                        (format #t "FAILURE: Authenticating commit '~s' should have failed.~%" commit)
+                        (set! result #false))
+                      '()))))
+            (check-from "commit 0" #:key key3)
+            (check-from "commit 1")
+            (check-from "commit 2")
+            (with-git-repository dir
+                `((add "noise 3")
+                  ;; a commit with key2
+                  (commit "commit 3" (signer ,(key-fingerprint key2))))
+              ;; Should fail because it is signed with key2, not key1
+              (check-from "commit 3" #:should-fail? #true)
+              ;; Specify commit 3 as a channel-introduction signed with
+              ;; key2. This is valid, but it should warn the user, because
+              ;; .guix-authorizations is not updated to include key2, which
+              ;; means that any subsequent commits with the same key will be
+              ;; rejected.
+              (set! result
+                    (and result
+                         (let ((signalled? #false))
+                           (with-exception-handler
+                               (lambda (c)
+                                 (cond
+                                  ((not (warning? c))
+                                   (raise c))
+                                  ((formatted-message? c)
+                                   (format #true "warning (expected): ~a~%"
+                                           (apply format #false
+                                                  (formatted-message-string c)
+                                                  (formatted-message-arguments c)))
+                                   (set! signalled? #true)))
+                                 '())
+                             (lambda ()
+                               (check-from "commit 3" #:key key2)
+                               signalled?))))))
+            (with-git-repository dir
+                `((reset ,(oid->string (commit-id (find-commit repo "commit 2"))))
+                  (add "noise 4")
+                  ;; set it up properly
+                  (add ".guix-authorizations"
+                       ,(object->string
+                         `(authorizations
+                           (version 0)
+                           ((,(key-fingerprint key1) (name "Alice"))
+                            (,(key-fingerprint key2) (name "Bob"))))))
+                  (commit "commit 4" (signer ,(key-fingerprint key2))))
+              ;; This should fail because even though commit 4 adds key2 to
+              ;; .guix-authorizations, the commit itself is not authorized.
+              (check-from "commit 1" #:should-fail? #true)
+              ;; This should pass, because it's a valid channel intro at commit 4
+              (check-from "commit 4" #:key key2))
+            (with-git-repository dir
+                `((add "noise 5")
+                  (commit "commit 5" (signer ,(key-fingerprint key2))))
+              ;; This is not very intuitive: because commit 4 has once been
+              ;; used as a channel intro, it got marked as trusted in the
+              ;; ~/.cache/, and because commit 1 is one of its parent, it is
+              ;; also trusted.
+              (check-from "commit 1")
+              (check-from "commit 2")
+              ;; Should still be fine, but only when starting from commit 4
+              (check-from "commit 4" #:key key2))
+            (with-git-repository dir
+                `((add "noise 6")
+                  (commit "commit 6" (signer ,(key-fingerprint key1))))
+              (check-from "commit 1")
+              (check-from "commit 2")
+              (check-from "commit 4" #:key key2))))))
+    result))
+
 (unless (gpg+git-available?) (test-skip 1))
 (test-assert "signed commits, .guix-authorizations, authorized merge"
   (with-fresh-gnupg-setup (list %ed25519-public-key-file
-- 
2.33.0





Information forwarded to guix-patches@HIDDEN:
bug#50814; Package guix-patches. Full text available.

Message received at 50814 <at> debbugs.gnu.org:


Received: (at 50814) by debbugs.gnu.org; 28 Sep 2021 16:26:08 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Tue Sep 28 12:26:07 2021
Received: from localhost ([127.0.0.1]:46778 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1mVFvj-0005YF-KJ
	for submit <at> debbugs.gnu.org; Tue, 28 Sep 2021 12:26:07 -0400
Received: from mail-ed1-f49.google.com ([209.85.208.49]:40789)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <attila.lendvai@HIDDEN>) id 1mVFvf-0005Xh-Qh
 for 50814 <at> debbugs.gnu.org; Tue, 28 Sep 2021 12:26:06 -0400
Received: by mail-ed1-f49.google.com with SMTP id g8so85609665edt.7
 for <50814 <at> debbugs.gnu.org>; Tue, 28 Sep 2021 09:26:03 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112;
 h=sender:from:to:cc:subject:date:message-id:mime-version
 :content-transfer-encoding;
 bh=7kd0E7PC/LNXP+KlKpXFrhoFwEqqFjwgJX8oTvH5C64=;
 b=Ih2wHg8CHn1lhLlWDj4wv35zanKpD5kefzDPZch+y/5g4cGcp16z6Qkno8Xvpq5At/
 u/yk1k4pmg59tcz6GUrVbOkp58WTLgm1wIPmMnB24551CbNMzMoBneXqZwIhAD2xWyog
 Y29wqsespsBKm5Lh2FXbKhTdekxgvTB9PGv8luRcqfp9tsNQ2PgEdPCXoISvNoNu10RQ
 lBAjvGWU07t/zHEs0ZD/h0j5/XfvPxQ73g36TCqNzFxiVW58+MXhlgtN3dzocovxpKC/
 X3PkAi8529q1Ga7Lis+CDG76PDByqzy5FgnQz3xe12hJAK/Y1s6OqqILTMCcsbSZN0TN
 VHMA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20210112;
 h=x-gm-message-state:sender:from:to:cc:subject:date:message-id
 :mime-version:content-transfer-encoding;
 bh=7kd0E7PC/LNXP+KlKpXFrhoFwEqqFjwgJX8oTvH5C64=;
 b=x//0CgCRE8HYs5v/uiPGTOi1mYvZxwnxFZSLVRzSu/z7kLbOlpkMG/Tk6V4OZHt0JJ
 oiBmi/yNLszkkxlh2IvpnaQRufOA2qyumUG/sBu7ZSLvcprgaPRUYHnCRq/KHqbXnYnv
 Aj7moPy2OEVLv6ZlW2tCBoV7aaNI1Znl31xQSI9NcV6qBMr7EfXg29IwDGL6gjacqacL
 X0HIqkf+WoKq08YxIfiI1DmAlloh9KPST7BeYvbVCJ2Fp0QaPp5IqyENgKSaqcxuGPBN
 16xpMTfeRSeKb3apfkSp8q8ODjz2yyQLYnb8Bj4q3TlTdHuciQ3+aHuyghVf1OVMTiBV
 pg8Q==
X-Gm-Message-State: AOAM532u+iXkwtkqpFnoQlcq0qZT9coZ8YUQmD80LvDHgaIfTWPs2AgE
 /rS2Iznb5W7eRjMIYL1HOSyI6z52oXI=
X-Google-Smtp-Source: ABdhPJzk6fMCtMSz4Ae3hjL+ui28Rud1Do1YtMuW0C/f3f1ZXfwd0UJDf8p/xHu1XX6Rzyq/wR0Nvg==
X-Received: by 2002:a17:906:308d:: with SMTP id
 13mr7747940ejv.570.1632846356871; 
 Tue, 28 Sep 2021 09:25:56 -0700 (PDT)
Received: from lelap.lan (catv-213-222-131-28.catv.broadband.hu.
 [213.222.131.28])
 by smtp.gmail.com with ESMTPSA id f4sm3147720ejq.125.2021.09.28.09.25.55
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Tue, 28 Sep 2021 09:25:56 -0700 (PDT)
From: Attila Lendvai <attila@HIDDEN>
To: 50814 <at> debbugs.gnu.org
Subject: [PATCH 1/5] tests: Smarten up git repository testing framework.
Date: Tue, 28 Sep 2021 18:24:03 +0200
Message-Id: <20210928162406.27205-1-attila@HIDDEN>
X-Mailer: git-send-email 2.33.0
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Spam-Score: 0.5 (/)
X-Debbugs-Envelope-To: 50814
Cc: Attila Lendvai <attila@HIDDEN>
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -0.5 (/)

* guix/tests/git.scm (with-git-repository): New macro that can be used in
a nested way under a with-temporary-git-repository.
(populate-git-repository): Extend the DSL with (add "some-noise"), (reset
"[commit hash]"), (checkout "branch" orphan).
* guix/tests/gnupg.scm (key-fingerprint-vector): New function.
---
 guix/tests/git.scm   | 23 +++++++++++++++++++++--
 guix/tests/gnupg.scm |  8 ++++++--
 2 files changed, 27 insertions(+), 4 deletions(-)

diff --git a/guix/tests/git.scm b/guix/tests/git.scm
index 69960284d9..76f5a8b937 100644
--- a/guix/tests/git.scm
+++ b/guix/tests/git.scm
@@ -26,6 +26,7 @@
   #:use-module (ice-9 control)
   #:export (git-command
             with-temporary-git-repository
+            with-git-repository
             find-commit))
 
 (define git-command
@@ -59,8 +60,9 @@ Return DIRECTORY on success."
         (apply invoke (git-command) "-C" directory
                command args)))))
 
-  (mkdir-p directory)
-  (git "init")
+  (unless (directory-exists? (string-append directory "/.git"))
+    (mkdir-p directory)
+    (git "init"))
 
   (let loop ((directives directives))
     (match directives
@@ -78,6 +80,9 @@ Return DIRECTORY on success."
                       port)))
          (git "add" file)
          (loop rest)))
+      ((('add file-name-and-content) rest ...)
+       (loop (cons `(add ,file-name-and-content ,file-name-and-content)
+                   rest)))
       ((('remove file) rest ...)
        (git "rm" "-f" file)
        (loop rest))
@@ -99,12 +104,18 @@ Return DIRECTORY on success."
       ((('checkout branch) rest ...)
        (git "checkout" branch)
        (loop rest))
+      ((('checkout branch 'orphan) rest ...)
+       (git "checkout" "--orphan" branch)
+       (loop rest))
       ((('merge branch message) rest ...)
        (git "merge" branch "-m" message)
        (loop rest))
       ((('merge branch message ('signer fingerprint)) rest ...)
        (git "merge" branch "-m" message
             (string-append "--gpg-sign=" fingerprint))
+       (loop rest))
+      ((('reset to) rest ...)
+       (git "reset" "--hard" to)
        (loop rest)))))
 
 (define (call-with-temporary-git-repository directives proc)
@@ -121,6 +132,14 @@ per DIRECTIVES."
                                       (lambda (directory)
                                         exp ...)))
 
+(define-syntax-rule (with-git-repository directory
+                                         directives exp ...)
+  "Evaluate EXP in a context where DIRECTORY is (further) populated as
+per DIRECTIVES."
+  (begin
+    (populate-git-repository directory directives)
+    exp ...))
+
 (define (find-commit repository message)
   "Return the commit in REPOSITORY whose message includes MESSAGE, a string."
   (let/ec return
diff --git a/guix/tests/gnupg.scm b/guix/tests/gnupg.scm
index eb8ff63a43..c7630db912 100644
--- a/guix/tests/gnupg.scm
+++ b/guix/tests/gnupg.scm
@@ -33,6 +33,7 @@
 
             read-openpgp-packet
             key-fingerprint
+            key-fingerprint-vector
             key-id))
 
 (define gpg-command
@@ -76,7 +77,10 @@ process is terminated afterwards."
    (open-bytevector-input-port
     (call-with-input-file file read-radix-64))))
 
+(define key-fingerprint-vector
+  (compose openpgp-public-key-fingerprint
+           read-openpgp-packet))
+
 (define key-fingerprint
   (compose openpgp-format-fingerprint
-           openpgp-public-key-fingerprint
-           read-openpgp-packet))
+           key-fingerprint-vector))
-- 
2.33.0





Information forwarded to guix-patches@HIDDEN:
bug#50814; Package guix-patches. Full text available.

Message received at 50814 <at> debbugs.gnu.org:


Received: (at 50814) by debbugs.gnu.org; 28 Sep 2021 10:02:36 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Tue Sep 28 06:02:36 2021
Received: from localhost ([127.0.0.1]:43931 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1mV9wZ-0007pN-Q7
	for submit <at> debbugs.gnu.org; Tue, 28 Sep 2021 06:02:36 -0400
Received: from albert.telenet-ops.be ([195.130.137.90]:55306)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <maximedevos@HIDDEN>) id 1mV9wX-0007pC-6o
 for 50814 <at> debbugs.gnu.org; Tue, 28 Sep 2021 06:02:34 -0400
Received: from ptr-bvsjgyjmffd7q9timvx.18120a2.ip6.access.telenet.be
 ([IPv6:2a02:1811:8c09:9d00:aaf1:9810:a0b8:a55d])
 by albert.telenet-ops.be with bizsmtp
 id zN2X250060mfAB406N2XMB; Tue, 28 Sep 2021 12:02:31 +0200
Message-ID: <7f921c26c445cfe034ad73bfbd7a9b45e810d673.camel@HIDDEN>
Subject: Re: [bug#50814] [PATCH] guix: git-authenticate: Also authenticate
 the channel intro commit.
From: Maxime Devos <maximedevos@HIDDEN>
To: Attila Lendvai <attila@HIDDEN>
Date: Tue, 28 Sep 2021 12:02:23 +0200
In-Reply-To: <XYPPxjyGCdWp4mrarRj4nrI4iZiANxHu1TJEVMd_d2PGw4OmD0yr7HMLd9NXEljnm5TSox8pm75D-alHyaiu29Wre4spahCrmuqZCvkSql8=@lendvai.name>
References: <20210926101928.3877-1-attila@HIDDEN>
 <2b0173cc9809ab1e806bf0061fc28a9a85dda6e0.camel@HIDDEN>
 <XYPPxjyGCdWp4mrarRj4nrI4iZiANxHu1TJEVMd_d2PGw4OmD0yr7HMLd9NXEljnm5TSox8pm75D-alHyaiu29Wre4spahCrmuqZCvkSql8=@lendvai.name>
Content-Type: multipart/signed; micalg="pgp-sha512";
 protocol="application/pgp-signature"; boundary="=-lK3AFsR2GbSbojWApjCh"
User-Agent: Evolution 3.34.2 
MIME-Version: 1.0
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=telenet.be; s=r21;
 t=1632823351; bh=7fk4nEnJmsGOX4sQyFMqJRBtJSi14BR/2ZASpVgFltE=;
 h=Subject:From:To:Cc:Date:In-Reply-To:References;
 b=YVjQd40wjfrV5VhZWls6KYXY3FoaymJ6t5clwK6Ikp3OEaCTNmMtQqelcr+KRWP8J
 v8tjJawkju6rEYYYzfXlu0Ii1dLyRRp8fdHgeLG22nQEUGsTAhGhPB4WNO9QjKkEGm
 9vdZxMKQz30xYeR6RWr6lEZBnVOPbyZvPpZ7fgd9kdRaO+BVEPBf3WAn06I1MxFNud
 TZmjJtRk7bi8xSUcst1+D/B9S0ZPenrXuAi/OkPfPOBNfwni/rywyF0cNSh563LgFY
 z6MJyiLnpZK/zdLLK5m3ErjepnATzVFRUTGA1vn2R9yfPgCM1sdnRN/AIHstTzFfHr
 qQhIZNeMA9Svw==
X-Spam-Score: -0.7 (/)
X-Debbugs-Envelope-To: 50814
Cc: 50814 <at> debbugs.gnu.org
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -1.7 (-)


--=-lK3AFsR2GbSbojWApjCh
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

Attila Lendvai schreef op ma 27-09-2021 om 18:45 [+0000]:
>=20
[...]
> using `(warning ...)` will just print something to stderr.
>=20
> i was hoping to raise a continuable condition of type &warning, that i ca=
n even check for in the tests,
> but i have failed to put that together. the scheme/guile condition system=
 is a bit messy/convoluted.

Technically, Scheme supports continuable exceptions with 'raise-continuable=
'
and with-exception-hander.  E.g., the following Racket example:

 (use-modules (rnrs exceptions) (rnrs conditions))
 (with-exception-handler
  (lambda (con)
    (cond
      ((not (warning? con))
       (raise con))
      ((message-condition? con)
       (display (condition-message con)))
      (else
       (display "a warning has been issued")))
    42)
  (lambda ()
    (+ (raise-continuable
         (condition
           (make-warning)
           (make-message-condition
             "should be a number")))
       23)))
    prints: should be a number
           =E2=87=92 65

(from https://docs.racket-lang.org/r6rs/r6rs-lib-std/r6rs-lib-Z-H-8.html#no=
de_idx_378)
works in Guile

You might need to modify 'call-with-error-handling' in (guix ui) to recogni=
se
&warning though, such that the &warning exception will be properly handled.

Alternatively, you can use the procedure 'warning' from (guix diagnostics).
To detect the error in this case, you can use parameterise, guix-warning-po=
rt
and procedures like call-with-output-string.  You may need to reset the loc=
ale
first (with dynamic-wind?).

Greetings,
Maxime.

--=-lK3AFsR2GbSbojWApjCh
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: This is a digitally signed message part
Content-Transfer-Encoding: 7bit

-----BEGIN PGP SIGNATURE-----

iI0EABYKADUWIQTB8z7iDFKP233XAR9J4+4iGRcl7gUCYVLoMBccbWF4aW1lZGV2
b3NAdGVsZW5ldC5iZQAKCRBJ4+4iGRcl7o1fAP4pI9fNojskAkSV/vzDIlIvl9Wl
MPxbt8VHva965NcEjgEAlEMvuk7E/od4vvL6lQxqzIE+XhzhFrDCd2YAVjmWxQY=
=sQuQ
-----END PGP SIGNATURE-----

--=-lK3AFsR2GbSbojWApjCh--





Information forwarded to guix-patches@HIDDEN:
bug#50814; Package guix-patches. Full text available.

Message received at 50814 <at> debbugs.gnu.org:


Received: (at 50814) by debbugs.gnu.org; 28 Sep 2021 01:08:00 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Mon Sep 27 21:08:00 2021
Received: from localhost ([127.0.0.1]:43239 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1mV1bD-0006Ty-FC
	for submit <at> debbugs.gnu.org; Mon, 27 Sep 2021 21:08:00 -0400
Received: from mail-ed1-f53.google.com ([209.85.208.53]:38688)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <attila.lendvai@HIDDEN>) id 1mV1b4-0006T8-3U
 for 50814 <at> debbugs.gnu.org; Mon, 27 Sep 2021 21:07:51 -0400
Received: by mail-ed1-f53.google.com with SMTP id dj4so76755775edb.5
 for <50814 <at> debbugs.gnu.org>; Mon, 27 Sep 2021 18:07:50 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112;
 h=sender:from:to:cc:subject:date:message-id:in-reply-to:references
 :mime-version:content-transfer-encoding;
 bh=mdIJMSb08/N6jn3/GOoHTOPAty75QQndyymNsi1Yjno=;
 b=S439MBXK99p1HGsxxjM2/tUsoVMTRRLTyFBYWUHjJYARk9Wihp1KypP3/SfdJUxccG
 WpJPgacnvVC6k+r4Jzzi1xlIjqYIC+ZABHJ0YdRWSsFlLgW+70w9Z9Bda6nFNVYwUDN9
 /htiNYENFkOHk28664zdDCGpeyvIIAeRz9u5mltkGWck60pbVgrnBHsRQbkr9f8CS6Y4
 w1uy0O+9BN5PYVImXFGc+gdAHYOqLg9sgoQYkdjDxLPiCCAMgd/lxaCLKvVHnmPUePJa
 QPVbgq8nyQ4iEQLmcwq1Pu/E0gAgdd2R0zZppDGEVw/8EPkTSjOqgc98uvvnWkt/sVv5
 4b/w==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20210112;
 h=x-gm-message-state:sender:from:to:cc:subject:date:message-id
 :in-reply-to:references:mime-version:content-transfer-encoding;
 bh=mdIJMSb08/N6jn3/GOoHTOPAty75QQndyymNsi1Yjno=;
 b=lfjGOrzSB6wt9SEySehwFsVEt2ul6YcqobNGfFEToiKBDEi5qBOUHf8j9ezgc+ZVus
 jpWPFrHo/Wbbfbqez8r6iRykE8WxoxFAbyTR6yGPa/bK7rDqg07U+JavTt0efvep7gcO
 rwSIU1SyD+cfA9AQcPnDd4lYNMvrZMOzRc8jSMUaEnTJ1+2ZEBgYWpsxoKlTb5r/vCfA
 vvRSjXQyZfuZPj7pygC5RLXs0sfGkweK4C5YPiZ/kkxOFDy/ecd0fE/jq6E2uGqSHqLD
 8o9KbEGrfxYDd//UnWnZPXWVGUgq0gYs+XVg2iapiQgy7TuJ/LwEfSyCGc4/dL1bIROH
 yXhQ==
X-Gm-Message-State: AOAM533lkmRs/0Wz/LbHgAzMRlxJuNkfQaeEAbMgI+jWGVlb9j9lsXGn
 UdqzTHsgg935grLjzFIOhGuBzix5ca0=
X-Google-Smtp-Source: ABdhPJyjVj29BzTey75QS9dsq124QnoecePIN7jp2QpA+tXtRp6aBcn0qDKzZZXmDlDuT4XjmkSEOQ==
X-Received: by 2002:a17:906:3ce2:: with SMTP id
 d2mr3753066ejh.410.1632791264570; 
 Mon, 27 Sep 2021 18:07:44 -0700 (PDT)
Received: from lelap.lan (catv-213-222-131-28.catv.broadband.hu.
 [213.222.131.28])
 by smtp.gmail.com with ESMTPSA id c5sm11989558edx.81.2021.09.27.18.07.43
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Mon, 27 Sep 2021 18:07:44 -0700 (PDT)
From: Attila Lendvai <attila@HIDDEN>
To: 50814 <at> debbugs.gnu.org
Subject: [PATCH 4/4] guix: git-authenticate: Fix authenticate-repository.
Date: Tue, 28 Sep 2021 03:05:38 +0200
Message-Id: <20210928010537.4241-4-attila@HIDDEN>
X-Mailer: git-send-email 2.33.0
In-Reply-To: <20210928010537.4241-1-attila@HIDDEN>
References: <20210928010537.4241-1-attila@HIDDEN>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Spam-Score: 0.5 (/)
X-Debbugs-Envelope-To: 50814
Cc: Attila Lendvai <attila@HIDDEN>
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -0.5 (/)

Always verify the channel introduction commit, so that no commit can slip
through that was signed with a different key.

Always update the cache, because it affects the behavior of later calls.

Warn when a channel introduction commit doesn't also update the
'.guix-authentications' file.

* guix/git-authenticate.scm (authenticate-commit): Reword and extend the error
message to point to the relevant part of the manual.
(authenticate-repository): Eliminate optimizations to make the code path less
dependent on the input. Always trust the intro-commit itself. Always call
verify-introductory-commit.
(verify-introductory-commit): Check if the commit contains the key that was
used to sign it, and issue a warning otherwise. This is to avoid the confusion
caused by only the *second* commit yielding an error, because intro-commits
are always trusted.
(authenticate-commit): Clarify error message.
(authorized-keys-at-commit): Factored out to the toplevel from
commit-authorized-keys.
---
 guix/channels.scm         |   4 +-
 guix/git-authenticate.scm | 153 ++++++++++++++++++++++----------------
 2 files changed, 91 insertions(+), 66 deletions(-)

diff --git a/guix/channels.scm b/guix/channels.scm
index e4e0428eb5..b84064537f 100644
--- a/guix/channels.scm
+++ b/guix/channels.scm
@@ -347,8 +347,8 @@ commits)...~%")
     (progress-reporter/bar (length commits)))
 
   (define authentic-commits
-    ;; Consider the currently-used commit of CHANNEL as authentic so
-    ;; authentication can skip it and all its closure.
+    ;; Optimization: consider the currently-used commit of CHANNEL as
+    ;; authentic, so that authentication can skip it and all its closure.
     (match (find (lambda (candidate)
                    (eq? (channel-name candidate) (channel-name channel)))
                  (current-channels))
diff --git a/guix/git-authenticate.scm b/guix/git-authenticate.scm
index ab3fcd8b2f..713642d2ea 100644
--- a/guix/git-authenticate.scm
+++ b/guix/git-authenticate.scm
@@ -30,6 +30,7 @@
                 #:select (cache-directory with-atomic-file-output))
   #:use-module ((guix build utils)
                 #:select (mkdir-p))
+  #:use-module (guix diagnostics)
   #:use-module (guix progress)
   #:use-module (srfi srfi-1)
   #:use-module (srfi srfi-11)
@@ -38,6 +39,7 @@
   #:use-module (srfi srfi-35)
   #:use-module (rnrs bytevectors)
   #:use-module (rnrs io ports)
+  #:use-module (ice-9 exceptions)
   #:use-module (ice-9 match)
   #:autoload   (ice-9 pretty-print) (pretty-print)
   #:export (read-authorizations
@@ -159,11 +161,10 @@ return a list of authorized fingerprints."
              (string-downcase (string-filter char-set:graphic fingerprint))))
           fingerprints))))
 
-(define* (commit-authorized-keys repository commit
-                                 #:optional (default-authorizations '()))
-  "Return the list of OpenPGP fingerprints authorized to sign COMMIT, based on
-authorizations listed in its parent commits.  If one of the parent commits
-does not specify anything, fall back to DEFAULT-AUTHORIZATIONS."
+(define (authorized-keys-at-commit repository commit default-authorizations)
+  "Return the list of authorized key fingerprints from the '.guix-authorizations'
+file at the given commit."
+
   (define (parents-have-authorizations-file? commit)
     ;; Return true if at least one of the parents of COMMIT has the
     ;; '.guix-authorizations' file.
@@ -185,28 +186,35 @@ does not specify anything, fall back to DEFAULT-AUTHORIZATIONS."
 to remove '.guix-authorizations' file")
                                  (oid->string (commit-id commit)))))))
 
-  (define (commit-authorizations commit)
-    (catch 'git-error
-      (lambda ()
-        (let* ((tree  (commit-tree commit))
-               (entry (tree-entry-bypath tree ".guix-authorizations"))
-               (blob  (blob-lookup repository (tree-entry-id entry))))
-          (read-authorizations
-           (open-bytevector-input-port (blob-content blob)))))
-      (lambda (key error)
-        (if (= (git-error-code error) GIT_ENOTFOUND)
-            (begin
-              ;; Prevent removal of '.guix-authorizations' since it would make
-              ;; it trivial to force a fallback to DEFAULT-AUTHORIZATIONS.
-              (assert-parents-lack-authorizations commit)
-              default-authorizations)
-            (throw key error)))))
+  (catch 'git-error
+    (lambda ()
+      (let* ((tree  (commit-tree commit))
+             (entry (tree-entry-bypath tree ".guix-authorizations"))
+             (blob  (blob-lookup repository (tree-entry-id entry))))
+        (read-authorizations
+         (open-bytevector-input-port (blob-content blob)))))
+    (lambda (key error)
+      (if (= (git-error-code error) GIT_ENOTFOUND)
+          (begin
+            ;; Prevent removal of '.guix-authorizations' since it would make
+            ;; it trivial to force a fallback to DEFAULT-AUTHORIZATIONS.
+            (assert-parents-lack-authorizations commit)
+            default-authorizations)
+          (throw key error)))))
 
+(define* (commit-authorized-keys repository commit
+                                 #:optional (default-authorizations '()))
+  "Return the list of OpenPGP fingerprints authorized to sign COMMIT, based on
+authorizations listed in its parent commits.  If one of the parent commits
+does not specify anything, fall back to DEFAULT-AUTHORIZATIONS."
   (match (commit-parents commit)
     (() default-authorizations)
     (parents
      (apply lset-intersection bytevector=?
-            (map commit-authorizations parents)))))
+            (map (lambda (commit)
+                   (authorized-keys-at-commit repository commit
+                                              default-authorizations))
+                 parents)))))
 
 (define* (authenticate-commit repository commit keyring
                               #:key (default-authorizations '()))
@@ -236,8 +244,8 @@ not specify anything, fall back to DEFAULT-AUTHORIZATIONS."
             (condition
              (&unauthorized-commit-error (commit id)
                                          (signing-key signing-key)))
-            (formatted-message (G_ "commit ~a not signed by an authorized \
-key: ~a")
+            (formatted-message (G_ "commit ~a is signed by an unauthorized \
+key: ~a\nSee info guix \"Specifying Channel Authorizations\".")
                                (oid->string id)
                                (openpgp-format-fingerprint
                                 (openpgp-public-key-fingerprint
@@ -356,7 +364,8 @@ authenticated (only COMMIT-ID is written to cache, though)."
                  (base64-encode
                   (sha256 (string->utf8 (repository-directory repository))))))
 
-(define (verify-introductory-commit repository keyring commit expected-signer)
+(define (verify-introductory-commit repository commit expected-signer keyring
+                                    authorizations)
   "Look up COMMIT in REPOSITORY, and raise an exception if it is not signed by
 EXPECTED-SIGNER."
   (define actual-signer
@@ -364,13 +373,25 @@ EXPECTED-SIGNER."
      (commit-signing-key repository (commit-id commit) keyring)))
 
   (unless (bytevector=? expected-signer actual-signer)
-    (raise (formatted-message (G_ "initial commit ~a is signed by '~a' \
+    (raise (make-compound-condition
+            (condition (&unauthorized-commit-error (commit (commit-id commit))
+                                                   (signing-key actual-signer)))
+            (formatted-message (G_ "initial commit ~a is signed by '~a' \
 instead of '~a'")
-                              (oid->string (commit-id commit))
-                              (openpgp-format-fingerprint actual-signer)
-                              (openpgp-format-fingerprint expected-signer)))))
-
-(define* (authenticate-repository repository start signer
+                               (oid->string (commit-id commit))
+                               (openpgp-format-fingerprint actual-signer)
+                               (openpgp-format-fingerprint expected-signer)))))
+  (unless (member actual-signer
+                  (authorized-keys-at-commit repository commit authorizations)
+                  bytevector=?)
+    ;; FIXME Is this the right way to tell the user about this situation?  It
+    ;; would also be nice if the tests could assert for this warning.
+    (warning (G_ "initial commit ~a does not add \
+the key it is signed with (~a) to the '.guix-authorizations' file.")
+             (oid->string (commit-id commit))
+             (openpgp-format-fingerprint actual-signer))))
+
+(define* (authenticate-repository repository intro-commit-hash intro-signer
                                   #:key
                                   (keyring-reference "keyring")
                                   (cache-key (repository-cache-key repository))
@@ -380,11 +401,12 @@ instead of '~a'")
                                   (historical-authorizations '())
                                   (make-reporter
                                    (const progress-reporter/silent)))
-  "Authenticate REPOSITORY up to commit END, an OID.  Authentication starts
-with commit START, an OID, which must be signed by SIGNER; an exception is
-raised if that is not the case.  Commits listed in AUTHENTIC-COMMITS and their
-closure are considered authentic.  Return an alist mapping OpenPGP public keys
-to the number of commits signed by that key that have been traversed.
+  "Authenticate REPOSITORY up to commit END, an OID.  Authentication starts with
+commit INTRO-COMMIT-HASH, an OID, which must be signed by INTRO-SIGNER; an
+exception is raised if that is not the case.  Commits listed in
+AUTHENTIC-COMMITS and their closure are considered authentic.  Return an
+alist mapping OpenPGP public keys to the number of commits signed by that
+key that have been traversed.
 
 The OpenPGP keyring is loaded from KEYRING-REFERENCE in REPOSITORY, where
 KEYRING-REFERENCE is the name of a branch.  The list of authenticated commits
@@ -393,8 +415,10 @@ is cached in the authentication cache under CACHE-KEY.
 HISTORICAL-AUTHORIZATIONS must be a list of OpenPGP fingerprints (bytevectors)
 denoting the authorized keys for commits whose parent lack the
 '.guix-authorizations' file."
-  (define start-commit
-    (commit-lookup repository start))
+
+  (define intro-commit
+    (commit-lookup repository intro-commit-hash))
+
   (define end-commit
     (commit-lookup repository end))
 
@@ -404,36 +428,37 @@ denoting the authorized keys for commits whose parent lack the
   (define authenticated-commits
     ;; Previously-authenticated commits that don't need to be checked again.
     (filter-map (lambda (id)
+                  ;; We need to tolerate when cached commits disappear due to
+                  ;; --allow-downgrades.
                   (false-if-git-not-found
                    (commit-lookup repository (string->oid id))))
                 (append (previously-authenticated-commits cache-key)
-                        authentic-commits)))
+                        authentic-commits
+                        ;; The intro commit is unconditionally trusted.
+                        (list (oid->string intro-commit-hash)))))
 
   (define commits
     ;; Commits to authenticate, excluding the closure of
     ;; AUTHENTICATED-COMMITS.
-    (commit-difference end-commit start-commit
-                       authenticated-commits))
-
-  ;; When COMMITS is empty, it's because END-COMMIT is in the closure of
-  ;; START-COMMIT and/or AUTHENTICATED-COMMITS, in which case it's known to
-  ;; be authentic already.
-  (if (null? commits)
-      '()
-      (let ((reporter (make-reporter start-commit end-commit commits)))
-        ;; If it's our first time, verify START-COMMIT's signature.
-        (when (null? authenticated-commits)
-          (verify-introductory-commit repository keyring
-                                      start-commit signer))
-
-        (let ((stats (call-with-progress-reporter reporter
-                       (lambda (report)
-                         (authenticate-commits repository commits
-                                               #:keyring keyring
-                                               #:default-authorizations
-                                               historical-authorizations
-                                               #:report-progress report)))))
-          (cache-authenticated-commit cache-key
-                                      (oid->string (commit-id end-commit)))
-
-          stats))))
+    (commit-difference end-commit intro-commit
+                             authenticated-commits))
+
+  (verify-introductory-commit repository intro-commit
+                              intro-signer keyring
+                              historical-authorizations)
+
+  (let* ((reporter (make-reporter intro-commit end-commit commits))
+         (stats (call-with-progress-reporter reporter
+                  (lambda (report)
+                    (authenticate-commits repository commits
+                                          #:keyring keyring
+                                          #:default-authorizations
+                                          historical-authorizations
+                                          #:report-progress report)))))
+    ;; Note that this will make the then current end commit of any channel,
+    ;; that has been used/trusted in the past with a channel introduction,
+    ;; remain trusted until the cache is cleared.
+    (cache-authenticated-commit cache-key
+                                (oid->string (commit-id end-commit)))
+
+    stats))
-- 
2.33.0





Information forwarded to guix-patches@HIDDEN:
bug#50814; Package guix-patches. Full text available.

Message received at 50814 <at> debbugs.gnu.org:


Received: (at 50814) by debbugs.gnu.org; 28 Sep 2021 01:07:59 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Mon Sep 27 21:07:59 2021
Received: from localhost ([127.0.0.1]:43237 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1mV1bD-0006Tv-23
	for submit <at> debbugs.gnu.org; Mon, 27 Sep 2021 21:07:59 -0400
Received: from mail-ed1-f53.google.com ([209.85.208.53]:44660)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <attila.lendvai@HIDDEN>) id 1mV1b2-0006T6-Lc
 for 50814 <at> debbugs.gnu.org; Mon, 27 Sep 2021 21:07:49 -0400
Received: by mail-ed1-f53.google.com with SMTP id v18so41281268edc.11
 for <50814 <at> debbugs.gnu.org>; Mon, 27 Sep 2021 18:07:48 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112;
 h=sender:from:to:cc:subject:date:message-id:in-reply-to:references
 :mime-version:content-transfer-encoding;
 bh=+TV6SG8Rdqg0pRcyGxLHQ8Vfm+XO1c9ZH3Grd+sdLlY=;
 b=QQniLNoKAioxFwkN8hCUr5qQZ3PPCEERmJqmjH8dmqaP6YMaNUkcYeKOeGiebmQjJM
 +nO0fNmF2yjbqzWcRIz5CuhEsNmTrU8ndjKdOEU/zUMRVs+QNPIVG+kp11j7sG/EgTTN
 k0pPm/Z4Bbidlat03J0+JSYM7aWTp61LCJGlXjLknN6DMq7F/jLBcnpR5btUSCHFG0Yb
 yLDRkc5oU2gHKYUE7pEJKrmCfbQZW+TYuE1+K5I9U1NhvFMX5kLijQ3sYFFYFgqb7c8q
 pGlTT+fvIInS6wkvDsKVDfL8u+9NoJDxFLuJZ4yR6DepRStvDvdyz2OE/ELpRJV+7xqT
 i49g==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20210112;
 h=x-gm-message-state:sender:from:to:cc:subject:date:message-id
 :in-reply-to:references:mime-version:content-transfer-encoding;
 bh=+TV6SG8Rdqg0pRcyGxLHQ8Vfm+XO1c9ZH3Grd+sdLlY=;
 b=MSq7NgrZr2dvy3DjlMYHAX8CxHGaspkqlCD0FmkJX1ipkHwN0ZmxPsnUzcSuySQRib
 yQYDjA7LwEOJ6w6BSkiWYnhlixQBYve1mANRwGuM5OouNxz4FmeJd4wVRvbuAl7edVy+
 GV9+K0olmkCz0G14NDp50NiHIWhBfDDt5fCZRX1ck8dBg1aLd7McJNzibc10985PEKCt
 lhjh0ab9XPr+xQ4goimAHu6/cWtqptTuCAi0d13sjsPNsREbJ5Wirno3+OpFdGCoVFZP
 9c8OdE7UlIuMpMOybqVQHwJGsAkL/8/m/zFjdR+ymUdfJKccFESMLBHEIRXFB550S8Ev
 sESw==
X-Gm-Message-State: AOAM531QtBN1U/z7ABIFPA1Rj4fVoEI/+jyX7goAV+M5kRb6gCiVW8dz
 KLGAmJbdMWV6ys996EmqrpsKzld3SaY=
X-Google-Smtp-Source: ABdhPJzVwBLZHAkfeRhdEnbeDLyLZKcOkTiHuwBm/j3QFg7kUorFXEPlg+VYPfTEFFiMLTIF3tut/A==
X-Received: by 2002:a17:906:fc7:: with SMTP id
 c7mr3675665ejk.333.1632791262992; 
 Mon, 27 Sep 2021 18:07:42 -0700 (PDT)
Received: from lelap.lan (catv-213-222-131-28.catv.broadband.hu.
 [213.222.131.28])
 by smtp.gmail.com with ESMTPSA id c5sm11989558edx.81.2021.09.27.18.07.42
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Mon, 27 Sep 2021 18:07:42 -0700 (PDT)
From: Attila Lendvai <attila@HIDDEN>
To: 50814 <at> debbugs.gnu.org
Subject: [PATCH 3/4] tests: Add failing test for .guix-authorizations and
 channel intro.
Date: Tue, 28 Sep 2021 03:05:37 +0200
Message-Id: <20210928010537.4241-3-attila@HIDDEN>
X-Mailer: git-send-email 2.33.0
In-Reply-To: <20210928010537.4241-1-attila@HIDDEN>
References: <20210928010537.4241-1-attila@HIDDEN>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Spam-Score: 0.5 (/)
X-Debbugs-Envelope-To: 50814
Cc: Attila Lendvai <attila@HIDDEN>
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -0.5 (/)

Will be fixed in a subsequent commit.

* tests/git-authenticate.scm: New test "signed commits, .guix-authorizations,
channel-introduction".
---
 tests/git-authenticate.scm | 111 +++++++++++++++++++++++++++++++++++++
 1 file changed, 111 insertions(+)

diff --git a/tests/git-authenticate.scm b/tests/git-authenticate.scm
index f66ef191b0..672aff2177 100644
--- a/tests/git-authenticate.scm
+++ b/tests/git-authenticate.scm
@@ -226,6 +226,117 @@
                                        #:keyring-reference "master")
                  #f)))))))
 
+(unless (gpg+git-available?) (test-skip 1))
+(test-assert "signed commits, .guix-authorizations, channel-introduction"
+  (let* ((result   #true)
+         (key1     %ed25519-public-key-file)
+         (key2     %ed25519-2-public-key-file)
+         (key3     %ed25519-3-public-key-file))
+    (with-fresh-gnupg-setup (list key1 %ed25519-secret-key-file
+                                  key2 %ed25519-2-secret-key-file
+                                  key3 %ed25519-3-secret-key-file)
+      (with-temporary-git-repository dir
+          `((checkout "keyring" orphan)
+            (add "signer1.key" ,(call-with-input-file key1 get-string-all))
+            (add "signer2.key" ,(call-with-input-file key2 get-string-all))
+            (add "signer3.key" ,(call-with-input-file key3 get-string-all))
+            (commit "keyring commit")
+
+            (checkout "main" orphan)
+            (add "noise0")
+            (add ".guix-authorizations"
+                 ,(object->string
+                   `(authorizations
+                     (version 0)
+                     ((,(key-fingerprint key1) (name "Alice"))))))
+            (commit "commit 0" (signer ,(key-fingerprint key3)))
+            (add "noise1")
+            (commit "commit 1" (signer ,(key-fingerprint key1)))
+            (add "noise2")
+            (commit "commit 2" (signer ,(key-fingerprint key1))))
+        (with-repository dir repo
+          (let* ((commit-0 (find-commit repo "commit 0"))
+                 (check-from
+                  (lambda* (commit #:key (should-fail? #false) (key key1)
+                                   (historical-authorizations
+                                    ;; key3 is trusted to authorize commit 0
+                                    (list (key-fingerprint-vector key3))))
+                    (guard (c ((unauthorized-commit-error? c)
+                               (if should-fail?
+                                   c
+                                   (let ((port (current-output-port)))
+                                     (format port "FAILURE: Unexpected exception at commit '~s':~%"
+                                             commit)
+                                     (print-exception port (stack-ref (make-stack #t) 1)
+                                                      c (exception-args c))
+                                     (set! result #false)
+                                     '()))))
+                      (format #true "~%~%Checking ~s, should-fail? ~s, repo commits:~%"
+                              commit should-fail?)
+                      ;; to be able to inspect in the logs
+                      (invoke "git" "-C" dir "log" "--reverse" "--pretty=oneline" "main")
+                      (set! commit (find-commit repo commit))
+                      (authenticate-repository
+                       repo
+                       (commit-id commit)
+                       (key-fingerprint-vector key)
+                       #:historical-authorizations historical-authorizations)
+                      (when should-fail?
+                        (format #t "FAILURE: Authenticating commit '~s' should have failed.~%" commit)
+                        (set! result #false))
+                      '()))))
+            (check-from "commit 0" #:key key3)
+            (check-from "commit 1")
+            (check-from "commit 2")
+            (with-git-repository dir
+                `((add "noise 3")
+                  ;; a commit with key2
+                  (commit "commit 3" (signer ,(key-fingerprint key2))))
+              ;; Should fail because it is signed with key2, not key1
+              (check-from "commit 3" #:should-fail? #true)
+              ;; Specify commit 3 as a channel-introduction signed with
+              ;; key2. This is valid, but it should warn the user, because
+              ;; .guix-authorizations is not updated to include key2, which
+              ;; means that any subsequent commits with the same key will be
+              ;; rejected.
+              ;;
+              ;; TODO we should check somehow that a warning is issued
+              (check-from "commit 3" #:key key2))
+            (with-git-repository dir
+                `((reset ,(oid->string (commit-id (find-commit repo "commit 2"))))
+                  (add "noise 4")
+                  ;; set it up properly
+                  (add ".guix-authorizations"
+                       ,(object->string
+                         `(authorizations
+                           (version 0)
+                           ((,(key-fingerprint key1) (name "Alice"))
+                            (,(key-fingerprint key2) (name "Bob"))))))
+                  (commit "commit 4" (signer ,(key-fingerprint key2))))
+              ;; This should fail because even though commit 4 adds key2 to
+              ;; .guix-authorizations, the commit itself is not authorized.
+              (check-from "commit 1" #:should-fail? #true)
+              ;; This should pass, because it's a valid channel intro at commit 4
+              (check-from "commit 4" #:key key2))
+            (with-git-repository dir
+                `((add "noise 5")
+                  (commit "commit 5" (signer ,(key-fingerprint key2))))
+              ;; This is not very intuitive: because commit 4 has once been
+              ;; used as a channel intro, it got marked as trusted in the
+              ;; ~/.cache/, and because commit 1 is one of its parent, it is
+              ;; also trusted.
+              (check-from "commit 1")
+              (check-from "commit 2")
+              ;; Should still be fine, but only when starting from commit 4
+              (check-from "commit 4" #:key key2))
+            (with-git-repository dir
+                `((add "noise 6")
+                  (commit "commit 6" (signer ,(key-fingerprint key1))))
+              (check-from "commit 1")
+              (check-from "commit 2")
+              (check-from "commit 4" #:key key2))))))
+    result))
+
 (unless (gpg+git-available?) (test-skip 1))
 (test-assert "signed commits, .guix-authorizations, authorized merge"
   (with-fresh-gnupg-setup (list %ed25519-public-key-file
-- 
2.33.0





Information forwarded to guix-patches@HIDDEN:
bug#50814; Package guix-patches. Full text available.

Message received at 50814 <at> debbugs.gnu.org:


Received: (at 50814) by debbugs.gnu.org; 28 Sep 2021 01:07:59 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Mon Sep 27 21:07:59 2021
Received: from localhost ([127.0.0.1]:43233 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1mV1b2-0006TP-Lz
	for submit <at> debbugs.gnu.org; Mon, 27 Sep 2021 21:07:58 -0400
Received: from mail-ed1-f50.google.com ([209.85.208.50]:38673)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <attila.lendvai@HIDDEN>) id 1mV1b0-0006T2-CF
 for 50814 <at> debbugs.gnu.org; Mon, 27 Sep 2021 21:07:47 -0400
Received: by mail-ed1-f50.google.com with SMTP id dj4so76755381edb.5
 for <50814 <at> debbugs.gnu.org>; Mon, 27 Sep 2021 18:07:46 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112;
 h=sender:from:to:cc:subject:date:message-id:in-reply-to:references
 :mime-version:content-transfer-encoding;
 bh=aJEoCIEEpzageVMJefshkaispmlhREh+N3ffEi8R0Qk=;
 b=dNOhEz/CMOLDaZVvl5VPtyzykFGqA9p0NYqMI29NU2HTnUtgk+j8kSXmOzaqVawDOx
 /i6dIRyfLJ95HJtjvrFsdPWHIymdivwvLM4K/aj7MGfGV1sTBEWlwSGJO0pJYpjo6Xv/
 lMfDcYPOmBdy2HblLeYUyUSzW8R12tA2Mugep5fbazX7LDpAvWvRhjM7b9Ub+HTzYAlL
 MIU6/TT6lmTER8AA8y4QyMDxBzCEH4asVjeYYzzc9hvljj5086RD5l1nQRDTziqOtKUW
 WQHSBIpzBpwXPkQ7j3cOXvqxxjg44vSxkVkuplIwIE9hNN/3wrfyFD4M3NQGn5nY3mHm
 3ZPg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20210112;
 h=x-gm-message-state:sender:from:to:cc:subject:date:message-id
 :in-reply-to:references:mime-version:content-transfer-encoding;
 bh=aJEoCIEEpzageVMJefshkaispmlhREh+N3ffEi8R0Qk=;
 b=sp7lCoMayN0hPijH2Hv/YE7w+Sk0gNfTltOUJvRtFpxwwcp/1wJaqFVmRCa7dTPIRi
 sLAEsGbEvLDMsIdLKvazHfsjCCGVhCFjd9EWEmicN4kybstlpq8dxm4jsdiqwmMTbCKJ
 I6TQSCPswyLvLI6qljEeUaW+hGC0ah7iP9xcfbY2lvGuxm33ITL/Bx+E4MMY6w33Yk32
 l914kieNQ6lhielJFP5b15LWzod7tFaug+rvOPeZadJQcAnBy04xqXkCn9Y59KT9p2t1
 trItr8+C7JE7JJ6KNX8LNAmw/xXHIOIkjR/0b1UC2JB0NIbfYrx/ml8AWbHd//0hhRNN
 H+qQ==
X-Gm-Message-State: AOAM530NQHdjRDTYtkjntolCDwicubs0VM9H9O5zK8TkUnttpJSZ/WLm
 QtZWs166T0Jga0nKC1LnB3zkYzUhAmQ=
X-Google-Smtp-Source: ABdhPJy9tX7Pjj2dPvJm63TR4NsLdVZpkfGdMsD44UUyWqpYpoF6jUizxlQDRfhPqhTLnKtRx58jTA==
X-Received: by 2002:a05:6402:3128:: with SMTP id
 dd8mr4010947edb.383.1632791260694; 
 Mon, 27 Sep 2021 18:07:40 -0700 (PDT)
Received: from lelap.lan (catv-213-222-131-28.catv.broadband.hu.
 [213.222.131.28])
 by smtp.gmail.com with ESMTPSA id c5sm11989558edx.81.2021.09.27.18.07.40
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Mon, 27 Sep 2021 18:07:40 -0700 (PDT)
From: Attila Lendvai <attila@HIDDEN>
To: 50814 <at> debbugs.gnu.org
Subject: [PATCH 2/4] tests: Move keys into ./tests/keys/ and add a third
 ed25519 key.
Date: Tue, 28 Sep 2021 03:05:36 +0200
Message-Id: <20210928010537.4241-2-attila@HIDDEN>
X-Mailer: git-send-email 2.33.0
In-Reply-To: <20210928010537.4241-1-attila@HIDDEN>
References: <20210928010537.4241-1-attila@HIDDEN>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Spam-Score: 0.6 (/)
X-Debbugs-Envelope-To: 50814
Cc: Attila Lendvai <attila@HIDDEN>
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -0.4 (/)

The third key will be used in an upcoming commit.

Rename public keys to .pub.

* guix/tests/gnupg.scm (%ed25519-3-public-key-file): New variable.
(%ed25519-3-secret-key-file): New variable.
(%ed25519-2-public-key-file): Renamed from %ed25519bis-public-key-file.
(%ed25519-2-secret-key-file): Renamed from %ed25519bis-secret-key-file.
* tests/keys/ed25519-3.key: New file.
* tests/keys/ed25519-3.sec: New file.
---
 Makefile.am                                  | 20 +++++-----
 build-aux/test-env.in                        |  6 +--
 guix/tests/gnupg.scm                         | 22 ++++++----
 tests/channels.scm                           | 18 ++++-----
 tests/git-authenticate.scm                   | 23 +++++------
 tests/guix-authenticate.sh                   |  4 +-
 tests/{civodul.key => keys/civodul.pub}      |  0
 tests/{dsa.key => keys/dsa.pub}              |  0
 tests/{ed25519bis.key => keys/ed25519-2.pub} |  0
 tests/{ed25519bis.sec => keys/ed25519-2.sec} |  0
 tests/keys/ed25519-3.pub                     |  9 +++++
 tests/keys/ed25519-3.sec                     | 10 +++++
 tests/{ed25519.key => keys/ed25519.pub}      |  0
 tests/{ => keys}/ed25519.sec                 |  0
 tests/{rsa.key => keys/rsa.pub}              |  0
 tests/{ => keys}/signing-key.pub             |  0
 tests/{ => keys}/signing-key.sec             |  0
 tests/openpgp.scm                            | 42 +++++++++++---------
 18 files changed, 93 insertions(+), 61 deletions(-)
 rename tests/{civodul.key => keys/civodul.pub} (100%)
 rename tests/{dsa.key => keys/dsa.pub} (100%)
 rename tests/{ed25519bis.key => keys/ed25519-2.pub} (100%)
 rename tests/{ed25519bis.sec => keys/ed25519-2.sec} (100%)
 create mode 100644 tests/keys/ed25519-3.pub
 create mode 100644 tests/keys/ed25519-3.sec
 rename tests/{ed25519.key => keys/ed25519.pub} (100%)
 rename tests/{ => keys}/ed25519.sec (100%)
 rename tests/{rsa.key => keys/rsa.pub} (100%)
 rename tests/{ => keys}/signing-key.pub (100%)
 rename tests/{ => keys}/signing-key.sec (100%)

diff --git a/Makefile.am b/Makefile.am
index 042cf28464..c0a5b14f02 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -640,16 +640,18 @@ EXTRA_DIST +=						\
   build-aux/update-guix-package.scm			\
   build-aux/update-NEWS.scm				\
   tests/test.drv					\
-  tests/signing-key.pub					\
-  tests/signing-key.sec					\
   tests/cve-sample.json					\
-  tests/civodul.key					\
-  tests/rsa.key						\
-  tests/dsa.key						\
-  tests/ed25519.key					\
-  tests/ed25519.sec					\
-  tests/ed25519bis.key					\
-  tests/ed25519bis.sec					\
+  tests/keys/signing-key.pub				\
+  tests/keys/signing-key.sec				\
+  tests/keys/civodul.pub				\
+  tests/keys/rsa.pub					\
+  tests/keys/dsa.pub					\
+  tests/keys/ed25519.pub				\
+  tests/keys/ed25519.sec				\
+  tests/keys/ed25519-2.pub				\
+  tests/keys/ed25519-2.sec				\
+  tests/keys/ed25519-3.pub				\
+  tests/keys/ed25519-3.sec				\
   build-aux/config.rpath				\
   bootstrap						\
   doc/build.scm						\
diff --git a/build-aux/test-env.in b/build-aux/test-env.in
index 7efc43206c..ca786437e9 100644
--- a/build-aux/test-env.in
+++ b/build-aux/test-env.in
@@ -73,9 +73,9 @@ then
 	# Copy the keys so that the secret key has the right permissions (the
 	# daemon errors out when this is not the case.)
 	mkdir -p "$GUIX_CONFIGURATION_DIRECTORY"
-	cp "@abs_top_srcdir@/tests/signing-key.sec"	\
-	    "@abs_top_srcdir@/tests/signing-key.pub"	\
-	    "$GUIX_CONFIGURATION_DIRECTORY"
+	cp "@abs_top_srcdir@/tests/keys/signing-key.sec"	\
+	   "@abs_top_srcdir@/tests/keys/signing-key.pub"	\
+	   "$GUIX_CONFIGURATION_DIRECTORY"
 	chmod 400 "$GUIX_CONFIGURATION_DIRECTORY/signing-key.sec"
     fi
 
diff --git a/guix/tests/gnupg.scm b/guix/tests/gnupg.scm
index c7630db912..09f02a2b67 100644
--- a/guix/tests/gnupg.scm
+++ b/guix/tests/gnupg.scm
@@ -28,8 +28,10 @@
 
             %ed25519-public-key-file
             %ed25519-secret-key-file
-            %ed25519bis-public-key-file
-            %ed25519bis-secret-key-file
+            %ed25519-2-public-key-file
+            %ed25519-2-secret-key-file
+            %ed25519-3-public-key-file
+            %ed25519-3-secret-key-file
 
             read-openpgp-packet
             key-fingerprint
@@ -64,13 +66,17 @@ process is terminated afterwards."
   (call-with-fresh-gnupg-setup imported (lambda () exp ...)))
 
 (define %ed25519-public-key-file
-  (search-path %load-path "tests/ed25519.key"))
+  (search-path %load-path "tests/keys/ed25519.pub"))
 (define %ed25519-secret-key-file
-  (search-path %load-path "tests/ed25519.sec"))
-(define %ed25519bis-public-key-file
-  (search-path %load-path "tests/ed25519bis.key"))
-(define %ed25519bis-secret-key-file
-  (search-path %load-path "tests/ed25519bis.sec"))
+  (search-path %load-path "tests/keys/ed25519.sec"))
+(define %ed25519-2-public-key-file
+  (search-path %load-path "tests/keys/ed25519-2.pub"))
+(define %ed25519-2-secret-key-file
+  (search-path %load-path "tests/keys/ed25519-2.sec"))
+(define %ed25519-3-public-key-file
+  (search-path %load-path "tests/keys/ed25519-3.pub"))
+(define %ed25519-3-secret-key-file
+  (search-path %load-path "tests/keys/ed25519-3.sec"))
 
 (define (read-openpgp-packet file)
   (get-openpgp-packet
diff --git a/tests/channels.scm b/tests/channels.scm
index 3e82315b0c..d45c450241 100644
--- a/tests/channels.scm
+++ b/tests/channels.scm
@@ -480,8 +480,8 @@
   #t
   (with-fresh-gnupg-setup (list %ed25519-public-key-file
                                 %ed25519-secret-key-file
-                                %ed25519bis-public-key-file
-                                %ed25519bis-secret-key-file)
+                                %ed25519-2-public-key-file
+                                %ed25519-2-secret-key-file)
     (with-temporary-git-repository directory
         `((add ".guix-channel"
                ,(object->string
@@ -507,7 +507,7 @@
                          (commit-id-string commit1)
                          (openpgp-public-key-fingerprint
                           (read-openpgp-packet
-                           %ed25519bis-public-key-file)))) ;different key
+                           %ed25519-2-public-key-file)))) ;different key
                (channel (channel (name 'example)
                                  (url (string-append "file://" directory))
                                  (introduction intro))))
@@ -519,7 +519,7 @@
                                    (oid->string (commit-id commit1))
                                    (key-fingerprint %ed25519-public-key-file)
                                    (key-fingerprint
-                                    %ed25519bis-public-key-file))))))
+                                    %ed25519-2-public-key-file))))))
             (authenticate-channel channel directory
                                   (commit-id-string commit2)
                                   #:keyring-reference-prefix "")
@@ -530,8 +530,8 @@
   #t
   (with-fresh-gnupg-setup (list %ed25519-public-key-file
                                 %ed25519-secret-key-file
-                                %ed25519bis-public-key-file
-                                %ed25519bis-secret-key-file)
+                                %ed25519-2-public-key-file
+                                %ed25519-2-secret-key-file)
     (with-temporary-git-repository directory
         `((add ".guix-channel"
                ,(object->string
@@ -552,12 +552,12 @@
                   (signer ,(key-fingerprint %ed25519-public-key-file)))
           (add "c.txt" "C")
           (commit "third commit"
-                  (signer ,(key-fingerprint %ed25519bis-public-key-file)))
+                  (signer ,(key-fingerprint %ed25519-2-public-key-file)))
           (branch "channel-keyring")
           (checkout "channel-keyring")
           (add "signer.key" ,(call-with-input-file %ed25519-public-key-file
                                get-string-all))
-          (add "other.key" ,(call-with-input-file %ed25519bis-public-key-file
+          (add "other.key" ,(call-with-input-file %ed25519-2-public-key-file
                               get-string-all))
           (commit "keyring commit")
           (checkout "master"))
@@ -588,7 +588,7 @@
                                  (unauthorized-commit-error-signing-key c))
                                 (openpgp-public-key-fingerprint
                                  (read-openpgp-packet
-                                  %ed25519bis-public-key-file))))))
+                                  %ed25519-2-public-key-file))))))
                  (authenticate-channel channel directory
                                        (commit-id-string commit3)
                                        #:keyring-reference-prefix "")
diff --git a/tests/git-authenticate.scm b/tests/git-authenticate.scm
index d87eacc659..f66ef191b0 100644
--- a/tests/git-authenticate.scm
+++ b/tests/git-authenticate.scm
@@ -161,14 +161,14 @@
 (test-assert "signed commits, .guix-authorizations, unauthorized merge"
   (with-fresh-gnupg-setup (list %ed25519-public-key-file
                                 %ed25519-secret-key-file
-                                %ed25519bis-public-key-file
-                                %ed25519bis-secret-key-file)
+                                %ed25519-2-public-key-file
+                                %ed25519-2-secret-key-file)
     (with-temporary-git-repository directory
         `((add "signer1.key"
                ,(call-with-input-file %ed25519-public-key-file
                   get-string-all))
           (add "signer2.key"
-               ,(call-with-input-file %ed25519bis-public-key-file
+               ,(call-with-input-file %ed25519-2-public-key-file
                   get-string-all))
           (add ".guix-authorizations"
                ,(object->string
@@ -184,7 +184,7 @@
           (checkout "devel")
           (add "devel/1.txt" "1")
           (commit "first devel commit"
-                  (signer ,(key-fingerprint %ed25519bis-public-key-file)))
+                  (signer ,(key-fingerprint %ed25519-2-public-key-file)))
           (checkout "master")
           (add "b.txt" "B")
           (commit "second commit"
@@ -203,7 +203,7 @@
                   (openpgp-public-key-fingerprint
                    (unauthorized-commit-error-signing-key c))
                   (openpgp-public-key-fingerprint
-                   (read-openpgp-packet %ed25519bis-public-key-file)))))
+                   (read-openpgp-packet %ed25519-2-public-key-file)))))
 
           (and (authenticate-commits repository (list master1 master2)
                                      #:keyring-reference "master")
@@ -230,14 +230,14 @@
 (test-assert "signed commits, .guix-authorizations, authorized merge"
   (with-fresh-gnupg-setup (list %ed25519-public-key-file
                                 %ed25519-secret-key-file
-                                %ed25519bis-public-key-file
-                                %ed25519bis-secret-key-file)
+                                %ed25519-2-public-key-file
+                                %ed25519-2-secret-key-file)
     (with-temporary-git-repository directory
         `((add "signer1.key"
                ,(call-with-input-file %ed25519-public-key-file
                   get-string-all))
           (add "signer2.key"
-               ,(call-with-input-file %ed25519bis-public-key-file
+               ,(call-with-input-file %ed25519-2-public-key-file
                   get-string-all))
           (add ".guix-authorizations"
                ,(object->string
@@ -258,12 +258,12 @@
                                       %ed25519-public-key-file)
                                     (name "Alice"))
                                    (,(key-fingerprint
-                                      %ed25519bis-public-key-file))))))
+                                      %ed25519-2-public-key-file))))))
           (commit "first devel commit"
                   (signer ,(key-fingerprint %ed25519-public-key-file)))
           (add "devel/2.txt" "2")
           (commit "second devel commit"
-                  (signer ,(key-fingerprint %ed25519bis-public-key-file)))
+                  (signer ,(key-fingerprint %ed25519-2-public-key-file)))
           (checkout "master")
           (add "b.txt" "B")
           (commit "second commit"
@@ -273,7 +273,7 @@
           ;; After the merge, the second signer is authorized.
           (add "c.txt" "C")
           (commit "third commit"
-                  (signer ,(key-fingerprint %ed25519bis-public-key-file))))
+                  (signer ,(key-fingerprint %ed25519-2-public-key-file))))
       (with-repository directory repository
         (let ((master1 (find-commit repository "first commit"))
               (master2 (find-commit repository "second commit"))
@@ -328,4 +328,3 @@
                  'failed)))))))
 
 (test-end "git-authenticate")
-
diff --git a/tests/guix-authenticate.sh b/tests/guix-authenticate.sh
index 3a05b232c1..0de6da1878 100644
--- a/tests/guix-authenticate.sh
+++ b/tests/guix-authenticate.sh
@@ -28,7 +28,7 @@ rm -f "$sig" "$hash"
 
 trap 'rm -f "$sig" "$hash"' EXIT
 
-key="$abs_top_srcdir/tests/signing-key.sec"
+key="$abs_top_srcdir/tests/keys/signing-key.sec"
 key_len="`echo -n $key | wc -c`"
 
 # A hexadecimal string as long as a sha256 hash.
@@ -67,7 +67,7 @@ test "$code" -ne 0
 # encoded independently of the current locale: <https://bugs.gnu.org/43421>.
 hash="636166e9636166e9636166e9636166e9636166e9636166e9636166e9636166e9"
 latin1_cafe="caf$(printf '\351')"
-echo "sign 21:tests/signing-key.sec 64:$hash" | guix authenticate \
+echo "sign 26:tests/keys/signing-key.sec 64:$hash" | guix authenticate \
     | LC_ALL=C grep "hash sha256 \"$latin1_cafe"
 
 # Test for <http://bugs.gnu.org/17312>: make sure 'guix authenticate' produces
diff --git a/tests/civodul.key b/tests/keys/civodul.pub
similarity index 100%
rename from tests/civodul.key
rename to tests/keys/civodul.pub
diff --git a/tests/dsa.key b/tests/keys/dsa.pub
similarity index 100%
rename from tests/dsa.key
rename to tests/keys/dsa.pub
diff --git a/tests/ed25519bis.key b/tests/keys/ed25519-2.pub
similarity index 100%
rename from tests/ed25519bis.key
rename to tests/keys/ed25519-2.pub
diff --git a/tests/ed25519bis.sec b/tests/keys/ed25519-2.sec
similarity index 100%
rename from tests/ed25519bis.sec
rename to tests/keys/ed25519-2.sec
diff --git a/tests/keys/ed25519-3.pub b/tests/keys/ed25519-3.pub
new file mode 100644
index 0000000000..72f311984c
--- /dev/null
+++ b/tests/keys/ed25519-3.pub
@@ -0,0 +1,9 @@
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+
+mDMEYVH/7xYJKwYBBAHaRw8BAQdALMLeUhjEG2/UPCJj2j/debFwwAK5gT3G0l5d
+ILfFldm0FTxleGFtcGxlQGV4YW1wbGUuY29tPoiWBBMWCAA+FiEEjO6M85jMSK68
+7tINGBzA7NyoagkFAmFR/+8CGwMFCQPCZwAFCwkIBwIGFQoJCAsCBBYCAwECHgEC
+F4AACgkQGBzA7Nyoagl3lgEAw6yqIlX11lTqwxBGhZk/Oy34O13cbJSZCGv+m0ja
++hcA/3DCNOmT+oXjgO/w6enQZUQ1m/d6dUjCc2wOLlLz+ZoG
+=+r3i
+-----END PGP PUBLIC KEY BLOCK-----
diff --git a/tests/keys/ed25519-3.sec b/tests/keys/ed25519-3.sec
new file mode 100644
index 0000000000..04128a4131
--- /dev/null
+++ b/tests/keys/ed25519-3.sec
@@ -0,0 +1,10 @@
+-----BEGIN PGP PRIVATE KEY BLOCK-----
+
+lFgEYVH/7xYJKwYBBAHaRw8BAQdALMLeUhjEG2/UPCJj2j/debFwwAK5gT3G0l5d
+ILfFldkAAP92goSbbzQ0ttElr9lr5Cm6rmQtqUZ2Cu/Jk9fvfZROwxI0tBU8ZXhh
+bXBsZUBleGFtcGxlLmNvbT6IlgQTFggAPhYhBIzujPOYzEiuvO7SDRgcwOzcqGoJ
+BQJhUf/vAhsDBQkDwmcABQsJCAcCBhUKCQgLAgQWAgMBAh4BAheAAAoJEBgcwOzc
+qGoJd5YBAMOsqiJV9dZU6sMQRoWZPzst+Dtd3GyUmQhr/ptI2voXAP9wwjTpk/qF
+44Dv8Onp0GVENZv3enVIwnNsDi5S8/maBg==
+=EmOt
+-----END PGP PRIVATE KEY BLOCK-----
diff --git a/tests/ed25519.key b/tests/keys/ed25519.pub
similarity index 100%
rename from tests/ed25519.key
rename to tests/keys/ed25519.pub
diff --git a/tests/ed25519.sec b/tests/keys/ed25519.sec
similarity index 100%
rename from tests/ed25519.sec
rename to tests/keys/ed25519.sec
diff --git a/tests/rsa.key b/tests/keys/rsa.pub
similarity index 100%
rename from tests/rsa.key
rename to tests/keys/rsa.pub
diff --git a/tests/signing-key.pub b/tests/keys/signing-key.pub
similarity index 100%
rename from tests/signing-key.pub
rename to tests/keys/signing-key.pub
diff --git a/tests/signing-key.sec b/tests/keys/signing-key.sec
similarity index 100%
rename from tests/signing-key.sec
rename to tests/keys/signing-key.sec
diff --git a/tests/openpgp.scm b/tests/openpgp.scm
index c2be26fa49..1f20466772 100644
--- a/tests/openpgp.scm
+++ b/tests/openpgp.scm
@@ -59,18 +59,22 @@ vBSFjNSiVHsuAA==
 (define %civodul-fingerprint
   "3CE4 6455 8A84 FDC6 9DB4  0CFB 090B 1199 3D9A EBB5")
 
-(define %civodul-key-id #x090B11993D9AEBB5)       ;civodul.key
-
-;; Test keys.  They were generated in a container along these lines:
-;;    guix environment -CP --ad-hoc gnupg pinentry
-;; then, within the container:
-;;    mkdir ~/.gnupg
-;;    echo pinentry-program ~/.guix-profile/bin/pinentry-tty > ~/.gnupg/gpg-agent.conf
-;;    gpg --quick-gen-key '<ludo+test-rsa@HIDDEN>' rsa
-;; or similar.
-(define %rsa-key-id      #xAE25DA2A70DEED59)      ;rsa.key
-(define %dsa-key-id      #x587918047BE8BD2C)      ;dsa.key
-(define %ed25519-key-id  #x771F49CBFAAE072D)      ;ed25519.key
+(define %civodul-key-id #x090B11993D9AEBB5)       ;civodul.pub
+
+#|
+Test keys in ./tests/keys.  They were generated in a container along these lines:
+  guix environment -CP --ad-hoc gnupg pinentry coreutils
+then, within the container:
+  mkdir ~/.gnupg && chmod -R og-rwx ~/.gnupg
+  gpg --batch --passphrase '' --quick-gen-key '<example@HIDDEN>' ed25519
+  gpg --armor --export example@HIDDEN
+  gpg --armor --export-secret-key example@HIDDEN
+  # echo pinentry-program ~/.guix-profile/bin/pinentry-curses > ~/.gnupg/gpg-agent.conf
+or similar.
+|#
+(define %rsa-key-id      #xAE25DA2A70DEED59)      ;rsa.pub
+(define %dsa-key-id      #x587918047BE8BD2C)      ;dsa.pub
+(define %ed25519-key-id  #x771F49CBFAAE072D)      ;ed25519.pub
 
 (define %rsa-key-fingerprint
   (base16-string->bytevector
@@ -168,7 +172,7 @@ Pz7oopeN72xgggYUNT37ezqN3MeCqw0=
   (not (port-ascii-armored? (open-bytevector-input-port %binary-sample))))
 
 (test-assert "get-openpgp-keyring"
-  (let* ((key (search-path %load-path "tests/civodul.key"))
+  (let* ((key (search-path %load-path "tests/keys/civodul.pub"))
          (keyring (get-openpgp-keyring
                    (open-bytevector-input-port
                     (call-with-input-file key read-radix-64)))))
@@ -228,8 +232,10 @@ Pz7oopeN72xgggYUNT37ezqN3MeCqw0=
                          (verify-openpgp-signature signature keyring
                                                    (open-input-string "Hello!\n"))))
              (list status (openpgp-public-key-id key)))))
-       (list "tests/rsa.key" "tests/dsa.key"
-             "tests/ed25519.key" "tests/ed25519.key" "tests/ed25519.key")
+       (list "tests/keys/rsa.pub" "tests/keys/dsa.pub"
+             "tests/keys/ed25519.pub"
+             "tests/keys/ed25519.pub"
+             "tests/keys/ed25519.pub")
        (list %hello-signature/rsa %hello-signature/dsa
              %hello-signature/ed25519/sha256
              %hello-signature/ed25519/sha512
@@ -248,9 +254,9 @@ Pz7oopeN72xgggYUNT37ezqN3MeCqw0=
                              (call-with-input-file key read-radix-64))
                             keyring)))
                        %empty-keyring
-                       '("tests/rsa.key" "tests/dsa.key"
-                         "tests/ed25519.key" "tests/ed25519.key"
-                         "tests/ed25519.key"))))
+                       '("tests/keys/rsa.pub" "tests/keys/dsa.pub"
+                         "tests/keys/ed25519.pub" "tests/keys/ed25519.pub"
+                         "tests/keys/ed25519.pub"))))
     (map (lambda (signature)
            (let ((signature (string->openpgp-packet signature)))
              (let-values (((status key)
-- 
2.33.0





Information forwarded to guix-patches@HIDDEN:
bug#50814; Package guix-patches. Full text available.

Message received at 50814 <at> debbugs.gnu.org:


Received: (at 50814) by debbugs.gnu.org; 28 Sep 2021 01:07:48 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Mon Sep 27 21:07:48 2021
Received: from localhost ([127.0.0.1]:43231 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1mV1b2-0006TM-C8
	for submit <at> debbugs.gnu.org; Mon, 27 Sep 2021 21:07:48 -0400
Received: from mail-ed1-f49.google.com ([209.85.208.49]:35807)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <attila.lendvai@HIDDEN>) id 1mV1ay-0006Sz-Id
 for 50814 <at> debbugs.gnu.org; Mon, 27 Sep 2021 21:07:47 -0400
Received: by mail-ed1-f49.google.com with SMTP id l8so28956665edw.2
 for <50814 <at> debbugs.gnu.org>; Mon, 27 Sep 2021 18:07:44 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112;
 h=sender:from:to:cc:subject:date:message-id:mime-version
 :content-transfer-encoding;
 bh=4C6uXvPkgyWTKcARbKHq7ZaLxV3UyjfBBjr9wtyCgyE=;
 b=R1cogpYPPRAr4Ev2EvZI62NivazpiI39TYQj6/PnfluEgI2xEaDGiDSaUcr9uGdkjY
 vZF7a8/8AfavTMQWmBjzSZOOJfFvzx6PdU37kJ++Oxo8XGmZYYd5+6KtLrmSRY23pJT5
 ETO0BE0LUjZP3Y69NxGgT4gvwyTUVuYf/p5+kI2MjlXVvw/QlXsNMvi7HYd1PsM2/IOk
 q+2xdq3iNXieiL7OQ+j+MyrveYZpRAoYa/Y67s5tGiIIKD0NOUmIxCYZbq18OwWGH7Mh
 6Z0RLbXLs1aOjegB1+Yhmb2Ille/UPFK9Kkteda5qwxRwTDT2JjHvGTpMowZJn8lxdSc
 7QtA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20210112;
 h=x-gm-message-state:sender:from:to:cc:subject:date:message-id
 :mime-version:content-transfer-encoding;
 bh=4C6uXvPkgyWTKcARbKHq7ZaLxV3UyjfBBjr9wtyCgyE=;
 b=mOfBj72qeXXxanxtdqdGdye+N26AMGJ+bFonof98tSwXCnXuFrgVdCrJ/ro00wN0OB
 gIkt7Tqz1ntlcJj7IquwuQxx72AeexTt3nNKdC1+5iXKiG6VYe6Yv5U4Zk27ZwUv73Gq
 N0VnJpsxaKersGc2rusOSK73Xq7+cf9XRDnppAfCEZb4q1lRfHRV0TZZVKmm449Btl8s
 5ieK4kM7URPK3PLLp78ZvO8dTEVnk17py4oc2ShIn0JQPA/aTVT6brtjWB2+h+O4v4y1
 sa4iDhHA/LkoXViNa+fjIwm2/jjnHSFH9mk1rgxGtRPp+cqA/p1+vDW5knr9tidYJ9k7
 ZS1Q==
X-Gm-Message-State: AOAM531Ovpu7RcuoCOqoiQQLxHG5tkIGoSLYLcJYFuYRV4rN7vjxI+Nm
 MIXgtL2KWYqCypfN3vJHrc1qkpMUazA=
X-Google-Smtp-Source: ABdhPJyZVxIbrPvx58WDmQaFMt/bkn5gwh7ikbnRyzbVaDbZuvLYh/BBpfOimsbo6S3n6xry6p5EHg==
X-Received: by 2002:aa7:c2d3:: with SMTP id m19mr4137555edp.267.1632791258731; 
 Mon, 27 Sep 2021 18:07:38 -0700 (PDT)
Received: from lelap.lan (catv-213-222-131-28.catv.broadband.hu.
 [213.222.131.28])
 by smtp.gmail.com with ESMTPSA id c5sm11989558edx.81.2021.09.27.18.07.36
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Mon, 27 Sep 2021 18:07:37 -0700 (PDT)
From: Attila Lendvai <attila@HIDDEN>
To: 50814 <at> debbugs.gnu.org
Subject: [PATCH 1/4] tests: Smarten up git repository testing framework.
Date: Tue, 28 Sep 2021 03:05:35 +0200
Message-Id: <20210928010537.4241-1-attila@HIDDEN>
X-Mailer: git-send-email 2.33.0
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Spam-Score: 0.5 (/)
X-Debbugs-Envelope-To: 50814
Cc: Attila Lendvai <attila@HIDDEN>
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -0.5 (/)

* guix/tests/git.scm (with-git-repository): New macro that can be used in
a nested way under a with-temporary-git-repository.
(populate-git-repository): Extend the DSL with (add "some-noise"), (reset
"[commit hash]"), (checkout "branch" orphan).
* guix/tests/gnupg.scm (key-fingerprint-vector): New function.
---

Ready for merging modulo possible feedback, and one TODO
regarding the UI of giving feedback to the user.

 guix/tests/git.scm   | 23 +++++++++++++++++++++--
 guix/tests/gnupg.scm |  8 ++++++--
 2 files changed, 27 insertions(+), 4 deletions(-)

diff --git a/guix/tests/git.scm b/guix/tests/git.scm
index 69960284d9..76f5a8b937 100644
--- a/guix/tests/git.scm
+++ b/guix/tests/git.scm
@@ -26,6 +26,7 @@
   #:use-module (ice-9 control)
   #:export (git-command
             with-temporary-git-repository
+            with-git-repository
             find-commit))
 
 (define git-command
@@ -59,8 +60,9 @@ Return DIRECTORY on success."
         (apply invoke (git-command) "-C" directory
                command args)))))
 
-  (mkdir-p directory)
-  (git "init")
+  (unless (directory-exists? (string-append directory "/.git"))
+    (mkdir-p directory)
+    (git "init"))
 
   (let loop ((directives directives))
     (match directives
@@ -78,6 +80,9 @@ Return DIRECTORY on success."
                       port)))
          (git "add" file)
          (loop rest)))
+      ((('add file-name-and-content) rest ...)
+       (loop (cons `(add ,file-name-and-content ,file-name-and-content)
+                   rest)))
       ((('remove file) rest ...)
        (git "rm" "-f" file)
        (loop rest))
@@ -99,12 +104,18 @@ Return DIRECTORY on success."
       ((('checkout branch) rest ...)
        (git "checkout" branch)
        (loop rest))
+      ((('checkout branch 'orphan) rest ...)
+       (git "checkout" "--orphan" branch)
+       (loop rest))
       ((('merge branch message) rest ...)
        (git "merge" branch "-m" message)
        (loop rest))
       ((('merge branch message ('signer fingerprint)) rest ...)
        (git "merge" branch "-m" message
             (string-append "--gpg-sign=" fingerprint))
+       (loop rest))
+      ((('reset to) rest ...)
+       (git "reset" "--hard" to)
        (loop rest)))))
 
 (define (call-with-temporary-git-repository directives proc)
@@ -121,6 +132,14 @@ per DIRECTIVES."
                                       (lambda (directory)
                                         exp ...)))
 
+(define-syntax-rule (with-git-repository directory
+                                         directives exp ...)
+  "Evaluate EXP in a context where DIRECTORY is (further) populated as
+per DIRECTIVES."
+  (begin
+    (populate-git-repository directory directives)
+    exp ...))
+
 (define (find-commit repository message)
   "Return the commit in REPOSITORY whose message includes MESSAGE, a string."
   (let/ec return
diff --git a/guix/tests/gnupg.scm b/guix/tests/gnupg.scm
index eb8ff63a43..c7630db912 100644
--- a/guix/tests/gnupg.scm
+++ b/guix/tests/gnupg.scm
@@ -33,6 +33,7 @@
 
             read-openpgp-packet
             key-fingerprint
+            key-fingerprint-vector
             key-id))
 
 (define gpg-command
@@ -76,7 +77,10 @@ process is terminated afterwards."
    (open-bytevector-input-port
     (call-with-input-file file read-radix-64))))
 
+(define key-fingerprint-vector
+  (compose openpgp-public-key-fingerprint
+           read-openpgp-packet))
+
 (define key-fingerprint
   (compose openpgp-format-fingerprint
-           openpgp-public-key-fingerprint
-           read-openpgp-packet))
+           key-fingerprint-vector))
-- 
2.33.0





Information forwarded to guix-patches@HIDDEN:
bug#50814; Package guix-patches. Full text available.

Message received at 50814 <at> debbugs.gnu.org:


Received: (at 50814) by debbugs.gnu.org; 27 Sep 2021 18:45:38 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Mon Sep 27 14:45:38 2021
Received: from localhost ([127.0.0.1]:42843 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1mUvdC-00010k-0x
	for submit <at> debbugs.gnu.org; Mon, 27 Sep 2021 14:45:38 -0400
Received: from mail-40136.protonmail.ch ([185.70.40.136]:33655)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <attila@HIDDEN>) id 1mUvd9-00010T-4I
 for 50814 <at> debbugs.gnu.org; Mon, 27 Sep 2021 14:45:36 -0400
Date: Mon, 27 Sep 2021 18:45:25 +0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=lendvai.name;
 s=protonmail2; t=1632768328;
 bh=iPL5ldy2H+WYgs0Qz39B/IKLS5p+uw26vP6r+9YIhyA=;
 h=Date:To:From:Cc:Reply-To:Subject:In-Reply-To:References:From;
 b=dcqFoRKqfaT1Z9ccUTHPwdhWr1dOQ9mR/rK35wcpAsLN3VH/5W4EDRu3GH0ouaN/x
 jqmDvqys2n3k1jafaaU6sYDDkH279Td4+3R5CunLvy2gP0230q5it5pjJ+d91lnG7y
 oLiNnZixiIfDTHiOyuLZ92OV82I/AMU00Z2+tCF3Onlq6eLJPIJb2bXdBUxXwRuYvW
 H4ncDX+676tyqKRMKr/yn2yLSyXFr3w9s/4GSwxSd5wAHNwfO6kDmmAcDWTIVAmsU9
 fBO3E/a6IzI6NiRT8w5nSC1gX2T4nSokqquy1CKsmjBp1/iXULlYlgOflJ6z6uar9D
 B74+0IhZp4opQ==
To: Maxime Devos <maximedevos@HIDDEN>
From: Attila Lendvai <attila@HIDDEN>
Subject: Re: [bug#50814] [PATCH] guix: git-authenticate: Also authenticate the
 channel intro commit.
Message-ID: <XYPPxjyGCdWp4mrarRj4nrI4iZiANxHu1TJEVMd_d2PGw4OmD0yr7HMLd9NXEljnm5TSox8pm75D-alHyaiu29Wre4spahCrmuqZCvkSql8=@lendvai.name>
In-Reply-To: <2b0173cc9809ab1e806bf0061fc28a9a85dda6e0.camel@HIDDEN>
References: <20210926101928.3877-1-attila@HIDDEN>
 <2b0173cc9809ab1e806bf0061fc28a9a85dda6e0.camel@HIDDEN>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
X-Spam-Status: No, score=-1.2 required=10.0 tests=ALL_TRUSTED,DKIM_SIGNED,
 DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF shortcircuit=no
 autolearn=disabled version=3.4.4
X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on
 mailout.protonmail.ch
X-Spam-Score: -0.0 (/)
X-Debbugs-Envelope-To: 50814
Cc: 50814 <at> debbugs.gnu.org
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Reply-To: Attila Lendvai <attila@HIDDEN>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -1.0 (-)

what should happen if a channel-introduction commit does not update the .gu=
ix-authorizations file?

this means that this single commit will get through the authentication (cha=
nnel intro commits are always trusted), but any later commits signed with t=
he same key will be rejected.

this is the situation that got me confused, and thrust me into attempting t=
o fix this (trying to `guix pull` from a local git checkout of guix contain=
ing my patches).

i wrote the code for this, but i don't know what should be its UI. how shou=
ld this be reported to the user?

using `(warning ...)` will just print something to stderr.

i was hoping to raise a continuable condition of type &warning, that i can =
even check for in the tests, but i have failed to put that together. the sc=
heme/guile condition system is a bit messy/convoluted.

can someone help me out with a hint/outline about how to report this that b=
est fits the rest of guix?

note that it's not really an error, because until another commit is added w=
ith the new key, this channel is valid.

- attila
PGP:=C2=A05D5F 45C7 DFCD 0A39





Information forwarded to guix-patches@HIDDEN:
bug#50814; Package guix-patches. Full text available.

Message received at 50814 <at> debbugs.gnu.org:


Received: (at 50814) by debbugs.gnu.org; 27 Sep 2021 18:01:32 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Mon Sep 27 14:01:32 2021
Received: from localhost ([127.0.0.1]:42751 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1mUuwW-0008Ih-3n
	for submit <at> debbugs.gnu.org; Mon, 27 Sep 2021 14:01:32 -0400
Received: from mail-40131.protonmail.ch ([185.70.40.131]:47484)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <attila@HIDDEN>) id 1mUuwS-0008IO-TC
 for 50814 <at> debbugs.gnu.org; Mon, 27 Sep 2021 14:01:30 -0400
Date: Mon, 27 Sep 2021 18:01:17 +0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=lendvai.name;
 s=protonmail2; t=1632765678;
 bh=picSrt/spDdNBOxn0BjlTYSHMd7AEv74CVbXlQ0G7OA=;
 h=Date:To:From:Cc:Reply-To:Subject:In-Reply-To:References:From;
 b=xCz31ht5aICuiFBxkBfxGDVI6J0qNAi8D/hzERFRlakTErFhXRTXrGxDiX8HxPUkv
 WUCb+5VBHxuvqM9Zmv3dGBOnHNQy7JZaUPlwTESonto1szXKIRB9FFlGn6V2lygJx+
 iNA0OFa1+3tKBsiU1/FBioR3Y26PlSF9n6TrCrqR+BZEGUYtZPqBq25HjELtm7MAQ1
 a6p0oCJFHz3Xd71GhYFxAjyZgp0EYz8ZX0T+T/EhbZEJPtrARMCITqpTUEOiZMLcVe
 Be5s45gJAUAlOVprzpeVMN+qYIz9gVYuhBocYeLZCPIb+1uxY5PGMXStK4g5jWmxLF
 /gPgaLqFT2qFw==
To: Maxime Devos <maximedevos@HIDDEN>
From: Attila Lendvai <attila@HIDDEN>
Subject: Re: [bug#50814] [PATCH] guix: git-authenticate: Also authenticate the
 channel intro commit.
Message-ID: <MlwY6eiUOkCgaEkZpM6XICOnF_c4o-I_YSlLPKysM412Chnv8lfK1x_AodHD1QZUAgy46Zk3LYfa7Et5QGDH9pOzo6KcEw9SweC7L57f1os=@lendvai.name>
In-Reply-To: <2b0173cc9809ab1e806bf0061fc28a9a85dda6e0.camel@HIDDEN>
References: <20210926101928.3877-1-attila@HIDDEN>
 <2b0173cc9809ab1e806bf0061fc28a9a85dda6e0.camel@HIDDEN>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
X-Spam-Status: No, score=-1.2 required=10.0 tests=ALL_TRUSTED,DKIM_SIGNED,
 DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF shortcircuit=no
 autolearn=disabled version=3.4.4
X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on
 mailout.protonmail.ch
X-Spam-Score: -0.0 (/)
X-Debbugs-Envelope-To: 50814
Cc: 50814 <at> debbugs.gnu.org
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Reply-To: Attila Lendvai <attila@HIDDEN>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -1.0 (-)

just a quick update that i'm working on putting together an extensive test =
for this, and a fix.

- attila
PGP:=C2=A05D5F 45C7 DFCD 0A39





Information forwarded to guix-patches@HIDDEN:
bug#50814; Package guix-patches. Full text available.

Message received at 50814 <at> debbugs.gnu.org:


Received: (at 50814) by debbugs.gnu.org; 26 Sep 2021 18:15:07 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Sun Sep 26 14:15:07 2021
Received: from localhost ([127.0.0.1]:38756 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1mUYg7-0001A1-Bj
	for submit <at> debbugs.gnu.org; Sun, 26 Sep 2021 14:15:07 -0400
Received: from baptiste.telenet-ops.be ([195.130.132.51]:44558)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <maximedevos@HIDDEN>) id 1mUYg5-00016L-4C
 for 50814 <at> debbugs.gnu.org; Sun, 26 Sep 2021 14:15:06 -0400
Received: from ptr-bvsjgyjmffd7q9timvx.18120a2.ip6.access.telenet.be
 ([IPv6:2a02:1811:8c09:9d00:aaf1:9810:a0b8:a55d])
 by baptiste.telenet-ops.be with bizsmtp
 id yiF3250030mfAB401iF3VW; Sun, 26 Sep 2021 20:15:03 +0200
Message-ID: <2b0173cc9809ab1e806bf0061fc28a9a85dda6e0.camel@HIDDEN>
Subject: Re: [bug#50814] [PATCH] guix: git-authenticate: Also authenticate
 the channel intro commit.
From: Maxime Devos <maximedevos@HIDDEN>
To: Attila Lendvai <attila@HIDDEN>, 50814 <at> debbugs.gnu.org
In-Reply-To: <20210926101928.3877-1-attila@HIDDEN>
References: <20210926101928.3877-1-attila@HIDDEN>
Content-Type: multipart/signed; micalg="pgp-sha512";
 protocol="application/pgp-signature"; boundary="=-T0Rmxvr6JckLDOp1J0l6"
Date: Sun, 26 Sep 2021 20:14:41 +0200
MIME-Version: 1.0
User-Agent: Evolution 3.34.2 
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=telenet.be; s=r21;
 t=1632680103; bh=zxVmm4eG/ck84kdFcjH5tFLJ0LwR2202hAvXv07WDRg=;
 h=Subject:From:To:In-Reply-To:References:Date;
 b=cV6qyMECT7m0d20FcLiv8Pjc9r5O3ksXeD2SS/Q+5rLFopHf/lVtDRvjjELsJXRjU
 MI7aZsJt8ib3laqa6q4sBFRaZ9ELdMLRquB0xpwbJ+9PdFBM4cK289vz6Gb9LSuxCN
 so33Cp9rUdM5Vy+aeKVECktAM9WF0L8OfHeRYTVbW7cxDwx3Jgp2JFuzBp5F6VX3LH
 YFLTAsPot7dsFieCuKCPs1IYI3fyhBl7zMMwNcFOcraQhfTaKL6lx2SAxAMTGFXR8c
 SZnVnnoxOOqAgnZGnYRCg6Nz3A8VUXuVJOhmwIHHGYUBrIt3R/3bP6u94rm8scVjTp
 81Olo6d3Mx7pw==
X-Spam-Score: -0.7 (/)
X-Debbugs-Envelope-To: 50814
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -1.7 (-)


--=-T0Rmxvr6JckLDOp1J0l6
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

Attila Lendvai schreef op zo 26-09-2021 om 12:19 [+0200]:
> * guix/git-authenticate.scm (authenticate-commit): Reword and extend the =
error
> message to point to the relevant part of the manual.
> (authenticate-repository): Explicitly authenticate the channel introducti=
on
> commit, so that it's also rejected unless it is signed by an authorized
> key. Otherwise only the second commit would yield an error, which
> is confusing.
> ---
>=20
> here's how i tested this:
>=20
> i set up pulling from a local checkout of guix.
> in that branch i created a signed dummy commit, and added it as a channel
> introduction, replacing guix in my /etc/guix/channels.scm. then tried to
> guix pull, which worked.
>=20
> then i added another dummy commit, which resulted in an error when pullin=
g.
>=20
> then i reset the branch back to only contain the first commit, and added
> this code that then resulted in an error even with a single commit.
>=20
> i have encountered it while i was trying to set up my local checkout to
> test my patches on my live guix, and i was utterly confused why my commit
> was rejected as unauthenticated (i misunderstood how git-authenticate
> works).
>=20
>  guix/git-authenticate.scm | 11 ++++++++---
>  1 file changed, 8 insertions(+), 3 deletions(-)
>=20
> diff --git a/guix/git-authenticate.scm b/guix/git-authenticate.scm
> index ab3fcd8b2f..7d66bf0754 100644
> --- a/guix/git-authenticate.scm
> +++ b/guix/git-authenticate.scm
> @@ -236,8 +236,8 @@ not specify anything, fall back to DEFAULT-AUTHORIZAT=
IONS."
>              (condition
>               (&unauthorized-commit-error (commit id)
>                                           (signing-key signing-key)))
> -            (formatted-message (G_ "commit ~a not signed by an authorize=
d \
> -key: ~a")
> +            (formatted-message (G_ "commit ~a is signed by an unauthoriz=
ed \
> +key: ~a\nSee info guix \"Specifying Channel Authorizations\".")
>                                 (oid->string id)
>                                 (openpgp-format-fingerprint
>                                  (openpgp-public-key-fingerprint
> @@ -424,7 +424,12 @@ denoting the authorized keys for commits whose paren=
t lack the
>          ;; If it's our first time, verify START-COMMIT's signature.
>          (when (null? authenticated-commits)
>            (verify-introductory-commit repository keyring
> -                                      start-commit signer))
> +                                      start-commit signer)
> +          ;; Explicitly authenticate the channel introduction commit, so=
 that
> +          ;; it's also rejected unless it's signed by an authorized
> +          ;; key. Otherwise only the second commit would yield an error,=
 which
> +          ;; is confusing.
> +          (authenticate-commits repository (list start-commit)))

Could you add a test to tests/git-authenticate.scm, verifying the right com=
it
is reported?  (Maybe use unauthorized-commit-error?, guard and
authenticate-repository.)

I'm not sure explicitely validating the start commit is sufficient.  What h=
appens
in the following scenario:

(Order of commits)
  0. start commit
  1. valid (already authenticated?) commit
  2. invalid commit
  3. invalid commit

Is commit 2 reported, or commit 3 reported?  I think commit 2 should be rep=
orted,
but from your messages on IRC, I think you saw commit 3 being reported?

Greetings,
Maxime.

--=-T0Rmxvr6JckLDOp1J0l6
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: This is a digitally signed message part

-----BEGIN PGP SIGNATURE-----

iI0EABYKADUWIQTB8z7iDFKP233XAR9J4+4iGRcl7gUCYVC4iRccbWF4aW1lZGV2
b3NAdGVsZW5ldC5iZQAKCRBJ4+4iGRcl7qZjAQDP3PxstiQvdEIYogONKEK5cV7Y
S23cCMA+zr00wECX8wD/XEJ4PwOOlWjmfQV/hRD+r63hwNgnMXiUr4JTHicpRwc=
=F26d
-----END PGP SIGNATURE-----

--=-T0Rmxvr6JckLDOp1J0l6--





Information forwarded to guix-patches@HIDDEN:
bug#50814; Package guix-patches. Full text available.

Message received at 50814 <at> debbugs.gnu.org:


Received: (at 50814) by debbugs.gnu.org; 26 Sep 2021 18:02:21 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Sun Sep 26 14:02:21 2021
Received: from localhost ([127.0.0.1]:38740 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1mUYTk-0000lm-Rt
	for submit <at> debbugs.gnu.org; Sun, 26 Sep 2021 14:02:21 -0400
Received: from out1-smtp.messagingengine.com ([66.111.4.25]:50217)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <leo@HIDDEN>) id 1mUYTj-0000lQ-RI
 for 50814 <at> debbugs.gnu.org; Sun, 26 Sep 2021 14:02:20 -0400
Received: from compute5.internal (compute5.nyi.internal [10.202.2.45])
 by mailout.nyi.internal (Postfix) with ESMTP id BA3FB5C0080;
 Sun, 26 Sep 2021 14:02:14 -0400 (EDT)
Received: from mailfrontend2 ([10.202.2.163])
 by compute5.internal (MEProxy); Sun, 26 Sep 2021 14:02:14 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=famulari.name;
 h=date:from:to:cc:subject:message-id:references:mime-version
 :content-type:in-reply-to; s=mesmtp; bh=UYXSE2YONwSIe6c8Gs052eIH
 PTKX64d0b1D0GkEOcqY=; b=eirpM7vX1hbCo47niPp0Yf5w6gwORhTacS0tzMi9
 2UuM8vxBX8T5ejZ5xOcPzAoqFghHoyeHC8CfKTiePc+O5sIyI+ukXX590HsPdK+S
 sgUuDZ6vkmcoK0bweMT8dhTrLCe7eZcnzQo3boc5ZDAzcaLL1aJevNsMShbKO/Ti
 AgI=
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=
 messagingengine.com; h=cc:content-type:date:from:in-reply-to
 :message-id:mime-version:references:subject:to:x-me-proxy
 :x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s=fm3; bh=UYXSE2
 YONwSIe6c8Gs052eIHPTKX64d0b1D0GkEOcqY=; b=L3MElmI3Z4MMzU4l7L+Z/I
 9gUZ8ME1CEbYew3+Mc19FVWUc3yPR4IbLwCl1oRCApVa12kwKVhACFc27769gXOU
 oYV9auHzebfcBtziOV2stYjZBAx1UeXowqz6cSc62whY0u/wyp+im5Ag/+uIzzzz
 egrK2UpCbOL3OC1dnhysvD0BrUkq4Cw4AqEH16Yo/XDSp2yJO83qcBJ7Gk11N+Io
 J2oxuM0YhQG7Vgx4W0R2h5o0ci1O5DH0B7ue3n5hmymwEoyIfTpmxN8c+zZu0RFn
 nKsD0xf7RgT4lkuqu9hXUE6LlJf6ZEhftelAG9kOWbv+tXX9EMTMyHJa6FzBhXWA
 ==
X-ME-Sender: <xms:prVQYRAmOevu1L_njT-1apd7sK3-BgaRhGoh8Hp5fqYtbXqi6EhECQ>
 <xme:prVQYfiwPb4C2q4lyblOGy1wbfunM1_haSB_52AwDAE1BKru1HBaRFL_FCFreKPpw
 J4NYgNz6G4u4XxRbw>
X-ME-Received: <xmr:prVQYcmBQ5nvrosYJtIE2bWvrtIJNm4Na5cW--WdqU65QF04J-IeqQD0BFj_ni694R9a1AsNyIyJD8eor5Eus_FD8g>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvtddrudejiedguddukecutefuodetggdotefrod
 ftvfcurfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfgh
 necuuegrihhlohhuthemuceftddtnecusecvtfgvtghiphhivghnthhsucdlqddutddtmd
 enucfjughrpeffhffvuffkfhggtggujgesghdtreertddtvdenucfhrhhomhepnfgvohcu
 hfgrmhhulhgrrhhiuceolhgvohesfhgrmhhulhgrrhhirdhnrghmvgeqnecuggftrfgrth
 htvghrnhepvdevgeekudeivdeileduveekuefgueeuleehtdffgefftdefkeevleffueef
 udeknecuffhomhgrihhnpehgnhhurdhorhhgnecuvehluhhsthgvrhfuihiivgeptdenuc
 frrghrrghmpehmrghilhhfrhhomheplhgvohesfhgrmhhulhgrrhhirdhnrghmvg
X-ME-Proxy: <xmx:prVQYbxEiCC7JIzC8Ej8Z20mzOxtO4ATpg8ZfhSnCaJo-qosPbTZKw>
 <xmx:prVQYWTwWeko9px9OFIy6EJ8KRgkWnzTKaxm4hfDF-Bs3ESvwmrLRg>
 <xmx:prVQYebOW_46hTJfdDNtNAB7d0Ye2N3xIrQvs26Mo5H1QEkdH-79pQ>
 <xmx:prVQYZKrxKIKetpeif5EkEgPYCv-vNCGvQD_fWHYcqBjdGsue-fBsA>
Received: by mail.messagingengine.com (Postfix) with ESMTPA; Sun,
 26 Sep 2021 14:02:14 -0400 (EDT)
Date: Sun, 26 Sep 2021 14:02:13 -0400
From: Leo Famulari <leo@HIDDEN>
To: Attila Lendvai <attila@HIDDEN>
Subject: Re: [bug#50814] [PATCH] guix: git-authenticate: Also authenticate
 the channel intro commit.
Message-ID: <YVC1pWYSF7ccbSs9@HIDDEN>
References: <20210926101928.3877-1-attila@HIDDEN>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha256;
 protocol="application/pgp-signature"; boundary="sZ19UVFReu3CFEXp"
Content-Disposition: inline
In-Reply-To: <20210926101928.3877-1-attila@HIDDEN>
X-Spam-Score: -0.7 (/)
X-Debbugs-Envelope-To: 50814
Cc: 50814 <at> debbugs.gnu.org, guix-security@HIDDEN
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -1.7 (-)


--sZ19UVFReu3CFEXp
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Sun, Sep 26, 2021 at 12:19:29PM +0200, Attila Lendvai wrote:
> * guix/git-authenticate.scm (authenticate-commit): Reword and extend the =
error
> message to point to the relevant part of the manual.
> (authenticate-repository): Explicitly authenticate the channel introducti=
on
> commit, so that it's also rejected unless it is signed by an authorized
> key. Otherwise only the second commit would yield an error, which
> is confusing.
> ---
>=20
> here's how i tested this:
>=20
> i set up pulling from a local checkout of guix.
> in that branch i created a signed dummy commit, and added it as a channel
> introduction, replacing guix in my /etc/guix/channels.scm. then tried to
> guix pull, which worked.
>=20
> then i added another dummy commit, which resulted in an error when pullin=
g.
>=20
> then i reset the branch back to only contain the first commit, and added
> this code that then resulted in an error even with a single commit.
>=20
> i have encountered it while i was trying to set up my local checkout to
> test my patches on my live guix, and i was utterly confused why my commit
> was rejected as unauthenticated (i misunderstood how git-authenticate
> works).

Thanks for your report.

I've marked the severity as "grave", which in Debbugs parlance means
"makes the package in question unusable or mostly so, or causes data
loss, or introduces a security hole allowing access to the accounts of
users who use the package."

https://debbugs.gnu.org/Developer.html#severities

I'm not sure if that's justified or not but this patch should be
prioritized.

--sZ19UVFReu3CFEXp
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQIzBAABCAAdFiEEsFFZSPHn08G5gDigJkb6MLrKfwgFAmFQtaEACgkQJkb6MLrK
fwiStg/8D7IUgkR/RBfYkEhlrIbZbOFfx/Iwo9vPZonbtGREFlbCtzJKLtmZjE8/
SfDdEseCOHiRqVD6wO026A52zUyyrLywiw54bgAwYHn+AE6iy6i2+dh/Dv3H4sGA
qVEt2M1Oh1Fu7Hd+CwXjpE94OCvX/qjn/mOX6S56TkbN5CU5C9VnTsLFux0HvXbQ
TUpRgOxoe3MyGnA2GAk6gjNI4gOVRSEFf86Zl6id5136yxDDucPt5yptbNFSgwZ2
wUvgnxWXpQRAK5QoMLTRZPiJoNk5wo8qAKxcJci6q+t1h5af9AttdDh1Lg2YUe/J
JQPa4C7LpcIKTqRdV1EEgZz0PG7qeyIFz3JpDi0AhkmUUoWZuPSuBlBesGP/sJtA
IkQcKp7Tka8dy04ID+MXqU9i/nyB+4tXe8jOPp8sG8fblT58uFNb66LEoXvrhW3A
ffiUZuvf1qDixE2lu9dRhNDjPMLjALffapuxHMLd689Vjp/7lTv0+Kj5JF0iSIr0
a29vDtP/hro1J0eOdSMUlVQ7Np7ubY3CIJMk811WbR9pVHOmCSV5HGCmeoYkLeb7
k8BGhCdTSIvQFdzs8kQW4GCBfVnnw+mAFov9MntGPRVTe9N1puzEtAzwnZmElKZp
0TD6D8c6j2vuGo66pQXlOOc30DuueHBdphW49G4Tp7nFanuo+Js=
=mvsg
-----END PGP SIGNATURE-----

--sZ19UVFReu3CFEXp--




Information forwarded to guix-patches@HIDDEN:
bug#50814; Package guix-patches. Full text available.
Severity set to 'grave' from 'normal' Request was from Leo Famulari <leo@HIDDEN> to control <at> debbugs.gnu.org. Full text available.

Message received at submit <at> debbugs.gnu.org:


Received: (at submit) by debbugs.gnu.org; 26 Sep 2021 10:25:23 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Sun Sep 26 06:25:23 2021
Received: from localhost ([127.0.0.1]:35981 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1mURLX-00015r-5C
	for submit <at> debbugs.gnu.org; Sun, 26 Sep 2021 06:25:23 -0400
Received: from lists.gnu.org ([209.51.188.17]:33704)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <attila.lendvai@HIDDEN>) id 1mURLV-00015k-G5
 for submit <at> debbugs.gnu.org; Sun, 26 Sep 2021 06:25:21 -0400
Received: from eggs.gnu.org ([2001:470:142:3::10]:60722)
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <attila.lendvai@HIDDEN>)
 id 1mURLO-0000HA-PG
 for guix-patches@HIDDEN; Sun, 26 Sep 2021 06:25:17 -0400
Received: from mail-ed1-x531.google.com ([2a00:1450:4864:20::531]:45029)
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)
 (Exim 4.90_1) (envelope-from <attila.lendvai@HIDDEN>)
 id 1mURLL-000141-3U
 for guix-patches@HIDDEN; Sun, 26 Sep 2021 06:25:12 -0400
Received: by mail-ed1-x531.google.com with SMTP id v18so20606511edc.11
 for <guix-patches@HIDDEN>; Sun, 26 Sep 2021 03:25:09 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112;
 h=sender:from:to:cc:subject:date:message-id:mime-version
 :content-transfer-encoding;
 bh=1P+w1ctAKtO/tMjrAfkWuP+ktOezBlPOPEt3hJ7Kk+8=;
 b=NE5MAxP/Zg288tkwzt/6F/uey5dKmPTmsNJUFzdJ0j8pU9cgX4G+VJGVjdoBHMqC9/
 SAUojM7tu96Jo1ZZeb1R263lo7t6kgRwKfGijQCQpBaJZY3zJmjyxjfZLkjx38AMXj1T
 AGVqvDUBixR+2WxRV3b160oLWu+GGytzp0lKv/l9lSo0OXoLCFKi3mJ/UE+tgWpKW7DB
 5SKPxeBqzlXOiBDwCoA+6w/ZqsMMte+VvsJapLGU0JAy/ym5sSL0bNJ1oXOKkRzHjDph
 IUf85m9PjM4DRrNE+I1OGfDgJfyiq3qUkV3EGDS3m28hihQGB3YmWzp8GRl3BNeoVILH
 kZog==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20210112;
 h=x-gm-message-state:sender:from:to:cc:subject:date:message-id
 :mime-version:content-transfer-encoding;
 bh=1P+w1ctAKtO/tMjrAfkWuP+ktOezBlPOPEt3hJ7Kk+8=;
 b=4gbSyeAaiILawwoUPAA7M0k+wAsKtAaoVjk9btLyWhIVhP+eSUmevCMs9RTZeNulnC
 Sl0rsEU2b2mdYnsQBpPdDnPt71GOMgxwxBWd+zCNBdIU6t5/LQ/JoKmuCTaEZYoEDEIw
 jN6dLRknHThdKTMaI9IXsnolIkJqI8rNAzt8c4IbLqQwm3xERL8LqXHwZO9cUEj5Quxi
 upc00JQbdzHVP/4Hj+JYIPgUU6XY1QkKgaMPhe/4lQmQcfto0rfAkBsC+79RQz1ITRkr
 1UdEkFWjN9GBM5fWcdREkY5TBjqkOCT0QnALa09ttCpbLiJ9rt3yCXrJ8VJFii+asJAL
 bYxw==
X-Gm-Message-State: AOAM530asKAkPxFJUo5CvBUPWiCgYzelEKez09+cCKctm1jF94zlIYH8
 1GmF7unTLeIQP4jag3QPMSWNQ9L5TkY=
X-Google-Smtp-Source: ABdhPJwYCuFtAvjJctMQyP3m/ZxTPRkBfe7AePmKpc4vLW2iCLba+VZSXIPLDF2246z0G5q2afW5Fg==
X-Received: by 2002:a05:6402:6d6:: with SMTP id
 n22mr16850262edy.257.1632651908356; 
 Sun, 26 Sep 2021 03:25:08 -0700 (PDT)
Received: from localhost.localdomain
 ([2a02:ab88:370d:c380:4c15:c040:7494:7502])
 by smtp.gmail.com with ESMTPSA id o5sm4059852eds.26.2021.09.26.03.25.07
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Sun, 26 Sep 2021 03:25:07 -0700 (PDT)
From: Attila Lendvai <attila@HIDDEN>
To: guix-patches@HIDDEN
Subject: [PATCH] guix: git-authenticate: Also authenticate the channel intro
 commit.
Date: Sun, 26 Sep 2021 12:19:29 +0200
Message-Id: <20210926101928.3877-1-attila@HIDDEN>
X-Mailer: git-send-email 2.33.0
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Received-SPF: pass client-ip=2a00:1450:4864:20::531;
 envelope-from=attila.lendvai@HIDDEN; helo=mail-ed1-x531.google.com
X-Spam_score_int: -14
X-Spam_score: -1.5
X-Spam_bar: -
X-Spam_report: (-1.5 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1,
 DKIM_VALID=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FORGED_FROMDOMAIN=0.248,
 FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.249,
 RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001,
 SPF_PASS=-0.001 autolearn=no autolearn_force=no
X-Spam_action: no action
X-Spam-Score: -0.8 (/)
X-Debbugs-Envelope-To: submit
Cc: Attila Lendvai <attila@HIDDEN>
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -1.8 (-)

* guix/git-authenticate.scm (authenticate-commit): Reword and extend the error
message to point to the relevant part of the manual.
(authenticate-repository): Explicitly authenticate the channel introduction
commit, so that it's also rejected unless it is signed by an authorized
key. Otherwise only the second commit would yield an error, which
is confusing.
---

here's how i tested this:

i set up pulling from a local checkout of guix.
in that branch i created a signed dummy commit, and added it as a channel
introduction, replacing guix in my /etc/guix/channels.scm. then tried to
guix pull, which worked.

then i added another dummy commit, which resulted in an error when pulling.

then i reset the branch back to only contain the first commit, and added
this code that then resulted in an error even with a single commit.

i have encountered it while i was trying to set up my local checkout to
test my patches on my live guix, and i was utterly confused why my commit
was rejected as unauthenticated (i misunderstood how git-authenticate
works).

 guix/git-authenticate.scm | 11 ++++++++---
 1 file changed, 8 insertions(+), 3 deletions(-)

diff --git a/guix/git-authenticate.scm b/guix/git-authenticate.scm
index ab3fcd8b2f..7d66bf0754 100644
--- a/guix/git-authenticate.scm
+++ b/guix/git-authenticate.scm
@@ -236,8 +236,8 @@ not specify anything, fall back to DEFAULT-AUTHORIZATIONS."
             (condition
              (&unauthorized-commit-error (commit id)
                                          (signing-key signing-key)))
-            (formatted-message (G_ "commit ~a not signed by an authorized \
-key: ~a")
+            (formatted-message (G_ "commit ~a is signed by an unauthorized \
+key: ~a\nSee info guix \"Specifying Channel Authorizations\".")
                                (oid->string id)
                                (openpgp-format-fingerprint
                                 (openpgp-public-key-fingerprint
@@ -424,7 +424,12 @@ denoting the authorized keys for commits whose parent lack the
         ;; If it's our first time, verify START-COMMIT's signature.
         (when (null? authenticated-commits)
           (verify-introductory-commit repository keyring
-                                      start-commit signer))
+                                      start-commit signer)
+          ;; Explicitly authenticate the channel introduction commit, so that
+          ;; it's also rejected unless it's signed by an authorized
+          ;; key. Otherwise only the second commit would yield an error, which
+          ;; is confusing.
+          (authenticate-commits repository (list start-commit)))
 
         (let ((stats (call-with-progress-reporter reporter
                        (lambda (report)
-- 
2.33.0





Acknowledgement sent to Attila Lendvai <attila@HIDDEN>:
New bug report received and forwarded. Copy sent to guix-patches@HIDDEN. Full text available.
Report forwarded to guix-patches@HIDDEN:
bug#50814; Package guix-patches. Full text available.
Please note: This is a static page, with minimal formatting, updated once a day.
Click here to see this page with the latest information and nicer formatting.
Last modified: Sat, 9 Oct 2021 11:00:02 UTC

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997 nCipher Corporation Ltd, 1994-97 Ian Jackson.