GNU logs - #60852, boring messages

Message sent to bug-guix@HIDDEN:


X-Loop: help-debbugs@HIDDEN
Subject: bug#60852: git-authenticate edge case for certain key setup.
Resent-From: Hilton Chain <hako@HIDDEN>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
Resent-CC: bug-guix@HIDDEN
Resent-Date: Mon, 16 Jan 2023 07:31:02 +0000
Resent-Message-ID: <handler.60852.B.167385421618337 <at> debbugs.gnu.org>
Resent-Sender: help-debbugs@HIDDEN
X-GNU-PR-Message: report 60852
X-GNU-PR-Package: guix
X-GNU-PR-Keywords: 
To: 60852 <at> debbugs.gnu.org
X-Debbugs-Original-To: bug-guix@HIDDEN
Received: via spool by submit <at> debbugs.gnu.org id=B.167385421618337
          (code B ref -1); Mon, 16 Jan 2023 07:31:02 +0000
Received: (at submit) by debbugs.gnu.org; 16 Jan 2023 07:30:16 +0000
Received: from localhost ([127.0.0.1]:60275 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1pHJwd-0004lg-O6
	for submit <at> debbugs.gnu.org; Mon, 16 Jan 2023 02:30:16 -0500
Received: from lists.gnu.org ([209.51.188.17]:49506)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <hako@HIDDEN>) id 1pHJwb-0004lX-F9
 for submit <at> debbugs.gnu.org; Mon, 16 Jan 2023 02:30:13 -0500
Received: from eggs.gnu.org ([2001:470:142:3::10])
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <hako@HIDDEN>)
 id 1pHJwb-0006Mq-1T
 for bug-guix@HIDDEN; Mon, 16 Jan 2023 02:30:13 -0500
Received: from mail.boiledscript.com ([144.168.59.46])
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <hako@HIDDEN>)
 id 1pHJwZ-0005cW-CJ
 for bug-guix@HIDDEN; Mon, 16 Jan 2023 02:30:12 -0500
Date: Mon, 16 Jan 2023 15:29:40 +0800
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ultrarare.space;
 s=dkim; t=1673854207;
 h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
 to:to:cc:mime-version:mime-version:content-type:content-type:
 content-transfer-encoding:content-transfer-encoding;
 bh=QYt8yw2vhTllUC213VEnWzm2kJth3oGHU0Lf3Sq42NU=;
 b=ciXzNByLUbQsnm5aj00Ql1QKCL/d7k1VpryvZ0kXZgYCyXmRLugt38TlbXMNYvI86pJUvg
 GoyfPQUgR9RRPEEw/12mK9SwLyip/aofZWc6drEmuEaYq93MEz9+Y9N1XiOZwLuId4/MkC
 MDdOplV+j4M5rP/gHx4OTDjkeUgQ4RjZOPDEAoO4UhzvhnbZWMfP5oCVDpiaXW78DNsy4K
 n4OphH5Ufx3Nlc8Fybfop92a1eXW6HK2nD12HLA/p5MpuEt1062MOHBK0p63a34kzlrDkN
 HJs3j91us5w+u2h+wMFfQDtJa5baDVj9vDX3YhMs3MCWhHe3nrN3G/kC/ro/yw==
Message-ID: <87lem3kkd7.wl-hako@HIDDEN>
From: Hilton Chain <hako@HIDDEN>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
Authentication-Results: mail.boiledscript.com;
 auth=pass smtp.mailfrom=hako@HIDDEN
X-Spamd-Bar: /
Received-SPF: pass client-ip=144.168.59.46; envelope-from=hako@HIDDEN;
 helo=mail.boiledscript.com
X-Spam_score_int: -20
X-Spam_score: -2.1
X-Spam_bar: --
X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1,
 DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_NONE=0.001,
 SPF_PASS=-0.001 autolearn=ham autolearn_force=no
X-Spam_action: no action
X-Spam-Score: -1.3 (-)
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -2.3 (--)


I encountered the issue when adding a new key to my Guix channel.  Though I
haven't figured out what happened exactly, I'm currently able to reproduce =
the
issue with the following steps.

1. Generate two keypairs.  Key One with the preset "ECC and ECC", Key Two w=
ith
"ECC (set your own capabilities)" and only keep the Certify capability, then
add a Sign subkey to Key Two.  All Curve 25519.

#+RESULTS:
: /tmp/test/pubring.kbx
: ---------------------
: sec   ed25519/676A52381FFD80C5 2023-01-16 [SC]
:       Key fingerprint =3D 21D3 9304 CED7 A5CF 50B6  0B80 676A 5238 1FFD 8=
0C5
: uid                 [ultimate] Key One
: ssb   cv25519/BA35E2E29D6E4CE4 2023-01-16 [E]
:       Key fingerprint =3D 450A DF8C 6FE4 AEFF EC75  EBD9 BA35 E2E2 9D6E 4=
CE4
:
: sec   ed25519/06DE4CED9A91AB7B 2023-01-16 [C]
:       Key fingerprint =3D 4A45 EC76 DA2B 389A FE2F  C887 06DE 4CED 9A91 A=
B7B
: uid                 [ultimate] Key Two
: ssb   ed25519/3BE8CD60E408A705 2023-01-16 [S]
:       Key fingerprint =3D 405C B557 DE1F 1254 B012  640A 3BE8 CD60 E408 A=
705


2. Create a new git repository, commit public keys of the two to the "keyri=
ng"
branch.  Then commit file ".guix-authorizations" to the "main" branch with =
the
following code:
#+begin_src scheme
  (authorizations
   (version 0)
   (("21D3 9304 CED7 A5CF 50B6  0B80 676A 5238 1FFD 80C5"
     (name "Key One"))))
#+end_src

Configure git to sign commits with Key One, change the ".guix-authorization=
s"
file to the following and commit:
#+begin_src scheme
  (authorizations
   (version 0)
   (("21D3 9304 CED7 A5CF 50B6  0B80 676A 5238 1FFD 80C5"
     (name "Key One")))
   (("405C B557 DE1F 1254 B012  640A 3BE8 CD60 E408 A705"
     (name "Key Two"))))
#+end_src

Then change the signing key to Key Two and add a new commit.

Now there're three commits:
#+RESULTS:
: commit 5240baeebc055187fb738e66e7dbfbb57c0aeba3 (HEAD -> main)
: Author: Test <test@HIDDEN>
: Date:   Mon Jan 16 13:53:49 2023 +0800
:
:     test
:
: commit a6794b64f9dfa828a5721e3f02c27ab74db9a487
: Author: Test <test@HIDDEN>
: Date:   Mon Jan 16 13:53:17 2023 +0800
:
:     Authorize Key Two.
:
: commit c9476062a2f341e9ee95a60d17cf2233b7c55ff4
: Author: Test <test@HIDDEN>
: Date:   Mon Jan 16 13:51:02 2023 +0800
:
:     Authorize Key One.


3. Invoke `guix git authenticate`...with error.

#+begin_src shell
  guix git authenticate c9476062a2f341e9ee95a60d17cf2233b7c55ff4 "21D3 9304=
 CED7 A5CF 50B6  0B80 676A 5238 1FFD 80C5"
#+end_src

#+RESULTS:
: Authenticating commits c947606 to 5240bae (1 new commits)...
: [########################################################################=
######]guix git: error: commit 5240baeebc055187fb738e66e7dbfbb57c0aeba3 not=
 signed by an authorized key: 405C B557 DE1F 1254 B012  640A 3BE8 CD60 E408=
 A705


4. However, if I swap positions of the two fingerprints, it works.

New ".guix-authorizations" file:
#+begin_src scheme
  (authorizations
   (version 0)
   (("405C B557 DE1F 1254 B012  640A 3BE8 CD60 E408 A705"
     (name "Key Two")))
   (("21D3 9304 CED7 A5CF 50B6  0B80 676A 5238 1FFD 80C5"
     (name "Key One"))))
#+end_src

New commits history:
#+RESULTS:
: commit 7e4d98eea0e89652554d822503096371e5d59f3b (HEAD -> main)
: Author: Test <test@HIDDEN>
: Date:   Mon Jan 16 14:52:37 2023 +0800
:
:     test
:
: commit a44434b1a9bd955cc897dea4c44abe64d6ab8112
: Author: Test <test@HIDDEN>
: Date:   Mon Jan 16 13:53:49 2023 +0800
:
:     Swap positions of the two fingerprints.
:
: commit a6794b64f9dfa828a5721e3f02c27ab74db9a487
: Author: Test <test@HIDDEN>
: Date:   Mon Jan 16 13:53:17 2023 +0800
:
:     Authorize Key Two.
:
: commit c9476062a2f341e9ee95a60d17cf2233b7c55ff4
: Author: Test <test@HIDDEN>
: Date:   Mon Jan 16 13:51:02 2023 +0800
:
:     Authorize Key One.

And a new `guix git authenticate` result:
#+RESULTS:
: Authenticating commits c947606 to 7e4d98e (2 new commits)...

=F0=9F=A5=B4

Message sent:


Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-Mailer: MIME-tools 5.505 (Entity 5.505)
Content-Type: text/plain; charset=utf-8
X-Loop: help-debbugs@HIDDEN
From: help-debbugs@HIDDEN (GNU bug Tracking System)
To: Hilton Chain <hako@HIDDEN>
Subject: bug#60852: Acknowledgement (git-authenticate edge case for
 certain key setup.)
Message-ID: <handler.60852.B.167385421618337.ack <at> debbugs.gnu.org>
References: <87lem3kkd7.wl-hako@HIDDEN>
X-Gnu-PR-Message: ack 60852
X-Gnu-PR-Package: guix
Reply-To: 60852 <at> debbugs.gnu.org
Date: Mon, 16 Jan 2023 07:31:02 +0000

Thank you for filing a new bug report with debbugs.gnu.org.

This is an automatically generated reply to let you know your message
has been received.

Your message is being forwarded to the package maintainers and other
interested parties for their attention; they will reply in due course.

Your message has been sent to the package maintainer(s):
 bug-guix@HIDDEN

If you wish to submit further information on this problem, please
send it to 60852 <at> debbugs.gnu.org.

Please do not send mail to help-debbugs@HIDDEN unless you wish
to report a problem with the Bug-tracking system.

--=20
60852: https://debbugs.gnu.org/cgi/bugreport.cgi?bug=3D60852
GNU Bug Tracking System
Contact help-debbugs@HIDDEN with problems

Message sent to bug-guix@HIDDEN:


X-Loop: help-debbugs@HIDDEN
Subject: bug#60852: git-authenticate edge case for certain key setup.
Resent-From: Ludovic =?UTF-8?Q?Court=C3=A8s?= <ludo@HIDDEN>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
Resent-CC: bug-guix@HIDDEN
Resent-Date: Tue, 17 Jan 2023 15:19:02 +0000
Resent-Message-ID: <handler.60852.B60852.167396870410662 <at> debbugs.gnu.org>
Resent-Sender: help-debbugs@HIDDEN
X-GNU-PR-Message: followup 60852
X-GNU-PR-Package: guix
X-GNU-PR-Keywords: 
To: Hilton Chain <hako@HIDDEN>
Cc: 60852 <at> debbugs.gnu.org
Received: via spool by 60852-submit <at> debbugs.gnu.org id=B60852.167396870410662
          (code B ref 60852); Tue, 17 Jan 2023 15:19:02 +0000
Received: (at 60852) by debbugs.gnu.org; 17 Jan 2023 15:18:24 +0000
Received: from localhost ([127.0.0.1]:37941 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1pHnjE-0002lu-K7
	for submit <at> debbugs.gnu.org; Tue, 17 Jan 2023 10:18:24 -0500
Received: from eggs.gnu.org ([209.51.188.92]:38016)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <ludo@HIDDEN>) id 1pHnjB-0002le-M9
 for 60852 <at> debbugs.gnu.org; Tue, 17 Jan 2023 10:18:22 -0500
Received: from fencepost.gnu.org ([2001:470:142:3::e])
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <ludo@HIDDEN>)
 id 1pHnj6-0002yA-Cw; Tue, 17 Jan 2023 10:18:16 -0500
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org;
 s=fencepost-gnu-org; h=MIME-Version:In-Reply-To:Date:References:Subject:To:
 From; bh=RE6UyFgEQR87j4+zGq0l1MxFCquTfPZrIDzsZysNMSw=; b=XH2csOE3Y6sSS1QFL5rM
 TuJCH5ld6rEwmEj32ngDCZ+P0It5vahG9i91irG0+UecJtHhjyVq11Fc22lS9EtR3cEa8QNSIhjbi
 y3qgLxKsXn/qr9oWSqOkEEyLbpz6ws3Xu+AKuAw2YC5mtXsMam24fNcPJ2k0AOP3bDo0URNfs8DOA
 qt1ASCpPGUdAqlHZ/N4LoNoR0eJzp3pcA/vwgBubCHBjOqXaVpA/gaPI4XWe3gR8ukYmY7YbEgmbj
 +Ao6u+6acQC1Ra4M02wnvbB9ylh8ccZtJ8a+F5kXZjFBGY34i5UeejLLed2o8ZRAGyEQrU3yPXGKN
 U1zD5v9YdpuHGQ==;
Received: from [193.50.110.246] (helo=ribbon)
 by fencepost.gnu.org with esmtpsa (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <ludo@HIDDEN>)
 id 1pHnj5-0004wZ-Lb; Tue, 17 Jan 2023 10:18:15 -0500
From: Ludovic =?UTF-8?Q?Court=C3=A8s?= <ludo@HIDDEN>
References: <87lem3kkd7.wl-hako@HIDDEN>
Date: Tue, 17 Jan 2023 16:18:13 +0100
In-Reply-To: <87lem3kkd7.wl-hako@HIDDEN> (Hilton Chain's message of
 "Mon, 16 Jan 2023 15:29:40 +0800")
Message-ID: <87y1q1fave.fsf@HIDDEN>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/28.2 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
X-Spam-Score: -2.3 (--)
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -3.3 (---)

Hi,

Hilton Chain <hako@HIDDEN> skribis:

> I encountered the issue when adding a new key to my Guix channel.  Though=
 I
> haven't figured out what happened exactly, I'm currently able to reproduc=
e the
> issue with the following steps.

Fishy.  Would you be able to write a script to reproduce the whole
scenario?  That=E2=80=99d make it easier to test and we=E2=80=99d be sure w=
e=E2=80=99re talking
about the same thing.

Thanks for reporting it!

Ludo=E2=80=99.
Last modified: Tue, 17 Jan 2023 15:30:01 UTC

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997 nCipher Corporation Ltd, 1994-97 Ian Jackson.