GNU bug report logs - #75981
[PATCH (WIP) v1 0/4] Add 'guix fork'.

Please note: This is a static page, with minimal formatting, updated once a day.
Click here to see this page with the latest information and nicer formatting.

Package: guix-patches; Reported by: 45mg <45mg.writes@HIDDEN>; Keywords: patch; dated Fri, 31 Jan 2025 21:11:02 UTC; Maintainer for guix-patches is guix-patches@HIDDEN.

Message received at 75981 <at> debbugs.gnu.org:


Received: (at 75981) by debbugs.gnu.org; 7 Feb 2025 10:34:44 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Fri Feb 07 05:34:43 2025
Received: from localhost ([127.0.0.1]:33021 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1tgLh5-00037E-DD
	for submit <at> debbugs.gnu.org; Fri, 07 Feb 2025 05:34:43 -0500
Received: from mail-pj1-x102c.google.com ([2607:f8b0:4864:20::102c]:58711)
 by debbugs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)
 (Exim 4.84_2) (envelope-from <maxim.cournoyer@HIDDEN>)
 id 1tgLh2-00036x-Si
 for 75981 <at> debbugs.gnu.org; Fri, 07 Feb 2025 05:34:41 -0500
Received: by mail-pj1-x102c.google.com with SMTP id
 98e67ed59e1d1-2f9dbd7d80dso3838616a91.1
 for <75981 <at> debbugs.gnu.org>; Fri, 07 Feb 2025 02:34:40 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=gmail.com; s=20230601; t=1738924475; x=1739529275; darn=debbugs.gnu.org;
 h=mime-version:user-agent:message-id:date:references:in-reply-to
 :subject:cc:to:from:from:to:cc:subject:date:message-id:reply-to;
 bh=FJRYTm3zacz+j3cDnUggM3PT1zF1LvRg+f/Wxfo4dx8=;
 b=fyr/c/g8PyxLtwPtD/iXfawbfaZtV0WHE4Rd3WN62daagp0Zdf9v6F04PJ7BtRIlUn
 k5L+axhq31ahmiE/ALRIy7i1+ttMOKLjM0uQKOzUNoSO8Ot23cLHinQYiy72dzDMVluD
 dlvBokq1qACtvE451hYiQssf1ipDVjJzLZ63xM2sOw2dC6v1Da5nSdACZO+LYpDWl56g
 E0fiGVFKG51EFFZtDySx2ciyHZzxu87PZY7EJVc6Ci1tC6YtRjg0cVe1ZsNWbGpfpBuk
 MjtAAe4mRiXK3Geuqq1ZsFL0pqW71YHb0YMmVkLZHrXzMJl9tsRESBDlXDOMeHIDmvb8
 gdAA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20230601; t=1738924475; x=1739529275;
 h=mime-version:user-agent:message-id:date:references:in-reply-to
 :subject:cc:to:from:x-gm-message-state:from:to:cc:subject:date
 :message-id:reply-to;
 bh=FJRYTm3zacz+j3cDnUggM3PT1zF1LvRg+f/Wxfo4dx8=;
 b=RZdARKQIKA51GmJD6ueJHOPT3PoGFwrbFOvRBpA6+hD6WRyimSN1755zydNqBW9ltN
 2PXHlQSalv3PAtgRpg0vclR+/uH6TDFBNGPlcBoZhcAWNp2FKTUvSWdfp6Nynz3woFuc
 6wkrPKGOLx/86jpgIi8Eebz7bwg8uCKNDY/vJsNG26aXm7LBJI8VmK/QjsYIwFITri1I
 gTQ1Z65Txuh3N1ljyziIvO6mRf7HJP0Ily4hNEk1DaHLR07fDwbfi+nRHTN+uacqo3UY
 SVLLY5rkeUH7j9Foqngf73REfvfGnqPOVlwh5mV9zaX+B2dwI/pXDVo+YMt2mrEYLL2Q
 9gtg==
X-Forwarded-Encrypted: i=1;
 AJvYcCWCu+kUgsTLZPEzxsI8e9hW9EIplZb/TU4b/TM23Cn2LnCmfBsq3N4s5NkmwmHm+yICKf5GHQ==@debbugs.gnu.org
X-Gm-Message-State: AOJu0YzpTequx6bOipRh4s5L6/lNULlHBgTqWWjbMlMolXmymbVn6ngT
 CHLSGPvooBa6eZlXTVdx5DQHHfqrWCseo2jdklEhhvcZIskgipDQ
X-Gm-Gg: ASbGncthyMrU+01JMiQRljnbf+h1NyaaPBDml51YuNiu14DbvbhqhnZOEnpiOLIwV8p
 Xxna0NnEndDv9kWzQZK7/MHFDzv8kMx46S90thxMVN0CSkuoYYi74snAjGYWskJgTMO57tgZItw
 Jg/zcf/IDXEcdQObBMpBwWp+1kkfHLZy+g2QqAIA+sN7cuUGa4M3x71VWgCI6m1H8UJt8huKTUa
 6f5KgtXcgvkv/RhumQR4/RPupWoBR/DJ37y5HYjMutRv1bzkqjLfjzXEDDKRtJZ8Oufqf02ML5K
 edOIHrfuNdko
X-Google-Smtp-Source: AGHT+IFQMB8Tnt8+i4SMlouO1IENANnL5uFYWfZbm/KTtsbQGD+r1PcGpgwKlOFG2g/ww9AYpazfsw==
X-Received: by 2002:a17:90b:1d52:b0:2ee:53b3:3f1c with SMTP id
 98e67ed59e1d1-2fa23f56cf6mr3709866a91.5.1738924474525; 
 Fri, 07 Feb 2025 02:34:34 -0800 (PST)
Received: from terra ([2405:6586:be0:0:c8ff:1707:9b9:af89])
 by smtp.gmail.com with ESMTPSA id
 d9443c01a7336-21f3687f7afsm27288615ad.187.2025.02.07.02.34.30
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Fri, 07 Feb 2025 02:34:33 -0800 (PST)
From: Maxim Cournoyer <maxim.cournoyer@HIDDEN>
To: 45mg <45mg.writes@HIDDEN>
Subject: Re: [PATCH (WIP) v1.5 0/4] Add 'guix fork'.
In-Reply-To: <87r04b2eku.fsf@HIDDEN> (45mg.writes@HIDDEN's message of
 "Thu, 06 Feb 2025 17:00:33 +0000")
References: <cover.1738408683.git.45mg.writes@HIDDEN>
 <87wme53wkv.fsf@HIDDEN> <877c63adey.fsf@HIDDEN>
 <87r04b2eku.fsf@HIDDEN>
Date: Fri, 07 Feb 2025 19:34:20 +0900
Message-ID: <878qqi59hv.fsf@HIDDEN>
User-Agent: Gnus/5.13 (Gnus v5.13)
MIME-Version: 1.0
Content-Type: text/plain
X-Spam-Score: 0.0 (/)
X-Debbugs-Envelope-To: 75981
Cc: Nicolas Graves <ngraves@HIDDEN>,
 Simon Tournier <zimon.toutoune@HIDDEN>, Tomas Volf <~@wolfsden.cz>,
 Liliana Marie Prikler <liliana.prikler@HIDDEN>, 75981 <at> debbugs.gnu.org,
 Ricardo Wurmus <rekado@HIDDEN>, Attila Lendvai <attila@HIDDEN>,
 Simon Streit <simon@HIDDEN>
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -1.0 (-)

Hello!

45mg <45mg.writes@HIDDEN> writes:

> Hi Maxim,
>
> Maxim Cournoyer <maxim.cournoyer@HIDDEN> writes:
>
>> Before you go further, I'd propose you to explore whether the
>> GUIX_EXTENSIONS_PATH mechanism could work for your new command.  If it
>> does, then that's even nicer,
>
> If I understand correctly how GUIX_EXTENSIONS_PATH is supposed to work,
> then yes, I could use it to get the Guix CLI to find my `fork`
> subcommand without it being in upstream Guix. But I'm trying to get it
> into upstream Guix, hence this patch series :)

Yes, that's the idea of extensions; they live as a separate
package/project that can be combined with Guix to extend it.

> Regarding /why/ I want it upstream - I've started a draft of a GCD in
> which I intend to make a comprehensive argument for its inclusion; I
> believe it's more useful and important than you'd think, and I hope I'll
> be able to convince you and everyone else of this.
>
> (May take me a while to finish the GCD, though.)

OK, I look forward to read it (and be convinced ;-)).

>> as I think in general it'd be preferable for something as particular
>> as 'guix fork' to not be advertised as a top level guix command.
>
> If that's specifically what you're worried about - Simon was of the
> opinion (upthread) that I should have made this a subcommand of `guix
> git`. So, we'd have `guix git fork create`, `guix git fork update`, etc.
> That would mean it wouldn't show up under top-level `guix --help`. WDYT?
> Would that work for you?
>
> I chose `guix fork` because AFAIK all our commands so far are at most 3
> 'verbs' long (eg. `guix system list-generations`), and 4 verbs felt a
> bit too much. But I'm flexible on this point.

If a Guix extension can do (and I think it should, since IIRC, extending
the available commands of the command line was the original goal of the
mechanism), then that's the best way to add a feature that, in my
opinion, should be the very last resort for users to extend Guix, as it:

1. Obfuscate the actual changes in the fork by rebasing upstream Guix
commits on top (bad for auditing it/security).

2. Can be more easily abused into doing anything nefarious to users
since it can touch any area of the Guix code (duh, it's a fork).

3. Could be easily (?) mistaken as the canonical/better way to
distribute changes made to Guix additions/improvements (instead of
contributing them upstream or via the extension mechanism of the use of
channels), especially if a prominent CLI command exists for it.

>> A note could be added to the manual pointing to this extension,
>> perhaps in a subsection of the section documenting channels, for the
>> rarer cases where this is useful/necessary.
>
> I don't really understand what you're proposing. Are you suggesting that
> we move guix/scripts/fork.scm and guix/scripts/fork/* to a separate
> directory from the other scripts, then ask people who want to use it to
> set GUIX_EXTENSIONS_PATH with that directory?

If this work here becomes a Guix extension, it'd live outside of Guix
itself in its main repository and be added as a package in Guix.  For
users, it'd be seemlessly picked up via the GUIX_EXTENSIONS_PATH search
path, which *should* be automatically set in a profile, according to
commit bbc1735be26 ("profiles: Implicitly set GUIX_EXTENSIONS_PATH.")).

> IMO, that'd just make it needlessly difficult to use it. And honestly,
> what exactly is the harm in having a lesser-used top-level subcommand?
> We have `guix refresh`, which the manual explicitly states is mostly
> only relevant for packagers.

Maintenance, crowding the manual, crowding the command line, and the
arguments I've mentioned above.

>> We'd also need to document the GUIX_EXTENSIONS_PATH environment
>> variable, and some usage guidance (I've never used an extension myself).
>
> Yup. Actually, this should be done regardless of what happens with my
> proposal. I had to search the mailing lists and track down the patch in
> which it was implemented [1] just to figure out what it was supposed to do
> (and even then I'm not entirely clear).

I think a good way to document it would be to show an example.  There's
already a 'guix-modules' Guix extension package available in Guix.

--8<---------------cut here---------------start------------->8---
$ guix shell guix guix-modules -- guix module --help
Usage: guix module COMMAND [OPTION]...
Provide an "environment module" interface for Guix.

Available commands:

    create    convert packages to module files
    
[...]
--8<---------------cut here---------------end--------------->8---

It seems the commit I've referenced above is not enough for the
GUIX_EXTENSIONS_PATH to be present, for some reason, which is why you
need to include the 'guix' package, whose package defines a search path
for it.  That's not optimal, but you can see how easy it is to use Guix
extensions.

-- 
Thanks,
Maxim




Information forwarded to guix-patches@HIDDEN:
bug#75981; Package guix-patches. Full text available.

Message received at 75981 <at> debbugs.gnu.org:


Received: (at 75981) by debbugs.gnu.org; 6 Feb 2025 17:00:45 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Thu Feb 06 12:00:45 2025
Received: from localhost ([127.0.0.1]:59274 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1tg5F7-0000AA-7w
	for submit <at> debbugs.gnu.org; Thu, 06 Feb 2025 12:00:45 -0500
Received: from mail-pj1-x1044.google.com ([2607:f8b0:4864:20::1044]:58676)
 by debbugs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)
 (Exim 4.84_2) (envelope-from <45mg.writes@HIDDEN>)
 id 1tg5F4-00009r-IU
 for 75981 <at> debbugs.gnu.org; Thu, 06 Feb 2025 12:00:43 -0500
Received: by mail-pj1-x1044.google.com with SMTP id
 98e67ed59e1d1-2f9dbd7d80dso2296994a91.1
 for <75981 <at> debbugs.gnu.org>; Thu, 06 Feb 2025 09:00:42 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=gmail.com; s=20230601; t=1738861236; x=1739466036; darn=debbugs.gnu.org;
 h=mime-version:message-id:date:references:in-reply-to:subject:cc:to
 :from:from:to:cc:subject:date:message-id:reply-to;
 bh=ZqA+ZA2xjdpX7SkQJhoKxTb/iilwZ/RqPJTvgGNCeL4=;
 b=DXWDLm/8XMa8fJQATzm0okwCzamuvn5MevwHqIumtwiP8gqj6K2Rg6MVhVAVElWVRk
 EXiKKR6hEip40OK3IuWrhGaUGYVbGkaZ0fH7KJGs8RKSJ+ewMBf5xsdAvv4spu6z0svu
 NdIMWCEp6Gh2OBa4uJS2nEKH6YKDhoDoxOb0cTO9bPZUpgNAxIRcOwQ3c5hOPczOjglB
 HmaJ4y1dqNpH+ZfIclV8xX3zonR0RO9TxlKM2iePC8NyoIE6qiNknuagPNwzIqF6gMqF
 McQ3ScaXKdyY7WQ7pYzzyRncAIVJ5IoGtsEU5BoGHcEWFGaZFWFP2lwcKCtXcooqnw6t
 rNvQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20230601; t=1738861236; x=1739466036;
 h=mime-version:message-id:date:references:in-reply-to:subject:cc:to
 :from:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to;
 bh=ZqA+ZA2xjdpX7SkQJhoKxTb/iilwZ/RqPJTvgGNCeL4=;
 b=Mfd2uaVOfHC90N9B+16YO8aCnXsEKA2XyFhosGvdpxhg71AR4X+zphAVncmQxpJepQ
 h+aQHxPdE3vy9OuFqcRGsDyYA9E8Welb0kFtSOPldNDBN++fMpeHL+kSa1PZh8xhzQRx
 GLD24YeJ6JmbC/MJV1tRNnmYQ+IrDhuSpPYdeg4a5Gg8EGFp3AMIM+rYviXfHHt8HifL
 TCY+GSWXTP1JV8cFGI+emONMKVr874ZqEmNkgpE2e6bxnGvWwrdcCXtWajLK50e5RU5y
 aJoMKqxMyYffATMOaH+bSTXpaoy+D+aYwZP9vvfbauW+pSSHtDRsK+pYFkW0TtFSfoQ/
 99SA==
X-Gm-Message-State: AOJu0YwNFxHJ10yFlB9xRl7FW776BfjCCbgNpEAZ3fpjN89Z66WYiNRG
 M7d89Av7Bqye4cm8H1m7JpZRJlsxGKIrzVPurmULplcD9/god+71
X-Gm-Gg: ASbGncsMVkXY7uPcLy2pdI/ShmYT1nywR7Zu/3ih3+ommAh4sqkRrrGDpnM6SfG6SYa
 lirJK+9+eslxZcq90yWPwm5nEuLEaabglXRCIV0sYcCwXzD7jgY2ibyE1B6dB9KOfR4PuSjEiKY
 6+7ZTFlCS/Q8Vlk4YSfd7gusa7neoXgI0mYEBluWmuTsCRsvYpyqVzOjtXgrX2JMRNluuRcQkcq
 YXwCEptjXztn84P4Ijdfkc0Wwbsd40le3IcexShfrwFbDWe+H7gwSUGdN4Rgl3Q1L5d9xP7bPWo
 lDOEpvWFtWhf00lv
X-Google-Smtp-Source: AGHT+IE34dZr2kFAR1eH6FSEOyjfk1+Sngf5oWA1sX2P2LHM/nZCykKIKODW5LtJixUCCk9JD7xz2w==
X-Received: by 2002:a17:90a:d351:b0:2fa:17d2:166 with SMTP id
 98e67ed59e1d1-2fa17d20563mr2071087a91.31.1738861235555; 
 Thu, 06 Feb 2025 09:00:35 -0800 (PST)
Received: from guix1 (utm3.nitt.edu. [14.139.162.2])
 by smtp.gmail.com with ESMTPSA id
 98e67ed59e1d1-2f9e1d77b68sm3940417a91.18.2025.02.06.09.00.31
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Thu, 06 Feb 2025 09:00:35 -0800 (PST)
From: 45mg <45mg.writes@HIDDEN>
To: Maxim Cournoyer <maxim.cournoyer@HIDDEN>, Simon Tournier
 <zimon.toutoune@HIDDEN>, 45mg <45mg.writes@HIDDEN>
Subject: Re: [PATCH (WIP) v1.5 0/4] Add 'guix fork'.
In-Reply-To: <877c63adey.fsf@HIDDEN>
References: <cover.1738408683.git.45mg.writes@HIDDEN>
 <87wme53wkv.fsf@HIDDEN> <877c63adey.fsf@HIDDEN>
Date: Thu, 06 Feb 2025 17:00:33 +0000
Message-ID: <87r04b2eku.fsf@HIDDEN>
MIME-Version: 1.0
Content-Type: text/plain
X-Spam-Score: 3.0 (+++)
X-Spam-Report: Spam detection software, running on the system "debbugs.gnu.org",
 has NOT identified this incoming email as spam.  The original
 message has been attached to this so you can view it or label
 similar future email.  If you have any questions, see
 the administrator of that system for details.
 Content preview:  Hi Maxim, Maxim Cournoyer writes: > Before you go further,
 I'd propose you to explore whether the > GUIX_EXTENSIONS_PATH mechanism could
 work for your new command. If it > does, then that's even nicer, 
 Content analysis details:   (3.0 points, 10.0 required)
 pts rule name              description
 ---- ---------------------- --------------------------------------------------
 3.0 MANY_TO_CC             Sent to 10+ recipients
 -0.0 RCVD_IN_DNSWL_NONE     RBL: Sender listed at https://www.dnswl.org/,
 no trust [2607:f8b0:4864:20:0:0:0:1044 listed in]
 [list.dnswl.org]
 0.0 SPF_HELO_NONE          SPF: HELO does not publish an SPF Record
 -0.0 SPF_PASS               SPF: sender matches SPF record
 0.0 FREEMAIL_FROM          Sender email is commonly abused enduser mail
 provider (45mg.writes[at]gmail.com)
X-Debbugs-Envelope-To: 75981
Cc: Nicolas Graves <ngraves@HIDDEN>,
 Simon Tournier <zimon.toutoune@HIDDEN>, Tomas Volf <~@wolfsden.cz>,
 Liliana Marie Prikler <liliana.prikler@HIDDEN>, 75981 <at> debbugs.gnu.org,
 Ricardo Wurmus <rekado@HIDDEN>, Attila Lendvai <attila@HIDDEN>,
 Simon Streit <simon@HIDDEN>
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: 2.0 (++)
X-Spam-Report: Spam detection software, running on the system "debbugs.gnu.org",
 has NOT identified this incoming email as spam.  The original
 message has been attached to this so you can view it or label
 similar future email.  If you have any questions, see
 the administrator of that system for details.
 
 Content preview:  Hi Maxim, Maxim Cournoyer writes: > Before you go further,
    I'd propose you to explore whether the > GUIX_EXTENSIONS_PATH mechanism could
    work for your new command. If it > does, then that's even nicer, 
 
 Content analysis details:   (2.0 points, 10.0 required)
 
  pts rule name              description
 ---- ---------------------- --------------------------------------------------
 -0.0 RCVD_IN_DNSWL_NONE     RBL: Sender listed at https://www.dnswl.org/,
                              no trust
                             [2607:f8b0:4864:20:0:0:0:1044 listed in]
                             [list.dnswl.org]
  3.0 MANY_TO_CC             Sent to 10+ recipients
  0.0 SPF_HELO_NONE          SPF: HELO does not publish an SPF Record
 -0.0 SPF_PASS               SPF: sender matches SPF record
  0.0 FREEMAIL_FROM          Sender email is commonly abused enduser mail
                             provider (45mg.writes[at]gmail.com)
 -1.0 MAILING_LIST_MULTI     Multiple indicators imply a widely-seen list
                             manager

Hi Maxim,

Maxim Cournoyer <maxim.cournoyer@HIDDEN> writes:

> Before you go further, I'd propose you to explore whether the
> GUIX_EXTENSIONS_PATH mechanism could work for your new command.  If it
> does, then that's even nicer,

If I understand correctly how GUIX_EXTENSIONS_PATH is supposed to work,
then yes, I could use it to get the Guix CLI to find my `fork`
subcommand without it being in upstream Guix. But I'm trying to get it
into upstream Guix, hence this patch series :)

Regarding /why/ I want it upstream - I've started a draft of a GCD in
which I intend to make a comprehensive argument for its inclusion; I
believe it's more useful and important than you'd think, and I hope I'll
be able to convince you and everyone else of this.

(May take me a while to finish the GCD, though.)

> as I think in general it'd be preferable for something as particular
> as 'guix fork' to not be advertised as a top level guix command.

If that's specifically what you're worried about - Simon was of the
opinion (upthread) that I should have made this a subcommand of `guix
git`. So, we'd have `guix git fork create`, `guix git fork update`, etc.
That would mean it wouldn't show up under top-level `guix --help`. WDYT?
Would that work for you?

I chose `guix fork` because AFAIK all our commands so far are at most 3
'verbs' long (eg. `guix system list-generations`), and 4 verbs felt a
bit too much. But I'm flexible on this point.

> A note could be added to the manual pointing to this extension,
> perhaps in a subsection of the section documenting channels, for the
> rarer cases where this is useful/necessary.

I don't really understand what you're proposing. Are you suggesting that
we move guix/scripts/fork.scm and guix/scripts/fork/* to a separate
directory from the other scripts, then ask people who want to use it to
set GUIX_EXTENSIONS_PATH with that directory?

IMO, that'd just make it needlessly difficult to use it. And honestly,
what exactly is the harm in having a lesser-used top-level subcommand?
We have `guix refresh`, which the manual explicitly states is mostly
only relevant for packagers.

> We'd also need to document the GUIX_EXTENSIONS_PATH environment
> variable, and some usage guidance (I've never used an extension myself).

Yup. Actually, this should be done regardless of what happens with my
proposal. I had to search the mailing lists and track down the patch in
which it was implemented [1] just to figure out what it was supposed to do
(and even then I'm not entirely clear).

> -- 
> Thanks,
> Maxim

[1] https://yhetil.org/guix/20210105101817.7576-1-rekado@HIDDEN/
    I /think/ this is the one?




Information forwarded to guix-patches@HIDDEN:
bug#75981; Package guix-patches. Full text available.

Message received at 75981 <at> debbugs.gnu.org:


Received: (at 75981) by debbugs.gnu.org; 6 Feb 2025 04:46:36 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Wed Feb 05 23:46:36 2025
Received: from localhost ([127.0.0.1]:53736 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1tftmd-0006YZ-MZ
	for submit <at> debbugs.gnu.org; Wed, 05 Feb 2025 23:46:35 -0500
Received: from mail-pl1-x62e.google.com ([2607:f8b0:4864:20::62e]:51272)
 by debbugs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)
 (Exim 4.84_2) (envelope-from <maxim.cournoyer@HIDDEN>)
 id 1tftma-0006YD-O2
 for 75981 <at> debbugs.gnu.org; Wed, 05 Feb 2025 23:46:34 -0500
Received: by mail-pl1-x62e.google.com with SMTP id
 d9443c01a7336-21f05693a27so7376735ad.2
 for <75981 <at> debbugs.gnu.org>; Wed, 05 Feb 2025 20:46:32 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=gmail.com; s=20230601; t=1738817186; x=1739421986; darn=debbugs.gnu.org;
 h=mime-version:user-agent:message-id:date:references:in-reply-to
 :subject:cc:to:from:from:to:cc:subject:date:message-id:reply-to;
 bh=uEmk2ZA4589OvwPyStd/p/sM/TSmRA7Yadf0VQnRQmE=;
 b=WJDj1QOzw/wEhrR1iuf58l4AwirGNKWtAtrFh8gq0TNiFxkYYgYpGD9JAHpYJXzCfb
 ALRpiVbMdM9FJ8MIG+XMF99k0ysgR35HishRrGvF9nNsgVv0VGOzvga2bBbcSTR1tLZb
 OYRW+c4L35/M0dCH6l4ickVHZndvInD8iNK544t/CipejXN1V1IjP0GZvgvTHEIJJWqZ
 bJRGUy5t/G4nlHUdEnmHOH7+Vv3g539usSde9+xU8WaCQ3ycwXgYkJNfBQiTG2dkkJzA
 +9D5wSqGf+aiD9KT6zT2qvruW9fFQ/yKkvyYgxRBK+cZ2W/3ZcCE28Fh1O4Da/W3LCFn
 2TMw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20230601; t=1738817186; x=1739421986;
 h=mime-version:user-agent:message-id:date:references:in-reply-to
 :subject:cc:to:from:x-gm-message-state:from:to:cc:subject:date
 :message-id:reply-to;
 bh=uEmk2ZA4589OvwPyStd/p/sM/TSmRA7Yadf0VQnRQmE=;
 b=gXl8f0lIfcFuhzMsWx7fJX7OrYGcKNVsHYmCgKmwq9wSUYFf9xcbEmex04hL/KWhTr
 MqtZUF89tSeO/bx73tEFsl7Wu+ocvPmZ/4gUQ6Yq+GUo4IANdzM9RMvnXE2zLP21KcDt
 gzWcNAIOzoIyHL7t9raUk7a9g2j47QuZJ8yJzY3m8SUNpMNPW6JkN80gWnmpKzmXjf7h
 osm/bZcwhmSguzRqfVZg+ujaPNzM6NEIQTXs2HLPEGdm6v9uaPui/ZfuzelLomMZPjmr
 pmaR9F1xoOYnKdLNjxcHHtofqKIYSYqxP/G7/eZvnn3MpaHIdF/bNqNONdsvank5TiLt
 7r5Q==
X-Gm-Message-State: AOJu0Yxthix2j9qIZuNyCloXtcGZ8215yKMhYb3yIt0On9vf+YCa7buC
 S9vulCWtuAj51JR4U06ho8+nelT4Um4i1DNeVnY//n/y8qAlzp9h
X-Gm-Gg: ASbGnctdptGHEwkxA/exekHlKbyXAMzKnZVv1ELTbHmFeM9gjVIbidKVyeWl4rZlKcZ
 63P0l0YVrbIVjKBUf62BNavCsUDI0l5QsZZDHPiQ3Whg/oo+PAX37J4xDoBUBQrhj8QB0Fh8Ksz
 EZf3YhT4lbe1OVISL7LxmeU6/3pOQpGcrsEAWfQAA65PIJW3lMEIiy2dXPGKQbutKJ64ybxT6Z/
 qz/BT0SX8Ze3mT4q1VUZDAVWV6xQYUHslsT9UPMZ7D50BJFmelu67IWeCfHQWGVQ4tPTVDX14Pv
 qtgDMpa+XU/L
X-Google-Smtp-Source: AGHT+IFrfH0nyXIGcNKoeJRcGZDssOnM+d2ZLP4Wt6i7RSwM8tppz00K9L1Eo7+4eVwmFwvY3Ob9zw==
X-Received: by 2002:a05:6a20:9f48:b0:1ed:a72f:bed1 with SMTP id
 adf61e73a8af0-1ede88b16f8mr12300000637.32.1738817186517; 
 Wed, 05 Feb 2025 20:46:26 -0800 (PST)
Received: from terra ([2405:6586:be0:0:c8ff:1707:9b9:af89])
 by smtp.gmail.com with ESMTPSA id
 41be03b00d2f7-ad51f0231d7sm95223a12.66.2025.02.05.20.46.23
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Wed, 05 Feb 2025 20:46:26 -0800 (PST)
From: Maxim Cournoyer <maxim.cournoyer@HIDDEN>
To: 45mg <45mg.writes@HIDDEN>
Subject: Re: [PATCH (WIP) v1.5 0/4] Add 'guix fork'.
In-Reply-To: <87wme53wkv.fsf@HIDDEN> (45mg.writes@HIDDEN's message of
 "Wed, 05 Feb 2025 03:21:52 +0000")
References: <cover.1738408683.git.45mg.writes@HIDDEN>
 <87wme53wkv.fsf@HIDDEN>
Date: Thu, 06 Feb 2025 13:46:13 +0900
Message-ID: <877c63adey.fsf@HIDDEN>
User-Agent: Gnus/5.13 (Gnus v5.13)
MIME-Version: 1.0
Content-Type: text/plain
X-Spam-Score: 0.0 (/)
X-Debbugs-Envelope-To: 75981
Cc: Nicolas Graves <ngraves@HIDDEN>,
 Simon Tournier <zimon.toutoune@HIDDEN>, Tomas Volf <~@wolfsden.cz>,
 Liliana Marie Prikler <liliana.prikler@HIDDEN>, 75981 <at> debbugs.gnu.org,
 Ricardo Wurmus <rekado@HIDDEN>, Attila Lendvai <attila@HIDDEN>,
 Simon Streit <simon@HIDDEN>
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -1.0 (-)

Hi 45mg,

45mg <45mg.writes@HIDDEN> writes:

> Hi all,
>
> First of all, thanks to Maxim for the patch review! There are a lot of
> things that I'll need to address in there. And thanks to everyone else
> who's replied here. It's encouraging to see that people are paying
> attention to my work; I was worried there wouldn't be enough people who
> care about this issue.

[...]

> So, rather than doing a typical inline reply to each message in this
> thread, I'm going to try to list out all the feedback I've gotten, and
> everything that's pending. Then I'll talk about how I plan to work on
> it. Feel free to comment on anything here.

Before you go further, I'd propose you to explore whether the
GUIX_EXTENSIONS_PATH mechanism could work for your new command.  If it
does, then that's even nicer, as I think in general it'd be preferable
for something as particular as 'guix fork' to not be advertised as a top
level guix command.  A note could be added to the manual pointing to
this extension, perhaps in a subsection of the section documenting
channels, for the rarer cases where this is useful/necessary.

We'd also need to document the GUIX_EXTENSIONS_PATH environment
variable, and some usage guidance (I've never used an extension myself).

-- 
Thanks,
Maxim




Information forwarded to guix-patches@HIDDEN:
bug#75981; Package guix-patches. Full text available.

Message received at 75981 <at> debbugs.gnu.org:


Received: (at 75981) by debbugs.gnu.org; 5 Feb 2025 03:22:09 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Tue Feb 04 22:22:09 2025
Received: from localhost ([127.0.0.1]:47497 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1tfVzN-0003WH-4t
	for submit <at> debbugs.gnu.org; Tue, 04 Feb 2025 22:22:09 -0500
Received: from mail-pj1-x1044.google.com ([2607:f8b0:4864:20::1044]:61481)
 by debbugs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)
 (Exim 4.84_2) (envelope-from <45mg.writes@HIDDEN>)
 id 1tfVzH-0003VJ-Dx
 for 75981 <at> debbugs.gnu.org; Tue, 04 Feb 2025 22:22:04 -0500
Received: by mail-pj1-x1044.google.com with SMTP id
 98e67ed59e1d1-2efe25558ddso8182226a91.2
 for <75981 <at> debbugs.gnu.org>; Tue, 04 Feb 2025 19:22:03 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=gmail.com; s=20230601; t=1738725716; x=1739330516; darn=debbugs.gnu.org;
 h=mime-version:message-id:date:references:in-reply-to:subject:cc:to
 :from:from:to:cc:subject:date:message-id:reply-to;
 bh=LsoqWQOgLVhVoEea614U0RdTK7bH/DJiXnYNumko6+o=;
 b=AzO4Cd1r+nQMqfPpl/DBWAOZP8S9K53fvWa0zwDCutGvUHL6hhBIqT2sm7gcUk6g83
 XHoysfKWcmMwqiAvW6UGHccGArDezXQ4FMRLGLoqACfdcglkg1y8Is4ExR60h31sVj7s
 Asm4IoQWl1haJ34X6XxsxuJAZVWV/YTRVmJuO1kHsEI0+v/Yjmmyr1J5gsiXs6uCWK3A
 SgYjXacIDZPT7p4b+11Lvz3Dj59u3d2IcMmZFNZheVqK1cytt9gfB5ZbBlcZsMaWr3qm
 7On+XzFL0BA5/QSsjq0f0p1U5n5BtAD4mXeLy+AMV1wp94laIbgBF4c1Rv469kzp6ISS
 XW7g==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20230601; t=1738725716; x=1739330516;
 h=mime-version:message-id:date:references:in-reply-to:subject:cc:to
 :from:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to;
 bh=LsoqWQOgLVhVoEea614U0RdTK7bH/DJiXnYNumko6+o=;
 b=aNW7yNhKUqMrMZsvn6KbcJFGF/K8CoMkkI0sjnehH2DtIDelJ6k9bEmnADvQYxkx2Z
 xm2XO3KXc9eYH5CkhlfabhYz/1shEAxLyV9Be4940vMsmwBkg5nygoIM9OCVC/B6+ddV
 sOcuJyZaQKC5r7TbaIzIEZVQA559UPqkWHrzg9O0IpsLz4YiepU+1peltN/XYXIcM5wV
 ND9WGgkm2YM0MwJ2MZRiJA5HNn9UcOrBpu6R7C7CbX6AiaELv9NM63LZ5bg/+pWDEnLL
 r7wdMAhKmcPcMZK5Cq8Wo2V7BxkFrk/7UtNeEnjOOGFcQoamslQqWgmKaOZivItH4H57
 ZjTw==
X-Gm-Message-State: AOJu0Yy0ITZGIl0DX/adUfYcQwzxgyv2XscfedB4y4bki8V9QmHlKJ/X
 AXOzX3PE78yymES3+Jcbda1XWx0Md0jEVGVfnJYbGN2V0jv9MSS3
X-Gm-Gg: ASbGncunsjRhqz58MihyYDXLFqjNobIWR2AP2hch2pQHI9qHACGyWD1acxI0bBMujBA
 /ZfWPUbvGoahpPVWPqTVa/Ah1z6e8+Iov4uSOD0pAkLY5d8+a4CbQsZoCNwrN7wk/AZ7ARGME2e
 eMGCdjnr5qvOwnOFWgfmd75Zm27ok8Q/lLbhetQg3VeIoUKh2NuQDYjCApobAplLAzhDel8kGWS
 u1UKw9IgMNziwaSSkIiL/oR6h321sA/Ypc6YLwqy7dSm0b4Qq2Vefe9udr6OtspOn+FIZj2llHu
 we4b035xhJUgWvy1
X-Google-Smtp-Source: AGHT+IFSAEv5EYbY85/z1jUjrDp/5vGBnYKteG22UaSLrur1mf/ATnmzpZWe6epd+XLtRn1ml3IR8Q==
X-Received: by 2002:a17:90b:1d46:b0:2ee:f076:20f1 with SMTP id
 98e67ed59e1d1-2f9e069cf12mr2426119a91.0.1738725716449; 
 Tue, 04 Feb 2025 19:21:56 -0800 (PST)
Received: from guix1 (utm3.nitt.edu. [14.139.162.2])
 by smtp.gmail.com with ESMTPSA id
 98e67ed59e1d1-2f9e1da8a24sm355884a91.37.2025.02.04.19.21.52
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Tue, 04 Feb 2025 19:21:56 -0800 (PST)
From: 45mg <45mg.writes@HIDDEN>
To: 75981 <at> debbugs.gnu.org
Subject: Re: [PATCH (WIP) v1.5 0/4] Add 'guix fork'.
In-Reply-To: <cover.1738408683.git.45mg.writes@HIDDEN>
References: <cover.1738408683.git.45mg.writes@HIDDEN>
Date: Wed, 05 Feb 2025 03:21:52 +0000
Message-ID: <87wme53wkv.fsf@HIDDEN>
MIME-Version: 1.0
Content-Type: text/plain
X-Spam-Score: 0.0 (/)
X-Debbugs-Envelope-To: 75981
Cc: Nicolas Graves <ngraves@HIDDEN>,
 Maxim Cournoyer <maxim.cournoyer@HIDDEN>,
 Simon Tournier <zimon.toutoune@HIDDEN>, Tomas Volf <~@wolfsden.cz>,
 45mg <45mg.writes@HIDDEN>,
 Liliana Marie Prikler <liliana.prikler@HIDDEN>,
 Ricardo Wurmus <rekado@HIDDEN>, Attila Lendvai <attila@HIDDEN>,
 Simon Streit <simon@HIDDEN>
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -1.0 (-)

Hi all,

First of all, thanks to Maxim for the patch review! There are a lot of
things that I'll need to address in there. And thanks to everyone else
who's replied here. It's encouraging to see that people are paying
attention to my work; I was worried there wouldn't be enough people who
care about this issue.

So far, my approach to Guix stuff in general has been to just dive in
and work on things until they're done. But there's just so much work
here that if I dive in right now, I don't know when I'll resurface. And
I'm way too busy for that right now.

So, rather than doing a typical inline reply to each message in this
thread, I'm going to try to list out all the feedback I've gotten, and
everything that's pending. Then I'll talk about how I plan to work on
it. Feel free to comment on anything here.

I will try to organize the feedback I've gotten so far below:

1. The argument that this doesn't belong upstream. The main arguments
   seem to be that we should improve the review process instead, or that
   channels are sufficient for anything you'd use a fork for.
2. Feature suggestions:
   a. If the user has commit access, then allow them to use a merge
      rather than rebase upstream commits.
      I hadn't thought of this before because I was thinking entirely
      from a non-committer's perspective. But I guess even committers
      might want a personal authenticated fork in some cases. As Attila
      pointed out, some things may be rejected from upstream and some
      may be temporary kludges to get things working until you can
      implement a proper solution.
3. Larger code corrections - things I need to actually spend some
   thought on. Here's a list:
   a. I've used a mix of Guile-Git and just shelling out to the Git CLI.
      The idea behind this was to provide transparency about what the
      commands are doing. For example, we could implement a `--dry-run`
      option for `create` and `update` that will just output the git
      commands that will be run rather than executing them.
      With that said, however, there are some places where it would
      clearly be cleaner to use Guile-Git, and doing so would not make
      `--dry-run` output less useful. For example, the `git
      symbolic-ref` invocations to get branch names, etc. So I need to
      make some judgement calls in that regard.
   b. The use of the `#:argument-handler` keyword of
      `parse-command-line`. It's not clear to me how this would simplify
      things, and I need to put some thought into it.
   c. Error handling. Replacing `leave` with proper exceptions (in
      `openpgp-fingerprint*` and `guix-fork-update`), handling possible
      exceptions (from gpg in `openpgp-fingerprint*`). I'm not familiar
      with exceptions, etc. in Guile, and it'll take some time for me to
      figure things out.
   d. Whether `openpgp-fingerprint*` belongs in guix/channels.scm.
4. Minor code corrections, eg. formatting. These don't really need
   further discussion, and I can just address them sequentially as I
   work on the v2 of this patch series.
      
And here are the other things that are still pending:

5. Tests. These will be the first thing to work on, as it will likely
   speed up the development feedback loop a lot.
6. Implement `guix fork identify`.
7. Figure out how to make the existing git hooks 'fork-aware' -
   currently the post-merge hook runs where it shouldn't and fails,
   because it invokes `guix git authenticate` where it should be calling
   `guix fork authenticate`.
      
Now, on to the plan of action.

First of all, let's talk about '1.'. I think I may have addressed this
in the original thread, but going by the responses here, clearly I
didn't do so well enough.

Now, as Maxim pointed out, I will probably need to submit a GCD to get
this merged upstream. I think that would be the best place for me to
state my argument. That way, we can discuss whether this patch series
should be accepted at all, as well as the broader design - items '1.'
and '2.' from the list above - in a separate thread.

Simultaneously, we can use this thread for the concrete implementation -
items '3.' to '7.'.

That way, even when I don't have the time or energy to work on the code,
I can still keep the discussion going, and collect feedback and opinions
for when I do.

Thoughts? I've never had to juggle so much discussion and feedback with
implementation work like this (is this what a software career is going
to feel like?), so I'm open to suggestions here.

Thanks,
45mg




Information forwarded to guix-patches@HIDDEN:
bug#75981; Package guix-patches. Full text available.

Message received at 75981 <at> debbugs.gnu.org:


Received: (at 75981) by debbugs.gnu.org; 4 Feb 2025 05:38:33 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Tue Feb 04 00:38:33 2025
Received: from localhost ([127.0.0.1]:42241 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1tfBdo-0007Lo-TJ
	for submit <at> debbugs.gnu.org; Tue, 04 Feb 2025 00:38:33 -0500
Received: from mail-pl1-x630.google.com ([2607:f8b0:4864:20::630]:42361)
 by debbugs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)
 (Exim 4.84_2) (envelope-from <maxim.cournoyer@HIDDEN>)
 id 1tfBdm-0007La-Ia
 for 75981 <at> debbugs.gnu.org; Tue, 04 Feb 2025 00:38:31 -0500
Received: by mail-pl1-x630.google.com with SMTP id
 d9443c01a7336-2167141dfa1so90583485ad.1
 for <75981 <at> debbugs.gnu.org>; Mon, 03 Feb 2025 21:38:30 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=gmail.com; s=20230601; t=1738647504; x=1739252304; darn=debbugs.gnu.org;
 h=content-transfer-encoding:mime-version:user-agent:message-id:date
 :references:in-reply-to:subject:cc:to:from:from:to:cc:subject:date
 :message-id:reply-to;
 bh=f9cYrzHBsF11BEaw8T1hH0JU/IziVirrE09mASGKNg8=;
 b=ahIMVsETq8JFCPGTMLpqhmw4J5f5Dr5KlKg36BpMK3zoJ6jmWE9Eo+d/5J4m6jdvJf
 JpPrJwkzQnUGEbcHUTh6VaJHX0ZSCj+DqcNPnBCAGcAF78GtlSh3M8KQyt3W/BeyVaxr
 SV+p5k3Z95Q3EKNWhcuPSnPmrSKCtHXH5KLhS8sze5DR99SWHAHVjWvJwSR3yZrWQzpT
 RpzxFusqhwZqSSzBQ/vrQ8MZ0BZt4TJ9A1emRNmdNRKOTqUTwdrQHdjcm1Eem+bEDr2S
 XdHJ/vbxK7NUhOwkeOs51C6NchSXP7myrNEaFeg2ZrYYVYdS0BSSSRPKTvzdskC0Xjb7
 OeRA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20230601; t=1738647504; x=1739252304;
 h=content-transfer-encoding:mime-version:user-agent:message-id:date
 :references:in-reply-to:subject:cc:to:from:x-gm-message-state:from
 :to:cc:subject:date:message-id:reply-to;
 bh=f9cYrzHBsF11BEaw8T1hH0JU/IziVirrE09mASGKNg8=;
 b=W6DHelV6gQXPVbEctDDkHjN0jS/v8cO6XgFA6nFsjLdUexJhhYgV7Y5OQXL3Tfxxcd
 O+OsL8DqF5aeacH/yTl155XdxuMZzlFauMBxkaXk9UFgnt0sgw29VObQp5jMsC3coW0s
 ltqKCSde+zenNEQ2ctUS5LQiZV8HX8y427TfKXqzg7+DP+OHg3hdj6GMNf16RiCi64Xv
 ynLQIvNTPw0p9TWIBRES5+39xt5P0NHoTkjzclDV5wdOx227vvdo1XlQwX2sAOo0iPxq
 PQ9Nd6SSZSsjYMM6p0en+zW8D6hDoi4urwMz/aEHSiuUJgNMrV071F0mXygHgA/eObN3
 L8HQ==
X-Forwarded-Encrypted: i=1;
 AJvYcCW8Yy9ynjyNeh1yp81ep3swLHWvWDf+30ndMEwufvhuFJWzp9MMWqBS/tfJOcye+bNUWZ6Smw==@debbugs.gnu.org
X-Gm-Message-State: AOJu0YzYkGSf/epopFB+nd+30twTgDqyUqTwTpI6vvPB7T048nH33H3d
 p5BhmeRgixUOwKgCoKptH4bLthrhzR2M3t8JbiK+Cms6Utont40I
X-Gm-Gg: ASbGncuvB0Elto4PErVZDYNgPru5yms2YQIFXLm73dV10afK7WnYhQsw4Ouuw2I4ZZW
 hRdlB2k82iU0fNZNME81gLl06MVePUF5cGAs8iu8G2Qt9vTjDKRGAhV0yPKINGXwfGxE3KAgV3M
 XFd6jCwZGdz2Xj67l5/ZgWt6LRBgyTIZEC3FZX3lfFWpDaEhPSuIszK/IlCIMcHGqkS6yr4vo5t
 bWN5hNsVfW7Yamm+9FKIe847daCbS/+BrxB5QseErwHRoVXoBaVr2l/Kzyboojgs5BnVRfp2yUV
 xGsNuuCZ0Wnt
X-Google-Smtp-Source: AGHT+IHmJTOnX9MlZDSNJkhe+T3WbwwfjNrmAdMtysIwrG75aBWMfLTUWFNIepeEZOTIs2bB5EUN4g==
X-Received: by 2002:a17:902:fc85:b0:215:a808:61cf with SMTP id
 d9443c01a7336-21f01ce046fmr27067595ad.25.1738647502483; 
 Mon, 03 Feb 2025 21:38:22 -0800 (PST)
Received: from terra ([2405:6586:be0:0:c8ff:1707:9b9:af89])
 by smtp.gmail.com with ESMTPSA id
 d9443c01a7336-21edddf883fsm69107395ad.4.2025.02.03.21.38.18
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Mon, 03 Feb 2025 21:38:21 -0800 (PST)
From: Maxim Cournoyer <maxim.cournoyer@HIDDEN>
To: Simon Streit <simon@HIDDEN>
Subject: Re: [bug#75981] [PATCH (WIP) v1.5 1/4] Add 'guix fork create'.
In-Reply-To: <ygu4j1cnfwx.fsf@HIDDEN> (Simon Streit's message of "Sun,
 02 Feb 2025 23:24:46 +0100")
References: <cover.1738408683.git.45mg.writes@HIDDEN>
 <590b269995eb83d8fe2b584a40a58fa9ed473c54.1738408683.git.45mg.writes@HIDDEN>
 <877c68jsr0.fsf@HIDDEN> <ygu4j1cnfwx.fsf@HIDDEN>
Date: Tue, 04 Feb 2025 14:38:08 +0900
Message-ID: <87v7tqb77j.fsf@HIDDEN>
User-Agent: Gnus/5.13 (Gnus v5.13)
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
X-Spam-Score: 3.0 (+++)
X-Spam-Report: Spam detection software, running on the system "debbugs.gnu.org",
 has NOT identified this incoming email as spam.  The original
 message has been attached to this so you can view it or label
 similar future email.  If you have any questions, see
 the administrator of that system for details.
 
 Content preview:  Hi Simon, Simon Streit writes: > Hello Maxim, > > Maxim Cournoyer
    writes: > >> My first thought was similar to Liliana’s reply in the other
    issue >> thread: putting lots of energy into making it convenient to fork
    Guix >> inste [...] 
 
 Content analysis details:   (3.0 points, 10.0 required)
 
  pts rule name              description
 ---- ---------------------- --------------------------------------------------
  3.0 MANY_TO_CC             Sent to 10+ recipients
 -0.0 RCVD_IN_DNSWL_NONE     RBL: Sender listed at https://www.dnswl.org/,
                              no trust
                             [2607:f8b0:4864:20:0:0:0:630 listed in]
                             [list.dnswl.org]
 -0.0 SPF_PASS               SPF: sender matches SPF record
  0.0 SPF_HELO_NONE          SPF: HELO does not publish an SPF Record
  0.0 FREEMAIL_FROM          Sender email is commonly abused enduser mail
                             provider (maxim.cournoyer[at]gmail.com)
X-Debbugs-Envelope-To: 75981
Cc: Josselin Poiret <dev@HIDDEN>, Tobias Geerinckx-Rice <me@HIDDEN>,
 Nicolas Graves <ngraves@HIDDEN>, Simon Tournier <zimon.toutoune@HIDDEN>,
 Mathieu Othacehe <othacehe@HIDDEN>, Tomas Volf <~@wolfsden.cz>,
 45mg <45mg.writes@HIDDEN>,
 Liliana Marie Prikler <liliana.prikler@HIDDEN>, 75981 <at> debbugs.gnu.org,
 Ricardo Wurmus <rekado@HIDDEN>, Christopher Baines <guix@HIDDEN>,
 Attila Lendvai <attila@HIDDEN>,
 Ludovic =?utf-8?Q?Court=C3=A8s?= <ludo@HIDDEN>
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: 2.0 (++)
X-Spam-Report: Spam detection software, running on the system "debbugs.gnu.org",
 has NOT identified this incoming email as spam.  The original
 message has been attached to this so you can view it or label
 similar future email.  If you have any questions, see
 the administrator of that system for details.
 
 Content preview:  Hi Simon, Simon Streit writes: > Hello Maxim, > > Maxim Cournoyer
    writes: > >> My first thought was similar to Liliana’s reply in the other
    issue >> thread: putting lots of energy into making it convenient to fork
    Guix >> inste [...] 
 
 Content analysis details:   (2.0 points, 10.0 required)
 
  pts rule name              description
 ---- ---------------------- --------------------------------------------------
 -0.0 RCVD_IN_DNSWL_NONE     RBL: Sender listed at https://www.dnswl.org/,
                              no trust
                             [2607:f8b0:4864:20:0:0:0:630 listed in]
                             [list.dnswl.org]
  3.0 MANY_TO_CC             Sent to 10+ recipients
 -0.0 SPF_PASS               SPF: sender matches SPF record
  0.0 SPF_HELO_NONE          SPF: HELO does not publish an SPF Record
  0.0 FREEMAIL_FROM          Sender email is commonly abused enduser mail
                             provider (maxim.cournoyer[at]gmail.com)
 -1.0 MAILING_LIST_MULTI     Multiple indicators imply a widely-seen list
                             manager

Hi Simon,

Simon Streit <simon@HIDDEN> writes:

> Hello Maxim,
>
> Maxim Cournoyer <maxim.cournoyer@HIDDEN> writes:
>
>> My first thought was similar to Liliana=E2=80=99s reply in the other iss=
ue
>> thread: putting lots of energy into making it convenient to fork Guix
>> instead of contributing to the review process (described as slow and
>> erratic, which appears to be the motivation here), appears
>> counter-productive.
>
> I am all for contributing to the review process.  It is only through
> recent discussions on this subject that I am forcing myself to be a bit
> more active within the community again.  Thanks for getting me back in.
> I am also at fault my self.  I have a personal channel running and the
> list is getting longer on patches that rather be submitted.

I didn't mean to make anyone feel bad for having a channel, just to
state that if someone wants to have an impact on the slow review
process, the direction should be contributing toward that goal by
providing more eyes and hands, not providing more tools to more
comfortably doing our own things in our sandbox without interacting.  So
I'm glad if the result was to nudge you toward joining the review party ;-).

> I am nowhere close to be a contributor (yet).  I simply don=E2=80=99t hav=
e time
> and resources to be more active at the moment.  At the same time I also
> don=E2=80=99t want to wait for months until certain patches =E2=80=93 whi=
ch have been
> submitted for review =E2=80=93 are pushed upstream.

There's no hiding it: reviewing is a (very) time consuming process, and
is currently done by volunteers, so on their own limited time they
probably would rather use to hack on things that personally matter more
to them :-).  The more hands we throw at it, the less time individual
reviewers have to spend on it to keep the community happy and running
smoothly.

> I do keep patches running on top of local branches that are constantly
> being re-based from upstream.  While time consuming, it seems to be the
> most convenient at the moment.

> I don=E2=80=99t even want maintain a local fork.  It is not that I really=
 need
> one.  I use it for development, thus many branches are just dead ends
> that are kept for archival reasons.  I have a local central repository
> where I usually push my work to be more independent from my devices =E2=
=80=93
> which is my issue.  And here I only recently realised that I can=E2=80=99=
t even
> push these branches to my central repository any more.

For development, I simply use git checkouts and force-push them around
when I have to, or use './pre-inst-env guix deploy'.  It's not as
seamless as simply using 'guix', but it did the job when I needed it.  I
feel this feature here caters to more long-term forks that could have
multiple users, thus requiring authentication.

> Then I tried it the other day to set up a modified keyring and
> authenticate with my key and push it to my local repository as described
> in the manual.  I failed for some reason and probably missed something.
> This time I felt it: The bar is now seriously high to work on Guix at
> the moment.

I feel perhaps people are trying to replace Git by Guix :-).  Or are
operating outside what I'd call 'development', and want some
fancier/better integrated distribution means for Guix as a whole.

> While the authentication mechanism is useful and necessary to prove what
> is from Guix, it defeats the point to use Git as a decentralised tool.
> It should be possible to allow local modifications for personal use,
> also as unauthorised contributors.
>
> I am for it.  Including a warning that I am pulling an unauthenticated
> fork.

What do you mean unauthenticated?  The point of this feature is to make
authenticated forks easier to setup/work with, so you wouldn't get any
warning, unless I'm missing something.

Thanks for sharing your thoughts.

--=20
Maxim




Information forwarded to guix-patches@HIDDEN:
bug#75981; Package guix-patches. Full text available.

Message received at 75981 <at> debbugs.gnu.org:


Received: (at 75981) by debbugs.gnu.org; 3 Feb 2025 16:04:34 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Mon Feb 03 11:04:34 2025
Received: from localhost ([127.0.0.1]:40867 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1teyw6-0007GG-8e
	for submit <at> debbugs.gnu.org; Mon, 03 Feb 2025 11:04:34 -0500
Received: from mail-wm1-x32f.google.com ([2a00:1450:4864:20::32f]:43444)
 by debbugs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)
 (Exim 4.84_2) (envelope-from <zimon.toutoune@HIDDEN>)
 id 1teyw3-0007Fn-Nu
 for 75981 <at> debbugs.gnu.org; Mon, 03 Feb 2025 11:04:32 -0500
Received: by mail-wm1-x32f.google.com with SMTP id
 5b1f17b1804b1-43626213fffso34858305e9.1
 for <75981 <at> debbugs.gnu.org>; Mon, 03 Feb 2025 08:04:31 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=gmail.com; s=20230601; t=1738598665; x=1739203465; darn=debbugs.gnu.org;
 h=content-transfer-encoding:mime-version:message-id:date:references
 :in-reply-to:subject:cc:to:from:from:to:cc:subject:date:message-id
 :reply-to; bh=ZqCRcfhdWjPubDEiqDwYrj6HvE/Ib8ausNgV2sZ9L10=;
 b=VhWc1t/X83KQs196LX7Scn1J+ndgmzEeYspgNz9p9iLnLq5i6y7kiJPxa/1dVASsAB
 JkwhpYAYRuPzP2OtQM3KcDRbpCpDHFtrBSR343B304DST4nNx89pcj5OAfJOmzxDFaTX
 Opg8MPq4OynmzoA9cDRWLP0L04hNY8A9N2dBipYbpTXYM7ZgYvkyiUju75n6dcHSgSW3
 sH0DHoa6v0FniaXmbMWrObl86bBPcNkWcxU4NSi0mQLpEeAaLZ2m4QCB5uFSvJtL4S9R
 ZPXF1WroerbL2cHfvztmwUwNSymrtfWEbSEfsB6VvlHOUXgu2U1l1KEnWOlscXcIaZAv
 roTQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20230601; t=1738598665; x=1739203465;
 h=content-transfer-encoding:mime-version:message-id:date:references
 :in-reply-to:subject:cc:to:from:x-gm-message-state:from:to:cc
 :subject:date:message-id:reply-to;
 bh=ZqCRcfhdWjPubDEiqDwYrj6HvE/Ib8ausNgV2sZ9L10=;
 b=bzpHfodlNZvyF65QXw/KD4YciLap5knehTE5327na7zbK2XGJAKg7J4y/LbtTpRYXk
 hqyHdH0K8NzB6xs8ntAaL7hmMDvx1w5EF0d/i3LrK4oQXLlMWNXBg6QGjZhcbhkRjb3y
 sRUBSKw96MNKAhMMWPY7wHNcEOLDkI2Htxr8hVjkoQ8p0hpVCx+aw5oR0eIZDtb6vfww
 BoLjYgQ/U4kTo2NDWW3d4gc7m/hdHTt2xhQP6UZD24gdp7ooQQsWrHjMBFWqdFKRJWOA
 SuQ1AqxiHlPaA8UIK6wWpOjId3Ut4GsIWfhbPtqeEnBv1HivtNqAE+RzbTxBtVIpibC3
 Gl7g==
X-Forwarded-Encrypted: i=1;
 AJvYcCWIuKrFAcx6YSflc7hXAvb9ET6NZBQe1uTGJipcwrCBCG/DTIGzal2a6UqBZ92lMTqherptUQ==@debbugs.gnu.org
X-Gm-Message-State: AOJu0Yy+nE6vpbDZhXn0qlAgQXkgaN93Ag7GbmNpiuvk/js/GAzMv/q1
 EvGnNVczp2qH2zRHdBYT85kzzva7fRonC88gbu6mGGRQ81+PYqL4
X-Gm-Gg: ASbGncuEvY+S1vE6QI1D5B7X/v4jO0pE9OkX9fWShbcm3oF3BOzfovf88mKiVqtz/Gs
 yN3Xh6XAcUNUZEqNjMzh5LFlpVtPbZfksiZvxG4zaOb/OjN15T3EC4wjpVf/drr0EI20DBXeAW1
 KbxI5gCLrZTtuwaM2vgO+OzwwcaXl+/tr7gLghX/DUhmXOXBeTi4//kUlxLStxA12UkFemMp2ao
 g9Oobd9L49qXLzqOt+XMe9ZmPrNlXxVpGMcqSumFpf/YB1KJHwBm5kNRXm0wuF5iJWeE3ebSr+d
 zdKFdjfknl508E+m5aOhpcFnE24Jc4Enh2NQ89Y7Iigm6Xr3Ibey/wglVtBGPv7ujwzNV4xPlR4
 E
X-Google-Smtp-Source: AGHT+IFaS6cIc8gGT4RUBxRXmvWTckpoZT/581PidWzjhS9ajz6XsyCvWpvrZuOvWlJqS9Wx7ORhEQ==
X-Received: by 2002:a05:600c:1da8:b0:434:f3d8:62db with SMTP id
 5b1f17b1804b1-438e1e18200mr139759055e9.2.1738598665129; 
 Mon, 03 Feb 2025 08:04:25 -0800 (PST)
Received: from lili (roam-nat-fw-prg-194-254-61-40.net.univ-paris-diderot.fr.
 [194.254.61.40]) by smtp.gmail.com with ESMTPSA id
 5b1f17b1804b1-438dcc1315esm191628635e9.6.2025.02.03.08.04.24
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Mon, 03 Feb 2025 08:04:24 -0800 (PST)
From: Simon Tournier <zimon.toutoune@HIDDEN>
To: 45mg <45mg.writes@HIDDEN>, 75981 <at> debbugs.gnu.org
Subject: Re: [bug#75981] [PATCH (WIP) v1.5 1/4] Add 'guix fork create'.
In-Reply-To: <590b269995eb83d8fe2b584a40a58fa9ed473c54.1738408683.git.45mg.writes@HIDDEN>
References: <cover.1738408683.git.45mg.writes@HIDDEN>
 <590b269995eb83d8fe2b584a40a58fa9ed473c54.1738408683.git.45mg.writes@HIDDEN>
Date: Mon, 03 Feb 2025 16:15:22 +0100
Message-ID: <87a5b39i0l.fsf@HIDDEN>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
X-Spam-Score: 3.0 (+++)
X-Spam-Report: Spam detection software, running on the system "debbugs.gnu.org",
 has NOT identified this incoming email as spam.  The original
 message has been attached to this so you can view it or label
 similar future email.  If you have any questions, see
 the administrator of that system for details.
 Content preview:  Hi, On Sat, 01 Feb 2025 at 17:13,
 45mg wrote: > * guix/scripts/fork.scm, 
 guix/scripts/fork/create.scm: New files. [...] 
 Content analysis details:   (3.0 points, 10.0 required)
 pts rule name              description
 ---- ---------------------- --------------------------------------------------
 3.0 MANY_TO_CC             Sent to 10+ recipients
 -0.0 SPF_PASS               SPF: sender matches SPF record
 0.0 SPF_HELO_NONE          SPF: HELO does not publish an SPF Record
 0.0 FREEMAIL_FROM          Sender email is commonly abused enduser mail
 provider (zimon.toutoune[at]gmail.com)
 -0.0 RCVD_IN_DNSWL_NONE     RBL: Sender listed at https://www.dnswl.org/,
 no trust [2a00:1450:4864:20:0:0:0:32f listed in]
 [list.dnswl.org]
X-Debbugs-Envelope-To: 75981
Cc: Josselin Poiret <dev@HIDDEN>, Tobias Geerinckx-Rice <me@HIDDEN>,
 Nicolas Graves <ngraves@HIDDEN>, Mathieu Othacehe <othacehe@HIDDEN>,
 Tomas Volf <~@wolfsden.cz>, 45mg <45mg.writes@HIDDEN>,
 Liliana Marie Prikler <liliana.prikler@HIDDEN>,
 Ricardo Wurmus <rekado@HIDDEN>, Christopher Baines <guix@HIDDEN>,
 Attila Lendvai <attila@HIDDEN>,
 Ludovic =?utf-8?Q?Court=C3=A8s?= <ludo@HIDDEN>
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: 2.0 (++)
X-Spam-Report: Spam detection software, running on the system "debbugs.gnu.org",
 has NOT identified this incoming email as spam.  The original
 message has been attached to this so you can view it or label
 similar future email.  If you have any questions, see
 the administrator of that system for details.
 
 Content preview:  Hi, On Sat, 01 Feb 2025 at 17:13, 45mg wrote: > * guix/scripts/fork.scm,
    guix/scripts/fork/create.scm: New files. [...] 
 
 Content analysis details:   (2.0 points, 10.0 required)
 
  pts rule name              description
 ---- ---------------------- --------------------------------------------------
 -0.0 RCVD_IN_DNSWL_NONE     RBL: Sender listed at https://www.dnswl.org/,
                              no trust
                             [2a00:1450:4864:20:0:0:0:32f listed in]
                             [list.dnswl.org]
  3.0 MANY_TO_CC             Sent to 10+ recipients
 -0.0 SPF_PASS               SPF: sender matches SPF record
  0.0 SPF_HELO_NONE          SPF: HELO does not publish an SPF Record
  0.0 FREEMAIL_FROM          Sender email is commonly abused enduser mail
                             provider (zimon.toutoune[at]gmail.com)
 -1.0 MAILING_LIST_MULTI     Multiple indicators imply a widely-seen list
                             manager

Hi,

On Sat, 01 Feb 2025 at 17:13, 45mg <45mg.writes@HIDDEN> wrote:
> * guix/scripts/fork.scm, guix/scripts/fork/create.scm: New files.

[...]

> * guix/scripts/git/authenticate.scm

I think this fork =E2=80=9Cfeature=E2=80=9D should not be yet another subco=
mmand but
this must be another subsubcommand: =E2=80=99guix git fork=E2=80=99.

It would make more sense, IMHO.

Cheers,
simon




Information forwarded to guix-patches@HIDDEN:
bug#75981; Package guix-patches. Full text available.

Message received at 75981 <at> debbugs.gnu.org:


Received: (at 75981) by debbugs.gnu.org; 3 Feb 2025 01:14:53 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Sun Feb 02 20:14:52 2025
Received: from localhost ([127.0.0.1]:36880 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1tel35-0004Ul-Ns
	for submit <at> debbugs.gnu.org; Sun, 02 Feb 2025 20:14:52 -0500
Received: from mail-pj1-x102f.google.com ([2607:f8b0:4864:20::102f]:55622)
 by debbugs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)
 (Exim 4.84_2) (envelope-from <maxim.cournoyer@HIDDEN>)
 id 1tel31-0004UQ-Nv
 for 75981 <at> debbugs.gnu.org; Sun, 02 Feb 2025 20:14:49 -0500
Received: by mail-pj1-x102f.google.com with SMTP id
 98e67ed59e1d1-2eeb4d643a5so6482740a91.3
 for <75981 <at> debbugs.gnu.org>; Sun, 02 Feb 2025 17:14:47 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=gmail.com; s=20230601; t=1738545280; x=1739150080; darn=debbugs.gnu.org;
 h=content-transfer-encoding:mime-version:user-agent:message-id:date
 :references:in-reply-to:subject:cc:to:from:from:to:cc:subject:date
 :message-id:reply-to;
 bh=DPT2z24DaaPQpdPRRL23vuj5JLsNTjpCMI0SqWZeRWI=;
 b=OufsnpGozO7O9sAidKqEsbUhTTAgI0t0O8S80kJkL05m7H2ORUBq0+R+Qfuq6y6Kez
 r67vpZXkidc/Cy5qNMr6aXN6Hn8JXp6eD5OO+3HAHf+6f+dwNpnZpwE5Xj0VW0q5ya7T
 GSoiLF5o1P190FpNlXAWrBy4H1k2LK8+NFR2f/F76fnXoic2uwDMnWI/Y2ChTzFYUHeh
 1BIggsl22sKWp4zlfWRWqrCAEu8BUzP4NyWJx9MgkVuWRAfTdm6orcEfTL5NJJGGEUMa
 i8PTKg3RqRf+SEZXeUS+AC4KctjNgTDDscU/pl3/SUbTz/tHiqoSwBoK8Os2kkpgQEJ6
 i2rQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20230601; t=1738545280; x=1739150080;
 h=content-transfer-encoding:mime-version:user-agent:message-id:date
 :references:in-reply-to:subject:cc:to:from:x-gm-message-state:from
 :to:cc:subject:date:message-id:reply-to;
 bh=DPT2z24DaaPQpdPRRL23vuj5JLsNTjpCMI0SqWZeRWI=;
 b=k8SeH/tkmf2kXHxnKYQtrk/EJ5NUv2+xZTq/wrxSehhIvbjETPJ5Lu3a+r9Hx2jAr/
 9JLzZgP/RyF7rFuVawGqC+71ys6rnWH/mJc/GYcjaqtEpPf566CvbCHY8ZjsQkAvrqJN
 jUrFdU3aahn01N8g2bOGWq/YE2OOiLpBinvv/Pfuk9vaXVzGvlzT6cQi6KCVK4xzhO33
 Mo9HL+i6tuWzdzk+MldnkBK17vaIxal9gzu2y0Z+G3K8D68Wivl9WEQkDFk0oX4StgBg
 z4xtNnlxFgi07YXdat5M72G0DvJ1OGhoCcW/flLmYqoTTJYc/Wnlbg5FMof7hcWrXbtJ
 RP7g==
X-Gm-Message-State: AOJu0YzzCZqWRmvVorhMBTh1IU7RrNmVBot7JM/0ofn7WxU3iZpdEfAV
 LEi1wq2NNn2cUuPjbGROXvdwfynUnAtMk+JjJPVkH3R9Cw6UmyDI
X-Gm-Gg: ASbGncsny1RBv85XmpBPVRKwwXNkpvM5X6JjtG+WbmP1QdKEJgrBKsni15IhxHBNw2v
 YuzK+orV/AWn/X+O9LgLSCepCw/elbMwrP6Luhd4HLuj2z1qy5lnZ1zQm0ikOXNGwGGkokT0eyQ
 mdeTjN8HVZYG07bUSBMp3SSH2PKxHzme/6V6hNer9mbtI5AsaH1XTaUySY8BdrTa/BNcZRrju7/
 uBoKnMVP+RTLsG7dmq6DsiYYCa2wdRICRhmYvCYEk1sIwklVx9AAOXMaQPV4E9Pxjslr7jcj9CP
 6fCwN7kbdrse
X-Google-Smtp-Source: AGHT+IG4Nifg/h8epMiS1CS5Hfec2XXgO+/HfcXzdkik9AcxvfMr2euFUa0bzlxU/ho5g72fyVPVEA==
X-Received: by 2002:a17:90b:258c:b0:2ee:f687:6acb with SMTP id
 98e67ed59e1d1-2f83abd9998mr29015066a91.13.1738545280003; 
 Sun, 02 Feb 2025 17:14:40 -0800 (PST)
Received: from terra ([2405:6586:be0:0:c8ff:1707:9b9:af89])
 by smtp.gmail.com with ESMTPSA id
 98e67ed59e1d1-2f8489b01besm7818791a91.19.2025.02.02.17.14.37
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Sun, 02 Feb 2025 17:14:39 -0800 (PST)
From: Maxim Cournoyer <maxim.cournoyer@HIDDEN>
To: 45mg <45mg.writes@HIDDEN>
Subject: Re: [bug#75981] [PATCH (WIP) v1.5 4/4] Document 'guix fork'.
In-Reply-To: <49cb491b107b5f0899209905d7679ba389bc65e6.1738408683.git.45mg.writes@HIDDEN>
 (45mg.writes@HIDDEN's message of "Sat, 1 Feb 2025 17:13:26 +0530")
References: <cover.1738408683.git.45mg.writes@HIDDEN>
 <49cb491b107b5f0899209905d7679ba389bc65e6.1738408683.git.45mg.writes@HIDDEN>
Date: Mon, 03 Feb 2025 10:14:26 +0900
Message-ID: <87r04fj0ct.fsf@HIDDEN>
User-Agent: Gnus/5.13 (Gnus v5.13)
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
X-Spam-Score: 0.0 (/)
X-Debbugs-Envelope-To: 75981
Cc: Nicolas Graves <ngraves@HIDDEN>, Tomas Volf <~@wolfsden.cz>,
 Liliana Marie Prikler <liliana.prikler@HIDDEN>, 75981 <at> debbugs.gnu.org,
 Ricardo Wurmus <rekado@HIDDEN>, Attila Lendvai <attila@HIDDEN>,
 Ludovic =?utf-8?Q?Court=C3=A8s?= <ludo@HIDDEN>
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -1.0 (-)

Hello!

45mg <45mg.writes@HIDDEN> writes:

> * doc/guix.texi (Invoking guix fork): New node.
> * doc/contributing.texi (Using Your Own Patches): New node.
>
> Change-Id: I06240f0fe8d1fe39f27130a72f5d0d92949c99da
> ---
>  doc/contributing.texi |  50 ++++++++++++++
>  doc/guix.texi         | 150 ++++++++++++++++++++++++++++++++++++++++++
>  2 files changed, 200 insertions(+)
>
> diff --git a/doc/contributing.texi b/doc/contributing.texi
> index c94ae940fa..bd4fd6c2ac 100644
> --- a/doc/contributing.texi
> +++ b/doc/contributing.texi
> @@ -35,6 +35,7 @@ Contributing
>  * Making Decisions::            Collectively choosing the way forward.
>  * Commit Access::               Pushing to the official repository.
>  * Reviewing the Work of Others::  Some guidelines for sharing reviews.
> +* Using Your Own Patches::      Using your own work before it's accepted.
>  * Updating the Guix Package::   Updating the Guix package definition.
>  * Deprecation Policy::          Commitments and tools for deprecation.
>  * Writing Documentation::       Improving documentation in GNU Guix.
> @@ -3095,6 +3096,55 @@ Reviewing the Work of Others
>  have reviewed more easily by adding a @code{reviewed-looks-good} usertag
>  for the @code{guix} user (@pxref{Debbugs Usertags}).
>
> +@node Using Your Own Patches
> +@section Using Your Own Patches
> +
> +If you've taken the time to contribute code to Guix, chances are that
> +you want the changes you've made to be reflected in your own Guix
> +installation as soon as possible. Maybe you've added a package you want,
> +and you want to start using it @emph{right now}. Or you've fixed a bug
> +that affects you, and you want it to @emph{go away}.

Eh :-).  Please use double space between the sentences in doc and
comments (including doc strings); that is a GNU convention we follow,
and it makes sentence separation unambiguous, allowing editors such as
Emacs to navigate between sentences.

> +As described in the preceding sections, all contributions to Guix first
> +go through a review process to ensure code quality. Sometimes, this can
> +take longer than one would like. Ideally, the pace of the review process
> +should not prevent you from benefiting from your own work.
> +
> +One way to work around this issue is to create an additional channel of
> +your own (@pxref{Creating a Channel}), and add your code to it. For
> +certain kinds of contributions, such as adding a new package, this is
> +fairly straightforward - simply copy your new package definition(s) into

Use triple hyphen for a em dash (longer variant), as described in info
'(texinfo) Conventions':

     Use three hyphens in a row, =E2=80=98---=E2=80=99, to produce a long d=
ash--like
     this (called an =E2=80=9Cem dash=E2=80=9D), used for punctuation in se=
ntences.  Use
     two hyphens, =E2=80=98--=E2=80=99, to produce a medium dash (called an=
 =E2=80=9Cen dash=E2=80=9D),
     used primarily for numeric ranges, as in "June 25-26".  Use a
     single hyphen, =E2=80=98-=E2=80=99, to produce a standard hyphen used =
in compound
     words.

> +a new file in the channel, and remove them when your contribution is
> +accepted.
> +
> +However, there may be cases where this is not convenient. Certain kinds
> +of changes, such as those that need to modify existing Guix internals,
> +may be more challenging to incorporate into a channel. Moreoever, the

s/Moveoever/Moreover/

> +more substantial your contribution is, the more work it will be to do
> +so.
> +
> +@cindex fork, of Guix
> +For such cases, there is another option. Recall that the patch series
> +that you sent (@pxref{Sending a Patch Series}) was created from a one or

s/a one/one/

> +more commits on a checkout of the Guix repository (@pxref{Building from
> +Git}). You could simply specify this repository (referred to as your
> +`Guix fork', or simply `fork', from here onwards), and its relevant
> +branch, as your `@code{guix}' channel (@pxref{Using a Custom Guix
> +Channel}). Now `@code{guix pull}' will fetch your new commits, and

It'd be more correct to use @samp{guix pull}, as that is not code (it's
also not a @command per Texinfo, as these should only be used with the
name of the command, without arguments).

> +you'll see the changes you made reflected in your Guix installation!
> +
> +However, there's a potential complication to this approach - the issue
> +of authentication (@pxref{Channel Authentication}). If your fork only
> +exists on your local filesystem (a `local fork'), then you probably

The chosen convention is 'file system' in Guix, as two words.

> +don't need to worry about this, and can pull without authentication
> +(@pxref{Invoking guix pull}). But other situations, such as a remotely
> +hosted fork, may make it important for your fork to be authenticated, in
> +the same way that all channels are expected to be.
> +
> +Guix provides a @command{guix fork} command in order to simplify and
> +automate many details of creating and managing and authenticated

s/and/an/

> +fork. For more information, @pxref{Invoking guix fork}.

This should be @ref, since not used inside parentheses, and used at the
end of a sentence (info '(texinfo) Cross Reference Commands').

>  @node Updating the Guix Package
>  @section Updating the Guix Package
>
> diff --git a/doc/guix.texi b/doc/guix.texi
> index b1b6d98e74..bbb5666d0a 100644
> --- a/doc/guix.texi
> +++ b/doc/guix.texi
> @@ -311,6 +311,7 @@ Top
>  * Invoking guix pack::          Creating software bundles.
>  * The GCC toolchain::           Working with languages supported by GCC.
>  * Invoking guix git authenticate::  Authenticating Git repositories.
> +* Invoking guix fork::          Creating and managing authenticated fork=
s of Guix.
>
>  Programming Interface
>
> @@ -5930,6 +5931,7 @@ Development
>  * Invoking guix pack::          Creating software bundles.
>  * The GCC toolchain::           Working with languages supported by GCC.
>  * Invoking guix git authenticate::  Authenticating Git repositories.
> +* Invoking guix fork::          Creating and managing authenticated fork=
s of Guix.
>  @end menu
>
>  @node Invoking guix shell
> @@ -7534,6 +7536,154 @@ Invoking guix git authenticate
>  @end table
>
>
> +@node Invoking guix fork
> +@section Invoking @command{guix fork}
> +
> +@cindex @command{guix fork}
> +
> +The @command{guix fork} command provides the means to quickly set up,
> +authenticate, and keep up-to-date an authenticated fork of Guix. For

keep up to date, without hyphens (not a compound adjective here; c.f.:
https://idioms.thefreedictionary.com/keep+up+to+date).

> +more information on authentication of a Guix checkout, @pxref{Invoking
> +guix git authenticate}.

s/@pxref/@ref/

> +Its syntax is:
> +
> +guix fork ACTION ARGS...
> +
> +ACTION specifies the fork-related action to perform. Currently, the
> +following values are supported:
> +
> +@table @code
> +@item create SIGNING_KEY [DIRECTORY OPTIONS...]
> +Create a fork of Guix in DIRECTORY, using SIGNING_KEY to sign the introd=
uctory
> +commit.
> +DIRECTORY defaults to ./guix.
> +
> +First, clone Guix into DIRECTORY, unless @code{--use-existing} is
> +given.

is given, in which case an existing Git checkout is expected to already
exist in DIRECTORY.

>Then, add SIGNING_KEY to the `@code{keyring}' branch of the
> +repository. Finally, create a new `@code{fork}' branch based starting
> +from the default branch, whose initial commit authorizes SIGNING_KEY

s/starting from/based on/

> +alone (by adding it to @file{.guix-authorizations}) and is signed by it.

to the @file{.guix-authorizations} file

> +
> +The new `@code{fork}' branch is intended to mirror upstream
> +Guix. Updating the fork amounts to applying all new commits to it (see
> +the `@code{update}' command below for further explanation). You can work

/further explanation/more details/

> +on patches in branches based off of this one, in much the same way as

I'd use 's/based off of/based on/'

> +you would base them on Guix's default branch - every commit from the
> +latter will be present in the former.
> +
> +To @command{guix pull} your changes, you could create a `build' branch

s/@command/@samp/ and s/`build'/``build''/

Double quoting is to be used sparringly, using `` '' in Texinfo.

> +starting from the initial fork commit, onto which you can cherry-pick or
> +rebase commits from patch branches. This branch can then be specified
> +for the `@code{guix}' channel (@pxref{Using a Custom Guix Channel}).

Remove the ` ' quotes.

> +Updating this channel can be done by merging the `@code{fork}' branch
> +into it.

Ditto.

> +OPTIONS can be one or more of the following:
> +
> +@table @code
> +@item --use-existing
> +Use existing clone of Guix in DIRECTORY. This is useful if you've
> +already created commits for a patch series (@pxref{Using Your Own
> +Patches}). However, all commits to the default branch, as well as any
> +branches that may be merged into it in the future, must have been signed
> +with an authorized key; otherwise, authentication will fail later.
> +@item --upstream=3DURI
> +The repository to clone from. This defaults to the default URL for the
> +Guix repository.
> +@item --channel-url=3DURI
> +Optional URI, which if given, will be used to replace the channel URL.
> +Furthermore, the existing `origin' remote (which tracks

s/`origin'/@code{remote}/

> +`@code{upstream}') is renamed to `upstream', and a new `origin' remote

Use @code instead of ` '.  Do not use both together.

> +is created to track URI.
> +@item --git-parameter PARAMETER
> +Specify configuration PARAMETER for git, via `-c' option. You can pass

s/`-c'/@samp{-c}/

> +this option multiple times.
> +@end table
> +
> +@cindex authentication, of Guix forks
> +@item authenticate UPSTREAM COMMIT SIGNER [OPTIONS...]
> +Authenticate a Guix fork, using COMMIT and SIGNER as the fork
> +introduction.
> +
> +First, authenticate new commits from UPSTREAM, using Guix's default
> +introduction. Then authenticate the remaining commits using the fork
> +introduction.
> +
> +As with @code{guix git authenticate}, all three of UPSTREAM, COMMIT and
> +SIGNER will be cached in .git/config, so that you don't need to specify
> +them after the first time.

Instead of 'cached', I'd use 'persisted' or 'written', which sounds more
accurate to me.

> +
> +OPTIONS can be one or more of the following:
> +
> +@table @code
> +@item --repository=3DDIRECTORY
> +@itemx -r DIRECTORY
> +Authenticate the git repository in DIRECTORY, instead of the current
> +directory.
> +@item --upstream-commit=3DCOMMIT
> +@itemx --upstream-signer=3DSIGNER
> +Use COMMIT/SIGNER as the introduction for upstream
> +Guix, instead of Guix's default channel introduction.
> +@item --keyring=3DREFERENCE
> +@itemx -k REFERENCE
> +Load keyring for fork commits from REFERENCE, a Git branch (default
> +`@code{keyring}').

Remove quotes.

> +@item --upstream-keyring=3DREFERENCE
> +Load keyring for upstream commits from REFERENCE, a Git branch (default
> +`@code{keyring}').

Ditto.  Perhaps this could be renamed '--keyring-branch', which is more des=
criptive?

> +@item --end=3DCOMMIT
> +Authenticate fork commits up to COMMIT.
> +@item --upstream-end=3DCOMMIT
> +Authenticate upstream commits up to COMMIT.
> +@item --cache-key=3DKEY
> +@itemx --historical-authorizations=3DFILE
> +@itemx --stats
> +Identical to the correponding options in @command{guix git authenticate}
> +(@pxref{Invoking guix git authenticate}).
> +@end table
> +
> +@item update [OPTIONS...]
> +Pull into this Guix fork's configured upstream branch (from running
> +@command{guix fork authenticate}), then apply new commits onto the
> +current branch.
> +
> +This approach may seem less convenient than simply merging the upstream
> +branch into the fork branch. Indeed, it duplicates every upstream commit
> +under a different commit hash, and applying a large number of commits
> +can be slow. However, this is currently the only feasible approach due
> +to the nature of Guix's authentication mechanism. Namely, merge commits
> +can only be authenticated if both their parents are signed by an
> +authorized key, meaning that you can only use the merge workflow if
> +you're authorized to commit to upstream Guix.

Idea for a refinement: detect if the users's key is authorized by
upstream Guix, and use a merge in this situation?  Perhaps offer a
switch to force one flow or another, but error out when the user uses
--merge-strategy=3Dmerge and their key is not authorized in upstream Guix
(merge-strategy would default to rebase).

> +For mapping commits on the fork branch to their equivalents on the
> +upstream branch, you can use @command{guix fork identify} (see below).
> +
> +OPTIONS can be one or more of the following:
> +
> +@table @code
> +@item --repository=3DDIRECTORY
> +@itemx -r DIRECTORY
> +Act in the Git repository in DIRECTORY.
> +@item --fork-branch=3DBRANCH
> +Apply new commits onto BRANCH instead of the current branch.
> +@end table
> +
> +@item identify
> +Coming soon!
> +
> +Given a commit hash from upstream Guix, print its equivalent on the fork
> +branch, or vice versa.
> +This uses the 'Change-Id:' line added to commit messages by Guix's

@samp{Change-Id} git trailer (see 'man git-interpret-trailers').

> +'commit-msg' hook.

I'd use @samp{commit-msg} or @code.

> +The first invocation of this command will be slow, as the entire set of
> +corresponding commits is built up as a hash table, and then
> +cached. Subsequent invocations should be nearly instant.

Apart from my above comment and the double period thing, this LGTM.
It's obvious you've taken a lot of care/effort into producing this.

I'm warming up to the idea.

Thanks for the contribution.

--=20
Maxim




Information forwarded to guix-patches@HIDDEN:
bug#75981; Package guix-patches. Full text available.

Message received at 75981 <at> debbugs.gnu.org:


Received: (at 75981) by debbugs.gnu.org; 2 Feb 2025 22:24:56 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Sun Feb 02 17:24:56 2025
Received: from localhost ([127.0.0.1]:36579 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1teiOe-0001sb-Dx
	for submit <at> debbugs.gnu.org; Sun, 02 Feb 2025 17:24:56 -0500
Received: from smtprelay08.ispgateway.de ([134.119.228.106]:38118)
 by debbugs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.84_2) (envelope-from <simon@HIDDEN>)
 id 1teiOb-0001sP-Jh
 for 75981 <at> debbugs.gnu.org; Sun, 02 Feb 2025 17:24:54 -0500
Received: from [195.52.158.165] (helo=milk)
 by smtprelay08.ispgateway.de with esmtpsa (TLS1.2) tls
 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.98)
 (envelope-from <simon@HIDDEN>) id 1teiOW-000000005Jw-2xxi;
 Sun, 02 Feb 2025 23:24:48 +0100
From: Simon Streit <simon@HIDDEN>
To: Maxim Cournoyer <maxim.cournoyer@HIDDEN>
Subject: Re: [bug#75981] [PATCH (WIP) v1.5 1/4] Add 'guix fork create'.
In-Reply-To: <877c68jsr0.fsf@HIDDEN> (Maxim Cournoyer's message of "Mon, 03
 Feb 2025 00:01:07 +0900")
References: <cover.1738408683.git.45mg.writes@HIDDEN>
 <590b269995eb83d8fe2b584a40a58fa9ed473c54.1738408683.git.45mg.writes@HIDDEN>
 <877c68jsr0.fsf@HIDDEN>
Gcc: nnfolder+archive:sent.2025-02
Date: Sun, 02 Feb 2025 23:24:46 +0100
Message-ID: <ygu4j1cnfwx.fsf@HIDDEN>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
X-Df-Sender: c2ltb25AbmV0cGFuaWMub3Jn
X-Spam-Score: 3.0 (+++)
X-Spam-Report: Spam detection software, running on the system "debbugs.gnu.org",
 has NOT identified this incoming email as spam.  The original
 message has been attached to this so you can view it or label
 similar future email.  If you have any questions, see
 the administrator of that system for details.
 
 Content preview:  Hello Maxim, Maxim Cournoyer <maxim.cournoyer@HIDDEN> writes:
    > My first thought was similar to Liliana’s reply in the other issue >
   thread: putting lots of energy into making it convenient to fork Guix > instead
    of contributing to the review process (describe [...] 
 
 Content analysis details:   (3.0 points, 10.0 required)
 
  pts rule name              description
 ---- ---------------------- --------------------------------------------------
  3.0 MANY_TO_CC             Sent to 10+ recipients
  0.0 RCVD_IN_VALIDITY_CERTIFIED_BLOCKED RBL: ADMINISTRATOR NOTICE:
                             The query to Validity was blocked.  See
                             https://knowledge.validity.com/hc/en-us/articles/20961730681243
                              for more information.
                             [134.119.228.106 listed in sa-accredit.habeas.com]
  0.0 RCVD_IN_VALIDITY_RPBL_BLOCKED RBL: ADMINISTRATOR NOTICE: The
                             query to Validity was blocked.  See
                             https://knowledge.validity.com/hc/en-us/articles/20961730681243
                              for more information.
                           [134.119.228.106 listed in bl.score.senderscore.com]
 -0.0 RCVD_IN_DNSWL_NONE     RBL: Sender listed at https://www.dnswl.org/,
                              no trust
                             [134.119.228.106 listed in list.dnswl.org]
 -0.0 SPF_HELO_PASS          SPF: HELO matches SPF record
 -0.0 SPF_PASS               SPF: sender matches SPF record
X-Debbugs-Envelope-To: 75981
Cc: Josselin Poiret <dev@HIDDEN>, Tobias Geerinckx-Rice <me@HIDDEN>,
 Nicolas Graves <ngraves@HIDDEN>, Simon Tournier <zimon.toutoune@HIDDEN>,
 Mathieu Othacehe <othacehe@HIDDEN>, Tomas Volf <~@wolfsden.cz>,
 45mg <45mg.writes@HIDDEN>,
 Liliana Marie Prikler <liliana.prikler@HIDDEN>, 75981 <at> debbugs.gnu.org,
 Ricardo Wurmus <rekado@HIDDEN>, Christopher Baines <guix@HIDDEN>,
 Attila Lendvai <attila@HIDDEN>,
 Ludovic =?utf-8?Q?Court=C3=A8s?= <ludo@HIDDEN>
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: 2.0 (++)
X-Spam-Report: Spam detection software, running on the system "debbugs.gnu.org",
 has NOT identified this incoming email as spam.  The original
 message has been attached to this so you can view it or label
 similar future email.  If you have any questions, see
 the administrator of that system for details.
 
 Content preview:  Hello Maxim, Maxim Cournoyer <maxim.cournoyer@HIDDEN> writes:
    > My first thought was similar to Liliana’s reply in the other issue >
   thread: putting lots of energy into making it convenient to fork Guix > instead
    of contributing to the review process (describe [...] 
 
 Content analysis details:   (2.0 points, 10.0 required)
 
  pts rule name              description
 ---- ---------------------- --------------------------------------------------
  0.0 RCVD_IN_VALIDITY_CERTIFIED_BLOCKED RBL: ADMINISTRATOR NOTICE:
                             The query to Validity was blocked.  See
                             https://knowledge.validity.com/hc/en-us/articles/20961730681243
                              for more information.
                             [134.119.228.106 listed in sa-accredit.habeas.com]
  0.0 RCVD_IN_VALIDITY_RPBL_BLOCKED RBL: ADMINISTRATOR NOTICE: The
                             query to Validity was blocked.  See
                             https://knowledge.validity.com/hc/en-us/articles/20961730681243
                              for more information.
                           [134.119.228.106 listed in bl.score.senderscore.com]
 -0.0 RCVD_IN_DNSWL_NONE     RBL: Sender listed at https://www.dnswl.org/,
                              no trust
                             [134.119.228.106 listed in list.dnswl.org]
  3.0 MANY_TO_CC             Sent to 10+ recipients
 -0.0 SPF_HELO_PASS          SPF: HELO matches SPF record
 -0.0 SPF_PASS               SPF: sender matches SPF record
 -1.0 MAILING_LIST_MULTI     Multiple indicators imply a widely-seen list
                             manager

Hello Maxim,

Maxim Cournoyer <maxim.cournoyer@HIDDEN> writes:

> My first thought was similar to Liliana=E2=80=99s reply in the other issue
> thread: putting lots of energy into making it convenient to fork Guix
> instead of contributing to the review process (described as slow and
> erratic, which appears to be the motivation here), appears
> counter-productive.

I am all for contributing to the review process.  It is only through
recent discussions on this subject that I am forcing myself to be a bit
more active within the community again.  Thanks for getting me back in.
I am also at fault my self.  I have a personal channel running and the
list is getting longer on patches that rather be submitted.

I am nowhere close to be a contributor (yet).  I simply don=E2=80=99t have =
time
and resources to be more active at the moment.  At the same time I also
don=E2=80=99t want to wait for months until certain patches =E2=80=93 which=
 have been
submitted for review =E2=80=93 are pushed upstream.

I do keep patches running on top of local branches that are constantly
being re-based from upstream.  While time consuming, it seems to be the
most convenient at the moment.

I don=E2=80=99t even want maintain a local fork.  It is not that I really n=
eed
one.  I use it for development, thus many branches are just dead ends
that are kept for archival reasons.  I have a local central repository
where I usually push my work to be more independent from my devices =E2=80=
=93
which is my issue.  And here I only recently realised that I can=E2=80=99t =
even
push these branches to my central repository any more.

Then I tried it the other day to set up a modified keyring and
authenticate with my key and push it to my local repository as described
in the manual.  I failed for some reason and probably missed something.
This time I felt it: The bar is now seriously high to work on Guix at
the moment.

While the authentication mechanism is useful and necessary to prove what
is from Guix, it defeats the point to use Git as a decentralised tool.
It should be possible to allow local modifications for personal use,
also as unauthorised contributors.

I am for it.  Including a warning that I am pulling an unauthenticated
fork.


Kind regards

--=20
Simon




Information forwarded to guix-patches@HIDDEN:
bug#75981; Package guix-patches. Full text available.

Message received at 75981 <at> debbugs.gnu.org:


Received: (at 75981) by debbugs.gnu.org; 2 Feb 2025 20:56:23 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Sun Feb 02 15:56:22 2025
Received: from localhost ([127.0.0.1]:36455 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1teh0w-0006CI-JA
	for submit <at> debbugs.gnu.org; Sun, 02 Feb 2025 15:56:22 -0500
Received: from mail-10624.protonmail.ch ([79.135.106.24]:39805)
 by debbugs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.84_2) (envelope-from <attila@HIDDEN>)
 id 1teh0t-0006C0-GT
 for 75981 <at> debbugs.gnu.org; Sun, 02 Feb 2025 15:56:21 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=lendvai.name;
 s=protonmail3; t=1738529772; x=1738788972;
 bh=XLfqwvM3vHsQOKeb1EevIBPGYnV5OShOspIyR+jNwXA=;
 h=Date:To:From:Cc:Subject:Message-ID:In-Reply-To:References:
 Feedback-ID:From:To:Cc:Date:Subject:Reply-To:Feedback-ID:
 Message-ID:BIMI-Selector:List-Unsubscribe:List-Unsubscribe-Post;
 b=Nl+8cvZ3/N1DKufguqAIWAM16qC9euvc/R0oTHGW02HGw23rVo9zSB3yhVrLSxLGe
 3nIRN2MV7XDTvwH2YG9L89xBaXjHcbw4DVvYMKTs89ZBEk+nE7RWbHLais6+moSAsA
 UR4rfiYUGzDIRIhoVxrpKgF0NyhJilbwX3s1TH8FVxVx0tT7H/+f33osYGxIDmfXyk
 72qr3QH0HHD7kEFxWAE89Ao+5rFdugplgmkgxPULLqqbSlvEIXQDacghAI06laaU9f
 drvhQoryNmeDE/9XjM+MhIz3iEgr4zWQX0hSHzq10jjdRHA/qI0IECH+TRPxAxI6AX
 4bXl3RMgUbJdA==
Date: Sun, 02 Feb 2025 20:56:07 +0000
To: Maxim Cournoyer <maxim.cournoyer@HIDDEN>
From: Attila Lendvai <attila@HIDDEN>
Subject: Re: [bug#75981] [PATCH (WIP) v1.5 1/4] Add 'guix fork create'.
Message-ID: <0lJyKFTNrG_gWbzcwgMn1ygmvYDbrcGQm9KZbFkiFBCR5dcPIwfXIdwk6LWmzfh-HZ5aLkaZkol4qmN9LdHlkXZz2OU1Vjq0QIJQti2uXUQ=@lendvai.name>
In-Reply-To: <877c68jsr0.fsf@HIDDEN>
References: <cover.1738408683.git.45mg.writes@HIDDEN>
 <590b269995eb83d8fe2b584a40a58fa9ed473c54.1738408683.git.45mg.writes@HIDDEN>
 <877c68jsr0.fsf@HIDDEN>
Feedback-ID: 28384833:user:proton
X-Pm-Message-ID: 1c5abcf5a04bdbfda671c0c9d11b896e7f708815
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
X-Spam-Score: 3.0 (+++)
X-Spam-Report: Spam detection software, running on the system "debbugs.gnu.org",
 has NOT identified this incoming email as spam.  The original
 message has been attached to this so you can view it or label
 similar future email.  If you have any questions, see
 the administrator of that system for details.
 Content preview: > My first thought was similar to Liliana's reply in the
 other
 > issue thread: putting lots of energy into making it convenient to fork
 > Guix instead of contributing to the review process (described [...] 
 Content analysis details:   (3.0 points, 10.0 required)
 pts rule name              description
 ---- ---------------------- --------------------------------------------------
 3.0 MANY_TO_CC             Sent to 10+ recipients
 0.0 RCVD_IN_VALIDITY_CERTIFIED_BLOCKED RBL: ADMINISTRATOR NOTICE:
 The query to Validity was blocked.  See
 https://knowledge.validity.com/hc/en-us/articles/20961730681243
 for more information.
 [79.135.106.24 listed in sa-accredit.habeas.com]
 0.0 RCVD_IN_VALIDITY_RPBL_BLOCKED RBL: ADMINISTRATOR NOTICE: The
 query to Validity was blocked.  See
 https://knowledge.validity.com/hc/en-us/articles/20961730681243
 for more information.
 [79.135.106.24 listed in bl.score.senderscore.com]
 -0.0 SPF_HELO_PASS          SPF: HELO matches SPF record
 -0.0 SPF_PASS               SPF: sender matches SPF record
 -0.0 RCVD_IN_MSPIKE_H4      RBL: Very Good reputation (+4)
 [79.135.106.24 listed in wl.mailspike.net]
 -0.0 RCVD_IN_DNSWL_NONE     RBL: Sender listed at https://www.dnswl.org/,
 no trust [79.135.106.24 listed in list.dnswl.org]
 -0.0 RCVD_IN_MSPIKE_WL      Mailspike good senders
X-Debbugs-Envelope-To: 75981
Cc: Josselin Poiret <dev@HIDDEN>, Tobias Geerinckx-Rice <me@HIDDEN>,
 Nicolas Graves <ngraves@HIDDEN>, Simon Tournier <zimon.toutoune@HIDDEN>,
 Mathieu Othacehe <othacehe@HIDDEN>, Tomas Volf <~@wolfsden.cz>,
 45mg <45mg.writes@HIDDEN>,
 Liliana Marie Prikler <liliana.prikler@HIDDEN>, 75981 <at> debbugs.gnu.org,
 Ricardo Wurmus <rekado@HIDDEN>, Christopher Baines <guix@HIDDEN>,
 =?utf-8?Q?Ludovic_Court=C3=A8s?= <ludo@HIDDEN>
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: 2.0 (++)
X-Spam-Report: Spam detection software, running on the system "debbugs.gnu.org",
 has NOT identified this incoming email as spam.  The original
 message has been attached to this so you can view it or label
 similar future email.  If you have any questions, see
 the administrator of that system for details.
 
 Content preview:  > My first thought was similar to Liliana's reply in the other
    > issue thread: putting lots of energy into making it convenient to fork
   > Guix instead of contributing to the review process (described [...] 
 
 Content analysis details:   (2.0 points, 10.0 required)
 
  pts rule name              description
 ---- ---------------------- --------------------------------------------------
  0.0 RCVD_IN_VALIDITY_CERTIFIED_BLOCKED RBL: ADMINISTRATOR NOTICE:
                             The query to Validity was blocked.  See
                             https://knowledge.validity.com/hc/en-us/articles/20961730681243
                              for more information.
                             [79.135.106.24 listed in sa-accredit.habeas.com]
  0.0 RCVD_IN_VALIDITY_RPBL_BLOCKED RBL: ADMINISTRATOR NOTICE: The
                             query to Validity was blocked.  See
                             https://knowledge.validity.com/hc/en-us/articles/20961730681243
                              for more information.
                             [79.135.106.24 listed in bl.score.senderscore.com]
 -0.0 RCVD_IN_DNSWL_NONE     RBL: Sender listed at https://www.dnswl.org/,
                              no trust
                             [79.135.106.24 listed in list.dnswl.org]
 -0.0 RCVD_IN_MSPIKE_H4      RBL: Very Good reputation (+4)
                             [79.135.106.24 listed in wl.mailspike.net]
  3.0 MANY_TO_CC             Sent to 10+ recipients
 -0.0 SPF_HELO_PASS          SPF: HELO matches SPF record
 -0.0 SPF_PASS               SPF: sender matches SPF record
 -0.0 RCVD_IN_MSPIKE_WL      Mailspike good senders
 -1.0 MAILING_LIST_MULTI     Multiple indicators imply a widely-seen list
                             manager

> My first thought was similar to Liliana's reply in the other
> issue thread: putting lots of energy into making it convenient to fork
> Guix instead of contributing to the review process (described as slow
> and erratic, which appears to be the motivation here), appears
> counter-productive.


FWIW, i have long-lived patches that will never be incorporated into guix p=
roper. some are simply kludges that enable me to do proceed, while some oth=
ers are rejected by the maintainers.

none of the above is solved by a better review process.

for the curious, here are the patches that i'm currently dragging along gui=
x HEAD:

https://codeberg.org/attila-lendvai-patches/guix/commits/branch/attila

--
=E2=80=A2 attila lendvai
=E2=80=A2 PGP: 963F 5D5F 45C7 DFCD 0A39
--
=E2=80=9CTo eliminate statism is not to physically subdue the rulers, but t=
o mentally liberate the ruled.=E2=80=9D
=09=E2=80=94 Jakub Bo=C5=BCydar Wi=C5=9Bniewski





Information forwarded to guix-patches@HIDDEN:
bug#75981; Package guix-patches. Full text available.

Message received at 75981 <at> debbugs.gnu.org:


Received: (at 75981) by debbugs.gnu.org; 2 Feb 2025 18:24:30 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Sun Feb 02 13:24:30 2025
Received: from localhost ([127.0.0.1]:36245 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1teedy-0007Hf-3k
	for submit <at> debbugs.gnu.org; Sun, 02 Feb 2025 13:24:30 -0500
Received: from mail-wr1-x441.google.com ([2a00:1450:4864:20::441]:43317)
 by debbugs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)
 (Exim 4.84_2) (envelope-from <liliana.prikler@HIDDEN>)
 id 1teedv-0007HM-Uz
 for 75981 <at> debbugs.gnu.org; Sun, 02 Feb 2025 13:24:28 -0500
Received: by mail-wr1-x441.google.com with SMTP id
 ffacd0b85a97d-3863703258fso2853348f8f.1
 for <75981 <at> debbugs.gnu.org>; Sun, 02 Feb 2025 10:24:27 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=gmail.com; s=20230601; t=1738520662; x=1739125462; darn=debbugs.gnu.org;
 h=mime-version:user-agent:content-transfer-encoding:references
 :in-reply-to:date:cc:to:from:subject:message-id:from:to:cc:subject
 :date:message-id:reply-to;
 bh=IZrGhWIPZ+2gTzb9428zPhAYQb6QK4pFgq1UeeKS1Vk=;
 b=UnigQ1s1WanPhXv05iNiArTcfHuRYmqXZEDM3Pcvl99/onDQLnol3nooUpXi22USjR
 GxapZ4rr40gMk5WOVICmeqX/FdNiJVuYIK8yOAuwGo1GypS7+lbnX0RS1R1v3hmWj0Xg
 lwHrXmhD/RDgGqUxB4xgi3JpI/rHeA3xDCPrqP+hW25z699NvQj4LQB4temR8w5EXqWw
 doeoewSxZpDw8i5QMCDUMfA5EPCfAh90dP4A8Uq06w2INY4hIyNhWhMj3TTuGmL9dv8X
 j7oe/R94glRk4u1SZtUauzD4VzJwNV/PP5WH/OI1Y7pUIC7TqE31qSDVQ0fYXNhUT41r
 hodA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20230601; t=1738520662; x=1739125462;
 h=mime-version:user-agent:content-transfer-encoding:references
 :in-reply-to:date:cc:to:from:subject:message-id:x-gm-message-state
 :from:to:cc:subject:date:message-id:reply-to;
 bh=IZrGhWIPZ+2gTzb9428zPhAYQb6QK4pFgq1UeeKS1Vk=;
 b=YDfLs89AgYz//9Lg1fWe/6jmIWMIoYhg99qiF6wCmLunOaPVTXlqs9af+AfcKTflz/
 68OfAECkDAaYx4MTrvJ6q/OhuSPnTZhdFMKw4cHpCLQOzTWM5xW5yYj55Ka5vgvmwG+n
 Ap3joPOJC89Bg9YEl8RaJwwoKTzmeU4cvxrqj9iCcOYW2Mc/mHnWPS4S8FebqIF8QAp5
 gsLr/4h3OgJHQUahRJtsioANV5sYgii3u9FbWgZj4QTK92UNinxeKF3ReoIoAdr3DdJa
 fv5q/9skZtz6YhQZQqmNVF2LYsOU2cAj21UEbq7vO1pjDWYQupORPIE7/YU+edq+HC+0
 OtwQ==
X-Gm-Message-State: AOJu0Yymi5k/Jm43UEfJXQ3qckelegK/aRIf7BQOYN0G8m81TeAH9Gmb
 Q/j928yO5DYseerlTdvU326SVU4696htfqKNcWJkvMM2zfGjrxsd
X-Gm-Gg: ASbGncsaQBRjnxNMC96bMaLuunLL30iGLixGBkOB1vkCcQhwrul7PuqV2jvUG/AqabP
 OwqOBbtXBEqwU2Fy1JTmaB2hCM/uOEKpvMLztRlbjwaa/bbmHVvH0hfTXGBmlbVmqJ6Dx08I719
 4WIi7/dUjaAxmwQwgjgxmXaDzsgN7/qL5esSgzD2FKVlC+oC/BC8fOVs9ZeahKVwa88JfHWmfj6
 iX7TyInSfzupkrW4J2SklrghR3HcdT6+bhDyN1wgDPt1QC+ReXuFuWusGDaB+q0UriCyUEKydb0
 IPzcNasZwmGFxaCuu6toQ9bEv0URaiz1u/pZhSu8YCLKed1jzKOQEGFDV9TD2TqDgLY=
X-Google-Smtp-Source: AGHT+IEejkkTfOeAUS/cvA/fIpbKjnT5KCOee/RvIvj0u1OCuWf9F6cKfLhRcJ9WTqwXUKhOmr3qJg==
X-Received: by 2002:a05:6000:1f84:b0:38a:4df5:a08 with SMTP id
 ffacd0b85a97d-38c60f6585dmr8502668f8f.22.1738520661493; 
 Sun, 02 Feb 2025 10:24:21 -0800 (PST)
Received: from lumine.fritz.box (85-127-114-32.dsl.dynamic.surfer.at.
 [85.127.114.32]) by smtp.gmail.com with ESMTPSA id
 ffacd0b85a97d-38c5c0ec369sm10429815f8f.8.2025.02.02.10.24.20
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Sun, 02 Feb 2025 10:24:21 -0800 (PST)
Message-ID: <92af9e3af160d3ed49030e1961b98f7b9e2e857f.camel@HIDDEN>
Subject: Re: [bug#75981] [PATCH (WIP) v1.5 3/4] Add 'guix fork update'.
From: Liliana Marie Prikler <liliana.prikler@HIDDEN>
To: Maxim Cournoyer <maxim.cournoyer@HIDDEN>, 45mg <45mg.writes@HIDDEN>
Date: Sun, 02 Feb 2025 19:24:48 +0100
In-Reply-To: <cb9ef50d4c30654b92ba0943d5e764965de5e214.camel@HIDDEN>
References: <cover.1738408683.git.45mg.writes@HIDDEN>
 <20c828d43d189914c7a5a3de58831f74b134e796.1738408683.git.45mg.writes@HIDDEN>
 <87wme8iagd.fsf@HIDDEN>
 <cb9ef50d4c30654b92ba0943d5e764965de5e214.camel@HIDDEN>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
User-Agent: Evolution 3.48.4 
MIME-Version: 1.0
X-Spam-Score: 3.0 (+++)
X-Spam-Report: Spam detection software, running on the system "debbugs.gnu.org",
 has NOT identified this incoming email as spam.  The original
 message has been attached to this so you can view it or label
 similar future email.  If you have any questions, see
 the administrator of that system for details.
 Content preview:  Am Sonntag, dem 02.02.2025 um 19:23 +0100 schrieb Liliana
 Marie Prikler: > > I think Liliana had that remark as well in the associated
 issue. > I did remark that, yet :) s/yet/yes/ 
 Content analysis details:   (3.0 points, 10.0 required)
 pts rule name              description
 ---- ---------------------- --------------------------------------------------
 3.0 MANY_TO_CC             Sent to 10+ recipients
 -0.0 SPF_PASS               SPF: sender matches SPF record
 0.0 SPF_HELO_NONE          SPF: HELO does not publish an SPF Record
 0.0 FREEMAIL_FROM          Sender email is commonly abused enduser mail
 provider (liliana.prikler[at]gmail.com)
 -0.0 RCVD_IN_DNSWL_NONE     RBL: Sender listed at https://www.dnswl.org/,
 no trust [2a00:1450:4864:20:0:0:0:441 listed in]
 [list.dnswl.org]
X-Debbugs-Envelope-To: 75981
Cc: Josselin Poiret <dev@HIDDEN>, Nicolas Graves <ngraves@HIDDEN>,
 Simon Tournier <zimon.toutoune@HIDDEN>, Mathieu Othacehe <othacehe@HIDDEN>,
 Tomas Volf <~@wolfsden.cz>, Tobias Geerinckx-Rice <me@HIDDEN>,
 75981 <at> debbugs.gnu.org, Ricardo Wurmus <rekado@HIDDEN>,
 Christopher Baines <guix@HIDDEN>, Attila Lendvai <attila@HIDDEN>,
 Ludovic =?ISO-8859-1?Q?Court=E8s?= <ludo@HIDDEN>
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: 2.0 (++)
X-Spam-Report: Spam detection software, running on the system "debbugs.gnu.org",
 has NOT identified this incoming email as spam.  The original
 message has been attached to this so you can view it or label
 similar future email.  If you have any questions, see
 the administrator of that system for details.
 
 Content preview:  Am Sonntag, dem 02.02.2025 um 19:23 +0100 schrieb Liliana
   Marie Prikler: > > I think Liliana had that remark as well in the associated
    issue. > I did remark that, yet :) s/yet/yes/ 
 
 Content analysis details:   (2.0 points, 10.0 required)
 
  pts rule name              description
 ---- ---------------------- --------------------------------------------------
 -0.0 RCVD_IN_DNSWL_NONE     RBL: Sender listed at https://www.dnswl.org/,
                              no trust
                             [2a00:1450:4864:20:0:0:0:441 listed in]
                             [list.dnswl.org]
  3.0 MANY_TO_CC             Sent to 10+ recipients
 -0.0 SPF_PASS               SPF: sender matches SPF record
  0.0 SPF_HELO_NONE          SPF: HELO does not publish an SPF Record
  0.0 FREEMAIL_FROM          Sender email is commonly abused enduser mail
                             provider (liliana.prikler[at]gmail.com)
 -1.0 MAILING_LIST_MULTI     Multiple indicators imply a widely-seen list
                             manager

Am Sonntag, dem 02.02.2025 um 19:23 +0100 schrieb Liliana Marie
Prikler:
> > I think Liliana had that remark as well in the associated issue.
> I did remark that, yet :)
s/yet/yes/




Information forwarded to guix-patches@HIDDEN:
bug#75981; Package guix-patches. Full text available.

Message received at 75981 <at> debbugs.gnu.org:


Received: (at 75981) by debbugs.gnu.org; 2 Feb 2025 18:23:30 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Sun Feb 02 13:23:29 2025
Received: from localhost ([127.0.0.1]:36241 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1teecz-0007Fb-Fy
	for submit <at> debbugs.gnu.org; Sun, 02 Feb 2025 13:23:29 -0500
Received: from mail-wm1-x341.google.com ([2a00:1450:4864:20::341]:43493)
 by debbugs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)
 (Exim 4.84_2) (envelope-from <liliana.prikler@HIDDEN>)
 id 1teecx-0007FM-PO
 for 75981 <at> debbugs.gnu.org; Sun, 02 Feb 2025 13:23:28 -0500
Received: by mail-wm1-x341.google.com with SMTP id
 5b1f17b1804b1-43626213fffso29068615e9.1
 for <75981 <at> debbugs.gnu.org>; Sun, 02 Feb 2025 10:23:27 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=gmail.com; s=20230601; t=1738520601; x=1739125401; darn=debbugs.gnu.org;
 h=mime-version:user-agent:content-transfer-encoding:references
 :in-reply-to:date:cc:to:from:subject:message-id:from:to:cc:subject
 :date:message-id:reply-to;
 bh=oiSImLmDx7UX28GtA0ewVJpXUFpcH4LejAQSuA2Pqq4=;
 b=FdHW5F8Ww/X/AFHiDVSCb4nPSHAOPuB//JdX7QiikCSx6gLKLnrklhThDIqhc9wgj6
 lUNBcv7JvBk5o/CXQZ2jBZ0f4Bx9clYWsXCx4MrrlmTwC0HWDH8KPSHIW8alg4GUEcxc
 C0kYx8VCVtMrljO2GUbmTWaLe5YkvouLUmAX0Oh6gkfidokRia4nKFmbP5oy/LAc7wtF
 aBahDNg+NmxxWMZ/+jF+BCr3/Z4FHHKeSi3lsF3VorAaGD060s7u6dJBw2UpPHcoPBz2
 vaoiTfY7dTyKck3wyd3m92o4xDzzzOhnoZCWpnJaDG4BykONJ5eJ/YRZIj+C20CsxI+I
 f7ZQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20230601; t=1738520601; x=1739125401;
 h=mime-version:user-agent:content-transfer-encoding:references
 :in-reply-to:date:cc:to:from:subject:message-id:x-gm-message-state
 :from:to:cc:subject:date:message-id:reply-to;
 bh=oiSImLmDx7UX28GtA0ewVJpXUFpcH4LejAQSuA2Pqq4=;
 b=wwCYwWWMQ0g0IaP4KfVU9c+4SLI2s275766i2jHACqn/56T31vZnYMn6FXWWdtgPoF
 7l+/vl+V0yr2Viy1SH5tC8nJToN+D6St/hIyYNlk4yIuEZerL0Co6f9cvIJPe7qKB76Y
 GH/SJcMcaQIBaX5CEt9qYF4c8IYy0+lZP8HzA0Z2dAqvWNJ2/YvchPizEO10uNFRleow
 RLjWxV3Zyms/fj3gAvxeYZwiXivo6G5XjUpgdyw1UAZdyZWDxXtc+aeScNzAE53+9mDX
 XQsMA/oeykO0FPbKj5tapFmhsk34p90eiLuk7pcRp1IBhqLifUjq6mf3IvPuAhGCqqIY
 cDZA==
X-Gm-Message-State: AOJu0YxX0TIxpP0+fwXGQIuVHbgxOTd9WG/g2ARHlgGuK0NdTfkz7kRC
 QKFj6OuXQopf6dAbbpFB3RYs6smRr/wub3lHCghkMNhPkMuy2Awe
X-Gm-Gg: ASbGncux5xRkpZhyUKwRpLdipwLYTTJ5Xgh13Gu2B+FjyqzRpxqLq58iSPTriDBqAbn
 CnWmRR6p2ofUq7zEbrCJVyA3tS9YT5IOR5GnVBdjdWvCQ3UZuN75y++ht6YRkto3yR18ZWu/EvX
 xRMwXx3n759K+4fkm99DtRK+plGcvZMDCPjR6RW9gwOvrSDWu2uNciZ1x/JChbs3j4ewsAXHpLK
 fUJzriuteQNrTaDDeMbFKFGA6UEVBamMd31XOJ2JiWHELGvGsyXYMBecD1yZ1FS95rlZn9T551J
 F2Aa+e3SjvMFwNtpVAVfgByVvvaH4DHVm8jP72OxTxmrnB4wVpEth0XawPsBpkahJMg=
X-Google-Smtp-Source: AGHT+IGbcTzds78nd1ZCIoOQaWdBLtM4kNTOqXbbiNZWKtOUdtLpBZ5Fv151IopQl9YeT9evLLxrgg==
X-Received: by 2002:a05:600c:35d6:b0:434:ea1a:e30c with SMTP id
 5b1f17b1804b1-438e6f11988mr88406245e9.13.1738520601054; 
 Sun, 02 Feb 2025 10:23:21 -0800 (PST)
Received: from lumine.fritz.box (85-127-114-32.dsl.dynamic.surfer.at.
 [85.127.114.32]) by smtp.gmail.com with ESMTPSA id
 ffacd0b85a97d-38c5c1b576csm10701869f8f.63.2025.02.02.10.23.19
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Sun, 02 Feb 2025 10:23:20 -0800 (PST)
Message-ID: <cb9ef50d4c30654b92ba0943d5e764965de5e214.camel@HIDDEN>
Subject: Re: [bug#75981] [PATCH (WIP) v1.5 3/4] Add 'guix fork update'.
From: Liliana Marie Prikler <liliana.prikler@HIDDEN>
To: Maxim Cournoyer <maxim.cournoyer@HIDDEN>, 45mg <45mg.writes@HIDDEN>
Date: Sun, 02 Feb 2025 19:23:47 +0100
In-Reply-To: <87wme8iagd.fsf@HIDDEN>
References: <cover.1738408683.git.45mg.writes@HIDDEN>
 <20c828d43d189914c7a5a3de58831f74b134e796.1738408683.git.45mg.writes@HIDDEN>
 <87wme8iagd.fsf@HIDDEN>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
User-Agent: Evolution 3.48.4 
MIME-Version: 1.0
X-Spam-Score: 3.0 (+++)
X-Spam-Report: Spam detection software, running on the system "debbugs.gnu.org",
 has NOT identified this incoming email as spam.  The original
 message has been attached to this so you can view it or label
 similar future email.  If you have any questions, see
 the administrator of that system for details.
 Content preview:  Am Montag,
 dem 03.02.2025 um 01:21 +0900 schrieb Maxim Cournoyer:
 > So the idea is to avoid rewriting the fork's introductory > commit and
 instead rewriting (rebasing) the Guix upstream commits on > t [...] 
 Content analysis details:   (3.0 points, 10.0 required)
 pts rule name              description
 ---- ---------------------- --------------------------------------------------
 3.0 MANY_TO_CC             Sent to 10+ recipients
 -0.0 SPF_PASS               SPF: sender matches SPF record
 0.0 SPF_HELO_NONE          SPF: HELO does not publish an SPF Record
 0.0 FREEMAIL_FROM          Sender email is commonly abused enduser mail
 provider (liliana.prikler[at]gmail.com)
 -0.0 RCVD_IN_DNSWL_NONE     RBL: Sender listed at https://www.dnswl.org/,
 no trust [2a00:1450:4864:20:0:0:0:341 listed in]
 [list.dnswl.org]
X-Debbugs-Envelope-To: 75981
Cc: Josselin Poiret <dev@HIDDEN>, Nicolas Graves <ngraves@HIDDEN>,
 Simon Tournier <zimon.toutoune@HIDDEN>, Mathieu Othacehe <othacehe@HIDDEN>,
 Tomas Volf <~@wolfsden.cz>, Tobias Geerinckx-Rice <me@HIDDEN>,
 75981 <at> debbugs.gnu.org, Ricardo Wurmus <rekado@HIDDEN>,
 Christopher Baines <guix@HIDDEN>, Attila Lendvai <attila@HIDDEN>,
 Ludovic =?ISO-8859-1?Q?Court=E8s?= <ludo@HIDDEN>
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: 2.0 (++)
X-Spam-Report: Spam detection software, running on the system "debbugs.gnu.org",
 has NOT identified this incoming email as spam.  The original
 message has been attached to this so you can view it or label
 similar future email.  If you have any questions, see
 the administrator of that system for details.
 
 Content preview:  Am Montag, dem 03.02.2025 um 01:21 +0900 schrieb Maxim Cournoyer:
    > So the idea is to avoid rewriting the fork's introductory > commit and
   instead rewriting (rebasing) the Guix upstream commits on > t [...] 
 
 Content analysis details:   (2.0 points, 10.0 required)
 
  pts rule name              description
 ---- ---------------------- --------------------------------------------------
 -0.0 RCVD_IN_DNSWL_NONE     RBL: Sender listed at https://www.dnswl.org/,
                              no trust
                             [2a00:1450:4864:20:0:0:0:341 listed in]
                             [list.dnswl.org]
  3.0 MANY_TO_CC             Sent to 10+ recipients
 -0.0 SPF_PASS               SPF: sender matches SPF record
  0.0 SPF_HELO_NONE          SPF: HELO does not publish an SPF Record
  0.0 FREEMAIL_FROM          Sender email is commonly abused enduser mail
                             provider (liliana.prikler[at]gmail.com)
 -1.0 MAILING_LIST_MULTI     Multiple indicators imply a widely-seen list
                             manager

Am Montag, dem 03.02.2025 um 01:21 +0900 schrieb Maxim Cournoyer:
> So the idea is to avoid rewriting the fork's introductory
> commit and instead rewriting (rebasing) the Guix upstream commits on
> top, which will resign them with the fork's authorized key, IIUC?
>=20
> That's clever, but personally I much prefer to keep any work I've
> done *rebased* on upstream so they are easily (re-)submitted, and
> it's clear what extra work my fork has.=C2=A0 Seems like a good way for
> "forks" to hide potentially bad commits hidden under thousands of
> rust commits, obscuring them.
>=20
> I think Liliana had that remark as well in the associated issue.
I did remark that, yet :)

The problem with rebasing on Guix is that you will have to update the
introduction on each rebase (or indeed use an unauthenticated fork).=20
If you do record the introduction, say, in your own channels.scm, `guix
pull` will break, which 45mg wants to avoid.

As you wrote in your first message, it appears somewhat counter-
productive to offer `guix fork` as a means of authoring such long-lived
forks, but sentiments aside, that's precisely the goal of this series.

Cheers




Information forwarded to guix-patches@HIDDEN:
bug#75981; Package guix-patches. Full text available.

Message received at 75981 <at> debbugs.gnu.org:


Received: (at 75981) by debbugs.gnu.org; 2 Feb 2025 16:22:03 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Sun Feb 02 11:22:03 2025
Received: from localhost ([127.0.0.1]:35950 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1tecjS-0006hk-Or
	for submit <at> debbugs.gnu.org; Sun, 02 Feb 2025 11:22:03 -0500
Received: from mail-pl1-x62a.google.com ([2607:f8b0:4864:20::62a]:49567)
 by debbugs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)
 (Exim 4.84_2) (envelope-from <maxim.cournoyer@HIDDEN>)
 id 1tecjP-0006h4-Pu
 for 75981 <at> debbugs.gnu.org; Sun, 02 Feb 2025 11:22:00 -0500
Received: by mail-pl1-x62a.google.com with SMTP id
 d9443c01a7336-2166f1e589cso89923645ad.3
 for <75981 <at> debbugs.gnu.org>; Sun, 02 Feb 2025 08:21:59 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=gmail.com; s=20230601; t=1738513313; x=1739118113; darn=debbugs.gnu.org;
 h=mime-version:user-agent:message-id:date:references:in-reply-to
 :subject:cc:to:from:from:to:cc:subject:date:message-id:reply-to;
 bh=xtLMWcmuma6pcSkmpg4OYci9eQBViEee/D113KCYEbA=;
 b=YgwzoYQqOfPaKRecDMHj0aYhX6Hr8g1pQr+3tusODaJubGb9LB55UhzygHD6EHhaEl
 6pggHiokaJvZ5X039AfHIEOiXo6pDt7/7Fcm+QPF3+AENIR2hbXnHjWsjR72We0DzFa1
 00d84o191qkzb9U9j29JMuabZIoMhb2yXbqBJuoOCLzqxccNiCPncJgCvPvCzMHwJ8g7
 xLfPw2bmLwfsAvmQ8VN/VFSxStV/nHty56WXOoiUVb5OUrsw/lz8mV/84B/dQTDhi2uU
 zHEqh//lP9TyAZR6kz8AGSIt/08+MfmMJW84h2Cc9F+xC0AaOZ3ZbHKw18To2tD/VPP8
 3DVw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20230601; t=1738513313; x=1739118113;
 h=mime-version:user-agent:message-id:date:references:in-reply-to
 :subject:cc:to:from:x-gm-message-state:from:to:cc:subject:date
 :message-id:reply-to;
 bh=xtLMWcmuma6pcSkmpg4OYci9eQBViEee/D113KCYEbA=;
 b=iQdoSzZHAId47IFqrF7XP7vMxQwXW0a6TPiWAyPSSlL2xvPrJkJ+Ko7ghj1nApHb3g
 XA/KFtcBcWbyBDr8XW94i8fp1K1uclbG9PHZplV5dGlWkTtkOY/KksrHLJ/mLxsgp4V0
 8I0ePHF/reQU/PjLOeHVEH9pOycSZaUQe7HDC3Iyp/3fMfXaDVMMVtXP3dJmHn6naNIs
 2i293yUy5+UR6+Yq0pScciLlQp5ohPLom4Bc/pmEF7txWfmwygrK4+Q1EtuDiCnzryiH
 At3J0zf8ptuU2+cYgfzEV+McQnemt4+yxPdLbm+sGNnyzHuYZDEvp3dYsptVUZUD9KpU
 BxVw==
X-Gm-Message-State: AOJu0Yy0xqj3fp9cxLDG4t4LS6DwhNNtmAk6Q5n601syttgEcKc/K/kI
 +wl1D6O7KjzDco0NtNaNYs2S1L0j3x/VVfv/jRuWRskD+nmhpYrA
X-Gm-Gg: ASbGnctgV+KxLUYKzW9l4rMDb7BI7nynwDzpxgmsEFXWvCM0J0f8SfZWWv48PLw2K33
 4Flgi0MxrGXd1oRs2VYtexhDL1qtyB0261r15IR8qKU2xGpsQBGJTnsn32/B8cqb5aDtQoN6GMK
 6cMnUnllnFqYlQA+yn0TLb6g07YVubQNYWwM1j40RVhcPMLaxJnG+YPZxYEWahENc8n7HH739Sj
 0yQjcuRShIF3C84aU0bgmsTrnCz6qwhtpBXXJjgS73ccbA5pjwkz+S4WmMdSxmSbIELarBHZqaQ
 woZ8/h7ZcZmo
X-Google-Smtp-Source: AGHT+IFEmperqgk9TRGu9VZhmJSON6i4eonMZpt7mldx6bSxUTkT1JFBcPYbkYfTVBbQqFZYQ1GCKw==
X-Received: by 2002:a05:6a00:a95:b0:725:ef4d:c1bd with SMTP id
 d2e1a72fcca58-72fd0c6cf7fmr31331318b3a.19.1738513313452; 
 Sun, 02 Feb 2025 08:21:53 -0800 (PST)
Received: from terra ([2405:6586:be0:0:c8ff:1707:9b9:af89])
 by smtp.gmail.com with ESMTPSA id
 d2e1a72fcca58-72fe631bf29sm6631853b3a.20.2025.02.02.08.21.49
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Sun, 02 Feb 2025 08:21:52 -0800 (PST)
From: Maxim Cournoyer <maxim.cournoyer@HIDDEN>
To: 45mg <45mg.writes@HIDDEN>
Subject: Re: [bug#75981] [PATCH (WIP) v1.5 3/4] Add 'guix fork update'.
In-Reply-To: <20c828d43d189914c7a5a3de58831f74b134e796.1738408683.git.45mg.writes@HIDDEN>
 (45mg.writes@HIDDEN's message of "Sat, 1 Feb 2025 17:13:25 +0530")
References: <cover.1738408683.git.45mg.writes@HIDDEN>
 <20c828d43d189914c7a5a3de58831f74b134e796.1738408683.git.45mg.writes@HIDDEN>
Date: Mon, 03 Feb 2025 01:21:38 +0900
Message-ID: <87wme8iagd.fsf@HIDDEN>
User-Agent: Gnus/5.13 (Gnus v5.13)
MIME-Version: 1.0
Content-Type: text/plain
X-Spam-Score: 3.0 (+++)
X-Spam-Report: Spam detection software, running on the system "debbugs.gnu.org",
 has NOT identified this incoming email as spam.  The original
 message has been attached to this so you can view it or label
 similar future email.  If you have any questions, see
 the administrator of that system for details.
 Content preview:  Hi, 45mg writes: > * guix/scripts/fork/update.scm: New file.
 > * Makefile.am (MODULES): Add the new file. 
 Content analysis details:   (3.0 points, 10.0 required)
 pts rule name              description
 ---- ---------------------- --------------------------------------------------
 3.0 MANY_TO_CC             Sent to 10+ recipients
 -0.0 RCVD_IN_DNSWL_NONE     RBL: Sender listed at https://www.dnswl.org/,
 no trust [2607:f8b0:4864:20:0:0:0:62a listed in]
 [list.dnswl.org]
 -0.0 SPF_PASS               SPF: sender matches SPF record
 0.0 SPF_HELO_NONE          SPF: HELO does not publish an SPF Record
 0.0 FREEMAIL_FROM          Sender email is commonly abused enduser mail
 provider (maxim.cournoyer[at]gmail.com)
X-Debbugs-Envelope-To: 75981
Cc: Josselin Poiret <dev@HIDDEN>, Nicolas Graves <ngraves@HIDDEN>,
 Simon Tournier <zimon.toutoune@HIDDEN>, Mathieu Othacehe <othacehe@HIDDEN>,
 Tomas Volf <~@wolfsden.cz>, Tobias Geerinckx-Rice <me@HIDDEN>,
 Liliana Marie Prikler <liliana.prikler@HIDDEN>, 75981 <at> debbugs.gnu.org,
 Ricardo Wurmus <rekado@HIDDEN>, Christopher Baines <guix@HIDDEN>,
 Attila Lendvai <attila@HIDDEN>,
 Ludovic =?utf-8?Q?Court=C3=A8s?= <ludo@HIDDEN>
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: 2.0 (++)
X-Spam-Report: Spam detection software, running on the system "debbugs.gnu.org",
 has NOT identified this incoming email as spam.  The original
 message has been attached to this so you can view it or label
 similar future email.  If you have any questions, see
 the administrator of that system for details.
 
 Content preview:  Hi, 45mg writes: > * guix/scripts/fork/update.scm: New file.
    > * Makefile.am (MODULES): Add the new file. 
 
 Content analysis details:   (2.0 points, 10.0 required)
 
  pts rule name              description
 ---- ---------------------- --------------------------------------------------
 -0.0 RCVD_IN_DNSWL_NONE     RBL: Sender listed at https://www.dnswl.org/,
                              no trust
                             [2607:f8b0:4864:20:0:0:0:62a listed in]
                             [list.dnswl.org]
  3.0 MANY_TO_CC             Sent to 10+ recipients
 -0.0 SPF_PASS               SPF: sender matches SPF record
  0.0 SPF_HELO_NONE          SPF: HELO does not publish an SPF Record
  0.0 FREEMAIL_FROM          Sender email is commonly abused enduser mail
                             provider (maxim.cournoyer[at]gmail.com)
 -1.0 MAILING_LIST_MULTI     Multiple indicators imply a widely-seen list
                             manager

Hi,

45mg <45mg.writes@HIDDEN> writes:

> * guix/scripts/fork/update.scm: New file.
> * Makefile.am (MODULES): Add the new file.

Or, "Register it."

> * guix/scripts/fork.scm
> (show-help): Mention new command.
> (%sub-commands): Add new command.

OK.

[...]

> +(define %options
> +  ;; Specifications of the command-line options.
> +  (list (option '(#\h "help") #f #f
> +                (lambda args
> +                  (show-help)
> +                  (exit 0)))
> +        (option '(#\V "version") #f #f
> +                (lambda args
> +                  (show-version-and-exit "guix fork create")))
> +
> +        (option '( "fork-branch") #t #f

Extraneous space in list.

> +                (lambda (opt name arg result)
> +                  (alist-cons 'fork-branch-name arg result)))
> +        (option '(#\r "repository") #t #f
> +                (lambda (opt name arg result)
> +                  (alist-cons 'directory arg result)))))
> +
> +(define %default-options
> +  '())
> +
> +(define %usage
> +  (G_ "Usage: guix fork update [OPTIONS...]
> +Pull into this Guix fork's configured upstream branch, then apply new commits
> +onto the current branch.

I'd reword the beginning to "Pull into this Guix fork its configured
upstream branch [...]"

> +
> +  -r, --repository=DIRECTORY
> +                         Act in the Git repository in DIRECTORY

Maybe, "Work on the Git repository in DIRECTORY"

> +      --fork-branch=BRANCH
> +                         Apply new commits onto BRANCH instead of the current
> +                         branch
> +
> +  -h, --help             display this help and exit
> +  -V, --version          display version information and exit
> +"))
> +
> +(define (show-help)
> +  (display %usage)
> +  (newline)
> +  (show-bug-report-information))
> +
> +(define (missing-arguments)
> +    (leave (G_ "wrong number of arguments; \
> +required ~%")))
> +
> +
> +;;;
> +;;; Entry point.
> +;;;
> +
> +(define (guix-fork-update . args)
> +
> +  (define options
> +    (parse-command-line args %options (list %default-options)
> +                        #:build-options? #f))
> +
> +  (define (command-line-arguments lst)
> +    (reverse (filter-map (match-lambda
> +                           (('argument . arg) arg)
> +                           (_ #f))
> +                         lst)))
> +
> +  (define-syntax invoke-git
> +    (lambda (x)
> +      (syntax-case x ()
> +        ((_ args ...)
> +         #`(invoke "git" "-C" #,(datum->syntax x 'directory) args ...)))))
> +
> +  (define-syntax invoke-git/stdout
> +    (lambda (x)
> +      (syntax-case x ()
> +        ((_ args ...)
> +         #`(string-trim-right
> +            (invoke/stdout "git" "-C" #,(datum->syntax x 'directory) args ...))))))
> +
> +  (with-error-handling
> +    (let* ((directory (or (assoc-ref options 'directory) "."))
> +           (current-branch-name (invoke-git/stdout
> +                                 "branch"
> +                                 "--show-current"))
> +           (current-head-location (invoke-git/stdout
> +                                   "rev-parse"
> +                                   "HEAD"))
> +           (fork-branch-name (or (assoc-ref options 'fork-branch-name)
> +                                 (if (string= current-branch-name "")
> +                                     (leave (G_ "no current branch and --fork-branch not given"))

Too wide.  You can always break a string with a \ escape.

> +                                     current-branch-name)))
> +
> +           (repository (repository-open directory))
> +           (upstream-branch-name introduction-commit introduction-signer
> +                                 (if (fork-configured? repository)
> +                                     (fork-configured-introduction
> +                                      (repository-open directory))
> +                                     (leave (G_ "fork not fully configured.
> +(Did you remember to run `guix fork authenticate` first?)%~"))))

'leave' prints errors, which conventionally should be brief and not
complete sentence. I think you could get a nicer result by using a
compound condition combining a &message and &fix-hint conditions; which
the `with-error-handling' handler will correcly format with colors and
all.

> +           (upstream-branch-commit
> +            (invoke-git/stdout "rev-parse" upstream-branch-name))
> +           (new-upstream-branch-commit "")
> +           (config (repository-config repository))
> +           (signing-key
> +            (or
> +             (catch 'git-error
> +               (lambda ()
> +                 (config-entry-value
> +                  (config-get-entry config "user.signingkey")))
> +               (const #f))
> +             (begin
> +               (info (G_ "user.signingkey not set for this repository.~%"))
> +               (info (G_ "Will attempt to sign commits with fork introduction key.~%"))

Max width busted :-)

> +               introduction-signer))))
> +
> +      (info (G_ "Pulling into '~a'...~%") upstream-branch-name)
> +      (invoke-git "switch" upstream-branch-name)
> +      (invoke-git "pull")
> +      (set! new-upstream-branch-commit
> +            (invoke-git/stdout "rev-parse" upstream-branch-name))

I think you can use (define new-upstream-branch-commit ...) and avoid
its let-bound variable (set to the empty string).

> +
> +      (info (G_ "Rebasing commits from '~a' to '~a' onto fork branch '~a'...~%")
> +            upstream-branch-commit
> +            new-upstream-branch-commit
> +            fork-branch-name)
> +      (invoke-git "rebase" "--rebase-merges"
> +                  (string-append "--gpg-sign=" signing-key)
> +                  fork-branch-name new-upstream-branch-commit)
> +
> +      (info (G_ "Resetting fork branch '~a' to latest rebased commit...~%")
> +            fork-branch-name)
> +      (invoke-git "branch" "--force" fork-branch-name "HEAD")
> +
> +      (invoke-git "checkout" (or current-branch-name current-head-location))
> +
> +      (info (G_ "Successfully updated Guix fork in ~a~%")
> +            directory))))

Phew!  LGTM.  So the idea is to avoid rewriting the fork's introductory
commit and instead rewriting (rebasing) the Guix upstream commits on
top, which will resign them with the fork's authorized key, IIUC?

That's clever, but personally I much prefer to keep any work I've done
*rebased* on upstream so they are easily (re-)submitted, and it's clear
what extra work my fork has.  Seems like a good way for "forks" to hide
potentially bad commits hidden under thousands of rust commits,
obscuring them.

I think Liliana had that remark as well in the associated issue.

-- 
Thanks,
Maxim




Information forwarded to guix-patches@HIDDEN:
bug#75981; Package guix-patches. Full text available.

Message received at 75981 <at> debbugs.gnu.org:


Received: (at 75981) by debbugs.gnu.org; 2 Feb 2025 15:24:05 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Sun Feb 02 10:24:05 2025
Received: from localhost ([127.0.0.1]:35867 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1tebpM-00041T-Oo
	for submit <at> debbugs.gnu.org; Sun, 02 Feb 2025 10:24:05 -0500
Received: from mail-pl1-x633.google.com ([2607:f8b0:4864:20::633]:48542)
 by debbugs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)
 (Exim 4.84_2) (envelope-from <maxim.cournoyer@HIDDEN>)
 id 1tebpK-00040z-Bb
 for 75981 <at> debbugs.gnu.org; Sun, 02 Feb 2025 10:24:03 -0500
Received: by mail-pl1-x633.google.com with SMTP id
 d9443c01a7336-21bc1512a63so67442535ad.1
 for <75981 <at> debbugs.gnu.org>; Sun, 02 Feb 2025 07:24:02 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=gmail.com; s=20230601; t=1738509836; x=1739114636; darn=debbugs.gnu.org;
 h=mime-version:user-agent:message-id:date:references:in-reply-to
 :subject:cc:to:from:from:to:cc:subject:date:message-id:reply-to;
 bh=AreeE461uD3iJrFHKkGCGgjyGaSZ+/Yio9wPGxk0mB0=;
 b=PwzfUFvUZZWkKYatW1cIkdoWszfAvVE1p7X6T+nWmaVjCIVgj5sVUwE1QfSMoMhNi2
 6p06n/SXkJ04skmCLlj92pstmjDCgvvnKVIe2tIm0pjDzgfx0GcUZ67eCLj4HI0KPs5X
 yQwTErr0K9zQHoC6vNq+iUV/2ckqS5Pa7Lq4akYW2OuafKwhlZoimZxfZGvlBG+Tl94E
 NqC+wEDFWuCR1Io93hVWsWAgoY6kJasHb+G6W+YOQQiP3WMDnz0VJ/guUDp7sc7q0Vvc
 Mwu3qjvj4/+Z8ZE5J6FyLEdBIV5rzSPQ+2FnqfDGMuzrP6Q3yCR++awH+5RXbNI5xl1e
 pxbQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20230601; t=1738509836; x=1739114636;
 h=mime-version:user-agent:message-id:date:references:in-reply-to
 :subject:cc:to:from:x-gm-message-state:from:to:cc:subject:date
 :message-id:reply-to;
 bh=AreeE461uD3iJrFHKkGCGgjyGaSZ+/Yio9wPGxk0mB0=;
 b=IZfpnjghIaL2pgRiVE+x8sxVqu4G0YvZv8Z9xX7Ibc3o5u0iIOBry4x4Wmqeqtx7kH
 dVN8RI+dBqNJJBvrNhaSvhR3RO0eiFXEMziaW2S/3opn+SeWNZSgpvesW2dt3wDk1YEk
 qV8S6kmGD/jbbd4w2fIYl+EVR6Y0JFfefc7WaiexVvdLyGm1XtGV19+Y9A5cSF4ktKMk
 4owHsAwngk28/aRj5OfuMMmdUimCW+DQSJ4KB7w9NRCHqkdzRF5t4kQfmJbDxyQjsy1o
 USIiuovCiUvPXtqJpeTRlxQmbOc09rKhT6zO0ZRsDvj4KmmKQyGIpdFOWRyuX28+zi5Y
 lZmw==
X-Gm-Message-State: AOJu0YyayFdv+fa8TIhBHF8zh3pqk2Ay/AdZHrFsFWWXXSSI7JdSSyfs
 SK5XkJM4mB2AcQou5wO0RWQlsbB8Ff21GNeBEph/ZNVEPp4tVuRd
X-Gm-Gg: ASbGncsX2/SBdKxXfBIi09jplsAtpfjjoCyxtndK4gFXbn70RKaD6E1BLpOV1AEiW3S
 V/KVChz2DVf/v7UU0uzDjfZ1YPU0NRbVOJAS2qSMaCw7aQv+IpvwFlZkYZg4YEzy7piXepmhIDi
 0vpAD5VYqhhPZXt76ZWFNn4EC67ParGc3mM+qjqEkCrmtzvINpHYs/CL3+J2+yyD6KCFh/1mqdN
 m8CjhZhi471X+8SZSlQrdKH/V9eMcKmXZqVpuTQ1896rYDGZ3EJjn1tmQo0CshwFIINLmM1mmqf
 /4zcHYjg4FCP
X-Google-Smtp-Source: AGHT+IGFIMcC6wjFORA5gMNCTG6TiXemBIUfpOg4hlLuv6T7IUqZCg9eHRFZPmne+YHZfZOo0fdWPQ==
X-Received: by 2002:a17:903:98c:b0:21a:8839:4f4d with SMTP id
 d9443c01a7336-21dd7c46868mr253278915ad.6.1738509836266; 
 Sun, 02 Feb 2025 07:23:56 -0800 (PST)
Received: from terra ([2405:6586:be0:0:c8ff:1707:9b9:af89])
 by smtp.gmail.com with ESMTPSA id
 d9443c01a7336-21de31f5a60sm59347405ad.61.2025.02.02.07.23.52
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Sun, 02 Feb 2025 07:23:55 -0800 (PST)
From: Maxim Cournoyer <maxim.cournoyer@HIDDEN>
To: 45mg <45mg.writes@HIDDEN>
Subject: Re: [bug#75981] [PATCH (WIP) v1.5 2/4] Add 'guix fork authenticate'.
In-Reply-To: <10c11dfc090e48aa6a3f4b1fd67543ec2bab7b40.1738408683.git.45mg.writes@HIDDEN>
 (45mg.writes@HIDDEN's message of "Sat, 1 Feb 2025 17:13:24 +0530")
References: <cover.1738408683.git.45mg.writes@HIDDEN>
 <10c11dfc090e48aa6a3f4b1fd67543ec2bab7b40.1738408683.git.45mg.writes@HIDDEN>
Date: Mon, 03 Feb 2025 00:23:41 +0900
Message-ID: <871pwgjrpe.fsf@HIDDEN>
User-Agent: Gnus/5.13 (Gnus v5.13)
MIME-Version: 1.0
Content-Type: text/plain
X-Spam-Score: 3.0 (+++)
X-Spam-Report: Spam detection software, running on the system "debbugs.gnu.org",
 has NOT identified this incoming email as spam.  The original
 message has been attached to this so you can view it or label
 similar future email.  If you have any questions, see
 the administrator of that system for details.
 Content preview:  Hi, 45mg writes: > * guix/scripts/fork/authenticate.scm: New
 file. > * Makefile.am (MODULES): Add the new file. > * guix/scripts/fork.scm
 > (show-help): Mention new command. > (%sub-commands): Add new command. 
 Content analysis details:   (3.0 points, 10.0 required)
 pts rule name              description
 ---- ---------------------- --------------------------------------------------
 -0.0 RCVD_IN_DNSWL_NONE     RBL: Sender listed at https://www.dnswl.org/,
 no trust [2607:f8b0:4864:20:0:0:0:633 listed in]
 [list.dnswl.org]
 3.0 MANY_TO_CC             Sent to 10+ recipients
 -0.0 SPF_PASS               SPF: sender matches SPF record
 0.0 SPF_HELO_NONE          SPF: HELO does not publish an SPF Record
 0.0 FREEMAIL_FROM          Sender email is commonly abused enduser mail
 provider (maxim.cournoyer[at]gmail.com)
X-Debbugs-Envelope-To: 75981
Cc: Josselin Poiret <dev@HIDDEN>, Nicolas Graves <ngraves@HIDDEN>,
 Simon Tournier <zimon.toutoune@HIDDEN>, Mathieu Othacehe <othacehe@HIDDEN>,
 Tomas Volf <~@wolfsden.cz>, Tobias Geerinckx-Rice <me@HIDDEN>,
 Liliana Marie Prikler <liliana.prikler@HIDDEN>, 75981 <at> debbugs.gnu.org,
 Ricardo Wurmus <rekado@HIDDEN>, Christopher Baines <guix@HIDDEN>,
 Attila Lendvai <attila@HIDDEN>,
 Ludovic =?utf-8?Q?Court=C3=A8s?= <ludo@HIDDEN>
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: 2.0 (++)
X-Spam-Report: Spam detection software, running on the system "debbugs.gnu.org",
 has NOT identified this incoming email as spam.  The original
 message has been attached to this so you can view it or label
 similar future email.  If you have any questions, see
 the administrator of that system for details.
 
 Content preview:  Hi, 45mg writes: > * guix/scripts/fork/authenticate.scm: New
    file. > * Makefile.am (MODULES): Add the new file. > * guix/scripts/fork.scm
    > (show-help): Mention new command. > (%sub-commands): Add new command. 
 
 Content analysis details:   (2.0 points, 10.0 required)
 
  pts rule name              description
 ---- ---------------------- --------------------------------------------------
 -0.0 RCVD_IN_DNSWL_NONE     RBL: Sender listed at https://www.dnswl.org/,
                              no trust
                             [2607:f8b0:4864:20:0:0:0:633 listed in]
                             [list.dnswl.org]
  3.0 MANY_TO_CC             Sent to 10+ recipients
 -0.0 SPF_PASS               SPF: sender matches SPF record
  0.0 SPF_HELO_NONE          SPF: HELO does not publish an SPF Record
  0.0 FREEMAIL_FROM          Sender email is commonly abused enduser mail
                             provider (maxim.cournoyer[at]gmail.com)
 -1.0 MAILING_LIST_MULTI     Multiple indicators imply a widely-seen list
                             manager

Hi,

45mg <45mg.writes@HIDDEN> writes:

> * guix/scripts/fork/authenticate.scm: New file.
> * Makefile.am (MODULES): Add the new file.
> * guix/scripts/fork.scm
> (show-help): Mention new command.
> (%sub-commands): Add new command.

OK.

[...]

> diff --git a/guix/scripts/fork/authenticate.scm b/guix/scripts/fork/authenticate.scm

[...]

> +(define-module (guix scripts fork authenticate)
> +  #:use-module (git)
> +  #:use-module (guix git)
> +  #:use-module (guix git-authenticate)
> +  #:use-module (guix base16)
> +  #:use-module (guix ui)
> +  #:use-module (guix progress)
> +  #:use-module (guix scripts)
> +  #:use-module (guix build utils)
> +  #:use-module (guix channels)
> +  #:use-module (ice-9 exceptions)
> +  #:use-module (ice-9 match)
> +  #:use-module (ice-9 receive)
> +  #:use-module (ice-9 popen)
> +  #:use-module (ice-9 format)
> +  #:use-module (ice-9 pretty-print)
> +  #:use-module (ice-9 string-fun)
> +  #:use-module (ice-9 textual-ports)

Please sort lexicographically.

[...]

> +(define %default-options
> +  (let ((introduction (channel-introduction %default-guix-channel)))
> +    `((upstream-commit
> +       . ,(string->oid (channel-introduction-first-signed-commit introduction)))

nitpick: a bit wide (83 chars)

> +      (upstream-signer
> +       . ,(openpgp-fingerprint
> +           (string-upcase
> +            (bytevector->base16-string
> +             (channel-introduction-first-commit-signer introduction)))))
> +      (upstream-keyring
> +       . "keyring"))))
> +
> +(define %usage
> +  (format #f (G_ "Usage: guix fork authenticate UPSTREAM COMMIT SIGNER [OPTIONS...]
> +Authenticate a fork of Guix, using COMMIT/SIGNER as the fork introduction.
> +
> +First, authenticate new commits from UPSTREAM, using Guix's default
> +introduction. Then authenticate the remaining commits using the fork
> +introduction.
> +
> +  -r, --repository=DIRECTORY
> +                         Authenticate the Git repository in DIRECTORY
> +
> +      --upstream-commit=COMMIT
> +      --upstream-signer=SIGNER
> +                         Use COMMIT/SIGNER as the introduction for upstream
> +                         Guix, overriding the default values
> +                         ~a
> +                        /~a
> +                         (Guix's default introduction).
> +
> +  -k, --keyring=REFERENCE
> +                         load keyring for fork commits from REFERENCE, a Git
> +                         branch (default \"keyring\")
> +      --upstream-keyring=REFERENCE
> +                         load keyring for upstream commits from REFERENCE, a
> +                         Git branch (default \"keyring\")
> +      --end=COMMIT       authenticate fork commits up to COMMIT
> +      --cache-key=KEY    cache authenticated commits under KEY
> +      --historical-authorizations=FILE
> +                         read historical authorizations from FILE
> +      --stats            Display commit signing statistics upon completion
> +
> +  -h, --help             display this help and exit
> +  -V, --version          display version information and exit
> +")
> +          (assoc-ref %default-options 'upstream-commit)
> +          (assoc-ref %default-options 'upstream-signer)))
> +
> +(define (show-help)
> +  (display %usage)
> +  (newline)
> +  (show-bug-report-information))
> +
> +(define (missing-arguments)
> +  (leave (G_ "wrong number of arguments; \
> +required UPSTREAM, COMMIT and SIGNER~%")))
> +
> +
> +;;;
> +;;; Helper prodecures.
> +;;;
> +
> +(define (fork-config-value repository key)
> +  "Return the config value associated with KEY in the
> +'guix.fork-authentication' namespace in REPOSITORY, or #f if no such config
> +was found."
> +  (let* ((config (repository-config repository))
> +         (branch (repository-current-branch repository)))
> +    (catch 'git-error
> +      (lambda ()
> +        (config-entry-value
> +         (config-get-entry config
> +                           (string-append "guix.fork-authentication."
> +                                          key))))
> +      (const #f))))
> +
> +(define (fork-configured-introduction repository)
> +  "Return three values: the upstream branch name, introductory commit, and
> +signer fingerprint (strings) for this fork, as configured in REPOSITORY.
> +Error out if any were missing."

s/were/are/

> +  (let* ((upstream-branch (fork-config-value repository "upstream-branch"))
> +         (commit (fork-config-value repository "introduction-commit"))
> +         (signer (fork-config-value repository "introduction-signer")))
> +    (unless (and upstream-branch commit signer)
> +      (leave (G_ "fork information in .git/config is incomplete;
> +missing at least one of
> +introduction-commit, introduction-signer, upstream-branch
> +under [guix \"fork-authentication\"]")))
> +    (values upstream-branch commit signer)))
> +
> +(define (fork-configured-keyring-reference repository)
> +  "Return the keyring reference configured in REPOSITORY or #f if missing."
> +  (fork-config-value repository "keyring"))
> +
> +(define (fork-configured? repository)
> +  "Return true if REPOSITORY already contains fork introduction info in its
> +'config' file."
> +  (and (fork-config-value repository "upstream-branch")
> +       (fork-config-value repository "introduction-commit")
> +       (fork-config-value repository "introduction-signer")))
> +
> +(define* (record-fork-configuration
> +          repository
> +          #:key commit signer upstream-branch keyring-reference)

nitpick: I'd leave the first arg on the same line, and put the keywords
on separate lines below.

> +  "Record COMMIT, SIGNER, UPSTREAM-BRANCH and KEYRING-REFERENCE in the
> +'config' file of REPOSITORY."

Should it say, .git/config file, for extra clarity?

> +  (define config
> +    (repository-config repository))
> +
> +  ;; Guile-Git < 0.7.0 lacks 'set-config-string'.
> +  (if (module-defined? (resolve-interface '(git)) 'set-config-string)
> +      (begin
> +        (set-config-string config "guix.fork-authentication.introduction-commit"
> +                           commit)
> +        (set-config-string config "guix.fork-authentication.introduction-signer"
> +                           signer)
> +        (set-config-string config "guix.fork-authentication.upstream-branch"
> +                           upstream-branch)
> +        (set-config-string config "guix.fork-authentication.keyring"
> +                           keyring-reference)
> +        (info (G_ "introduction, upstream branch and keyring recorded \
> +in repository configuration file~%")))
> +      (warning (G_ "could not record introduction and keyring configuration\
> + (Guile-Git too old?)~%"))))

That should be an error, not a warning, no?  Unless you think it's not
critical to what this tool is trying to achieve.

> +
> +(define (guix-fork-authenticate . args)
> +  (define options
> +    (parse-command-line args %options (list %default-options)
> +                        #:build-options? #f))
> +
> +  (define (command-line-arguments lst)
> +    (reverse (filter-map (match-lambda
> +                           (('argument . arg) arg)
> +                           (_ #f))
> +                         lst)))
> +
> +  (define (make-reporter start-commit end-commit commits)
> +    (format (current-error-port)
> +            (G_ "Authenticating commits ~a to ~a (~h new \
> +commits)...~%")
> +            (commit-short-id start-commit)
> +            (commit-short-id end-commit)
> +            (length commits))
> +    (if (isatty? (current-error-port))
> +        (progress-reporter/bar (length commits))
> +        progress-reporter/silent))
> +
> +  (with-error-handling
> +    (with-git-error-handling
> +     ;; TODO: BUG: it doesn't recognize '~' in paths
> +     ;; How to do 'realpath' in Guile?

It doesn't exist yet, as far as I know.  We have readlink* which
recursively expands links (guix utils).

> +     (let* ((repository (repository-open (or (assoc-ref options 'directory)
> +                                             (repository-discover "."))))
> +            (upstream commit signer (match (command-line-arguments options)

Perhaps break the line here to reduce horizontal indent.

> +                                      ((upstream commit signer)
> +                                       (values
> +                                        (branch-lookup repository upstream)
> +                                        (string->oid commit)
> +                                        (openpgp-fingerprint* signer)))
> +                                      (()
> +                                       (receive (upstream commit signer)
> +                                           (fork-configured-introduction repository)
> +                                         (values
> +                                          (branch-lookup repository upstream)
> +                                          (string->oid commit)
> +                                          (openpgp-fingerprint* signer))))
> +                                      (_
> +                                       (missing-arguments))))

Hm, I've looked at argument-handler again, and I guess it could be used,
though I'm not sure it'd simplify things by much.  Give it a try, if you want!

> +            (upstream-commit (assoc-ref options 'upstream-commit))
> +            (upstream-signer (assoc-ref options 'upstream-signer))
> +            (history (match (assoc-ref options 'historical-authorizations)
> +                       (#f '())
> +                       (file (call-with-input-file file
> +                               read-authorizations))))
> +            (keyring (or (assoc-ref options 'keyring-reference)
> +                         (fork-configured-keyring-reference repository)
> +                         "keyring"))
> +            (upstream-keyring (assoc-ref options 'upstream-keyring))
> +            (end (match (assoc-ref options 'end-commit)
> +                   (#f  (reference-target
> +                         (repository-head repository)))
> +                   (oid oid)))
> +            (upstream-end (match (assoc-ref options 'upstream-end-commit)
> +                            (#f
> +                             (reference-target upstream))
> +                            (oid oid)))
> +            (cache-key (or (assoc-ref options 'cache-key)
> +                           (repository-cache-key repository)))
> +            (show-stats? (assoc-ref options 'show-stats?)))
> +
> +       (define upstream-authentication-args
> +         (filter identity
> +                 (list
> +                  (oid->string upstream-commit)
> +                  (bytevector->base16-string upstream-signer)
> +                  (string-append "--repository="
> +                                 (repository-directory repository))
> +                  (string-append "--end="
> +                                 (oid->string upstream-end))
> +                  (and upstream-keyring
> +                       (string-append "--keyring="
> +                                      upstream-keyring))
> +                  (and show-stats? "--stats"))))
> +
> +       (info (G_ "calling `guix git authenticate` for branch ~a...~%")
> +             (branch-name upstream))
> +
> +       (apply run-guix-command 'git "authenticate"
> +              upstream-authentication-args)
> +
> +       (define fork-stats
> +         (authenticate-repository
> +          repository commit signer
> +          #:end end
> +          #:keyring-reference keyring
> +          #:historical-authorizations history
> +          #:cache-key cache-key
> +          #:make-reporter make-reporter))
> +
> +       (unless (fork-configured? repository)
> +         (record-fork-configuration repository
> +                               #:commit (oid->string commit)
> +                               #:signer (bytevector->base16-string signer)
> +                               #:upstream-branch (branch-name upstream)
> +                               #:keyring-reference keyring))
> +
> +       (when (and show-stats? (not (null? fork-stats)))
> +         (show-authentication-stats fork-stats))
> +
> +       (info (G_ "successfully authenticated commit ~a~%")
> +             (oid->string end))))))

The rest LGTM, from a cursory review.

-- 
Thanks,
Maxim




Information forwarded to guix-patches@HIDDEN:
bug#75981; Package guix-patches. Full text available.

Message received at 75981 <at> debbugs.gnu.org:


Received: (at 75981) by debbugs.gnu.org; 2 Feb 2025 15:01:32 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Sun Feb 02 10:01:32 2025
Received: from localhost ([127.0.0.1]:35800 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1tebTX-0008RU-EK
	for submit <at> debbugs.gnu.org; Sun, 02 Feb 2025 10:01:32 -0500
Received: from mail-pl1-x635.google.com ([2607:f8b0:4864:20::635]:52630)
 by debbugs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)
 (Exim 4.84_2) (envelope-from <maxim.cournoyer@HIDDEN>)
 id 1tebTU-0008RF-S0
 for 75981 <at> debbugs.gnu.org; Sun, 02 Feb 2025 10:01:30 -0500
Received: by mail-pl1-x635.google.com with SMTP id
 d9443c01a7336-21661be2c2dso58740425ad.1
 for <75981 <at> debbugs.gnu.org>; Sun, 02 Feb 2025 07:01:28 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=gmail.com; s=20230601; t=1738508483; x=1739113283; darn=debbugs.gnu.org;
 h=mime-version:user-agent:message-id:date:references:in-reply-to
 :subject:cc:to:from:from:to:cc:subject:date:message-id:reply-to;
 bh=5EwW09qoRxzkXvekLo+qcnDjYrejcDs/3bJGa0holMM=;
 b=NLia4cZszRDCQp0L+c8ktur6EJ9ic99LI7wxg4v6/h9FDtDYBwkxCoi8zD+IiSjkKR
 n3wGIqxePLZK0nUVFPCf06URJN0h+EgvZmt1JRqTet4J3tLAwepM58uDhtPL+THGVxuQ
 on0AWMr9nCDRi6JqquCFtZdqcZIKkJkwkv29idhZ8AeUQE3tnfmE+av2G414otCjIBRt
 UCsrgo0r9hyc+JR8FswaqlokuQ9kNuQaVnFNxrRnmZhwSDMAzo5agvib5cex1SgVCYK3
 nQroR95rj5dwoFuetYr9rzQOE5uhZkOA/e6if461WO94v378q5pskWzdUDQIwY0XJpva
 f/yQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20230601; t=1738508483; x=1739113283;
 h=mime-version:user-agent:message-id:date:references:in-reply-to
 :subject:cc:to:from:x-gm-message-state:from:to:cc:subject:date
 :message-id:reply-to;
 bh=5EwW09qoRxzkXvekLo+qcnDjYrejcDs/3bJGa0holMM=;
 b=nfEpbAqsu0WffshsAkqwhf5ACnRLAsLxsVemINqW96p/usg/deXPSdEoJYOPhYoUQR
 VY3oApCX5i5cGXw6Y2ByAA0cQLKvvFqGp4ZoYr/TJBO1ytMzRFehxeyVmx9C2S3VMzKe
 jVhH1J6MS0DXWLBwQ/jw/mq/MzwATAP5D2/Co1ZZGTXsfCI6r6dfdhU7xu3rWenyTJWj
 pedZ2T35furqlK2viOEqSmdKjUb0macT6Plf2wVtwDqTm9lnL1HwgvEI3h5PwbDcBACq
 SIjOQ40drYYC6AVpSMpxbK1KyYOYyGRliaCdPUTnn+Mftw/RpHMIqfp+mbRN59rt2U85
 SYiA==
X-Gm-Message-State: AOJu0YwVFtpGfXkgk4G8LXrx7KTWtZwL6kNQidnfiIuRFuODJGwhScyi
 amm31/JfTrV3FEcA8ZF6RHQYYzb3nBxPSO8FIz2ZE3mmi639AvWQ
X-Gm-Gg: ASbGncs0sCZpwUTwNMU1n3E5ebTmRHBl5v5hl+VDDOkIu5vG0N1q0n57k6nr94pF6zp
 /7FM3uvB8UijqCnf/mgq1M/itk5QTHhd+aZX1t0+R6F3coPNGVpld5JznpYxNQcL6dqc02H/Cit
 u7xu1aYEUSufh4g+u7DhgJEPCF55leFRjyfsQVZZEzPtu4xqQ8VXiUaCZspdxLFLqBzgpbe61sz
 eXtFq+ufEiJDmeiYgcasYJRRQvMKLPO/mfdJyfYASB68ldWstAmTPew76tX3Ze+uzkUL+lNz0vU
 DA0/8TkrK7jj
X-Google-Smtp-Source: AGHT+IFFHCt99poLaShILIIq8Gl2bXfNtUZCDt1MOng10Xa2Gb9edTuqBUYq6fkM7dp+sWviL0yynA==
X-Received: by 2002:a17:902:d542:b0:216:2b14:b625 with SMTP id
 d9443c01a7336-21dd7d7f818mr303690995ad.31.1738508482621; 
 Sun, 02 Feb 2025 07:01:22 -0800 (PST)
Received: from terra ([2405:6586:be0:0:c8ff:1707:9b9:af89])
 by smtp.gmail.com with ESMTPSA id
 d9443c01a7336-21de31f7768sm59751985ad.96.2025.02.02.07.01.18
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Sun, 02 Feb 2025 07:01:21 -0800 (PST)
From: Maxim Cournoyer <maxim.cournoyer@HIDDEN>
To: 45mg <45mg.writes@HIDDEN>
Subject: Re: [bug#75981] [PATCH (WIP) v1.5 1/4] Add 'guix fork create'.
In-Reply-To: <590b269995eb83d8fe2b584a40a58fa9ed473c54.1738408683.git.45mg.writes@HIDDEN>
 (45mg.writes@HIDDEN's message of "Sat, 1 Feb 2025 17:13:23 +0530")
References: <cover.1738408683.git.45mg.writes@HIDDEN>
 <590b269995eb83d8fe2b584a40a58fa9ed473c54.1738408683.git.45mg.writes@HIDDEN>
Date: Mon, 03 Feb 2025 00:01:07 +0900
Message-ID: <877c68jsr0.fsf@HIDDEN>
User-Agent: Gnus/5.13 (Gnus v5.13)
MIME-Version: 1.0
Content-Type: text/plain
X-Spam-Score: 3.0 (+++)
X-Spam-Report: Spam detection software, running on the system "debbugs.gnu.org",
 has NOT identified this incoming email as spam.  The original
 message has been attached to this so you can view it or label
 similar future email.  If you have any questions, see
 the administrator of that system for details.
 Content preview:  Hi, My first thought was similar to Liliana's reply in the
 other issue thread: putting lots of energy into making it convenient to fork
 Guix instead of contributing to the review process (described as slo [...]
 Content analysis details:   (3.0 points, 10.0 required)
 pts rule name              description
 ---- ---------------------- --------------------------------------------------
 3.0 MANY_TO_CC             Sent to 10+ recipients
 -0.0 RCVD_IN_DNSWL_NONE     RBL: Sender listed at https://www.dnswl.org/,
 no trust [2607:f8b0:4864:20:0:0:0:635 listed in]
 [list.dnswl.org]
 -0.0 SPF_PASS               SPF: sender matches SPF record
 0.0 SPF_HELO_NONE          SPF: HELO does not publish an SPF Record
 0.0 FREEMAIL_FROM          Sender email is commonly abused enduser mail
 provider (maxim.cournoyer[at]gmail.com)
X-Debbugs-Envelope-To: 75981
Cc: Josselin Poiret <dev@HIDDEN>, Nicolas Graves <ngraves@HIDDEN>,
 Simon Tournier <zimon.toutoune@HIDDEN>, Mathieu Othacehe <othacehe@HIDDEN>,
 Tomas Volf <~@wolfsden.cz>, Tobias Geerinckx-Rice <me@HIDDEN>,
 Liliana Marie Prikler <liliana.prikler@HIDDEN>, 75981 <at> debbugs.gnu.org,
 Ricardo Wurmus <rekado@HIDDEN>, Christopher Baines <guix@HIDDEN>,
 Attila Lendvai <attila@HIDDEN>,
 Ludovic =?utf-8?Q?Court=C3=A8s?= <ludo@HIDDEN>
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: 2.0 (++)
X-Spam-Report: Spam detection software, running on the system "debbugs.gnu.org",
 has NOT identified this incoming email as spam.  The original
 message has been attached to this so you can view it or label
 similar future email.  If you have any questions, see
 the administrator of that system for details.
 
 Content preview:  Hi, My first thought was similar to Liliana's reply in the
    other issue thread: putting lots of energy into making it convenient to fork
    Guix instead of contributing to the review process (described as slo [...]
    
 
 Content analysis details:   (2.0 points, 10.0 required)
 
  pts rule name              description
 ---- ---------------------- --------------------------------------------------
 -0.0 RCVD_IN_DNSWL_NONE     RBL: Sender listed at https://www.dnswl.org/,
                              no trust
                             [2607:f8b0:4864:20:0:0:0:635 listed in]
                             [list.dnswl.org]
  3.0 MANY_TO_CC             Sent to 10+ recipients
 -0.0 SPF_PASS               SPF: sender matches SPF record
  0.0 SPF_HELO_NONE          SPF: HELO does not publish an SPF Record
  0.0 FREEMAIL_FROM          Sender email is commonly abused enduser mail
                             provider (maxim.cournoyer[at]gmail.com)
 -1.0 MAILING_LIST_MULTI     Multiple indicators imply a widely-seen list
                             manager

Hi,

My first thought was similar to Liliana's reply in the other
issue thread: putting lots of energy into making it convenient to fork
Guix instead of contributing to the review process (described as slow
and erratic, which appears to be the motivation here), appears
counter-productive.

So I'm not even sure this should be incorporated in Guix, especially if
it does touch the sensitive guix authentication mechanism.

I'll still offer a review, given the code looks rather good, and perhaps
being a committer I'm missing part of the picture on why such a
mechanism improves on the status quo of using extensions or channels, or
local unauthenticated forks (for personal use, that was enough for me
when one of my changes didn't make it for a year).  It was rather
inconvenient, but that was a good motivator to keep nudging it into Guix
proper.

And I disagree with your assessment that it takes years to become a Guix
committer.  I think 6 months to a year would be a reasonable time frame
for a dedicated individual.  It's also not the only way to be useful to
the project.  Reviewing the work of others help a lot too (those appear
at https://qa.guix.gnu.org/patches).

Below are some comments on the code.

45mg <45mg.writes@HIDDEN> writes:

> * guix/scripts/fork.scm, guix/scripts/fork/create.scm: New files.
> * Makefile.am (MODULES): Add the new files.
> * guix/build/utils.scm (invoke/stdout): New procedure.

Touching (guix build utils) is a world rebuild (the module is included
in every build system, including the gnu-build-system).  Perhaps start
its life in (guix utils) with a TODO to move it to (guix build utils)
later along another world-rebuilding change.

Later: I see you changed that in this v1.5 revision: in this case just
update the change log message.

> * guix/utils.scm (chain-cut): New procedure.

Could use 's/New procedure./Likewise./' to avoid repetition.

> * guix/scripts/git/authenticate.scm
> (commit-short-id): Remove procedure, and use its existing duplicate in
> guix/channels.scm.
> (openpgp-fingerprint*, current-branch, show-stats): Move procedures to
> the files below.

You can use the ellipsis trick: (openpgp-fingerprint*): "Move to..."
* guix/channels.scm (openpgp-fingerprint*): ... here.

and likewise for the other procedures.

There's a missing entry for adjusting the renamed current-branch
procedure inside the config-value proc.

[...]

> diff --git a/guix/channels.scm b/guix/channels.scm
> index 4700f7a45d..6ca8e64881 100644
> --- a/guix/channels.scm
> +++ b/guix/channels.scm
> @@ -47,6 +47,7 @@ (define-module (guix channels)
>    #:use-module (guix packages)
>    #:use-module (guix progress)
>    #:use-module (guix derivations)
> +  #:autoload   (rnrs bytevectors) (bytevector-length)
>    #:use-module (guix diagnostics)
>    #:use-module (guix sets)
>    #:use-module (guix store)
> @@ -81,6 +82,7 @@ (define-module (guix channels)
>  
>              openpgp-fingerprint->bytevector
>              openpgp-fingerprint
> +            openpgp-fingerprint*
>  
>              %default-guix-channel
>              %default-channels
> @@ -171,6 +173,17 @@ (define-syntax openpgp-fingerprint
>        ((_ str)
>         #'(openpgp-fingerprint->bytevector str)))))
>  
> +(define (openpgp-fingerprint* str)
> +  "Like openpgp-fingerprint, but with error handling from (guix diagnostics)."
> +    (unless (string-every (char-set-union char-set:hex-digit
> +                                          char-set:whitespace)
> +                          str)
> +      (leave (G_ "~a: invalid OpenPGP fingerprint~%") str))
> +    (let ((fingerprint (openpgp-fingerprint str)))
> +      (unless (= 20 (bytevector-length fingerprint))
> +        (leave (G_ "~a: wrong length for OpenPGP fingerprint~%") str))
> +      fingerprint))
> +

I'm not convinced having a program-exiting procedure in the public API
makes sense (and these are annoying at the REPL!)  Returning a proper
exception would be better.

[...]

> --- /dev/null
> +++ b/guix/scripts/fork.scm

[...]

> +(define-module (guix scripts fork)
> +  #:use-module (ice-9 match)
> +  #:use-module (guix ui)
> +  #:use-module (guix scripts)

Please list modules in lexicographic order.

[...]

> diff --git a/guix/scripts/fork/create.scm b/guix/scripts/fork/create.scm
> new file mode 100644
> index 0000000000..a9de204f23
> --- /dev/null
> +++ b/guix/scripts/fork/create.scm

[...]

> +
> +;;;
> +;;; Helper prodecures.
> +;;;
> +
> +(define (fingerprint->key-file-name fingerprint)
> +  (let* ((listing (invoke/stdout "gpg" "--list-key" "--with-colons" fingerprint))
> +         (uid (chain-cut listing
> +                           (string-split <> #\newline)
> +                           (filter (cut string-prefix? "uid:" <>) <>)
> +                           first

If there are no key for FINGERPRINT, `first' will fail with a cryptic
error here.  It should ideally throw a useful exception.

[...]

> +
> +;;;
> +;;; Entry point.
> +;;;
> +
> +(define (guix-fork-create . args)
> +  (define options
> +    (parse-command-line args %options (list %default-options)
> +                        #:build-options? #f))

I think you could provide a proc to set the default value of the
DIRECTORY positional argument via #:argument-handler...

> +
> +  (define (command-line-arguments lst)
> +    (reverse (filter-map (match-lambda
> +                           (('argument . arg) arg)
> +                           (_ #f))
> +                         lst)))
> +
> +  (with-error-handling
> +    (let* ((signing-key directory (match (command-line-arguments options)
> +                                    ((signing-key directory)
> +                                     (values signing-key directory))
> +                                    ((signing-key)
> +                                     (values signing-key "guix"))
> +                                    (_ (missing-arguments))))

Avoiding the command-line-arguments proc as well as the match above.

> +           (upstream (assoc-ref options 'upstream))
> +           (channel-url (assoc-ref options 'channel-url))
> +           (use-existing? (assoc-ref options 'use-existing?))
> +           (git-parameters (assoc-ref options 'git-parameters))
> +           (git-c-options  ;'("-c" "param1" "-c" "param2" ...)
> +            (let loop ((opts '()) (params git-parameters))
> +              (if (or (not params) (null-list? params))
> +                  opts
> +                  (loop (append
> +                         opts (list "-c" (first params)))

You have enough horizontal space to (append opts ...) on a single line I
think.

> +                        (drop params 1)))))
> +
> +           (key-file-name (fingerprint->key-file-name signing-key))
> +           (introduction-name (car (string-split key-file-name #\-)))
> +
> +           (upstream-branch-name "master"))
> +
> +      (define (invoke-git . args)
> +        (apply invoke `("git" ,@git-c-options "-C" ,directory ,@args)))

We prefer to use guile-git throughout Guix, as it has a proper Scheme
interface.  Have you tried using it instead of shelling out to git?
Perhaps it was missing some features you needed?

> +      (unless use-existing?
> +        (info (G_ "Cloning from upstream ~a...~%") upstream)
> +        (invoke "git" "clone" upstream directory))

Why not using the above defined invoke-git here?

> +
> +      (info (G_ "Authenticating upstream commits...~%"))
> +
> +      (when channel-url
> +        (info (G_ "Renaming existing 'origin' remote to 'upstream'...~%"))
> +        (invoke-git "remote" "rename" "origin" "upstream")
> +        (info (G_ "Using provided channel URL for new 'origin' remote...~%"))
> +        (invoke-git "remote" "add" "origin" channel-url))
> +
> +      (set! upstream-branch-name
> +            (chain-cut
> +             (invoke/stdout "git"

Break the line to place "git" below invoke/stdout, to avoid busting our
80 columns max convention a bit below.

> +                            "-C" directory
> +                            "symbolic-ref"
> +                            (string-append "refs/remotes/"
> +                                           (if channel-url "upstream" "origin")
> +                                           "/HEAD"))
> +             string-trim-right
> +             (string-split <> #\/)
> +             last))
> +
> +      (info (G_ "Adding key to keyring branch...~%"))
> +      (invoke-git "switch" "keyring")
> +      (invoke "gpg"
> +              "--armor" "--export"
> +              "-o" (string-append directory "/" key-file-name)
> +              signing-key)
> +      (invoke-git "add" "--" key-file-name)
> +      (invoke-git "commit" "-m" "Add key for fork introduction.")
> +
> +      (info (G_ "Setting up fork branch...~%"))
> +      (invoke-git "switch" "--create" "fork" "master")
> +      (when channel-url
> +        (update-channel-url (string-append directory "/.guix-channel")
> +                            channel-url))
> +      (rewrite-authorizations (string-append directory "/.guix-authorizations")
> +                              introduction-name signing-key)
> +      (invoke-git "add" "--"
> +                  (string-append directory "/.guix-authorizations")
> +                  (string-append directory "/.guix-channel"))
> +      (invoke-git "commit"
> +                  (string-append "--gpg-sign=" signing-key)
> +                  "-m"
> +                  (string-append
> +                   "Initial fork commit.\n\n"
> +                   ".guix-authorizations: Allow only " introduction-name "'s key."
> +                   (if channel-url
> +                       "\n.guix-channels: Update channel URL."
> +                       "")))
> +      (info (G_ "Successfully created Guix fork in ~a.

Phew!

> +You should run the following command next:
> +guix fork authenticate ~a ~a ~a~%")
> +            directory
> +            upstream-branch-name
> +            (string-trim-right (invoke/stdout "git" "-C" directory "rev-parse" "HEAD"))
> +            signing-key))))
> diff --git a/guix/scripts/git/authenticate.scm b/guix/scripts/git/authenticate.scm
> index e3ecb67c89..154aae9b14 100644
> --- a/guix/scripts/git/authenticate.scm
> +++ b/guix/scripts/git/authenticate.scm
> @@ -23,8 +23,8 @@ (define-module (guix scripts git authenticate)
>    #:use-module (guix git-authenticate)
>    #:autoload   (guix openpgp) (openpgp-format-fingerprint
>                                 openpgp-public-key-fingerprint)
> -  #:use-module ((guix channels) #:select (openpgp-fingerprint))
> -  #:use-module ((guix git) #:select (with-git-error-handling))
> +  #:use-module ((guix channels) #:select (openpgp-fingerprint*))
> +  #:use-module ((guix git) #:select (with-git-error-handling commit-short-id repository-current-branch))

Please watch the 80 columns limit :-).

>    #:use-module (guix progress)
>    #:use-module (guix base64)
>    #:autoload   (rnrs bytevectors) (bytevector-length)
> @@ -76,15 +76,6 @@ (define %options
>  (define %default-options
>    '())
>  
> -(define (current-branch repository)
> -  "Return the name of the checked out branch of REPOSITORY or #f if it could
> -not be determined."
> -  (and (not (repository-head-detached? repository))
> -       (let* ((head (repository-head repository))
> -              (name (reference-name head)))
> -         (and (string-prefix? "refs/heads/" name)
> -              (string-drop name (string-length "refs/heads/"))))))
> -
>  (define (config-value repository key)
>    "Return the config value associated with KEY in the 'guix.authentication' or
>  'guix.authentication-BRANCH' name space in REPOSITORY, or #f if no such config
> @@ -94,7 +85,7 @@ (define (config-value repository key)
>                    ((_ exp)
>                     (catch 'git-error (lambda () exp) (const #f))))))
>      (let* ((config (repository-config repository))
> -           (branch (current-branch repository)))
> +           (branch (repository-current-branch repository)))
>        ;; First try the BRANCH-specific value, then the generic one.`
>        (or (and branch
>                 (false-if-git-error
> @@ -194,21 +185,6 @@ (define (install-hooks repository)
>        (warning (G_ "cannot determine where to install hooks\
>   (Guile-Git too old?)~%"))))
>  
> -(define (show-stats stats)
> -  "Display STATS, an alist containing commit signing stats as returned by
> -'authenticate-repository'."
> -  (format #t (G_ "Signing statistics:~%"))
> -  (for-each (match-lambda
> -              ((signer . count)
> -               (format #t "  ~a ~10d~%"
> -                       (openpgp-format-fingerprint
> -                        (openpgp-public-key-fingerprint signer))
> -                       count)))
> -            (sort stats
> -                  (match-lambda*
> -                    (((_ . count1) (_ . count2))
> -                     (> count1 count2))))))
> -
>  (define (show-help)
>    (display (G_ "Usage: guix git authenticate COMMIT SIGNER [OPTIONS...]
>  Authenticate the given Git checkout using COMMIT/SIGNER as its introduction.\n"))
> @@ -251,19 +227,6 @@ (define (guix-git-authenticate . args)
>                             (_ #f))
>                           lst)))
>  
> -  (define commit-short-id
> -    (compose (cut string-take <> 7) oid->string commit-id))
> -
> -  (define (openpgp-fingerprint* str)
> -    (unless (string-every (char-set-union char-set:hex-digit
> -                                          char-set:whitespace)
> -                          str)
> -      (leave (G_ "~a: invalid OpenPGP fingerprint~%") str))
> -    (let ((fingerprint (openpgp-fingerprint str)))
> -      (unless (= 20 (bytevector-length fingerprint))
> -        (leave (G_ "~a: wrong length for OpenPGP fingerprint~%") str))
> -      fingerprint))
> -

If that's only ever used here, I'd leave it here, as as I said earlier,
it's not a great API (and having confusing asterisk suffixes variants in
the public API should be limited to cases that truly matter, in my
opinion).

[...]

>  
> @@ -1193,6 +1200,60 @@ (define-syntax current-source-directory
>            ;; raising an error would upset Geiser users
>            #f))))))
>  
> +
> +;;;
> +;;; Higher-order functions.
> +;;;
> +
> +(define-syntax chain-cut
> +  (lambda (x)
> +    "Apply each successive form to the result of evaluating the previous one.
> +Before applying, expand each form (op ...) to (cut op ...).
> +
> +Examples:
> +
> +    (chain-cut '(1 2 3) cdr car)
> + => (car (cdr '(1 2 3)))
> +
> +    (chain-cut 2 (- 3 <>) 1+)
> + => (1+ ((cut - 3 <>) 2))
> + => (1+ (- 3 2))
> +"
> +    (syntax-case x ()
> +      ((chain-cut init op) (identifier? #'op)
> +       #'(op init))
> +      ((chain-cut init (op ...))
> +       #'((cut op ...) init))
> +      ((chain-cut init op op* ...) (identifier? #'op)
> +       #'(chain-cut (op init) op* ...))
> +      ((chain-cut init (op ...) op* ...)
> +       #'(chain-cut ((cut op ...) init) op* ...)))))

I'm not 100% convince on the above, as it seems it leads to bunching a
whole lot of procedures together and not paying attention to potential
exceptions/errors returned.  But maybe that's OK if the whole form is
wrapped in an error handler.

That's it!  This adding a whole new command line, and to get everyone
aware, I think going through the new GCD (Guix Common Document/RFC)
process is warranted before it is to be accepted/included in
Guix.

-- 
Thanks,
Maxim




Information forwarded to guix-patches@HIDDEN:
bug#75981; Package guix-patches. Full text available.

Message received at 75981 <at> debbugs.gnu.org:


Received: (at 75981) by debbugs.gnu.org; 1 Feb 2025 11:45:36 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Sat Feb 01 06:45:36 2025
Received: from localhost ([127.0.0.1]:56721 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1teBwN-000561-MD
	for submit <at> debbugs.gnu.org; Sat, 01 Feb 2025 06:45:36 -0500
Received: from mail-pl1-x642.google.com ([2607:f8b0:4864:20::642]:60814)
 by debbugs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)
 (Exim 4.84_2) (envelope-from <45mg.writes@HIDDEN>)
 id 1teBwL-00055a-Ch
 for 75981 <at> debbugs.gnu.org; Sat, 01 Feb 2025 06:45:34 -0500
Received: by mail-pl1-x642.google.com with SMTP id
 d9443c01a7336-21654fdd5daso50590765ad.1
 for <75981 <at> debbugs.gnu.org>; Sat, 01 Feb 2025 03:45:33 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=gmail.com; s=20230601; t=1738410327; x=1739015127; darn=debbugs.gnu.org;
 h=content-transfer-encoding:mime-version:references:in-reply-to
 :message-id:date:subject:cc:to:from:from:to:cc:subject:date
 :message-id:reply-to;
 bh=kTLhP7eOxVAyBixFBetnmK4lTMHiffyZRO+XOSa3nEo=;
 b=CMNPlc3CW9YnyBT1/+HScsq0EDFnNwoDKzOOp9FKDwWj7Pe2hij1ToNAEpuZBeyBaE
 NYb6Bk4o5phxep0hxZbQJbEWVNjNYIHC8FFpyjoitpL9PVLUB4AiH74kcZ2ZUluQOPM4
 iBz56zl8Kvt41FfXVbmucrlBvkLnr3zGLXiaZ1cghDSyIh7vfVw2CRoVsVE4XVrwC4oH
 jOPLCe//1isx0strjoGgujOSxQNecNxJEg8gcMr84LG3rFM9FR+2VosPdcqbQbW7lsJk
 eLd4KEJvFuX8omYZ9DEE6E9Zgb9qll2fBNuBLtGJJl91KvbGTIef1Bx5r97YBApqjKC2
 JdVw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20230601; t=1738410327; x=1739015127;
 h=content-transfer-encoding:mime-version:references:in-reply-to
 :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc
 :subject:date:message-id:reply-to;
 bh=kTLhP7eOxVAyBixFBetnmK4lTMHiffyZRO+XOSa3nEo=;
 b=Vcm/n+PyiMLBdym/dulhh/kDg1YFGO9L+H7+nYucYb/OkKQWF0znnvCf/zXZBTrqsO
 ZDn5gMzmD/nzs0QGO28WYKKls3Lu72w5GJKLEYCsLF2y9eHxnNAv82tAqgkHTVTpo+9P
 IjBhk7u3BiC74CWDYQtKTJkX6E3JVVaPr/Nnf0AOUrAIPWT1ZAnmLMXen24ku2Q2X23H
 uouveadhlPUqT1l9mw2A5hYgsF+derw3Uu5Ik2ZtwpUUWq1pT8Tz0qUnZxHlJS0c/Ery
 5G7IBV6TVoi0e6rzKFEiG9U7XpCTFgLurCxeuIUJ+A9KZu4zIrEiiOeKrFKutyLkxvRW
 sgcw==
X-Gm-Message-State: AOJu0Yx8pisBqQKFBawrF6C2QiQ7uQ2vYeElh0hp1FoqL1bfnJyiNWQ3
 CS4uEg+2DU14xKBi1o1vs9vIsskKVD/88ifj/7T1vwxt7mG4/26NY/DCP0ce
X-Gm-Gg: ASbGncvWtNPFxTr0wDKPRf6iVAJNgzClSAfLOL5tCo+AtfZ+4kUuexw6L4KrFDyualt
 mw8lPeD4Hy85SpnDaILT+suuUPYCdX2uoKmJyY5apPXto7oY4WMB0XQE7n+srz+o7KrTD3S7S2A
 FUuHtcI2WSSxj1tRAEF7BFNmuL+7SyE0Q9JsFpX4/1zMFhR7cxMsyO8uqMNiSIGIY4kOM0fLulD
 Bv2jG9c+sE/3wijIyjEcDT0K9pAJPzLF5T0zonlawIqwlNMHeW1poezfdIg/J81L+Sl5OwZLzjM
 GOalT5Ry26tL64IQKtC+4v8AemcFBtzOlmg/jg==
X-Google-Smtp-Source: AGHT+IF+4YhbDM5krb8XTSjtwu75EH4CwFw9X+d4yRFSwgufUildNACOeZ6Fw1i/MOM/eJ7oJgRgKg==
X-Received: by 2002:a17:902:db03:b0:215:b33b:e26d with SMTP id
 d9443c01a7336-21dd7c5141fmr216797555ad.21.1738410327178; 
 Sat, 01 Feb 2025 03:45:27 -0800 (PST)
Received: from localhost.localdomain (utm3.nitt.edu. [14.139.162.2])
 by smtp.gmail.com with ESMTPSA id
 d9443c01a7336-21de331f8d4sm43844805ad.224.2025.02.01.03.45.24
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Sat, 01 Feb 2025 03:45:26 -0800 (PST)
From: 45mg <45mg.writes@HIDDEN>
To: 75981 <at> debbugs.gnu.org
Subject: [PATCH (WIP) v1.5 4/4] Document 'guix fork'.
Date: Sat,  1 Feb 2025 17:13:26 +0530
Message-ID: <49cb491b107b5f0899209905d7679ba389bc65e6.1738408683.git.45mg.writes@HIDDEN>
X-Mailer: git-send-email 2.48.1
In-Reply-To: <cover.1738408683.git.45mg.writes@HIDDEN>
References: <cover.1738408683.git.45mg.writes@HIDDEN>
MIME-Version: 1.0
X-Debbugs-Cc: Ludovic Courtès <ludo@HIDDEN>, Maxim Cournoyer <maxim.cournoyer@HIDDEN>
Content-Transfer-Encoding: 8bit
X-Spam-Score: 0.0 (/)
X-Debbugs-Envelope-To: 75981
Cc: Nicolas Graves <ngraves@HIDDEN>, Tomas Volf <~@wolfsden.cz>,
 45mg <45mg.writes@HIDDEN>,
 Liliana Marie Prikler <liliana.prikler@HIDDEN>,
 Ricardo Wurmus <rekado@HIDDEN>, Attila Lendvai <attila@HIDDEN>
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -1.0 (-)

* doc/guix.texi (Invoking guix fork): New node.
* doc/contributing.texi (Using Your Own Patches): New node.

Change-Id: I06240f0fe8d1fe39f27130a72f5d0d92949c99da
---
 doc/contributing.texi |  50 ++++++++++++++
 doc/guix.texi         | 150 ++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 200 insertions(+)

diff --git a/doc/contributing.texi b/doc/contributing.texi
index c94ae940fa..bd4fd6c2ac 100644
--- a/doc/contributing.texi
+++ b/doc/contributing.texi
@@ -35,6 +35,7 @@ Contributing
 * Making Decisions::            Collectively choosing the way forward.
 * Commit Access::               Pushing to the official repository.
 * Reviewing the Work of Others::  Some guidelines for sharing reviews.
+* Using Your Own Patches::      Using your own work before it's accepted.
 * Updating the Guix Package::   Updating the Guix package definition.
 * Deprecation Policy::          Commitments and tools for deprecation.
 * Writing Documentation::       Improving documentation in GNU Guix.
@@ -3095,6 +3096,55 @@ Reviewing the Work of Others
 have reviewed more easily by adding a @code{reviewed-looks-good} usertag
 for the @code{guix} user (@pxref{Debbugs Usertags}).
 
+@node Using Your Own Patches
+@section Using Your Own Patches
+
+If you've taken the time to contribute code to Guix, chances are that
+you want the changes you've made to be reflected in your own Guix
+installation as soon as possible. Maybe you've added a package you want,
+and you want to start using it @emph{right now}. Or you've fixed a bug
+that affects you, and you want it to @emph{go away}.
+
+As described in the preceding sections, all contributions to Guix first
+go through a review process to ensure code quality. Sometimes, this can
+take longer than one would like. Ideally, the pace of the review process
+should not prevent you from benefiting from your own work.
+
+One way to work around this issue is to create an additional channel of
+your own (@pxref{Creating a Channel}), and add your code to it. For
+certain kinds of contributions, such as adding a new package, this is
+fairly straightforward - simply copy your new package definition(s) into
+a new file in the channel, and remove them when your contribution is
+accepted.
+
+However, there may be cases where this is not convenient. Certain kinds
+of changes, such as those that need to modify existing Guix internals,
+may be more challenging to incorporate into a channel. Moreoever, the
+more substantial your contribution is, the more work it will be to do
+so.
+
+@cindex fork, of Guix
+For such cases, there is another option. Recall that the patch series
+that you sent (@pxref{Sending a Patch Series}) was created from a one or
+more commits on a checkout of the Guix repository (@pxref{Building from
+Git}). You could simply specify this repository (referred to as your
+`Guix fork', or simply `fork', from here onwards), and its relevant
+branch, as your `@code{guix}' channel (@pxref{Using a Custom Guix
+Channel}). Now `@code{guix pull}' will fetch your new commits, and
+you'll see the changes you made reflected in your Guix installation!
+
+However, there's a potential complication to this approach - the issue
+of authentication (@pxref{Channel Authentication}). If your fork only
+exists on your local filesystem (a `local fork'), then you probably
+don't need to worry about this, and can pull without authentication
+(@pxref{Invoking guix pull}). But other situations, such as a remotely
+hosted fork, may make it important for your fork to be authenticated, in
+the same way that all channels are expected to be.
+
+Guix provides a @command{guix fork} command in order to simplify and
+automate many details of creating and managing and authenticated
+fork. For more information, @pxref{Invoking guix fork}.
+
 @node Updating the Guix Package
 @section Updating the Guix Package
 
diff --git a/doc/guix.texi b/doc/guix.texi
index b1b6d98e74..bbb5666d0a 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -311,6 +311,7 @@ Top
 * Invoking guix pack::          Creating software bundles.
 * The GCC toolchain::           Working with languages supported by GCC.
 * Invoking guix git authenticate::  Authenticating Git repositories.
+* Invoking guix fork::          Creating and managing authenticated forks of Guix.
 
 Programming Interface
 
@@ -5930,6 +5931,7 @@ Development
 * Invoking guix pack::          Creating software bundles.
 * The GCC toolchain::           Working with languages supported by GCC.
 * Invoking guix git authenticate::  Authenticating Git repositories.
+* Invoking guix fork::          Creating and managing authenticated forks of Guix.
 @end menu
 
 @node Invoking guix shell
@@ -7534,6 +7536,154 @@ Invoking guix git authenticate
 @end table
 
 
+@node Invoking guix fork
+@section Invoking @command{guix fork}
+
+@cindex @command{guix fork}
+
+The @command{guix fork} command provides the means to quickly set up,
+authenticate, and keep up-to-date an authenticated fork of Guix. For
+more information on authentication of a Guix checkout, @pxref{Invoking
+guix git authenticate}.
+
+Its syntax is:
+
+guix fork ACTION ARGS...
+
+ACTION specifies the fork-related action to perform. Currently, the
+following values are supported:
+
+@table @code
+@item create SIGNING_KEY [DIRECTORY OPTIONS...]
+Create a fork of Guix in DIRECTORY, using SIGNING_KEY to sign the introductory
+commit.
+DIRECTORY defaults to ./guix.
+
+First, clone Guix into DIRECTORY, unless @code{--use-existing} is
+given. Then, add SIGNING_KEY to the `@code{keyring}' branch of the
+repository. Finally, create a new `@code{fork}' branch based starting
+from the default branch, whose initial commit authorizes SIGNING_KEY
+alone (by adding it to @file{.guix-authorizations}) and is signed by it.
+
+The new `@code{fork}' branch is intended to mirror upstream
+Guix. Updating the fork amounts to applying all new commits to it (see
+the `@code{update}' command below for further explanation). You can work
+on patches in branches based off of this one, in much the same way as
+you would base them on Guix's default branch - every commit from the
+latter will be present in the former.
+
+To @command{guix pull} your changes, you could create a `build' branch
+starting from the initial fork commit, onto which you can cherry-pick or
+rebase commits from patch branches. This branch can then be specified
+for the `@code{guix}' channel (@pxref{Using a Custom Guix Channel}).
+Updating this channel can be done by merging the `@code{fork}' branch
+into it.
+
+OPTIONS can be one or more of the following:
+
+@table @code
+@item --use-existing
+Use existing clone of Guix in DIRECTORY. This is useful if you've
+already created commits for a patch series (@pxref{Using Your Own
+Patches}). However, all commits to the default branch, as well as any
+branches that may be merged into it in the future, must have been signed
+with an authorized key; otherwise, authentication will fail later.
+@item --upstream=URI
+The repository to clone from. This defaults to the default URL for the
+Guix repository.
+@item --channel-url=URI
+Optional URI, which if given, will be used to replace the channel URL.
+Furthermore, the existing `origin' remote (which tracks
+`@code{upstream}') is renamed to `upstream', and a new `origin' remote
+is created to track URI.
+@item --git-parameter PARAMETER
+Specify configuration PARAMETER for git, via `-c' option. You can pass
+this option multiple times.
+@end table
+
+@cindex authentication, of Guix forks
+@item authenticate UPSTREAM COMMIT SIGNER [OPTIONS...]
+Authenticate a Guix fork, using COMMIT and SIGNER as the fork
+introduction.
+
+First, authenticate new commits from UPSTREAM, using Guix's default
+introduction. Then authenticate the remaining commits using the fork
+introduction.
+
+As with @code{guix git authenticate}, all three of UPSTREAM, COMMIT and
+SIGNER will be cached in .git/config, so that you don't need to specify
+them after the first time.
+
+OPTIONS can be one or more of the following:
+
+@table @code
+@item --repository=DIRECTORY
+@itemx -r DIRECTORY
+Authenticate the git repository in DIRECTORY, instead of the current
+directory.
+@item --upstream-commit=COMMIT
+@itemx --upstream-signer=SIGNER
+Use COMMIT/SIGNER as the introduction for upstream
+Guix, instead of Guix's default channel introduction.
+@item --keyring=REFERENCE
+@itemx -k REFERENCE
+Load keyring for fork commits from REFERENCE, a Git branch (default
+`@code{keyring}').
+@item --upstream-keyring=REFERENCE
+Load keyring for upstream commits from REFERENCE, a Git branch (default
+`@code{keyring}').
+@item --end=COMMIT
+Authenticate fork commits up to COMMIT.
+@item --upstream-end=COMMIT
+Authenticate upstream commits up to COMMIT.
+
+@item --cache-key=KEY
+@itemx --historical-authorizations=FILE
+@itemx --stats
+Identical to the correponding options in @command{guix git authenticate}
+(@pxref{Invoking guix git authenticate}).
+@end table
+
+@item update [OPTIONS...]
+Pull into this Guix fork's configured upstream branch (from running
+@command{guix fork authenticate}), then apply new commits onto the
+current branch.
+
+This approach may seem less convenient than simply merging the upstream
+branch into the fork branch. Indeed, it duplicates every upstream commit
+under a different commit hash, and applying a large number of commits
+can be slow. However, this is currently the only feasible approach due
+to the nature of Guix's authentication mechanism. Namely, merge commits
+can only be authenticated if both their parents are signed by an
+authorized key, meaning that you can only use the merge workflow if
+you're authorized to commit to upstream Guix.
+
+For mapping commits on the fork branch to their equivalents on the
+upstream branch, you can use @command{guix fork identify} (see below).
+
+OPTIONS can be one or more of the following:
+
+@table @code
+@item --repository=DIRECTORY
+@itemx -r DIRECTORY
+Act in the Git repository in DIRECTORY.
+@item --fork-branch=BRANCH
+Apply new commits onto BRANCH instead of the current branch.
+@end table
+
+@item identify
+Coming soon!
+
+Given a commit hash from upstream Guix, print its equivalent on the fork
+branch, or vice versa.
+This uses the 'Change-Id:' line added to commit messages by Guix's
+'commit-msg' hook.
+The first invocation of this command will be slow, as the entire set of
+corresponding commits is built up as a hash table, and then
+cached. Subsequent invocations should be nearly instant.
+
+@end table
+
 @c *********************************************************************
 @node Programming Interface
 @chapter Programming Interface
-- 
2.48.1





Information forwarded to ludo@HIDDEN, maxim.cournoyer@HIDDEN, guix-patches@HIDDEN:
bug#75981; Package guix-patches. Full text available.

Message received at 75981 <at> debbugs.gnu.org:


Received: (at 75981) by debbugs.gnu.org; 1 Feb 2025 11:45:31 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Sat Feb 01 06:45:31 2025
Received: from localhost ([127.0.0.1]:56718 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1teBwI-00055l-Tm
	for submit <at> debbugs.gnu.org; Sat, 01 Feb 2025 06:45:31 -0500
Received: from mail-pl1-x642.google.com ([2607:f8b0:4864:20::642]:42000)
 by debbugs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)
 (Exim 4.84_2) (envelope-from <45mg.writes@HIDDEN>)
 id 1teBwG-00055U-MY
 for 75981 <at> debbugs.gnu.org; Sat, 01 Feb 2025 06:45:29 -0500
Received: by mail-pl1-x642.google.com with SMTP id
 d9443c01a7336-216395e151bso35162275ad.0
 for <75981 <at> debbugs.gnu.org>; Sat, 01 Feb 2025 03:45:28 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=gmail.com; s=20230601; t=1738410322; x=1739015122; darn=debbugs.gnu.org;
 h=content-transfer-encoding:mime-version:references:in-reply-to
 :message-id:date:subject:cc:to:from:from:to:cc:subject:date
 :message-id:reply-to;
 bh=C43SsUA5OCcbVBTaSANAj1vwibNoo1rJF1BpXIfZWW8=;
 b=frY6YJvA4iv9rrm0t+t1Czox72gYk3SN3nGwlelnG/ceHiipxbz7kbwwR3MKNlrMab
 VBsCKRg36qzUWtNrFPJXh0kuP4PLnz/mkIjrCrKjs2XFZ+U5A2hX54aNJ/SK8OaG73e5
 fy6DdjQLrvmL2HqGnlP4Pg9SobSPIbbnGIvvrRqZuWrFPwfPqWEB841Fj1G8WajqrvLJ
 CzULuuTTjDkThfQhbm7+oeXpRJeideaarHZmG4JQBea3j8MZgRkb33LvByuQLymvdxhb
 4+UdC4KabT4wTWWu83k58Dy+DciKudrobMU3XpvvQO2EWypNejTKVpXNVEXhsp/jxaTi
 mIIw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20230601; t=1738410322; x=1739015122;
 h=content-transfer-encoding:mime-version:references:in-reply-to
 :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc
 :subject:date:message-id:reply-to;
 bh=C43SsUA5OCcbVBTaSANAj1vwibNoo1rJF1BpXIfZWW8=;
 b=YQB96j8eobyrwB5KC4BsQOQm7iSLgC3xe94i+Dw029KhhMxoDQdzCWTgqA4DuHfS0c
 OQPgcBBWUfMJndvSWximxc6Pg3bgfHVxh/X9QxSBTJ6ANAKymsWWO6Dwjvu+rRNXs0r1
 X8iDc5Q9XkTMsUkTeoO7DiY+bz9LbKnK6kJOomWsCH7i1i2qjydD7SjJPwwWCb3DzEjU
 CatDL6j4Rr5uAI9TsAnmzt5yxhHM3bEvycqzcKSNGnVBtjAraWhWe9mUVcba7kjozBM8
 HS+GVnvD6Vfm8U4va2TvnjAQWYfQfCgKUOL2g7wFcD1k4DhEPQDPi/goy0QEwufjbj/x
 WyVQ==
X-Gm-Message-State: AOJu0YzDlTIoJTvaUkr3jXMSZtMufZDKdxM0zMDjvNt05M2FBonl5nMi
 IiBO1rs+BuvHi83+b/Jaotknm+O5GwGT9O5ZINrfNlfz07D6wNVEcF+hmacm
X-Gm-Gg: ASbGncumiDxAHrCBM0oiuzbVRpqw4n5IWvKt1edaxFl3CLPr7EmDzvtgqYvlzRq7yGl
 8BDiGVSrMkBfTyfsmCl2xyCA4CqSB7r9guY62D9G9oJkM9/Rh/litW6fvnK8SfKvc6dPL8Poziz
 EFEQPnbKBbIoj349rFLJ71mu9YRkTNUwProhg3wFmh/J3G0+o2gUr2u16txLQW9HeTWMiRP0fKV
 V71yLeSOUsr0+Ivq97Kql3NgDJBYkDkCSdJKT6BVxK03KfisT35NF2GZRXqSnXP+wpCPv1oY5Ff
 GYAX9RC3H2DxBM/GzzyCraTucv2mEYJ/HPJ2PQ==
X-Google-Smtp-Source: AGHT+IFbwwKI7Pc2LIZzqmfu9wewH23RfB/o1GVHXun4PgPYResuPVdqO5rRLbnZC0Q2ZbmP/xcQSQ==
X-Received: by 2002:a17:902:d486:b0:216:4676:dfb5 with SMTP id
 d9443c01a7336-21de19b09camr168965575ad.21.1738410322476; 
 Sat, 01 Feb 2025 03:45:22 -0800 (PST)
Received: from localhost.localdomain (utm3.nitt.edu. [14.139.162.2])
 by smtp.gmail.com with ESMTPSA id
 d9443c01a7336-21de331f8d4sm43844805ad.224.2025.02.01.03.45.19
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Sat, 01 Feb 2025 03:45:22 -0800 (PST)
From: 45mg <45mg.writes@HIDDEN>
To: 75981 <at> debbugs.gnu.org
Subject: [PATCH (WIP) v1.5 3/4] Add 'guix fork update'.
Date: Sat,  1 Feb 2025 17:13:25 +0530
Message-ID: <20c828d43d189914c7a5a3de58831f74b134e796.1738408683.git.45mg.writes@HIDDEN>
X-Mailer: git-send-email 2.48.1
In-Reply-To: <cover.1738408683.git.45mg.writes@HIDDEN>
References: <cover.1738408683.git.45mg.writes@HIDDEN>
MIME-Version: 1.0
X-Debbugs-Cc: Christopher Baines <guix@HIDDEN>, Josselin Poiret <dev@HIDDEN>, Ludovic Courtès <ludo@HIDDEN>, Mathieu Othacehe <othacehe@HIDDEN>, Simon Tournier <zimon.toutoune@HIDDEN>, Tobias Geerinckx-Rice <me@HIDDEN>
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-Spam-Score: 0.0 (/)
X-Debbugs-Envelope-To: 75981
Cc: Nicolas Graves <ngraves@HIDDEN>, Tomas Volf <~@wolfsden.cz>,
 45mg <45mg.writes@HIDDEN>,
 Liliana Marie Prikler <liliana.prikler@HIDDEN>,
 Ricardo Wurmus <rekado@HIDDEN>, Attila Lendvai <attila@HIDDEN>
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -1.0 (-)

* guix/scripts/fork/update.scm: New file.
* Makefile.am (MODULES): Add the new file.
* guix/scripts/fork.scm
(show-help): Mention new command.
(%sub-commands): Add new command.

Change-Id: I2017eb9a9286c02ca8bdf962bcbfe89d7607c413
---
 Makefile.am                  |   1 +
 guix/scripts/fork.scm        |   4 +-
 guix/scripts/fork/update.scm | 182 +++++++++++++++++++++++++++++++++++
 3 files changed, 186 insertions(+), 1 deletion(-)
 create mode 100644 guix/scripts/fork/update.scm

diff --git a/Makefile.am b/Makefile.am
index 1c1f5d84fd..8edd371ccd 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -380,6 +380,7 @@ MODULES =					\
   guix/scripts/fork.scm			\
   guix/scripts/fork/create.scm			\
   guix/scripts/fork/authenticate.scm			\
+  guix/scripts/fork/update.scm			\
   guix/scripts/graph.scm			\
   guix/scripts/weather.scm			\
   guix/scripts/container.scm			\
diff --git a/guix/scripts/fork.scm b/guix/scripts/fork.scm
index c5c7a59ba7..bf9c86e0aa 100644
--- a/guix/scripts/fork.scm
+++ b/guix/scripts/fork.scm
@@ -32,6 +32,8 @@ (define (show-help)
    create          set up a fork of Guix\n"))
   (display (G_ "\
    authenticate    authenticate a fork of Guix\n"))
+  (display (G_ "\
+   update          update a fork of Guix\n"))
   (newline)
   (display (G_ "
   -h, --help             display this help and exit"))
@@ -40,7 +42,7 @@ (define (show-help)
   (newline)
   (show-bug-report-information))
 
-(define %sub-commands '("create" "authenticate"))
+(define %sub-commands '("create" "authenticate" "update"))
 
 (define (resolve-sub-command name)
   (let ((module (resolve-interface
diff --git a/guix/scripts/fork/update.scm b/guix/scripts/fork/update.scm
new file mode 100644
index 0000000000..4223b9855c
--- /dev/null
+++ b/guix/scripts/fork/update.scm
@@ -0,0 +1,182 @@
+;;; GNU Guix --- Functional package management for GNU
+;;; Copyright © 2025 Tomas Volf <~@wolfsden.cz>
+;;; Copyright © 2025 45mg <45mg.writes@HIDDEN>
+;;;
+;;; This file is part of GNU Guix.
+;;;
+;;; GNU Guix is free software; you can redistribute it and/or modify it
+;;; under the terms of the GNU General Public License as published by
+;;; the Free Software Foundation; either version 3 of the License, or (at
+;;; your option) any later version.
+;;;
+;;; GNU Guix is distributed in the hope that it will be useful, but
+;;; WITHOUT ANY WARRANTY; without even the implied warranty of
+;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+;;; GNU General Public License for more details.
+;;;
+;;; You should have received a copy of the GNU General Public License
+;;; along with GNU Guix.  If not, see <http://www.gnu.org/licenses/>.
+
+(define-module (guix scripts fork update)
+  #:use-module (guix scripts fork authenticate)
+  #:use-module (git repository)
+  #:use-module (git structs)
+  #:use-module (git config)
+  #:use-module (guix ui)
+  #:use-module (guix scripts)
+  #:use-module ((guix utils) #:select (invoke/stdout))  ;TODO move invoke/stdout to (guix build utils)
+  #:use-module (guix build utils)
+  #:use-module (guix channels)
+  #:use-module (ice-9 exceptions)
+  #:use-module (ice-9 match)
+  #:use-module (ice-9 popen)
+  #:use-module (ice-9 pretty-print)
+  #:use-module (ice-9 string-fun)
+  #:use-module (ice-9 textual-ports)
+  #:use-module (srfi srfi-1)
+  #:use-module (srfi srfi-13)
+  #:use-module (srfi srfi-26)
+  #:use-module (srfi srfi-37)
+  #:use-module (srfi srfi-71)
+  #:export (guix-fork-update))
+
+;;; Commentary:
+;;;
+;;; Update a fork of Guix created via `guix fork create` and authenticated via
+;;; `guix fork authenticate`, by applying new commits from the upstream branch
+;;; onto it.
+;;;
+;;; Code:
+
+(define %options
+  ;; Specifications of the command-line options.
+  (list (option '(#\h "help") #f #f
+                (lambda args
+                  (show-help)
+                  (exit 0)))
+        (option '(#\V "version") #f #f
+                (lambda args
+                  (show-version-and-exit "guix fork create")))
+
+        (option '( "fork-branch") #t #f
+                (lambda (opt name arg result)
+                  (alist-cons 'fork-branch-name arg result)))
+        (option '(#\r "repository") #t #f
+                (lambda (opt name arg result)
+                  (alist-cons 'directory arg result)))))
+
+(define %default-options
+  '())
+
+(define %usage
+  (G_ "Usage: guix fork update [OPTIONS...]
+Pull into this Guix fork's configured upstream branch, then apply new commits
+onto the current branch.
+
+  -r, --repository=DIRECTORY
+                         Act in the Git repository in DIRECTORY
+      --fork-branch=BRANCH
+                         Apply new commits onto BRANCH instead of the current
+                         branch
+
+  -h, --help             display this help and exit
+  -V, --version          display version information and exit
+"))
+
+(define (show-help)
+  (display %usage)
+  (newline)
+  (show-bug-report-information))
+
+(define (missing-arguments)
+    (leave (G_ "wrong number of arguments; \
+required ~%")))
+
+
+;;;
+;;; Entry point.
+;;;
+
+(define (guix-fork-update . args)
+
+  (define options
+    (parse-command-line args %options (list %default-options)
+                        #:build-options? #f))
+
+  (define (command-line-arguments lst)
+    (reverse (filter-map (match-lambda
+                           (('argument . arg) arg)
+                           (_ #f))
+                         lst)))
+
+  (define-syntax invoke-git
+    (lambda (x)
+      (syntax-case x ()
+        ((_ args ...)
+         #`(invoke "git" "-C" #,(datum->syntax x 'directory) args ...)))))
+
+  (define-syntax invoke-git/stdout
+    (lambda (x)
+      (syntax-case x ()
+        ((_ args ...)
+         #`(string-trim-right
+            (invoke/stdout "git" "-C" #,(datum->syntax x 'directory) args ...))))))
+
+  (with-error-handling
+    (let* ((directory (or (assoc-ref options 'directory) "."))
+           (current-branch-name (invoke-git/stdout
+                                 "branch"
+                                 "--show-current"))
+           (current-head-location (invoke-git/stdout
+                                   "rev-parse"
+                                   "HEAD"))
+           (fork-branch-name (or (assoc-ref options 'fork-branch-name)
+                                 (if (string= current-branch-name "")
+                                     (leave (G_ "no current branch and --fork-branch not given"))
+                                     current-branch-name)))
+
+           (repository (repository-open directory))
+           (upstream-branch-name introduction-commit introduction-signer
+                                 (if (fork-configured? repository)
+                                     (fork-configured-introduction
+                                      (repository-open directory))
+                                     (leave (G_ "fork not fully configured.
+(Did you remember to run `guix fork authenticate` first?)%~"))))
+           (upstream-branch-commit
+            (invoke-git/stdout "rev-parse" upstream-branch-name))
+           (new-upstream-branch-commit "")
+           (config (repository-config repository))
+           (signing-key
+            (or
+             (catch 'git-error
+               (lambda ()
+                 (config-entry-value
+                  (config-get-entry config "user.signingkey")))
+               (const #f))
+             (begin
+               (info (G_ "user.signingkey not set for this repository.~%"))
+               (info (G_ "Will attempt to sign commits with fork introduction key.~%"))
+               introduction-signer))))
+
+      (info (G_ "Pulling into '~a'...~%") upstream-branch-name)
+      (invoke-git "switch" upstream-branch-name)
+      (invoke-git "pull")
+      (set! new-upstream-branch-commit
+            (invoke-git/stdout "rev-parse" upstream-branch-name))
+
+      (info (G_ "Rebasing commits from '~a' to '~a' onto fork branch '~a'...~%")
+            upstream-branch-commit
+            new-upstream-branch-commit
+            fork-branch-name)
+      (invoke-git "rebase" "--rebase-merges"
+                  (string-append "--gpg-sign=" signing-key)
+                  fork-branch-name new-upstream-branch-commit)
+
+      (info (G_ "Resetting fork branch '~a' to latest rebased commit...~%")
+            fork-branch-name)
+      (invoke-git "branch" "--force" fork-branch-name "HEAD")
+
+      (invoke-git "checkout" (or current-branch-name current-head-location))
+
+      (info (G_ "Successfully updated Guix fork in ~a~%")
+            directory))))
-- 
2.48.1





Information forwarded to guix@HIDDEN, dev@HIDDEN, ludo@HIDDEN, othacehe@HIDDEN, zimon.toutoune@HIDDEN, me@HIDDEN, guix-patches@HIDDEN:
bug#75981; Package guix-patches. Full text available.

Message received at 75981 <at> debbugs.gnu.org:


Received: (at 75981) by debbugs.gnu.org; 1 Feb 2025 11:45:21 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Sat Feb 01 06:45:21 2025
Received: from localhost ([127.0.0.1]:56715 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1teBw8-00055J-R4
	for submit <at> debbugs.gnu.org; Sat, 01 Feb 2025 06:45:21 -0500
Received: from mail-pl1-x643.google.com ([2607:f8b0:4864:20::643]:44152)
 by debbugs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)
 (Exim 4.84_2) (envelope-from <45mg.writes@HIDDEN>)
 id 1teBw5-0004zT-Lk
 for 75981 <at> debbugs.gnu.org; Sat, 01 Feb 2025 06:45:18 -0500
Received: by mail-pl1-x643.google.com with SMTP id
 d9443c01a7336-2163dc5155fso51735555ad.0
 for <75981 <at> debbugs.gnu.org>; Sat, 01 Feb 2025 03:45:17 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=gmail.com; s=20230601; t=1738410311; x=1739015111; darn=debbugs.gnu.org;
 h=content-transfer-encoding:mime-version:references:in-reply-to
 :message-id:date:subject:cc:to:from:from:to:cc:subject:date
 :message-id:reply-to;
 bh=rASlCkCXzp5SO8O1bmNfoaP77uE1mhNlivO/wDiYLuQ=;
 b=OpXS9t5uqGAXcd6qM4ibbJPp+WQEumoRnshZJFV6ueOI6UIC+OVId9LhhheSd4ZNwm
 yLhVXLZEWA77lQutke0LcGHdWmVppbR2CE2F65kGXlYA+2fVhvknAKJsaH6cOXZN+5d/
 KICk7JX3+u4J4bPnVBJ5eZBSwE2e+hj7eywtFA1TCSTrYIQGYpaUJg0FrchL/OO2Ew3k
 wONBRRjI2AsSLqGAn1Lce3//F7uIzpDpdl8ZP5mzZHbV6GBBeyjxsb35ePqP7ld9b9yO
 bJCiYhJg/BSMOfUqgYZ5zsM+gD4n9IhJhH1GPswg4HEmjULXOGYsCITqcwfeYzcBQX1V
 a+FQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20230601; t=1738410311; x=1739015111;
 h=content-transfer-encoding:mime-version:references:in-reply-to
 :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc
 :subject:date:message-id:reply-to;
 bh=rASlCkCXzp5SO8O1bmNfoaP77uE1mhNlivO/wDiYLuQ=;
 b=gYqUr8oQAosa4tgYOVcU8TK2NM/JRMGdmDIV5/VdCAr1756pBilSeE0qEui+JBSRuL
 U6tKw3qnfgWMcygLqklKWmf3+fGHF5wZG6UbI0zd5JmxbTI/beZxdZ3UHHKi39kmkGRU
 hRia9sS1kMoK1fgnC6nqvkznK0pQor1BbepXSIXhzGnpciOGdAPrd1ygYcKGGZQqWjM7
 gkMthX5eFIU60BK6zQKPC17spKi/pYSFnz/7NYxGoD18oemKCHgf78ZyAaNHFZECptek
 Ihc+ukUEA2n1hLluebeRFr0wxbq7j8UG2aDi4pYA6k51cHTxaVoQP5Pgd3qHaMCva/YO
 i87A==
X-Gm-Message-State: AOJu0YyQHEYm/6imDF7nL81D47z/JXDr75ZZzPzfinS9Hx4FfR2cgD5D
 axqGc/OLpIW9terq2xFto5ameEhj5f786MgJinKlo6k4Qwf8jozDGRGxf8C0
X-Gm-Gg: ASbGnctXNolmGTd7BiUvBdvXWDrjn9jQVExAWiB6Gkp3Y6dGRNIRs0Jzw4QuoVFHCwP
 ZixIHpxksmJN/jhyQtUvJbxeHrnihByyVmOiXu0WAPNzdDz1WNsZqbFM9hKe7Kszr1mvGCzGvGj
 pq1Ho7tYgCPk9w+Pr3Xdx/ps/7OZ67GpbDVNBsOH8DrdvnGH150yJPEmJn8reCMVTJLiGU3ZM6q
 otYoQTmexJ+17ra6BCZ7/rZ2oUXYthkWXhEYD2j2xuStG0M0f7W90cRSI+rvm4E0GRadddRKJiZ
 zaIEbE02gqCSD5Oa7dCDcsQUeugLz5TZugLVJw==
X-Google-Smtp-Source: AGHT+IFcnPO2E7PW+B4+upoT1IISmq3tOZpDVa1M8GbwVvH5e2u8cOriHdnRF/I+IKYfDIiFfadHgA==
X-Received: by 2002:a17:902:c40a:b0:212:63c0:d9e7 with SMTP id
 d9443c01a7336-21dd7b61a82mr236607115ad.0.1738410311115; 
 Sat, 01 Feb 2025 03:45:11 -0800 (PST)
Received: from localhost.localdomain (utm3.nitt.edu. [14.139.162.2])
 by smtp.gmail.com with ESMTPSA id
 d9443c01a7336-21de331f8d4sm43844805ad.224.2025.02.01.03.45.08
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Sat, 01 Feb 2025 03:45:10 -0800 (PST)
From: 45mg <45mg.writes@HIDDEN>
To: 75981 <at> debbugs.gnu.org
Subject: [PATCH (WIP) v1.5 2/4] Add 'guix fork authenticate'.
Date: Sat,  1 Feb 2025 17:13:24 +0530
Message-ID: <10c11dfc090e48aa6a3f4b1fd67543ec2bab7b40.1738408683.git.45mg.writes@HIDDEN>
X-Mailer: git-send-email 2.48.1
In-Reply-To: <cover.1738408683.git.45mg.writes@HIDDEN>
References: <cover.1738408683.git.45mg.writes@HIDDEN>
MIME-Version: 1.0
X-Debbugs-Cc: Christopher Baines <guix@HIDDEN>, Josselin Poiret <dev@HIDDEN>, Ludovic Courtès <ludo@HIDDEN>, Mathieu Othacehe <othacehe@HIDDEN>, Simon Tournier <zimon.toutoune@HIDDEN>, Tobias Geerinckx-Rice <me@HIDDEN>
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-Spam-Score: 0.0 (/)
X-Debbugs-Envelope-To: 75981
Cc: Nicolas Graves <ngraves@HIDDEN>, Tomas Volf <~@wolfsden.cz>,
 45mg <45mg.writes@HIDDEN>,
 Liliana Marie Prikler <liliana.prikler@HIDDEN>,
 Ricardo Wurmus <rekado@HIDDEN>, Attila Lendvai <attila@HIDDEN>
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -1.0 (-)

* guix/scripts/fork/authenticate.scm: New file.
* Makefile.am (MODULES): Add the new file.
* guix/scripts/fork.scm
(show-help): Mention new command.
(%sub-commands): Add new command.

Change-Id: Ic34a1b3d1642cedce8d1ff5bae825df30e47755c
---
 Makefile.am                        |   1 +
 guix/scripts/fork.scm              |   6 +-
 guix/scripts/fork/authenticate.scm | 331 +++++++++++++++++++++++++++++
 3 files changed, 336 insertions(+), 2 deletions(-)
 create mode 100644 guix/scripts/fork/authenticate.scm

diff --git a/Makefile.am b/Makefile.am
index c628450a5a..1c1f5d84fd 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -379,6 +379,7 @@ MODULES =					\
   guix/scripts/git/authenticate.scm		\
   guix/scripts/fork.scm			\
   guix/scripts/fork/create.scm			\
+  guix/scripts/fork/authenticate.scm			\
   guix/scripts/graph.scm			\
   guix/scripts/weather.scm			\
   guix/scripts/container.scm			\
diff --git a/guix/scripts/fork.scm b/guix/scripts/fork.scm
index 2d97bcb93f..c5c7a59ba7 100644
--- a/guix/scripts/fork.scm
+++ b/guix/scripts/fork.scm
@@ -29,7 +29,9 @@ (define (show-help)
   (display (G_ "The valid values for ACTION are:\n"))
   (newline)
   (display (G_ "\
-   create    set up a fork of Guix\n"))
+   create          set up a fork of Guix\n"))
+  (display (G_ "\
+   authenticate    authenticate a fork of Guix\n"))
   (newline)
   (display (G_ "
   -h, --help             display this help and exit"))
@@ -38,7 +40,7 @@ (define (show-help)
   (newline)
   (show-bug-report-information))
 
-(define %sub-commands '("create"))
+(define %sub-commands '("create" "authenticate"))
 
 (define (resolve-sub-command name)
   (let ((module (resolve-interface
diff --git a/guix/scripts/fork/authenticate.scm b/guix/scripts/fork/authenticate.scm
new file mode 100644
index 0000000000..83d9d87d44
--- /dev/null
+++ b/guix/scripts/fork/authenticate.scm
@@ -0,0 +1,331 @@
+;;; GNU Guix --- Functional package management for GNU
+;;; Copyright © 2025 45mg <45mg.writes@HIDDEN>
+;;;
+;;; This file is part of GNU Guix.
+;;;
+;;; GNU Guix is free software; you can redistribute it and/or modify it
+;;; under the terms of the GNU General Public License as published by
+;;; the Free Software Foundation; either version 3 of the License, or (at
+;;; your option) any later version.
+;;;
+;;; GNU Guix is distributed in the hope that it will be useful, but
+;;; WITHOUT ANY WARRANTY; without even the implied warranty of
+;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+;;; GNU General Public License for more details.
+;;;
+;;; You should have received a copy of the GNU General Public License
+;;; along with GNU Guix.  If not, see <http://www.gnu.org/licenses/>.
+
+(define-module (guix scripts fork authenticate)
+  #:use-module (git)
+  #:use-module (guix git)
+  #:use-module (guix git-authenticate)
+  #:use-module (guix base16)
+  #:use-module (guix ui)
+  #:use-module (guix progress)
+  #:use-module (guix scripts)
+  #:use-module (guix build utils)
+  #:use-module (guix channels)
+  #:use-module (ice-9 exceptions)
+  #:use-module (ice-9 match)
+  #:use-module (ice-9 receive)
+  #:use-module (ice-9 popen)
+  #:use-module (ice-9 format)
+  #:use-module (ice-9 pretty-print)
+  #:use-module (ice-9 string-fun)
+  #:use-module (ice-9 textual-ports)
+  #:use-module (srfi srfi-1)
+  #:use-module (srfi srfi-13)
+  #:use-module (srfi srfi-26)
+  #:use-module (srfi srfi-37)
+  #:use-module (srfi srfi-71)
+  #:export (guix-fork-authenticate
+
+            fork-config-value
+            fork-configured?
+            fork-configured-keyring-reference
+            fork-configured-introduction))
+
+;;; Commentary:
+;;;
+;;; Authenticate a fork of Guix, in the same manner as `guix git
+;;; authenticate`.
+;;;
+;;; Code:
+
+(define %options
+  ;; Specifications of the command-line options.
+  (list (option '(#\h "help") #f #f
+                (lambda args
+                  (show-help)
+                  (exit 0)))
+        (option '(#\V "version") #f #f
+                (lambda args
+                  (show-version-and-exit "guix fork authenticate")))
+
+        (option '(#\r "repository") #t #f
+                (lambda (opt name arg result)
+                  (alist-cons 'directory arg result)))
+        (option '("upstream-commit") #f #f
+                (lambda (opt name arg result)
+                  (alist-cons 'upstream-commit (string->oid arg) result)))
+        (option '("upstream-signer") #f #f
+                (lambda (opt name arg result)
+                  (alist-cons 'upstream-signer (openpgp-fingerprint* arg) result)))
+
+        (option '(#\e "end") #t #f
+                (lambda (opt name arg result)
+                  (alist-cons 'end-commit (string->oid arg) result)))
+        (option '("upstream-end") #t #f
+                (lambda (opt name arg result)
+                  (alist-cons 'upstream-end-commit (string->oid arg) result)))
+        (option '(#\k "keyring") #t #f
+                (lambda (opt name arg result)
+                  (alist-cons 'keyring-reference arg result)))
+        (option '("upstream-keyring") #t #f
+                (lambda (opt name arg result)
+                  (alist-cons 'upstream-keyring arg result)))
+        (option '("cache-key") #t #f
+                (lambda (opt name arg result)
+                  (alist-cons 'cache-key arg result)))
+        (option '("historical-authorizations") #t #f
+                (lambda (opt name arg result)
+                  (alist-cons 'historical-authorizations arg
+                              result)))
+        (option '("stats") #f #f
+                (lambda (opt name arg result)
+                  (alist-cons 'show-stats? #t result)))))
+
+(define %default-options
+  (let ((introduction (channel-introduction %default-guix-channel)))
+    `((upstream-commit
+       . ,(string->oid (channel-introduction-first-signed-commit introduction)))
+      (upstream-signer
+       . ,(openpgp-fingerprint
+           (string-upcase
+            (bytevector->base16-string
+             (channel-introduction-first-commit-signer introduction)))))
+      (upstream-keyring
+       . "keyring"))))
+
+(define %usage
+  (format #f (G_ "Usage: guix fork authenticate UPSTREAM COMMIT SIGNER [OPTIONS...]
+Authenticate a fork of Guix, using COMMIT/SIGNER as the fork introduction.
+
+First, authenticate new commits from UPSTREAM, using Guix's default
+introduction. Then authenticate the remaining commits using the fork
+introduction.
+
+  -r, --repository=DIRECTORY
+                         Authenticate the Git repository in DIRECTORY
+
+      --upstream-commit=COMMIT
+      --upstream-signer=SIGNER
+                         Use COMMIT/SIGNER as the introduction for upstream
+                         Guix, overriding the default values
+                         ~a
+                        /~a
+                         (Guix's default introduction).
+
+  -k, --keyring=REFERENCE
+                         load keyring for fork commits from REFERENCE, a Git
+                         branch (default \"keyring\")
+      --upstream-keyring=REFERENCE
+                         load keyring for upstream commits from REFERENCE, a
+                         Git branch (default \"keyring\")
+      --end=COMMIT       authenticate fork commits up to COMMIT
+      --cache-key=KEY    cache authenticated commits under KEY
+      --historical-authorizations=FILE
+                         read historical authorizations from FILE
+      --stats            Display commit signing statistics upon completion
+
+  -h, --help             display this help and exit
+  -V, --version          display version information and exit
+")
+          (assoc-ref %default-options 'upstream-commit)
+          (assoc-ref %default-options 'upstream-signer)))
+
+(define (show-help)
+  (display %usage)
+  (newline)
+  (show-bug-report-information))
+
+(define (missing-arguments)
+  (leave (G_ "wrong number of arguments; \
+required UPSTREAM, COMMIT and SIGNER~%")))
+
+
+;;;
+;;; Helper prodecures.
+;;;
+
+(define (fork-config-value repository key)
+  "Return the config value associated with KEY in the
+'guix.fork-authentication' namespace in REPOSITORY, or #f if no such config
+was found."
+  (let* ((config (repository-config repository))
+         (branch (repository-current-branch repository)))
+    (catch 'git-error
+      (lambda ()
+        (config-entry-value
+         (config-get-entry config
+                           (string-append "guix.fork-authentication."
+                                          key))))
+      (const #f))))
+
+(define (fork-configured-introduction repository)
+  "Return three values: the upstream branch name, introductory commit, and
+signer fingerprint (strings) for this fork, as configured in REPOSITORY.
+Error out if any were missing."
+  (let* ((upstream-branch (fork-config-value repository "upstream-branch"))
+         (commit (fork-config-value repository "introduction-commit"))
+         (signer (fork-config-value repository "introduction-signer")))
+    (unless (and upstream-branch commit signer)
+      (leave (G_ "fork information in .git/config is incomplete;
+missing at least one of
+introduction-commit, introduction-signer, upstream-branch
+under [guix \"fork-authentication\"]")))
+    (values upstream-branch commit signer)))
+
+(define (fork-configured-keyring-reference repository)
+  "Return the keyring reference configured in REPOSITORY or #f if missing."
+  (fork-config-value repository "keyring"))
+
+(define (fork-configured? repository)
+  "Return true if REPOSITORY already contains fork introduction info in its
+'config' file."
+  (and (fork-config-value repository "upstream-branch")
+       (fork-config-value repository "introduction-commit")
+       (fork-config-value repository "introduction-signer")))
+
+(define* (record-fork-configuration
+          repository
+          #:key commit signer upstream-branch keyring-reference)
+  "Record COMMIT, SIGNER, UPSTREAM-BRANCH and KEYRING-REFERENCE in the
+'config' file of REPOSITORY."
+  (define config
+    (repository-config repository))
+
+  ;; Guile-Git < 0.7.0 lacks 'set-config-string'.
+  (if (module-defined? (resolve-interface '(git)) 'set-config-string)
+      (begin
+        (set-config-string config "guix.fork-authentication.introduction-commit"
+                           commit)
+        (set-config-string config "guix.fork-authentication.introduction-signer"
+                           signer)
+        (set-config-string config "guix.fork-authentication.upstream-branch"
+                           upstream-branch)
+        (set-config-string config "guix.fork-authentication.keyring"
+                           keyring-reference)
+        (info (G_ "introduction, upstream branch and keyring recorded \
+in repository configuration file~%")))
+      (warning (G_ "could not record introduction and keyring configuration\
+ (Guile-Git too old?)~%"))))
+
+
+(define (guix-fork-authenticate . args)
+  (define options
+    (parse-command-line args %options (list %default-options)
+                        #:build-options? #f))
+
+  (define (command-line-arguments lst)
+    (reverse (filter-map (match-lambda
+                           (('argument . arg) arg)
+                           (_ #f))
+                         lst)))
+
+  (define (make-reporter start-commit end-commit commits)
+    (format (current-error-port)
+            (G_ "Authenticating commits ~a to ~a (~h new \
+commits)...~%")
+            (commit-short-id start-commit)
+            (commit-short-id end-commit)
+            (length commits))
+    (if (isatty? (current-error-port))
+        (progress-reporter/bar (length commits))
+        progress-reporter/silent))
+
+  (with-error-handling
+    (with-git-error-handling
+     ;; TODO: BUG: it doesn't recognize '~' in paths
+     ;; How to do 'realpath' in Guile?
+     (let* ((repository (repository-open (or (assoc-ref options 'directory)
+                                             (repository-discover "."))))
+            (upstream commit signer (match (command-line-arguments options)
+                                      ((upstream commit signer)
+                                       (values
+                                        (branch-lookup repository upstream)
+                                        (string->oid commit)
+                                        (openpgp-fingerprint* signer)))
+                                      (()
+                                       (receive (upstream commit signer)
+                                           (fork-configured-introduction repository)
+                                         (values
+                                          (branch-lookup repository upstream)
+                                          (string->oid commit)
+                                          (openpgp-fingerprint* signer))))
+                                      (_
+                                       (missing-arguments))))
+            (upstream-commit (assoc-ref options 'upstream-commit))
+            (upstream-signer (assoc-ref options 'upstream-signer))
+            (history (match (assoc-ref options 'historical-authorizations)
+                       (#f '())
+                       (file (call-with-input-file file
+                               read-authorizations))))
+            (keyring (or (assoc-ref options 'keyring-reference)
+                         (fork-configured-keyring-reference repository)
+                         "keyring"))
+            (upstream-keyring (assoc-ref options 'upstream-keyring))
+            (end (match (assoc-ref options 'end-commit)
+                   (#f  (reference-target
+                         (repository-head repository)))
+                   (oid oid)))
+            (upstream-end (match (assoc-ref options 'upstream-end-commit)
+                            (#f
+                             (reference-target upstream))
+                            (oid oid)))
+            (cache-key (or (assoc-ref options 'cache-key)
+                           (repository-cache-key repository)))
+            (show-stats? (assoc-ref options 'show-stats?)))
+
+       (define upstream-authentication-args
+         (filter identity
+                 (list
+                  (oid->string upstream-commit)
+                  (bytevector->base16-string upstream-signer)
+                  (string-append "--repository="
+                                 (repository-directory repository))
+                  (string-append "--end="
+                                 (oid->string upstream-end))
+                  (and upstream-keyring
+                       (string-append "--keyring="
+                                      upstream-keyring))
+                  (and show-stats? "--stats"))))
+
+       (info (G_ "calling `guix git authenticate` for branch ~a...~%")
+             (branch-name upstream))
+
+       (apply run-guix-command 'git "authenticate"
+              upstream-authentication-args)
+
+       (define fork-stats
+         (authenticate-repository
+          repository commit signer
+          #:end end
+          #:keyring-reference keyring
+          #:historical-authorizations history
+          #:cache-key cache-key
+          #:make-reporter make-reporter))
+
+       (unless (fork-configured? repository)
+         (record-fork-configuration repository
+                               #:commit (oid->string commit)
+                               #:signer (bytevector->base16-string signer)
+                               #:upstream-branch (branch-name upstream)
+                               #:keyring-reference keyring))
+
+       (when (and show-stats? (not (null? fork-stats)))
+         (show-authentication-stats fork-stats))
+
+       (info (G_ "successfully authenticated commit ~a~%")
+             (oid->string end))))))
-- 
2.48.1





Information forwarded to guix@HIDDEN, dev@HIDDEN, ludo@HIDDEN, othacehe@HIDDEN, zimon.toutoune@HIDDEN, me@HIDDEN, guix-patches@HIDDEN:
bug#75981; Package guix-patches. Full text available.

Message received at 75981 <at> debbugs.gnu.org:


Received: (at 75981) by debbugs.gnu.org; 1 Feb 2025 11:45:18 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Sat Feb 01 06:45:18 2025
Received: from localhost ([127.0.0.1]:56710 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1teBw3-00052s-AA
	for submit <at> debbugs.gnu.org; Sat, 01 Feb 2025 06:45:18 -0500
Received: from mail-pl1-x643.google.com ([2607:f8b0:4864:20::643]:52474)
 by debbugs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)
 (Exim 4.84_2) (envelope-from <45mg.writes@HIDDEN>)
 id 1teBvz-0004yw-La
 for 75981 <at> debbugs.gnu.org; Sat, 01 Feb 2025 06:45:13 -0500
Received: by mail-pl1-x643.google.com with SMTP id
 d9443c01a7336-2165cb60719so52565045ad.0
 for <75981 <at> debbugs.gnu.org>; Sat, 01 Feb 2025 03:45:11 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=gmail.com; s=20230601; t=1738410305; x=1739015105; darn=debbugs.gnu.org;
 h=content-transfer-encoding:mime-version:references:in-reply-to
 :message-id:date:subject:cc:to:from:from:to:cc:subject:date
 :message-id:reply-to;
 bh=F85/sIfvICd2GtgcoafUgDYLDpJBVD1bPSct/mRV/9k=;
 b=bK31Jf3XsQ3sIcYq0IOHUvA+9m5TvAeX2wWccNazc7IrwEClElwBKdEBqftKCDFBQr
 jaElJiurMPngHPCIlzvhl4MJrCB6MuW1S58izZFekgwA5RIJsfYmba+KHDsXOnTisqvW
 2Rw2hiwnDfNKTjxn5BSpgIosrf7x1INYZEOi5EZKa8jXt8EnicbN8ABOwYwB/pBS8lh9
 0JGS1DwVP2fxBBoUvi1krTIixZ8FUSHk1h4PJkU/6PM58uCXtwOi2I6MO8guhTTutcPi
 yb5jBJupoTPGbWSONWzeEhGV7GDJRE+tDjbF6TNM6N7N3xudpNtqKugNWfA5MTf4J4Kq
 ZlvQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20230601; t=1738410305; x=1739015105;
 h=content-transfer-encoding:mime-version:references:in-reply-to
 :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc
 :subject:date:message-id:reply-to;
 bh=F85/sIfvICd2GtgcoafUgDYLDpJBVD1bPSct/mRV/9k=;
 b=ICkouMBKC59YswbarCLbxm1Xbrx7HBPxFCDBIbCkqSYakIL6FfuGJVFoV2/SsjzFeN
 j96h6LvNKvRsmTgYyhCxw9JzVrzcYvD6QOR1DrpI5jfAx3aF8u2GcXXMEM0fycby51DA
 exuY4G1512H5c2X4/doQofCkHuESl1Yw0maQQiSMlHYv2Jdmeec4Wz0X6TjAhQdJDsKm
 1W3skJx8RIVI0jbt5OMA7QlzvWZEygWRcTHRQ7NTCPYXEKcZSxz5m+VCvqWYPj7vXSBl
 gwZlk0U8YOB1JmVKRd+Du8AWbYk+uHJRwPwFL3xF2eWywy3foBzk4luyTYqpSOMwa+1b
 P0zA==
X-Gm-Message-State: AOJu0YxU9fL+wTTucMly11XhJgsvHG2da8Bd7dSW+nkRY63XudNAaBlA
 A8OrhVRc775CdYmW7UMfLtx+UhVDA0gn+NTGzi3A7ZyWgSoeze68/7aEk8rj
X-Gm-Gg: ASbGnct43AWJarvH6DRJn84eySKEOstYlok61kAZ0TDedank90JkXmaRHKZqXa4Q6WJ
 xqSXPYX9rAl/YzVzFzRz9ltHc2RpTXglad2x9knFjb2NwmxDZOmIi6pNR45wE48x5oE3GBpqt8D
 tGZez7ANUd8WZzP/IzlMSFSnKpMzYSemsQHmh7FoMMDpGk22ReEM5273ONcPxMXlgbwcHFoCFtM
 prnna6F3T2AZ8+/3n7i/1W3JEbg46Hc7bsV0aowUZvLIRpjXElOZRlICRvySnEOgX6V0uLarCy8
 sUMSAvWaFI0dYxs2YsN9lxm/9Y3fkeXJsiD+4A==
X-Google-Smtp-Source: AGHT+IFgcnX80p98Lzc3vxehsQfdGymWiyMRQn2rF027BU+AZOJk/G87bILk+ezOCVYqIK/wf4ZgSA==
X-Received: by 2002:a17:902:ec8a:b0:215:b473:1dc9 with SMTP id
 d9443c01a7336-21dd7de383fmr226484925ad.46.1738410304925; 
 Sat, 01 Feb 2025 03:45:04 -0800 (PST)
Received: from localhost.localdomain (utm3.nitt.edu. [14.139.162.2])
 by smtp.gmail.com with ESMTPSA id
 d9443c01a7336-21de331f8d4sm43844805ad.224.2025.02.01.03.45.01
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Sat, 01 Feb 2025 03:45:04 -0800 (PST)
From: 45mg <45mg.writes@HIDDEN>
To: 75981 <at> debbugs.gnu.org
Subject: [PATCH (WIP) v1.5 1/4] Add 'guix fork create'.
Date: Sat,  1 Feb 2025 17:13:23 +0530
Message-ID: <590b269995eb83d8fe2b584a40a58fa9ed473c54.1738408683.git.45mg.writes@HIDDEN>
X-Mailer: git-send-email 2.48.1
In-Reply-To: <cover.1738408683.git.45mg.writes@HIDDEN>
References: <cover.1738408683.git.45mg.writes@HIDDEN>
MIME-Version: 1.0
X-Debbugs-Cc: Christopher Baines <guix@HIDDEN>, Josselin Poiret <dev@HIDDEN>, Ludovic Courtès <ludo@HIDDEN>, Mathieu Othacehe <othacehe@HIDDEN>, Simon Tournier <zimon.toutoune@HIDDEN>, Tobias Geerinckx-Rice <me@HIDDEN>
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-Spam-Score: 0.0 (/)
X-Debbugs-Envelope-To: 75981
Cc: Nicolas Graves <ngraves@HIDDEN>, Tomas Volf <~@wolfsden.cz>,
 45mg <45mg.writes@HIDDEN>,
 Liliana Marie Prikler <liliana.prikler@HIDDEN>,
 Ricardo Wurmus <rekado@HIDDEN>, Attila Lendvai <attila@HIDDEN>
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -1.0 (-)

* guix/scripts/fork.scm, guix/scripts/fork/create.scm: New files.
* Makefile.am (MODULES): Add the new files.
* guix/build/utils.scm (invoke/stdout): New procedure.
* guix/utils.scm (chain-cut): New procedure.
* guix/scripts/git/authenticate.scm
(commit-short-id): Remove procedure, and use its existing duplicate in
guix/channels.scm.
(openpgp-fingerprint*, current-branch, show-stats): Move procedures to
the files below.
* guix/channels.scm (openpgp-fingerprint*): Moved here.
* guix/git.scm (repository-current-branch): Moved here and renamed from
'current-branch'.
* guix/git-authenticate.scm (show-authentication-stats): Moved here and
renamed from 'show-stats'.

Change-Id: I45ba37f434e136f6d496c741d9a933280f9ccf88
---
 Makefile.am                       |   2 +
 guix/channels.scm                 |  13 ++
 guix/git-authenticate.scm         |  17 ++
 guix/git.scm                      |  10 ++
 guix/scripts/fork.scm             |  67 ++++++++
 guix/scripts/fork/create.scm      | 258 ++++++++++++++++++++++++++++++
 guix/scripts/git/authenticate.scm |  45 +-----
 guix/utils.scm                    |  61 +++++++
 8 files changed, 432 insertions(+), 41 deletions(-)
 create mode 100644 guix/scripts/fork.scm
 create mode 100644 guix/scripts/fork/create.scm

diff --git a/Makefile.am b/Makefile.am
index f759803b8b..c628450a5a 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -377,6 +377,8 @@ MODULES =					\
   guix/scripts/size.scm				\
   guix/scripts/git.scm				\
   guix/scripts/git/authenticate.scm		\
+  guix/scripts/fork.scm			\
+  guix/scripts/fork/create.scm			\
   guix/scripts/graph.scm			\
   guix/scripts/weather.scm			\
   guix/scripts/container.scm			\
diff --git a/guix/channels.scm b/guix/channels.scm
index 4700f7a45d..6ca8e64881 100644
--- a/guix/channels.scm
+++ b/guix/channels.scm
@@ -47,6 +47,7 @@ (define-module (guix channels)
   #:use-module (guix packages)
   #:use-module (guix progress)
   #:use-module (guix derivations)
+  #:autoload   (rnrs bytevectors) (bytevector-length)
   #:use-module (guix diagnostics)
   #:use-module (guix sets)
   #:use-module (guix store)
@@ -81,6 +82,7 @@ (define-module (guix channels)
 
             openpgp-fingerprint->bytevector
             openpgp-fingerprint
+            openpgp-fingerprint*
 
             %default-guix-channel
             %default-channels
@@ -171,6 +173,17 @@ (define-syntax openpgp-fingerprint
       ((_ str)
        #'(openpgp-fingerprint->bytevector str)))))
 
+(define (openpgp-fingerprint* str)
+  "Like openpgp-fingerprint, but with error handling from (guix diagnostics)."
+    (unless (string-every (char-set-union char-set:hex-digit
+                                          char-set:whitespace)
+                          str)
+      (leave (G_ "~a: invalid OpenPGP fingerprint~%") str))
+    (let ((fingerprint (openpgp-fingerprint str)))
+      (unless (= 20 (bytevector-length fingerprint))
+        (leave (G_ "~a: wrong length for OpenPGP fingerprint~%") str))
+      fingerprint))
+
 (define %guix-channel-introduction
   ;; Introduction of the official 'guix channel.  The chosen commit is the
   ;; first one that introduces '.guix-authorizations' on the 'staging'
diff --git a/guix/git-authenticate.scm b/guix/git-authenticate.scm
index 37c69d0880..8bc7fb6fb3 100644
--- a/guix/git-authenticate.scm
+++ b/guix/git-authenticate.scm
@@ -40,6 +40,7 @@ (define-module (guix git-authenticate)
   #:use-module (rnrs bytevectors)
   #:use-module (rnrs io ports)
   #:use-module (ice-9 match)
+  #:use-module (ice-9 format)
   #:autoload   (ice-9 pretty-print) (pretty-print)
   #:export (read-authorizations
             commit-signing-key
@@ -52,6 +53,7 @@ (define-module (guix git-authenticate)
 
             repository-cache-key
             authenticate-repository
+            show-authentication-stats
 
             git-authentication-error?
             git-authentication-error-commit
@@ -449,3 +451,18 @@ (define* (authenticate-repository repository start signer
                                       (oid->string (commit-id end-commit)))
 
           stats))))
+
+(define (show-authentication-stats stats)
+  "Display STATS, an alist containing commit signing stats as returned by
+'authenticate-repository'."
+  (format #t (G_ "Signing statistics:~%"))
+  (for-each (match-lambda
+              ((signer . count)
+               (format #t "  ~a ~10d~%"
+                       (openpgp-format-fingerprint
+                        (openpgp-public-key-fingerprint signer))
+                       count)))
+            (sort stats
+                  (match-lambda*
+                    (((_ . count1) (_ . count2))
+                     (> count1 count2))))))
diff --git a/guix/git.scm b/guix/git.scm
index 6ac6e4e3a2..afeacb53aa 100644
--- a/guix/git.scm
+++ b/guix/git.scm
@@ -59,6 +59,7 @@ (define-module (guix git)
             with-git-error-handling
             false-if-git-not-found
             repository-info
+            repository-current-branch
             update-cached-checkout
             url+commit->name
             latest-repository-commit
@@ -401,6 +402,15 @@ (define (repository-info directory)
     (lambda _
       (values #f #f #f))))
 
+(define (repository-current-branch repository)
+  "Return the name of the checked out branch of REPOSITORY or #f if it could
+not be determined."
+  (and (not (repository-head-detached? repository))
+       (let* ((head (repository-head repository))
+              (name (reference-name head)))
+         (and (string-prefix? "refs/heads/" name)
+              (string-drop name (string-length "refs/heads/"))))))
+
 (define* (update-submodules repository
                             #:key (log-port (current-error-port))
                             (fetch-options #f))
diff --git a/guix/scripts/fork.scm b/guix/scripts/fork.scm
new file mode 100644
index 0000000000..2d97bcb93f
--- /dev/null
+++ b/guix/scripts/fork.scm
@@ -0,0 +1,67 @@
+;;; GNU Guix --- Functional package management for GNU
+;;; Copyright © 2025 45mg <45mg.writes@HIDDEN>
+;;;
+;;; This file is part of GNU Guix.
+;;;
+;;; GNU Guix is free software; you can redistribute it and/or modify it
+;;; under the terms of the GNU General Public License as published by
+;;; the Free Software Foundation; either version 3 of the License, or (at
+;;; your option) any later version.
+;;;
+;;; GNU Guix is distributed in the hope that it will be useful, but
+;;; WITHOUT ANY WARRANTY; without even the implied warranty of
+;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+;;; GNU General Public License for more details.
+;;;
+;;; You should have received a copy of the GNU General Public License
+;;; along with GNU Guix.  If not, see <http://www.gnu.org/licenses/>.
+
+(define-module (guix scripts fork)
+  #:use-module (ice-9 match)
+  #:use-module (guix ui)
+  #:use-module (guix scripts)
+  #:export (guix-fork))
+
+(define (show-help)
+  (display (G_ "Usage: guix fork ACTION ARGS...
+Create and manage authenticated forks of Guix.\n"))
+  (newline)
+  (display (G_ "The valid values for ACTION are:\n"))
+  (newline)
+  (display (G_ "\
+   create    set up a fork of Guix\n"))
+  (newline)
+  (display (G_ "
+  -h, --help             display this help and exit"))
+  (display (G_ "
+  -V, --version          display version information and exit"))
+  (newline)
+  (show-bug-report-information))
+
+(define %sub-commands '("create"))
+
+(define (resolve-sub-command name)
+  (let ((module (resolve-interface
+                 `(guix scripts fork ,(string->symbol name))))
+        (proc (string->symbol (string-append "guix-fork-" name))))
+    (module-ref module proc)))
+
+(define-command (guix-fork . args)
+  (category plumbing)
+  (synopsis "operate on Guix forks")
+
+  (with-error-handling
+    (match args
+      (()
+       (format (current-error-port)
+               (G_ "guix fork: missing sub-command~%")))
+      ((or ("-h") ("--help"))
+       (leave-on-EPIPE (show-help))
+       (exit 0))
+      ((or ("-V") ("--version"))
+       (show-version-and-exit "guix fork"))
+      ((sub-command args ...)
+       (if (member sub-command %sub-commands)
+           (apply (resolve-sub-command sub-command) args)
+           (format (current-error-port)
+                   (G_ "guix fork: invalid sub-command~%")))))))
diff --git a/guix/scripts/fork/create.scm b/guix/scripts/fork/create.scm
new file mode 100644
index 0000000000..a9de204f23
--- /dev/null
+++ b/guix/scripts/fork/create.scm
@@ -0,0 +1,258 @@
+;;; GNU Guix --- Functional package management for GNU
+;;; Copyright © 2025 Tomas Volf <~@wolfsden.cz>
+;;; Copyright © 2025 45mg <45mg.writes@HIDDEN>
+;;;
+;;; This file is part of GNU Guix.
+;;;
+;;; GNU Guix is free software; you can redistribute it and/or modify it
+;;; under the terms of the GNU General Public License as published by
+;;; the Free Software Foundation; either version 3 of the License, or (at
+;;; your option) any later version.
+;;;
+;;; GNU Guix is distributed in the hope that it will be useful, but
+;;; WITHOUT ANY WARRANTY; without even the implied warranty of
+;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+;;; GNU General Public License for more details.
+;;;
+;;; You should have received a copy of the GNU General Public License
+;;; along with GNU Guix.  If not, see <http://www.gnu.org/licenses/>.
+
+(define-module (guix scripts fork create)
+  #:use-module (guix ui)
+  #:use-module (guix scripts)
+  #:use-module ((guix utils) #:select (chain-cut
+                                       invoke/stdout))  ;TODO move to (guix build utils)
+  #:use-module (guix build utils)
+  #:use-module (guix channels)
+  #:use-module (ice-9 exceptions)
+  #:use-module (ice-9 match)
+  #:use-module (ice-9 popen)
+  #:use-module (ice-9 pretty-print)
+  #:use-module (ice-9 string-fun)
+  #:use-module (ice-9 textual-ports)
+  #:use-module (srfi srfi-1)
+  #:use-module (srfi srfi-13)
+  #:use-module (srfi srfi-26)
+  #:use-module (srfi srfi-37)
+  #:use-module (srfi srfi-71)
+  #:export (guix-fork-create))
+
+;;; Commentary:
+;;;
+;;; Create a fork of Guix, by running a series of git commands.
+;;;
+;;; Code:
+
+(define %options
+  ;; Specifications of the command-line options.
+  (list (option '(#\h "help") #f #f
+                (lambda args
+                  (show-help)
+                  (exit 0)))
+        (option '(#\V "version") #f #f
+                (lambda args
+                  (show-version-and-exit "guix fork create")))
+        (option '("upstream") #t #f
+                (lambda (opt name arg result)
+                  (alist-cons 'upstream arg result)))
+        (option '("channel-url") #t #f
+                (lambda (opt name arg result)
+                  (alist-cons 'channel-url arg result)))
+        (option '("use-existing") #f #f
+                (lambda (opt name arg result)
+                  (alist-cons 'use-existing? #t result)))
+        (option '("git-parameter") #t #f
+                (lambda (opt name arg result)
+                  (let ((git-parameters (assoc-ref result 'git-parameters)))
+                    (if git-parameters
+                        (alist-cons 'git-parameters (cons arg git-parameters) result)
+                        (alist-cons 'git-parameters (list arg) result)))))))
+
+(define %default-options
+  `((upstream . ,(channel-url %default-guix-channel))))
+
+(define %usage
+  (format #f (G_ "Usage: guix fork create SIGNING_KEY [DIRECTORY OPTIONS...]
+Create a fork of Guix in DIRECTORY, using SIGNING_KEY to sign the introductory
+commit.
+DIRECTORY defaults to ./guix.
+
+      --upstream=URI     the repository to clone from
+                         (defaults to ~a)
+      --channel-url=URI  optional URI, used to replace the channel URL
+                         and the existing 'origin' remote (which is
+                         renamed to 'upstream')
+      --use-existing     Use existing clone of Guix in DIRECTORY
+      --git-parameter PARAMETER
+                         Specify configuration PARAMETER for git, via
+                         '-c' option (can pass multiple times)
+
+  -h, --help             display this help and exit
+  -V, --version          display version information and exit
+")
+      (channel-url %default-guix-channel)))
+
+(define (show-help)
+  (display %usage)
+  (newline)
+  (show-bug-report-information))
+
+(define (missing-arguments)
+    (leave (G_ "wrong number of arguments; \
+required SIGNING_KEY~%")))
+
+
+;;;
+;;; Helper prodecures.
+;;;
+
+(define (fingerprint->key-file-name fingerprint)
+  (let* ((listing (invoke/stdout "gpg" "--list-key" "--with-colons" fingerprint))
+         (uid (chain-cut listing
+                           (string-split <> #\newline)
+                           (filter (cut string-prefix? "uid:" <>) <>)
+                           first
+                           (string-split <> #\:)
+                           tenth))
+         (email-name (string-delete
+                      (cut eq? <> #\.)
+                      (substring uid
+                                 (1+ (or (string-index-right uid #\<)
+                                         -1))  ;no name in uid
+                                 (string-index uid #\@))))
+         (key-id (chain-cut listing
+                      (string-split <> #\newline)
+                      (filter (cut string-prefix? "pub:" <>) <>)
+                      car
+                      (string-split <> #\:)
+                      fifth
+                      (string-take-right <> 8))))
+    (string-append email-name "-" key-id ".key")))
+
+(define (update-channel-url file channel-url)
+  "Modify .guix_channel FILE.
+Change the channel url to CHANNEL-URL."
+  (let ((channel-data (call-with-input-file file read)))
+    (assq-set! (cdr channel-data) 'url (list channel-url))
+    (call-with-output-file file
+      (lambda (file)
+        (display ";; This is a Guix channel.\n\n" file)
+        (pretty-print channel-data file)))))
+
+(define (rewrite-authorizations file name fingerprint)
+  "Rewrite .guix-authorizations FILE to contain a single authorization
+consisting of NAME and FINGERPRINT."
+  (let ((auth-data (call-with-input-file file read)))
+    (list-set! auth-data (1- (length auth-data))
+               `((,fingerprint (name ,name))))
+    (call-with-output-file file
+      (lambda (file)
+        (display ";; This file, which is best viewed as -*- Scheme -*-, lists the OpenPGP keys
+;; currently authorized to sign commits in this fork branch.
+
+" file)
+        (pretty-print auth-data file)))))
+
+
+;;;
+;;; Entry point.
+;;;
+
+(define (guix-fork-create . args)
+  (define options
+    (parse-command-line args %options (list %default-options)
+                        #:build-options? #f))
+
+  (define (command-line-arguments lst)
+    (reverse (filter-map (match-lambda
+                           (('argument . arg) arg)
+                           (_ #f))
+                         lst)))
+
+  (with-error-handling
+    (let* ((signing-key directory (match (command-line-arguments options)
+                                    ((signing-key directory)
+                                     (values signing-key directory))
+                                    ((signing-key)
+                                     (values signing-key "guix"))
+                                    (_ (missing-arguments))))
+           (upstream (assoc-ref options 'upstream))
+           (channel-url (assoc-ref options 'channel-url))
+           (use-existing? (assoc-ref options 'use-existing?))
+           (git-parameters (assoc-ref options 'git-parameters))
+           (git-c-options  ;'("-c" "param1" "-c" "param2" ...)
+            (let loop ((opts '()) (params git-parameters))
+              (if (or (not params) (null-list? params))
+                  opts
+                  (loop (append
+                         opts (list "-c" (first params)))
+                        (drop params 1)))))
+
+           (key-file-name (fingerprint->key-file-name signing-key))
+           (introduction-name (car (string-split key-file-name #\-)))
+
+           (upstream-branch-name "master"))
+
+      (define (invoke-git . args)
+        (apply invoke `("git" ,@git-c-options "-C" ,directory ,@args)))
+
+      (unless use-existing?
+        (info (G_ "Cloning from upstream ~a...~%") upstream)
+        (invoke "git" "clone" upstream directory))
+
+      (info (G_ "Authenticating upstream commits...~%"))
+
+      (when channel-url
+        (info (G_ "Renaming existing 'origin' remote to 'upstream'...~%"))
+        (invoke-git "remote" "rename" "origin" "upstream")
+        (info (G_ "Using provided channel URL for new 'origin' remote...~%"))
+        (invoke-git "remote" "add" "origin" channel-url))
+
+      (set! upstream-branch-name
+            (chain-cut
+             (invoke/stdout "git"
+                            "-C" directory
+                            "symbolic-ref"
+                            (string-append "refs/remotes/"
+                                           (if channel-url "upstream" "origin")
+                                           "/HEAD"))
+             string-trim-right
+             (string-split <> #\/)
+             last))
+
+      (info (G_ "Adding key to keyring branch...~%"))
+      (invoke-git "switch" "keyring")
+      (invoke "gpg"
+              "--armor" "--export"
+              "-o" (string-append directory "/" key-file-name)
+              signing-key)
+      (invoke-git "add" "--" key-file-name)
+      (invoke-git "commit" "-m" "Add key for fork introduction.")
+
+      (info (G_ "Setting up fork branch...~%"))
+      (invoke-git "switch" "--create" "fork" "master")
+      (when channel-url
+        (update-channel-url (string-append directory "/.guix-channel")
+                            channel-url))
+      (rewrite-authorizations (string-append directory "/.guix-authorizations")
+                              introduction-name signing-key)
+      (invoke-git "add" "--"
+                  (string-append directory "/.guix-authorizations")
+                  (string-append directory "/.guix-channel"))
+      (invoke-git "commit"
+                  (string-append "--gpg-sign=" signing-key)
+                  "-m"
+                  (string-append
+                   "Initial fork commit.\n\n"
+                   ".guix-authorizations: Allow only " introduction-name "'s key."
+                   (if channel-url
+                       "\n.guix-channels: Update channel URL."
+                       "")))
+
+      (info (G_ "Successfully created Guix fork in ~a.
+You should run the following command next:
+guix fork authenticate ~a ~a ~a~%")
+            directory
+            upstream-branch-name
+            (string-trim-right (invoke/stdout "git" "-C" directory "rev-parse" "HEAD"))
+            signing-key))))
diff --git a/guix/scripts/git/authenticate.scm b/guix/scripts/git/authenticate.scm
index e3ecb67c89..154aae9b14 100644
--- a/guix/scripts/git/authenticate.scm
+++ b/guix/scripts/git/authenticate.scm
@@ -23,8 +23,8 @@ (define-module (guix scripts git authenticate)
   #:use-module (guix git-authenticate)
   #:autoload   (guix openpgp) (openpgp-format-fingerprint
                                openpgp-public-key-fingerprint)
-  #:use-module ((guix channels) #:select (openpgp-fingerprint))
-  #:use-module ((guix git) #:select (with-git-error-handling))
+  #:use-module ((guix channels) #:select (openpgp-fingerprint*))
+  #:use-module ((guix git) #:select (with-git-error-handling commit-short-id repository-current-branch))
   #:use-module (guix progress)
   #:use-module (guix base64)
   #:autoload   (rnrs bytevectors) (bytevector-length)
@@ -76,15 +76,6 @@ (define %options
 (define %default-options
   '())
 
-(define (current-branch repository)
-  "Return the name of the checked out branch of REPOSITORY or #f if it could
-not be determined."
-  (and (not (repository-head-detached? repository))
-       (let* ((head (repository-head repository))
-              (name (reference-name head)))
-         (and (string-prefix? "refs/heads/" name)
-              (string-drop name (string-length "refs/heads/"))))))
-
 (define (config-value repository key)
   "Return the config value associated with KEY in the 'guix.authentication' or
 'guix.authentication-BRANCH' name space in REPOSITORY, or #f if no such config
@@ -94,7 +85,7 @@ (define (config-value repository key)
                   ((_ exp)
                    (catch 'git-error (lambda () exp) (const #f))))))
     (let* ((config (repository-config repository))
-           (branch (current-branch repository)))
+           (branch (repository-current-branch repository)))
       ;; First try the BRANCH-specific value, then the generic one.`
       (or (and branch
                (false-if-git-error
@@ -194,21 +185,6 @@ (define (install-hooks repository)
       (warning (G_ "cannot determine where to install hooks\
  (Guile-Git too old?)~%"))))
 
-(define (show-stats stats)
-  "Display STATS, an alist containing commit signing stats as returned by
-'authenticate-repository'."
-  (format #t (G_ "Signing statistics:~%"))
-  (for-each (match-lambda
-              ((signer . count)
-               (format #t "  ~a ~10d~%"
-                       (openpgp-format-fingerprint
-                        (openpgp-public-key-fingerprint signer))
-                       count)))
-            (sort stats
-                  (match-lambda*
-                    (((_ . count1) (_ . count2))
-                     (> count1 count2))))))
-
 (define (show-help)
   (display (G_ "Usage: guix git authenticate COMMIT SIGNER [OPTIONS...]
 Authenticate the given Git checkout using COMMIT/SIGNER as its introduction.\n"))
@@ -251,19 +227,6 @@ (define (guix-git-authenticate . args)
                            (_ #f))
                          lst)))
 
-  (define commit-short-id
-    (compose (cut string-take <> 7) oid->string commit-id))
-
-  (define (openpgp-fingerprint* str)
-    (unless (string-every (char-set-union char-set:hex-digit
-                                          char-set:whitespace)
-                          str)
-      (leave (G_ "~a: invalid OpenPGP fingerprint~%") str))
-    (let ((fingerprint (openpgp-fingerprint str)))
-      (unless (= 20 (bytevector-length fingerprint))
-        (leave (G_ "~a: wrong length for OpenPGP fingerprint~%") str))
-      fingerprint))
-
   (define (make-reporter start-commit end-commit commits)
     (format (current-error-port)
             (G_ "Authenticating commits ~a to ~a (~h new \
@@ -321,7 +284,7 @@ (define (guix-git-authenticate . args)
          (install-hooks repository))
 
        (when (and show-stats? (not (null? stats)))
-         (show-stats stats))
+         (show-authentication-stats stats))
 
        (info (G_ "successfully authenticated commit ~a~%")
              (oid->string end))))))
diff --git a/guix/utils.scm b/guix/utils.scm
index b6cf5aea4f..0d023e7729 100644
--- a/guix/utils.scm
+++ b/guix/utils.scm
@@ -21,6 +21,8 @@
 ;;; Copyright © 2023 Zheng Junjie <873216071@HIDDEN>
 ;;; Copyright © 2023 Foundation Devices, Inc. <hello@HIDDEN>
 ;;; Copyright © 2024 Herman Rimm <herman@HIDDEN>
+;;; Copyright © 2025 Tomas Volf <~@wolfsden.cz>
+;;; Copyright © 2025 45mg <45mg.writes@HIDDEN>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -44,6 +46,8 @@ (define-module (guix utils)
   #:use-module (srfi srfi-11)
   #:use-module (srfi srfi-26)
   #:use-module (srfi srfi-71)
+  #:use-module (srfi srfi-35)  ;TODO remove after moving invoke/stdout
+  #:use-module (ice-9 popen)  ;TODO remove after moving invoke/stdout
   #:use-module (rnrs io ports)                    ;need 'port-position' etc.
   #:use-module ((rnrs bytevectors) #:select (bytevector-u8-set!))
   #:use-module (guix memoization)
@@ -163,6 +167,9 @@ (define-module (guix utils)
             call-with-compressed-output-port
             canonical-newline-port
 
+            chain-cut
+            invoke/stdout  ;TODO move to (guix build utils)
+
             string-distance
             string-closest
 
@@ -1193,6 +1200,60 @@ (define-syntax current-source-directory
           ;; raising an error would upset Geiser users
           #f))))))
 
+
+;;;
+;;; Higher-order functions.
+;;;
+
+(define-syntax chain-cut
+  (lambda (x)
+    "Apply each successive form to the result of evaluating the previous one.
+Before applying, expand each form (op ...) to (cut op ...).
+
+Examples:
+
+    (chain-cut '(1 2 3) cdr car)
+ => (car (cdr '(1 2 3)))
+
+    (chain-cut 2 (- 3 <>) 1+)
+ => (1+ ((cut - 3 <>) 2))
+ => (1+ (- 3 2))
+"
+    (syntax-case x ()
+      ((chain-cut init op) (identifier? #'op)
+       #'(op init))
+      ((chain-cut init (op ...))
+       #'((cut op ...) init))
+      ((chain-cut init op op* ...) (identifier? #'op)
+       #'(chain-cut (op init) op* ...))
+      ((chain-cut init (op ...) op* ...)
+       #'(chain-cut ((cut op ...) init) op* ...)))))
+
+;; Copied from (guix build utils); remove
+(define-condition-type &invoke-error &error
+  invoke-error?
+  (program      invoke-error-program)
+  (arguments    invoke-error-arguments)
+  (exit-status  invoke-error-exit-status)
+  (term-signal  invoke-error-term-signal)
+  (stop-signal  invoke-error-stop-signal))
+;; TODO move to (guix build utils)
+(define (invoke/stdout program . args)
+  "Invoke PROGRAM with ARGS and capture PROGRAM's standard output.  If PROGRAM
+succeeds, return its standard output as a string.  Otherwise, raise an
+'&invoke-error' condition."
+  (let* ((port (apply open-pipe* OPEN_READ program args))
+         (data (get-string-all port))
+         (code (close-pipe port)))
+    (unless (zero? code)
+      (raise (condition (&invoke-error
+                         (program program)
+                         (arguments args)
+                         (exit-status (status:exit-val code))
+                         (term-signal (status:term-sig code))
+                         (stop-signal (status:stop-sig code))))))
+    data))
+
 
 ;;;
 ;;; String comparison.
-- 
2.48.1





Information forwarded to guix@HIDDEN, dev@HIDDEN, ludo@HIDDEN, othacehe@HIDDEN, zimon.toutoune@HIDDEN, me@HIDDEN, guix-patches@HIDDEN:
bug#75981; Package guix-patches. Full text available.

Message received at 75981 <at> debbugs.gnu.org:


Received: (at 75981) by debbugs.gnu.org; 1 Feb 2025 11:44:04 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Sat Feb 01 06:44:04 2025
Received: from localhost ([127.0.0.1]:56704 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1teBut-0004wm-Lo
	for submit <at> debbugs.gnu.org; Sat, 01 Feb 2025 06:44:03 -0500
Received: from mail-pj1-x1043.google.com ([2607:f8b0:4864:20::1043]:55385)
 by debbugs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)
 (Exim 4.84_2) (envelope-from <45mg.writes@HIDDEN>)
 id 1teBuq-0004w2-Le
 for 75981 <at> debbugs.gnu.org; Sat, 01 Feb 2025 06:44:01 -0500
Received: by mail-pj1-x1043.google.com with SMTP id
 98e67ed59e1d1-2ee397a82f6so4941550a91.2
 for <75981 <at> debbugs.gnu.org>; Sat, 01 Feb 2025 03:44:00 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=gmail.com; s=20230601; t=1738410234; x=1739015034; darn=debbugs.gnu.org;
 h=content-transfer-encoding:mime-version:message-id:date:subject:cc
 :to:from:from:to:cc:subject:date:message-id:reply-to;
 bh=Dkq+9XbMCNfPJ8VkbEDQzJcCxNbcT3nuTI14kRoenNc=;
 b=iiMl8IOPl9cvCuKPneDJ2owg6/2mm5HboV2fdcRl7D53q0PJpYs7PlrRY423fD3l8n
 thfzPlLeqdeG8EwH/oJXK2Qtuy+08SsZ3pz5PKCDMzD9MPAULBu0EcJ4eVcJn6zM4y6w
 12TeASd/MlQhnxRfn/Fi9jrMLeCkSdecyNqginXB1On1/GZKKNrjp/qLFFtW833ADwZV
 5nF8pfLgN2b0CLxlm2ukDufx/pC/60ZlL7JGiqQgJSMEsCStFWqun+Azv1lWHiYqHnzE
 Gp8QRzYFAMbuzX7/SLlpx0LzcfTWLkV9sbd33FdnKQ7og2S2ht31DQ/wjImcJL2xO37T
 PpgQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20230601; t=1738410234; x=1739015034;
 h=content-transfer-encoding:mime-version:message-id:date:subject:cc
 :to:from:x-gm-message-state:from:to:cc:subject:date:message-id
 :reply-to;
 bh=Dkq+9XbMCNfPJ8VkbEDQzJcCxNbcT3nuTI14kRoenNc=;
 b=l7eud5D3kGaJmwCXBwci/cnnGPGhVDPFzu8rdWiGY1jGQ9fpxIjpLrMV4Ij23n1l/D
 ddnA6x3QPI3JtvPbzreSJLZYnPQjEtil+MnkvKCkCTFju6p280yz95NwUT5C77tZfv/e
 mcW/kJm2loTj11Yj1CkSAaLMMw/V/N1wSExFlSi4ExLxwSSiRG5gsYKCqwLBtZItRmI5
 gvegMe0zvQP8kbBaGA+CSfziibhZUpWHjkZY1fLHDunR97Me7m0wQjZA/nC2xaOaChgm
 rTgEOB6rSSjeNREUwkC9Arj94Q5kcb9WtFGlYqbroDsDm9rGKUHPQj2MXpnmPdAulG8q
 BdXw==
X-Gm-Message-State: AOJu0Yzf5K5QMi/E07+WFREOXztzKSMzDwZddLXdxnsjedSkxxL0NnyY
 VBbkOuyKri6bV/34tW6SOlQcIr62tYq3j0uDUEWyHwpNnuqoAGDEabSqBmfa
X-Gm-Gg: ASbGnctYTuy33PBDHpZS4xUMI6MV4ByGMTjAlxXtGVNkY+tZztxopaGl6CxKuCNsZUJ
 zy4znxD/6ogX0oAFKcA/Z5KPCnLEcggQmR2rKsD6FCDMv4wkx/C2r+BiJRU/jjqBG4i0EpA4aiF
 O3w6nUCY+x+DBRb78KMRJ0T/tU6mrKXMxqv3zlW7WpV0MKc6nc42tnQJxURiew0eDvtHYYL6Hq+
 4R9sNyaX807NG3AU0U6QNdqLJJfEsbhVLzz3DBfv5uO0ykPvGu6VRHXrIrWeZ4Zu0SfQ8aySATi
 XPbWV+eqLethH9Ducb9POHwOwJj0mJHaYyVVgQ==
X-Google-Smtp-Source: AGHT+IEkp0o7pcqa5eJT7MDuZLsDqQRMu+YS0Moairy5K0DgyebpoQ/42SPW1BY1qGykQkMBuAVsAA==
X-Received: by 2002:a17:90b:258c:b0:2ee:f687:6acb with SMTP id
 98e67ed59e1d1-2f83abd9998mr21373356a91.13.1738410233958; 
 Sat, 01 Feb 2025 03:43:53 -0800 (PST)
Received: from localhost.localdomain (utm3.nitt.edu. [14.139.162.2])
 by smtp.gmail.com with ESMTPSA id
 d9443c01a7336-21de331f8d4sm43844805ad.224.2025.02.01.03.43.50
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Sat, 01 Feb 2025 03:43:53 -0800 (PST)
From: 45mg <45mg.writes@HIDDEN>
To: 75981 <at> debbugs.gnu.org
Subject: [PATCH (WIP) v1.5 0/4] Add 'guix fork'.
Date: Sat,  1 Feb 2025 17:13:21 +0530
Message-ID: <cover.1738408683.git.45mg.writes@HIDDEN>
X-Mailer: git-send-email 2.48.1
MIME-Version: 1.0
X-Debbugs-Cc: Ludovic Courtès <ludo@HIDDEN>, Maxim Cournoyer <maxim.cournoyer@HIDDEN>
Content-Transfer-Encoding: 8bit
X-Spam-Score: 0.0 (/)
X-Debbugs-Envelope-To: 75981
Cc: Nicolas Graves <ngraves@HIDDEN>, Tomas Volf <~@wolfsden.cz>,
 45mg <45mg.writes@HIDDEN>,
 Liliana Marie Prikler <liliana.prikler@HIDDEN>,
 Ricardo Wurmus <rekado@HIDDEN>, Attila Lendvai <attila@HIDDEN>
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -1.0 (-)

Hi Guix,

This revision is the same as v1, with one difference - the procedure
'invoke/stdout' was moved from (guix build utils) to (guix utils). While it
probably belongs in the former file, the fact is that nearly every gexp starts
with `(with-imported-modules ((guix build utils)) #~(begin ...))` or something
similar, so changing that file will cause most derivations to change, which
will result in a world rebuild (I think that's what it's called? That term is
not in the manual...). So I moved it, added some TODO comments pointing out
where it should go, and didn't update the commit message changelogs.

This revision only exists so that I can apply it to my fork, `guix pull`, and
thereby have access to these commands in my CLI. So if anyone else wants to
use this patch - as opposed to just test it via pre-inst-env - then this is
what you should apply.

45mg (4):
  Add 'guix fork create'.
  Add 'guix fork authenticate'.
  Add 'guix fork update'.
  Document 'guix fork'.

 Makefile.am                        |   4 +
 doc/contributing.texi              |  50 +++++
 doc/guix.texi                      | 150 +++++++++++++
 guix/channels.scm                  |  13 ++
 guix/git-authenticate.scm          |  17 ++
 guix/git.scm                       |  10 +
 guix/scripts/fork.scm              |  71 +++++++
 guix/scripts/fork/authenticate.scm | 331 +++++++++++++++++++++++++++++
 guix/scripts/fork/create.scm       | 258 ++++++++++++++++++++++
 guix/scripts/fork/update.scm       | 182 ++++++++++++++++
 guix/scripts/git/authenticate.scm  |  45 +---
 guix/utils.scm                     |  61 ++++++
 12 files changed, 1151 insertions(+), 41 deletions(-)
 create mode 100644 guix/scripts/fork.scm
 create mode 100644 guix/scripts/fork/authenticate.scm
 create mode 100644 guix/scripts/fork/create.scm
 create mode 100644 guix/scripts/fork/update.scm


base-commit: b85d20e853192a92093cd8d6a5756ec80e94c658
-- 
2.48.1





Information forwarded to ludo@HIDDEN, maxim.cournoyer@HIDDEN, guix-patches@HIDDEN:
bug#75981; Package guix-patches. Full text available.

Message received at 75981 <at> debbugs.gnu.org:


Received: (at 75981) by debbugs.gnu.org; 31 Jan 2025 21:24:24 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Fri Jan 31 16:24:24 2025
Received: from localhost ([127.0.0.1]:55222 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1tdyUx-0006EZ-Em
	for submit <at> debbugs.gnu.org; Fri, 31 Jan 2025 16:24:24 -0500
Received: from mail-pl1-x644.google.com ([2607:f8b0:4864:20::644]:42117)
 by debbugs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)
 (Exim 4.84_2) (envelope-from <45mg.writes@HIDDEN>)
 id 1tdyTU-00061U-7E
 for 75981 <at> debbugs.gnu.org; Fri, 31 Jan 2025 16:22:55 -0500
Received: by mail-pl1-x644.google.com with SMTP id
 d9443c01a7336-216395e151bso30898765ad.0
 for <75981 <at> debbugs.gnu.org>; Fri, 31 Jan 2025 13:22:52 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=gmail.com; s=20230601; t=1738358566; x=1738963366; darn=debbugs.gnu.org;
 h=mime-version:message-id:date:references:subject:to:from:from:to:cc
 :subject:date:message-id:reply-to;
 bh=NyxrI5USujHKH+GOaGfVLK93kfoTLeDTFuozmKBeCAw=;
 b=T16TEgzOg8zQuKY/gtnI7qi+9G3a71zG+3GB+86SWQ2XFBq9wzWVV1Wu80u+CiahkY
 3xrOyPPkwps1MwIJD+SA+YfekUEQwo8TLfeAWsre+TYID7kiRVmC/zpQgdOKECHAOGmf
 L2mcmR/cyNHRU+unZaA/0hJzwYg67+qePuBwscYZu9QH+XO9d1q5aeOSd/WP3ZunX27L
 y7rh9RrvQ3KY/32DLzgDlHC5ayVQU9v4uv49XBRiAMfdk32bPs3di8knfIXZlOaqnZzR
 J0T7tCbN493HmMZFL3tFeLWxxMNs7PrRI8WRQ6Uqo/iiHyuMgi6/9yrPAInf0pRIYCpV
 h0YA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20230601; t=1738358566; x=1738963366;
 h=mime-version:message-id:date:references:subject:to:from
 :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to;
 bh=NyxrI5USujHKH+GOaGfVLK93kfoTLeDTFuozmKBeCAw=;
 b=lw1SXw28m0Rby1qOlz8rPzVZ+7xfS8MNCemoAUHVc8u5CWo4pyFXcpVajd6vTT8GM4
 +PxweSys4tQpbXtuU8q6Zr4XhdUMSl1uadxtjk4XEbazrWVa1FtL31zpTxvXCYo7vHZs
 gCGL4VRGFIXPNs3I5HwRm4O+29uV/429Y6JgL6NNVrSAyLvjaOjLlfTJbDU8C1Mp0KLL
 wkPrUHtXHGykHj61gf8xp7OqlPeHu6t0QcGMeVb3FpFcaEvmGEDTcYJxpmTEsto7mOxX
 DpLnoIa1cq4g+DzBnhunBYDweKnu9zS1zHdk7J3/pxkmSJFIB+/ZTwDzvAwTcCzI1ZZT
 9jiQ==
X-Gm-Message-State: AOJu0YyBivWGj3kJclHbHe1m0dxsuoi1sWjVRQUkRddxrYEgL8AAJk/R
 Q8hn2dm9vRk0SgCphQZB1RVq+qOS9imLhFOmd35Zd5q5r4G3YCFxBMZmoQHE
X-Gm-Gg: ASbGncu2zuw9WTLxSbc2LW26IJMGVmC8DEmGERvxjAHjcUecX9qurKcGKCjFR9N5bnF
 Z6/XAVamrDyFdUYeHPYyRS20eLFda6Eu7r2WurDvrx97z7OW1Bh03nXtBk9CYv8ZRlPa99CmiD7
 Gi9RCXva7+eoxMnOz8tXoX+oK+dT4kVujwaf+nOU7ZmgnuYPfm4hPNIis8qS6qTB2aaX5IV5r79
 HULI6HCCts2t72vZ8QiWCWRADsEx1+7O5pIPiNn8qlPHTI0sisU5B1iRRH/ZS3ZlzAITJ8yDqaI
 BEFgeyuYMZEKvfsz
X-Google-Smtp-Source: AGHT+IHe7vlgMBCxdwGarZrBNPuBxyvTFgZLJt93mqI3dwzzDn/9ScDG2YVqZdhoMHX7MCyKabqNOw==
X-Received: by 2002:a17:903:903:b0:215:58be:334e with SMTP id
 d9443c01a7336-21de1958de1mr126469385ad.10.1738358565865; 
 Fri, 31 Jan 2025 13:22:45 -0800 (PST)
Received: from guix1 (utm3.nitt.edu. [14.139.162.2])
 by smtp.gmail.com with ESMTPSA id
 d9443c01a7336-21de31fcdd0sm35015275ad.103.2025.01.31.13.22.44
 for <75981 <at> debbugs.gnu.org>
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Fri, 31 Jan 2025 13:22:45 -0800 (PST)
From: 45mg <45mg.writes@HIDDEN>
To: 75981 <at> debbugs.gnu.org 
Subject: [Tomas Volf] Re: [PATCH (WIP) 0/4] Add 'guix fork'.
References: <87wmeaaer2.fsf@HIDDEN>
Date: Fri, 31 Jan 2025 21:22:50 +0000
Message-ID: <87ed0ivfth.fsf@HIDDEN>
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="=-=-="
X-Spam-Score: 0.0 (/)
X-Debbugs-Envelope-To: 75981
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -1.0 (-)

--=-=-=
Content-Type: text/plain

Forwarding this from the previous thread.

-------------------- Start of forwarded message --------------------
From: Tomas Volf <~@wolfsden.cz>
To: 45mg <45mg.writes@HIDDEN>
Cc: 75975 <at> debbugs.gnu.org,  Liliana Marie Prikler
 <liliana.prikler@HIDDEN>,  Ricardo Wurmus <rekado@HIDDEN>,  Attila
 Lendvai <attila@HIDDEN>,  Nicolas Graves <ngraves@HIDDEN>
Subject: Re: [PATCH (WIP) 0/4] Add 'guix fork'.
Date: Fri, 31 Jan 2025 21:51:29 +0100


--=-=-=
Content-Type: multipart/signed; boundary="==-=-="

--==-=-=
Content-Type: text/plain
Content-Disposition: inline

45mg <45mg.writes@HIDDEN> writes:

> The code here adapts certain procedures from Tomas Volf's original 'fork-guix'
> script [6]; namely: '-->', 'invoke/c', 'create-keyring-branch', 'git-C', and
> 'git-C/c'. That script is licensed under AGPL, so my understanding is that it,
> or the procedures I used from it, would need to be relicensed under GPLv3 to
> be included into Guix. Tomas - could you confirm here that you're willing to
> do so, as we discussed earlier? (Note that I didn't ask you about the last two
> of the five procedures above, since I hadn't used them yet at the
> time.)

I hereby declare the above mentioned procedures to be dual licensed
under AGPL-3.0-only and GPL-3.0-or-later.

That should remove any possible licensing issues for merging this
patch. ^_^

Tomas

-- 
There are only two hard things in Computer Science:
cache invalidation, naming things and off-by-one errors.

--==-=-=
Content-Type: application/pgp-signature; name=signature.asc
Content-Transfer-Encoding: base64

LS0tLS1CRUdJTiBQR1AgU0lHTkFUVVJFLS0tLS0KCmlRSkNCQUVCQ2dBc0ZpRUV0NE5KczR3VWZU
WXBpR2lrTDcvdWZiWi93YWtGQW1lZE45RU9ISDVBZDI5c1puTmsKWlc0dVkzb0FDZ2tRTDcvdWZi
Wi93YWtWSGcvOERGdWpzSVlZTkZKYnE2QkZIczQ3MkhhcTM4QWRrWlNzNGp2Mwp0YWh4Ry9hWGZ4
Vi82QnhVWHRBcEFJQko2WFR4NHJyRjIxV1hBaVAyTHpjaHpCYSsyWHkrSWtqU2twYUFTS3p2ClpF
TkZlTEpEbWtiNmxuOVFlSXZua2dHTk1uL0JMcFd4YlZxaXVqL0lhdm9YTHZtVnV2MG4xYUtwRlVq
QWlZNEMKaVZQWS92SlFKMnBMTHhMNlp5Nk5SbHFzMldEbG9WNkhMQjN3RVg2dWpSVCtFeWtFU01h
Qm9hbHNzZnY1ZktCdQpSU3A2em1pU0swejlEMXRkejRWUnNRNjgrVmJWRkF0dWdyVmwvMW1XTzUr
ZWVncjIzTWRWaWIrV0gzbzh6WWhQCjJkWHViTmtTelhxQU5neUhVMmlnRjUzNy94OVpQNXVaYTA5
MERJQVhEaWZOSFRMYW1tREphT05VY1BLTXFWSDIKUEtFSC9RUzJaWnFrcWhOLy9CeEdOcERvWFgv
R1VFR2lnektBaVpHaFdZWGY4UGxYMmFIS1hwSi96V0ROdTlwVApzUWEvdEREb0U0MHhvZGNQbzZr
Y1N0RXR3K3NLMDh3S3ZYVzd5NS9wR2tiS2doTUp2dGs5dG5FNnhEakExOFBqCkpLNHZrcVhMOTUw
dTA2aUg2TEJTejBUcXVwYXVrMG5JUC9xY1pmWjB2UUc5NUhYb21OL0tqaC85b3pSREczMTgKbVlN
VFBWYmpSTkF3b2UzellMbXJFNFJucTFuTjVFbG5FMEY0VFlaU3NRdlF1ZnpaeGFVZUJsd21rRERr
ZzJhNQo3Vk0ySDhkYmhOWnc2VEdaclFoM1l0amFJNzVtMExZUXEyUmczbzREV0tjeWZUWWxjOVQ4
Z3owU2M3WFE1U3NYCmVTM1pTL0k9Cj1UOWtzCi0tLS0tRU5EIFBHUCBTSUdOQVRVUkUtLS0tLQ==
--==-=-=--

--=-=-=
Content-Type: text/plain

-------------------- End of forwarded message --------------------

--=-=-=--




Information forwarded to guix-patches@HIDDEN:
bug#75981; Package guix-patches. Full text available.

Message received at 75981 <at> debbugs.gnu.org:


Received: (at 75981) by debbugs.gnu.org; 31 Jan 2025 21:20:20 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Fri Jan 31 16:20:20 2025
Received: from localhost ([127.0.0.1]:54959 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1tdyR1-0005qu-QN
	for submit <at> debbugs.gnu.org; Fri, 31 Jan 2025 16:20:20 -0500
Received: from mail-pl1-x643.google.com ([2607:f8b0:4864:20::643]:46164)
 by debbugs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)
 (Exim 4.84_2) (envelope-from <45mg.writes@HIDDEN>)
 id 1tdyQx-0005kj-EP
 for 75981 <at> debbugs.gnu.org; Fri, 31 Jan 2025 16:20:16 -0500
Received: by mail-pl1-x643.google.com with SMTP id
 d9443c01a7336-219f8263ae0so46830385ad.0
 for <75981 <at> debbugs.gnu.org>; Fri, 31 Jan 2025 13:20:15 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=gmail.com; s=20230601; t=1738358409; x=1738963209; darn=debbugs.gnu.org;
 h=content-transfer-encoding:mime-version:references:in-reply-to
 :message-id:date:subject:cc:to:from:from:to:cc:subject:date
 :message-id:reply-to;
 bh=kTLhP7eOxVAyBixFBetnmK4lTMHiffyZRO+XOSa3nEo=;
 b=QxOiMvz/NyzwMd3WiSrAOGDFtKyG/uPlceSeR+ItNUGkSPCOSelYsA6BUhLzVOatMY
 xWha+6gcZDk418SUs3CPPKA2Tx/r6ugA0GcZY3TcOOs+k3Ze914UgAmg2VqxbT+6Y8yJ
 lOM+MpX2cBbB4TuKj6O9mbkqfINcHnbFkL1FnSdSYUwTJO30eZQIPNR0Aw23s6bJhUpl
 eu5hlEo3Eo3aIsA2O9XIgEjxfjXO6bLuI72ghhkGQk+CM16CR8ihDu7Ey5H/rN+Bcg7i
 MSmA5Rm8ZMkmmv2lLq3JktU93CDFf1jxdoHU1Wg252sSoEjDXERflSFYTxvTQVCQmIQg
 LE5Q==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20230601; t=1738358409; x=1738963209;
 h=content-transfer-encoding:mime-version:references:in-reply-to
 :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc
 :subject:date:message-id:reply-to;
 bh=kTLhP7eOxVAyBixFBetnmK4lTMHiffyZRO+XOSa3nEo=;
 b=wmWo3RpkjQgQUAIJJgut/VDwS0N+P051UxGCCHeHRY5d60qRrdpTnA18SyMYh88ahe
 IOgMWzOwO3Y9Kc593VY1susjgBwx+yEUr/kYTJauP38LCL2bi5IvEyZK4sXBKI8d1MUe
 86C+smMcy7aH5NEq4XVtwd6BHzwrgpjFKxL+XUs0wEH6TK1PuqCNb+vLReQIz28cstbp
 dCUESDfDdLhx5ax9oVSkAEFUkT2Avw3X1kjejTEz/F2sLC7CJ5/dusuQWOoqS6D680KG
 Jq//v2BZYj6fPrQcgwoQbZQep/oYHwLyzoFLxiM8h/TiVNXq///OqtDSK66ZYikLBk4G
 NHVw==
X-Gm-Message-State: AOJu0YwG36efi9gylCk+qvejO20AJ4Dx5LCHRb+fWqotTqAUmkdU1cFp
 GexJ5o1JNawqD5Yha4wwOdNcPdLQlVeZB+ey57iVQMKaPsuO9E2x/bUA0j6L
X-Gm-Gg: ASbGncsmzG1E99cTUtxzI1rsaK0weBUidFBJYXCTO+qpwRxj2+SfPzhHoUUI/jgodH4
 6gXgdEGv+vH2jd+bzB8glHo1CFp9LEW+9IiK2n7DXEa9CuM1UDF1xdo22Oo2y0r0ShQlI0+xpx5
 EnFDHX9Tc6lfbLO6rKF1vRydRk1sbM0QMj/R87lf0HDM5l9+H4PxRyzVoE36K2wGGGe6DVnnOBi
 PH1cZmybpyaKb7pLdIHaT2ZmzD0WKerCGmWXkrlkF5hZFoQ0odRoV97SzZV1yt5XYxsMl86bsOd
 sX4jpj0cDviMpA8xEn/a9TvAXMKcqh3jdatvrA==
X-Google-Smtp-Source: AGHT+IF63NhnKRm4Eq91FSP0/ppF7N5+C7xl0PJy8TMR1CA94SRIizjkowJ0AVBGVczgYZ+HJAz62A==
X-Received: by 2002:a05:6a00:1411:b0:725:9f02:489a with SMTP id
 d2e1a72fcca58-72fd0c5ee8cmr16921091b3a.17.1738358409143; 
 Fri, 31 Jan 2025 13:20:09 -0800 (PST)
Received: from localhost.localdomain (utm3.nitt.edu. [14.139.162.2])
 by smtp.gmail.com with ESMTPSA id
 d2e1a72fcca58-72fe64275c4sm3924008b3a.61.2025.01.31.13.20.06
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Fri, 31 Jan 2025 13:20:08 -0800 (PST)
From: 45mg <45mg.writes@HIDDEN>
To: 75981 <at> debbugs.gnu.org
Subject: [PATCH (WIP) v1 4/4] Document 'guix fork'.
Date: Sat,  1 Feb 2025 02:48:47 +0530
Message-ID: <b526ba9ce6b830a6c39796c640bae984c22236d0.1738357415.git.45mg.writes@HIDDEN>
X-Mailer: git-send-email 2.48.1
In-Reply-To: <cover.1738357415.git.45mg.writes@HIDDEN>
References: <cover.1738357415.git.45mg.writes@HIDDEN>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Spam-Score: 0.0 (/)
X-Debbugs-Envelope-To: 75981
Cc: Nicolas Graves <ngraves@HIDDEN>, Tomas Volf <~@wolfsden.cz>,
 45mg <45mg.writes@HIDDEN>,
 Liliana Marie Prikler <liliana.prikler@HIDDEN>,
 Ricardo Wurmus <rekado@HIDDEN>, Attila Lendvai <attila@HIDDEN>
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -1.0 (-)

* doc/guix.texi (Invoking guix fork): New node.
* doc/contributing.texi (Using Your Own Patches): New node.

Change-Id: I06240f0fe8d1fe39f27130a72f5d0d92949c99da
---
 doc/contributing.texi |  50 ++++++++++++++
 doc/guix.texi         | 150 ++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 200 insertions(+)

diff --git a/doc/contributing.texi b/doc/contributing.texi
index c94ae940fa..bd4fd6c2ac 100644
--- a/doc/contributing.texi
+++ b/doc/contributing.texi
@@ -35,6 +35,7 @@ Contributing
 * Making Decisions::            Collectively choosing the way forward.
 * Commit Access::               Pushing to the official repository.
 * Reviewing the Work of Others::  Some guidelines for sharing reviews.
+* Using Your Own Patches::      Using your own work before it's accepted.
 * Updating the Guix Package::   Updating the Guix package definition.
 * Deprecation Policy::          Commitments and tools for deprecation.
 * Writing Documentation::       Improving documentation in GNU Guix.
@@ -3095,6 +3096,55 @@ Reviewing the Work of Others
 have reviewed more easily by adding a @code{reviewed-looks-good} usertag
 for the @code{guix} user (@pxref{Debbugs Usertags}).
 
+@node Using Your Own Patches
+@section Using Your Own Patches
+
+If you've taken the time to contribute code to Guix, chances are that
+you want the changes you've made to be reflected in your own Guix
+installation as soon as possible. Maybe you've added a package you want,
+and you want to start using it @emph{right now}. Or you've fixed a bug
+that affects you, and you want it to @emph{go away}.
+
+As described in the preceding sections, all contributions to Guix first
+go through a review process to ensure code quality. Sometimes, this can
+take longer than one would like. Ideally, the pace of the review process
+should not prevent you from benefiting from your own work.
+
+One way to work around this issue is to create an additional channel of
+your own (@pxref{Creating a Channel}), and add your code to it. For
+certain kinds of contributions, such as adding a new package, this is
+fairly straightforward - simply copy your new package definition(s) into
+a new file in the channel, and remove them when your contribution is
+accepted.
+
+However, there may be cases where this is not convenient. Certain kinds
+of changes, such as those that need to modify existing Guix internals,
+may be more challenging to incorporate into a channel. Moreoever, the
+more substantial your contribution is, the more work it will be to do
+so.
+
+@cindex fork, of Guix
+For such cases, there is another option. Recall that the patch series
+that you sent (@pxref{Sending a Patch Series}) was created from a one or
+more commits on a checkout of the Guix repository (@pxref{Building from
+Git}). You could simply specify this repository (referred to as your
+`Guix fork', or simply `fork', from here onwards), and its relevant
+branch, as your `@code{guix}' channel (@pxref{Using a Custom Guix
+Channel}). Now `@code{guix pull}' will fetch your new commits, and
+you'll see the changes you made reflected in your Guix installation!
+
+However, there's a potential complication to this approach - the issue
+of authentication (@pxref{Channel Authentication}). If your fork only
+exists on your local filesystem (a `local fork'), then you probably
+don't need to worry about this, and can pull without authentication
+(@pxref{Invoking guix pull}). But other situations, such as a remotely
+hosted fork, may make it important for your fork to be authenticated, in
+the same way that all channels are expected to be.
+
+Guix provides a @command{guix fork} command in order to simplify and
+automate many details of creating and managing and authenticated
+fork. For more information, @pxref{Invoking guix fork}.
+
 @node Updating the Guix Package
 @section Updating the Guix Package
 
diff --git a/doc/guix.texi b/doc/guix.texi
index b1b6d98e74..bbb5666d0a 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -311,6 +311,7 @@ Top
 * Invoking guix pack::          Creating software bundles.
 * The GCC toolchain::           Working with languages supported by GCC.
 * Invoking guix git authenticate::  Authenticating Git repositories.
+* Invoking guix fork::          Creating and managing authenticated forks of Guix.
 
 Programming Interface
 
@@ -5930,6 +5931,7 @@ Development
 * Invoking guix pack::          Creating software bundles.
 * The GCC toolchain::           Working with languages supported by GCC.
 * Invoking guix git authenticate::  Authenticating Git repositories.
+* Invoking guix fork::          Creating and managing authenticated forks of Guix.
 @end menu
 
 @node Invoking guix shell
@@ -7534,6 +7536,154 @@ Invoking guix git authenticate
 @end table
 
 
+@node Invoking guix fork
+@section Invoking @command{guix fork}
+
+@cindex @command{guix fork}
+
+The @command{guix fork} command provides the means to quickly set up,
+authenticate, and keep up-to-date an authenticated fork of Guix. For
+more information on authentication of a Guix checkout, @pxref{Invoking
+guix git authenticate}.
+
+Its syntax is:
+
+guix fork ACTION ARGS...
+
+ACTION specifies the fork-related action to perform. Currently, the
+following values are supported:
+
+@table @code
+@item create SIGNING_KEY [DIRECTORY OPTIONS...]
+Create a fork of Guix in DIRECTORY, using SIGNING_KEY to sign the introductory
+commit.
+DIRECTORY defaults to ./guix.
+
+First, clone Guix into DIRECTORY, unless @code{--use-existing} is
+given. Then, add SIGNING_KEY to the `@code{keyring}' branch of the
+repository. Finally, create a new `@code{fork}' branch based starting
+from the default branch, whose initial commit authorizes SIGNING_KEY
+alone (by adding it to @file{.guix-authorizations}) and is signed by it.
+
+The new `@code{fork}' branch is intended to mirror upstream
+Guix. Updating the fork amounts to applying all new commits to it (see
+the `@code{update}' command below for further explanation). You can work
+on patches in branches based off of this one, in much the same way as
+you would base them on Guix's default branch - every commit from the
+latter will be present in the former.
+
+To @command{guix pull} your changes, you could create a `build' branch
+starting from the initial fork commit, onto which you can cherry-pick or
+rebase commits from patch branches. This branch can then be specified
+for the `@code{guix}' channel (@pxref{Using a Custom Guix Channel}).
+Updating this channel can be done by merging the `@code{fork}' branch
+into it.
+
+OPTIONS can be one or more of the following:
+
+@table @code
+@item --use-existing
+Use existing clone of Guix in DIRECTORY. This is useful if you've
+already created commits for a patch series (@pxref{Using Your Own
+Patches}). However, all commits to the default branch, as well as any
+branches that may be merged into it in the future, must have been signed
+with an authorized key; otherwise, authentication will fail later.
+@item --upstream=URI
+The repository to clone from. This defaults to the default URL for the
+Guix repository.
+@item --channel-url=URI
+Optional URI, which if given, will be used to replace the channel URL.
+Furthermore, the existing `origin' remote (which tracks
+`@code{upstream}') is renamed to `upstream', and a new `origin' remote
+is created to track URI.
+@item --git-parameter PARAMETER
+Specify configuration PARAMETER for git, via `-c' option. You can pass
+this option multiple times.
+@end table
+
+@cindex authentication, of Guix forks
+@item authenticate UPSTREAM COMMIT SIGNER [OPTIONS...]
+Authenticate a Guix fork, using COMMIT and SIGNER as the fork
+introduction.
+
+First, authenticate new commits from UPSTREAM, using Guix's default
+introduction. Then authenticate the remaining commits using the fork
+introduction.
+
+As with @code{guix git authenticate}, all three of UPSTREAM, COMMIT and
+SIGNER will be cached in .git/config, so that you don't need to specify
+them after the first time.
+
+OPTIONS can be one or more of the following:
+
+@table @code
+@item --repository=DIRECTORY
+@itemx -r DIRECTORY
+Authenticate the git repository in DIRECTORY, instead of the current
+directory.
+@item --upstream-commit=COMMIT
+@itemx --upstream-signer=SIGNER
+Use COMMIT/SIGNER as the introduction for upstream
+Guix, instead of Guix's default channel introduction.
+@item --keyring=REFERENCE
+@itemx -k REFERENCE
+Load keyring for fork commits from REFERENCE, a Git branch (default
+`@code{keyring}').
+@item --upstream-keyring=REFERENCE
+Load keyring for upstream commits from REFERENCE, a Git branch (default
+`@code{keyring}').
+@item --end=COMMIT
+Authenticate fork commits up to COMMIT.
+@item --upstream-end=COMMIT
+Authenticate upstream commits up to COMMIT.
+
+@item --cache-key=KEY
+@itemx --historical-authorizations=FILE
+@itemx --stats
+Identical to the correponding options in @command{guix git authenticate}
+(@pxref{Invoking guix git authenticate}).
+@end table
+
+@item update [OPTIONS...]
+Pull into this Guix fork's configured upstream branch (from running
+@command{guix fork authenticate}), then apply new commits onto the
+current branch.
+
+This approach may seem less convenient than simply merging the upstream
+branch into the fork branch. Indeed, it duplicates every upstream commit
+under a different commit hash, and applying a large number of commits
+can be slow. However, this is currently the only feasible approach due
+to the nature of Guix's authentication mechanism. Namely, merge commits
+can only be authenticated if both their parents are signed by an
+authorized key, meaning that you can only use the merge workflow if
+you're authorized to commit to upstream Guix.
+
+For mapping commits on the fork branch to their equivalents on the
+upstream branch, you can use @command{guix fork identify} (see below).
+
+OPTIONS can be one or more of the following:
+
+@table @code
+@item --repository=DIRECTORY
+@itemx -r DIRECTORY
+Act in the Git repository in DIRECTORY.
+@item --fork-branch=BRANCH
+Apply new commits onto BRANCH instead of the current branch.
+@end table
+
+@item identify
+Coming soon!
+
+Given a commit hash from upstream Guix, print its equivalent on the fork
+branch, or vice versa.
+This uses the 'Change-Id:' line added to commit messages by Guix's
+'commit-msg' hook.
+The first invocation of this command will be slow, as the entire set of
+corresponding commits is built up as a hash table, and then
+cached. Subsequent invocations should be nearly instant.
+
+@end table
+
 @c *********************************************************************
 @node Programming Interface
 @chapter Programming Interface
-- 
2.48.1





Information forwarded to guix-patches@HIDDEN:
bug#75981; Package guix-patches. Full text available.

Message received at 75981 <at> debbugs.gnu.org:


Received: (at 75981) by debbugs.gnu.org; 31 Jan 2025 21:20:12 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Fri Jan 31 16:20:12 2025
Received: from localhost ([127.0.0.1]:54953 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1tdyQt-0005l7-UL
	for submit <at> debbugs.gnu.org; Fri, 31 Jan 2025 16:20:12 -0500
Received: from mail-pl1-x642.google.com ([2607:f8b0:4864:20::642]:61737)
 by debbugs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)
 (Exim 4.84_2) (envelope-from <45mg.writes@HIDDEN>)
 id 1tdyQr-0005kQ-Cl
 for 75981 <at> debbugs.gnu.org; Fri, 31 Jan 2025 16:20:10 -0500
Received: by mail-pl1-x642.google.com with SMTP id
 d9443c01a7336-21669fd5c7cso43783225ad.3
 for <75981 <at> debbugs.gnu.org>; Fri, 31 Jan 2025 13:20:09 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=gmail.com; s=20230601; t=1738358403; x=1738963203; darn=debbugs.gnu.org;
 h=content-transfer-encoding:mime-version:references:in-reply-to
 :message-id:date:subject:cc:to:from:from:to:cc:subject:date
 :message-id:reply-to;
 bh=+XspKeyjomk44e0/WIApWppbYgKqZm7vtWqBqkgLKjs=;
 b=WN3ZvX4BM5x32buT4f9WgMP/X3Fw/FSvcXdxBbTtnQUvZjQwI0+4+bWHfrs2IQplCU
 0PhSC4oVpuHZ4/IVeeUnun/oBgjiKR9IdToUNxESlM4bLCiB5sBa1K7avMoNNIc+Jj4s
 dloy/HY0wYg2R8neZ9pyk7XRa59R4LdpAx1PILmNp1bAXtx36C4po+EYTV0/A+H+vkXk
 ipOj4BLyCQDQvbITMF7vmDcBH/9CtI1ILVN8YbTX0/avYy59DRM5CdswyhMkWgW4MGG4
 P9snyronE3oScSefiIKsTEPEZReDE3nwyFc05jMGZNg/vPGvzYZGbzODBpkChwp6YhjR
 CCsA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20230601; t=1738358403; x=1738963203;
 h=content-transfer-encoding:mime-version:references:in-reply-to
 :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc
 :subject:date:message-id:reply-to;
 bh=+XspKeyjomk44e0/WIApWppbYgKqZm7vtWqBqkgLKjs=;
 b=QhPVs2VxnUEmOnJgI7TVA7vjmugWl8gje5yPc3qqa5iqSIhhQDg2Bm1YPaGi3CpYu8
 4/uXlWuL4AsOPEtQIHvjubRepVqWeNFwOHwtsYlOMerjE4TVLm//nmwqwzdxoolzK4WN
 7+JHB6EAQ+tk0FUNXJoojPXbwnNa72vY5GWWSls4rsmG5QL6K7/z78lunbiZjArj3HUP
 h59LqoXZP9hXpkHp1KZX6JkOskjOsLrU4ScU1CHn1yVOPmP/6dhjw19jmGb/rGH95htv
 Fn8raIIp+Wg2vOuIXhzSpjg4xaXTqC1x+Mv2nICC+CiWJp88XyqFfYUI0OWcRtoY94U4
 MNBw==
X-Gm-Message-State: AOJu0Ywr7MHG6v4C4hvvBWRvz+4Zvldva/3jfQ1V4v+NE7jR7wgun5xY
 NcMajEWAATau6zM3lZ27g0RoEEcp1n+KcP43g1/6i7qejAid1PyqPDJmm+4l
X-Gm-Gg: ASbGncv7cBd7Q5JtUT9+3kbhF4L7NiuzdkON2+zTo8aR2TCEgwIbeJathPP8XNdZio0
 +o/imU+BllZxpR6cXDRkVVyRoFtp7H9a2JpoARgStu1A0ZTWMuJQRgkxcX045qxZ1y5DlM00JWk
 rWJuGtTeHT6xU2M3FywJ8drbiIPKulJejYgSUnJSXKXWFasMEAgDTRW+N7h6+TI3G91Pis5XzgX
 Qj9vDO9YxG0TgFSHdlumLBpbt3PHb4zGE1feomADVL2HsUMWVrV8TrOhVfJzWAo+QUozZf6v9FH
 gE9TMzPGPwV5MN/S0wdevHvxENxOAgIlb1IxOg==
X-Google-Smtp-Source: AGHT+IFuPwf+hRwCp1jyv0amn0b8uDVXPs1L12kBLRKlcDR+W4P1f35RRYEbXR5K2ea+nOOHqSxyxQ==
X-Received: by 2002:a05:6a00:e8a:b0:72a:bc6a:3a87 with SMTP id
 d2e1a72fcca58-72fd096a0a5mr18685827b3a.0.1738358403090; 
 Fri, 31 Jan 2025 13:20:03 -0800 (PST)
Received: from localhost.localdomain (utm3.nitt.edu. [14.139.162.2])
 by smtp.gmail.com with ESMTPSA id
 d2e1a72fcca58-72fe64275c4sm3924008b3a.61.2025.01.31.13.20.00
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Fri, 31 Jan 2025 13:20:02 -0800 (PST)
From: 45mg <45mg.writes@HIDDEN>
To: 75981 <at> debbugs.gnu.org
Subject: [PATCH (WIP) v1 3/4] Add 'guix fork update'.
Date: Sat,  1 Feb 2025 02:48:46 +0530
Message-ID: <a8900889db07c887b8863fa774e7e38b29ea716e.1738357415.git.45mg.writes@HIDDEN>
X-Mailer: git-send-email 2.48.1
In-Reply-To: <cover.1738357415.git.45mg.writes@HIDDEN>
References: <cover.1738357415.git.45mg.writes@HIDDEN>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-Spam-Score: 0.0 (/)
X-Debbugs-Envelope-To: 75981
Cc: Nicolas Graves <ngraves@HIDDEN>, Tomas Volf <~@wolfsden.cz>,
 45mg <45mg.writes@HIDDEN>,
 Liliana Marie Prikler <liliana.prikler@HIDDEN>,
 Ricardo Wurmus <rekado@HIDDEN>, Attila Lendvai <attila@HIDDEN>
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -1.0 (-)

* guix/scripts/fork/update.scm: New file.
* Makefile.am (MODULES): Add the new file.
* guix/scripts/fork.scm
(show-help): Mention new command.
(%sub-commands): Add new command.

Change-Id: I2017eb9a9286c02ca8bdf962bcbfe89d7607c413
---
 Makefile.am                  |   1 +
 guix/scripts/fork.scm        |   4 +-
 guix/scripts/fork/update.scm | 181 +++++++++++++++++++++++++++++++++++
 3 files changed, 185 insertions(+), 1 deletion(-)
 create mode 100644 guix/scripts/fork/update.scm

diff --git a/Makefile.am b/Makefile.am
index 1c1f5d84fd..8edd371ccd 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -380,6 +380,7 @@ MODULES =					\
   guix/scripts/fork.scm			\
   guix/scripts/fork/create.scm			\
   guix/scripts/fork/authenticate.scm			\
+  guix/scripts/fork/update.scm			\
   guix/scripts/graph.scm			\
   guix/scripts/weather.scm			\
   guix/scripts/container.scm			\
diff --git a/guix/scripts/fork.scm b/guix/scripts/fork.scm
index c5c7a59ba7..bf9c86e0aa 100644
--- a/guix/scripts/fork.scm
+++ b/guix/scripts/fork.scm
@@ -32,6 +32,8 @@ (define (show-help)
    create          set up a fork of Guix\n"))
   (display (G_ "\
    authenticate    authenticate a fork of Guix\n"))
+  (display (G_ "\
+   update          update a fork of Guix\n"))
   (newline)
   (display (G_ "
   -h, --help             display this help and exit"))
@@ -40,7 +42,7 @@ (define (show-help)
   (newline)
   (show-bug-report-information))
 
-(define %sub-commands '("create" "authenticate"))
+(define %sub-commands '("create" "authenticate" "update"))
 
 (define (resolve-sub-command name)
   (let ((module (resolve-interface
diff --git a/guix/scripts/fork/update.scm b/guix/scripts/fork/update.scm
new file mode 100644
index 0000000000..5aed337b85
--- /dev/null
+++ b/guix/scripts/fork/update.scm
@@ -0,0 +1,181 @@
+;;; GNU Guix --- Functional package management for GNU
+;;; Copyright © 2025 Tomas Volf <~@wolfsden.cz>
+;;; Copyright © 2025 45mg <45mg.writes@HIDDEN>
+;;;
+;;; This file is part of GNU Guix.
+;;;
+;;; GNU Guix is free software; you can redistribute it and/or modify it
+;;; under the terms of the GNU General Public License as published by
+;;; the Free Software Foundation; either version 3 of the License, or (at
+;;; your option) any later version.
+;;;
+;;; GNU Guix is distributed in the hope that it will be useful, but
+;;; WITHOUT ANY WARRANTY; without even the implied warranty of
+;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+;;; GNU General Public License for more details.
+;;;
+;;; You should have received a copy of the GNU General Public License
+;;; along with GNU Guix.  If not, see <http://www.gnu.org/licenses/>.
+
+(define-module (guix scripts fork update)
+  #:use-module (guix scripts fork authenticate)
+  #:use-module (git repository)
+  #:use-module (git structs)
+  #:use-module (git config)
+  #:use-module (guix ui)
+  #:use-module (guix scripts)
+  #:use-module (guix build utils)
+  #:use-module (guix channels)
+  #:use-module (ice-9 exceptions)
+  #:use-module (ice-9 match)
+  #:use-module (ice-9 popen)
+  #:use-module (ice-9 pretty-print)
+  #:use-module (ice-9 string-fun)
+  #:use-module (ice-9 textual-ports)
+  #:use-module (srfi srfi-1)
+  #:use-module (srfi srfi-13)
+  #:use-module (srfi srfi-26)
+  #:use-module (srfi srfi-37)
+  #:use-module (srfi srfi-71)
+  #:export (guix-fork-update))
+
+;;; Commentary:
+;;;
+;;; Update a fork of Guix created via `guix fork create` and authenticated via
+;;; `guix fork authenticate`, by applying new commits from the upstream branch
+;;; onto it.
+;;;
+;;; Code:
+
+(define %options
+  ;; Specifications of the command-line options.
+  (list (option '(#\h "help") #f #f
+                (lambda args
+                  (show-help)
+                  (exit 0)))
+        (option '(#\V "version") #f #f
+                (lambda args
+                  (show-version-and-exit "guix fork create")))
+
+        (option '( "fork-branch") #t #f
+                (lambda (opt name arg result)
+                  (alist-cons 'fork-branch-name arg result)))
+        (option '(#\r "repository") #t #f
+                (lambda (opt name arg result)
+                  (alist-cons 'directory arg result)))))
+
+(define %default-options
+  '())
+
+(define %usage
+  (G_ "Usage: guix fork update [OPTIONS...]
+Pull into this Guix fork's configured upstream branch, then apply new commits
+onto the current branch.
+
+  -r, --repository=DIRECTORY
+                         Act in the Git repository in DIRECTORY
+      --fork-branch=BRANCH
+                         Apply new commits onto BRANCH instead of the current
+                         branch
+
+  -h, --help             display this help and exit
+  -V, --version          display version information and exit
+"))
+
+(define (show-help)
+  (display %usage)
+  (newline)
+  (show-bug-report-information))
+
+(define (missing-arguments)
+    (leave (G_ "wrong number of arguments; \
+required ~%")))
+
+
+;;;
+;;; Entry point.
+;;;
+
+(define (guix-fork-update . args)
+
+  (define options
+    (parse-command-line args %options (list %default-options)
+                        #:build-options? #f))
+
+  (define (command-line-arguments lst)
+    (reverse (filter-map (match-lambda
+                           (('argument . arg) arg)
+                           (_ #f))
+                         lst)))
+
+  (define-syntax invoke-git
+    (lambda (x)
+      (syntax-case x ()
+        ((_ args ...)
+         #`(invoke "git" "-C" #,(datum->syntax x 'directory) args ...)))))
+
+  (define-syntax invoke-git/stdout
+    (lambda (x)
+      (syntax-case x ()
+        ((_ args ...)
+         #`(string-trim-right
+            (invoke/stdout "git" "-C" #,(datum->syntax x 'directory) args ...))))))
+
+  (with-error-handling
+    (let* ((directory (or (assoc-ref options 'directory) "."))
+           (current-branch-name (invoke-git/stdout
+                                 "branch"
+                                 "--show-current"))
+           (current-head-location (invoke-git/stdout
+                                   "rev-parse"
+                                   "HEAD"))
+           (fork-branch-name (or (assoc-ref options 'fork-branch-name)
+                                 (if (string= current-branch-name "")
+                                     (leave (G_ "no current branch and --fork-branch not given"))
+                                     current-branch-name)))
+
+           (repository (repository-open directory))
+           (upstream-branch-name introduction-commit introduction-signer
+                                 (if (fork-configured? repository)
+                                     (fork-configured-introduction
+                                      (repository-open directory))
+                                     (leave (G_ "fork not fully configured.
+(Did you remember to run `guix fork authenticate` first?)%~"))))
+           (upstream-branch-commit
+            (invoke-git/stdout "rev-parse" upstream-branch-name))
+           (new-upstream-branch-commit "")
+           (config (repository-config repository))
+           (signing-key
+            (or
+             (catch 'git-error
+               (lambda ()
+                 (config-entry-value
+                  (config-get-entry config "user.signingkey")))
+               (const #f))
+             (begin
+               (info (G_ "user.signingkey not set for this repository.~%"))
+               (info (G_ "Will attempt to sign commits with fork introduction key.~%"))
+               introduction-signer))))
+
+      (info (G_ "Pulling into '~a'...~%") upstream-branch-name)
+      (invoke-git "switch" upstream-branch-name)
+      (invoke-git "pull")
+      (set! new-upstream-branch-commit
+            (invoke-git/stdout "rev-parse" upstream-branch-name))
+
+      (info (G_ "Rebasing commits from '~a' to '~a' onto fork branch '~a'...~%")
+            upstream-branch-commit
+            new-upstream-branch-commit
+            fork-branch-name)
+      (invoke-git "rebase" "--rebase-merges"
+                  (string-append "--gpg-sign=" signing-key)
+                  fork-branch-name new-upstream-branch-commit)
+
+      (info (G_ "Resetting fork branch '~a' to latest rebased commit...~%")
+            fork-branch-name)
+      (invoke-git "branch" "--force" fork-branch-name "HEAD")
+
+      (invoke-git "checkout" (or current-branch-name current-head-location))
+
+      (info (G_ "Successfully updated Guix fork in ~a~%")
+            directory))))
-- 
2.48.1





Information forwarded to guix-patches@HIDDEN:
bug#75981; Package guix-patches. Full text available.

Message received at 75981 <at> debbugs.gnu.org:


Received: (at 75981) by debbugs.gnu.org; 31 Jan 2025 21:20:05 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Fri Jan 31 16:20:04 2025
Received: from localhost ([127.0.0.1]:54950 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1tdyQl-0005kN-2O
	for submit <at> debbugs.gnu.org; Fri, 31 Jan 2025 16:20:04 -0500
Received: from mail-pl1-x641.google.com ([2607:f8b0:4864:20::641]:53379)
 by debbugs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)
 (Exim 4.84_2) (envelope-from <45mg.writes@HIDDEN>)
 id 1tdyQg-0005jQ-Ps
 for 75981 <at> debbugs.gnu.org; Fri, 31 Jan 2025 16:19:59 -0500
Received: by mail-pl1-x641.google.com with SMTP id
 d9443c01a7336-215770613dbso33992515ad.2
 for <75981 <at> debbugs.gnu.org>; Fri, 31 Jan 2025 13:19:58 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=gmail.com; s=20230601; t=1738358393; x=1738963193; darn=debbugs.gnu.org;
 h=content-transfer-encoding:mime-version:references:in-reply-to
 :message-id:date:subject:cc:to:from:from:to:cc:subject:date
 :message-id:reply-to;
 bh=rASlCkCXzp5SO8O1bmNfoaP77uE1mhNlivO/wDiYLuQ=;
 b=Keu6EuwxRT+Jp4AgnRa1s+u9ZhYR+Z7ZPUedSwUwNBagL3IB0zRYJK5uRNmVh6paSi
 RDTkHLSZn9fbh9Gu6bSTUu3WCb70pD7F+mfEgnS2b7JlP4j8Q+ld6XtwnI0nY12CbP6M
 Ttl/zq0uTUWRy+KqYn+w613XuofUR24kOUBt1kikVMQ+iDMcOXGplGUfT3emswlun+5Y
 8aCKWxcarqR4GgXQDW6Z+pAAtQi/Mqlp4y++hx37H4ccQ1OjgFcAuafWtJItFdKg9QcS
 PojI99YLYeF2Xt2VUkHKsHFgl5nNGYI0yXT7pF7Zd4HLlr7q5gUGkHTFeJF6Y01+p+UV
 /fLQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20230601; t=1738358393; x=1738963193;
 h=content-transfer-encoding:mime-version:references:in-reply-to
 :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc
 :subject:date:message-id:reply-to;
 bh=rASlCkCXzp5SO8O1bmNfoaP77uE1mhNlivO/wDiYLuQ=;
 b=R3h6UmIZz2N25ONDeLJG6jv5oMI9Ujsfz07/Vok4hZMjpPZ3ByYsEEJdBKnODo1wc6
 d7ADm9R/3QFtA9Gli9iOQtUC1TxHGt4DRYjdrcLgjrwmZ74WlMU11hl+iZOv993qmz8z
 KIPJAYDtVNH0nOhhup/YQwhdFDlVg8C0Oad7/ZWKK4tA0N7utbiP8jSWR0/GUsNWa98t
 cKvi2SR9TpIedSf+ImJ6JrHEoe6dHmnGS/JjOzrm0w7aIwmIpMd9J+EG51ItyztYNK6D
 zpjpwiTxr9fVKgFXVQt9ygh5GFpRqyYV35neDD9p1z/JHqLnDGs/Ba8t1rrO9CDdFqAl
 G5qg==
X-Gm-Message-State: AOJu0YwoGzD33satlCXOJLrqikoWTQJUgdz2TXYeZLnc7qjDyGD66D6k
 of92xJmFlRzHz/GMXMHOTJX5gaqaek/sMNcYeSwGd3P4OeRZsep3Ajk4lvky
X-Gm-Gg: ASbGncvFErIRLjtUGCKq/dSuJV3D7pRBceNzA1egYQk+d6rhPc7QFSGi+K7q3eac2sE
 qK9qtj/XcgfQLdGBT/icryGKjHv/55fG8owrX75rDJ/Xx5onoaEY4cu/z2Rp5ubkijnDmYwgpr2
 xji1TL6xBsGw1xo/Kzj9JcymNJZCw0avkNG305WWWYGq+Ib0DxRDsjSdaZv02t7199G8+24EdoH
 5fwg/ByRq3fInlsed15Z9xEEz7rHf9H+/rTFDGfrsaykRWinY4sel2Lsg7BDz1Tc3hCoBrgz+bM
 Hrl3ulmnZvCL1J+UzKkAsRDH5dAMWo4P55edqQ==
X-Google-Smtp-Source: AGHT+IH2uHf5PjJFoodSfpVpfcV31ObJTIt+Il8PgTG7RPv8wWTxg8niRKDkXoaeFG4dRMEG154EPQ==
X-Received: by 2002:a05:6a21:670b:b0:1e1:dbfd:582b with SMTP id
 adf61e73a8af0-1ed7a4dafd0mr20406091637.15.1738358392489; 
 Fri, 31 Jan 2025 13:19:52 -0800 (PST)
Received: from localhost.localdomain (utm3.nitt.edu. [14.139.162.2])
 by smtp.gmail.com with ESMTPSA id
 d2e1a72fcca58-72fe64275c4sm3924008b3a.61.2025.01.31.13.19.49
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Fri, 31 Jan 2025 13:19:52 -0800 (PST)
From: 45mg <45mg.writes@HIDDEN>
To: 75981 <at> debbugs.gnu.org
Subject: [PATCH (WIP) v1 2/4] Add 'guix fork authenticate'.
Date: Sat,  1 Feb 2025 02:48:45 +0530
Message-ID: <97662f19dd262168c9d8c5d76bc4bfee20d9695a.1738357415.git.45mg.writes@HIDDEN>
X-Mailer: git-send-email 2.48.1
In-Reply-To: <cover.1738357415.git.45mg.writes@HIDDEN>
References: <cover.1738357415.git.45mg.writes@HIDDEN>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-Spam-Score: 0.0 (/)
X-Debbugs-Envelope-To: 75981
Cc: Nicolas Graves <ngraves@HIDDEN>, Tomas Volf <~@wolfsden.cz>,
 45mg <45mg.writes@HIDDEN>,
 Liliana Marie Prikler <liliana.prikler@HIDDEN>,
 Ricardo Wurmus <rekado@HIDDEN>, Attila Lendvai <attila@HIDDEN>
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -1.0 (-)

* guix/scripts/fork/authenticate.scm: New file.
* Makefile.am (MODULES): Add the new file.
* guix/scripts/fork.scm
(show-help): Mention new command.
(%sub-commands): Add new command.

Change-Id: Ic34a1b3d1642cedce8d1ff5bae825df30e47755c
---
 Makefile.am                        |   1 +
 guix/scripts/fork.scm              |   6 +-
 guix/scripts/fork/authenticate.scm | 331 +++++++++++++++++++++++++++++
 3 files changed, 336 insertions(+), 2 deletions(-)
 create mode 100644 guix/scripts/fork/authenticate.scm

diff --git a/Makefile.am b/Makefile.am
index c628450a5a..1c1f5d84fd 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -379,6 +379,7 @@ MODULES =					\
   guix/scripts/git/authenticate.scm		\
   guix/scripts/fork.scm			\
   guix/scripts/fork/create.scm			\
+  guix/scripts/fork/authenticate.scm			\
   guix/scripts/graph.scm			\
   guix/scripts/weather.scm			\
   guix/scripts/container.scm			\
diff --git a/guix/scripts/fork.scm b/guix/scripts/fork.scm
index 2d97bcb93f..c5c7a59ba7 100644
--- a/guix/scripts/fork.scm
+++ b/guix/scripts/fork.scm
@@ -29,7 +29,9 @@ (define (show-help)
   (display (G_ "The valid values for ACTION are:\n"))
   (newline)
   (display (G_ "\
-   create    set up a fork of Guix\n"))
+   create          set up a fork of Guix\n"))
+  (display (G_ "\
+   authenticate    authenticate a fork of Guix\n"))
   (newline)
   (display (G_ "
   -h, --help             display this help and exit"))
@@ -38,7 +40,7 @@ (define (show-help)
   (newline)
   (show-bug-report-information))
 
-(define %sub-commands '("create"))
+(define %sub-commands '("create" "authenticate"))
 
 (define (resolve-sub-command name)
   (let ((module (resolve-interface
diff --git a/guix/scripts/fork/authenticate.scm b/guix/scripts/fork/authenticate.scm
new file mode 100644
index 0000000000..83d9d87d44
--- /dev/null
+++ b/guix/scripts/fork/authenticate.scm
@@ -0,0 +1,331 @@
+;;; GNU Guix --- Functional package management for GNU
+;;; Copyright © 2025 45mg <45mg.writes@HIDDEN>
+;;;
+;;; This file is part of GNU Guix.
+;;;
+;;; GNU Guix is free software; you can redistribute it and/or modify it
+;;; under the terms of the GNU General Public License as published by
+;;; the Free Software Foundation; either version 3 of the License, or (at
+;;; your option) any later version.
+;;;
+;;; GNU Guix is distributed in the hope that it will be useful, but
+;;; WITHOUT ANY WARRANTY; without even the implied warranty of
+;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+;;; GNU General Public License for more details.
+;;;
+;;; You should have received a copy of the GNU General Public License
+;;; along with GNU Guix.  If not, see <http://www.gnu.org/licenses/>.
+
+(define-module (guix scripts fork authenticate)
+  #:use-module (git)
+  #:use-module (guix git)
+  #:use-module (guix git-authenticate)
+  #:use-module (guix base16)
+  #:use-module (guix ui)
+  #:use-module (guix progress)
+  #:use-module (guix scripts)
+  #:use-module (guix build utils)
+  #:use-module (guix channels)
+  #:use-module (ice-9 exceptions)
+  #:use-module (ice-9 match)
+  #:use-module (ice-9 receive)
+  #:use-module (ice-9 popen)
+  #:use-module (ice-9 format)
+  #:use-module (ice-9 pretty-print)
+  #:use-module (ice-9 string-fun)
+  #:use-module (ice-9 textual-ports)
+  #:use-module (srfi srfi-1)
+  #:use-module (srfi srfi-13)
+  #:use-module (srfi srfi-26)
+  #:use-module (srfi srfi-37)
+  #:use-module (srfi srfi-71)
+  #:export (guix-fork-authenticate
+
+            fork-config-value
+            fork-configured?
+            fork-configured-keyring-reference
+            fork-configured-introduction))
+
+;;; Commentary:
+;;;
+;;; Authenticate a fork of Guix, in the same manner as `guix git
+;;; authenticate`.
+;;;
+;;; Code:
+
+(define %options
+  ;; Specifications of the command-line options.
+  (list (option '(#\h "help") #f #f
+                (lambda args
+                  (show-help)
+                  (exit 0)))
+        (option '(#\V "version") #f #f
+                (lambda args
+                  (show-version-and-exit "guix fork authenticate")))
+
+        (option '(#\r "repository") #t #f
+                (lambda (opt name arg result)
+                  (alist-cons 'directory arg result)))
+        (option '("upstream-commit") #f #f
+                (lambda (opt name arg result)
+                  (alist-cons 'upstream-commit (string->oid arg) result)))
+        (option '("upstream-signer") #f #f
+                (lambda (opt name arg result)
+                  (alist-cons 'upstream-signer (openpgp-fingerprint* arg) result)))
+
+        (option '(#\e "end") #t #f
+                (lambda (opt name arg result)
+                  (alist-cons 'end-commit (string->oid arg) result)))
+        (option '("upstream-end") #t #f
+                (lambda (opt name arg result)
+                  (alist-cons 'upstream-end-commit (string->oid arg) result)))
+        (option '(#\k "keyring") #t #f
+                (lambda (opt name arg result)
+                  (alist-cons 'keyring-reference arg result)))
+        (option '("upstream-keyring") #t #f
+                (lambda (opt name arg result)
+                  (alist-cons 'upstream-keyring arg result)))
+        (option '("cache-key") #t #f
+                (lambda (opt name arg result)
+                  (alist-cons 'cache-key arg result)))
+        (option '("historical-authorizations") #t #f
+                (lambda (opt name arg result)
+                  (alist-cons 'historical-authorizations arg
+                              result)))
+        (option '("stats") #f #f
+                (lambda (opt name arg result)
+                  (alist-cons 'show-stats? #t result)))))
+
+(define %default-options
+  (let ((introduction (channel-introduction %default-guix-channel)))
+    `((upstream-commit
+       . ,(string->oid (channel-introduction-first-signed-commit introduction)))
+      (upstream-signer
+       . ,(openpgp-fingerprint
+           (string-upcase
+            (bytevector->base16-string
+             (channel-introduction-first-commit-signer introduction)))))
+      (upstream-keyring
+       . "keyring"))))
+
+(define %usage
+  (format #f (G_ "Usage: guix fork authenticate UPSTREAM COMMIT SIGNER [OPTIONS...]
+Authenticate a fork of Guix, using COMMIT/SIGNER as the fork introduction.
+
+First, authenticate new commits from UPSTREAM, using Guix's default
+introduction. Then authenticate the remaining commits using the fork
+introduction.
+
+  -r, --repository=DIRECTORY
+                         Authenticate the Git repository in DIRECTORY
+
+      --upstream-commit=COMMIT
+      --upstream-signer=SIGNER
+                         Use COMMIT/SIGNER as the introduction for upstream
+                         Guix, overriding the default values
+                         ~a
+                        /~a
+                         (Guix's default introduction).
+
+  -k, --keyring=REFERENCE
+                         load keyring for fork commits from REFERENCE, a Git
+                         branch (default \"keyring\")
+      --upstream-keyring=REFERENCE
+                         load keyring for upstream commits from REFERENCE, a
+                         Git branch (default \"keyring\")
+      --end=COMMIT       authenticate fork commits up to COMMIT
+      --cache-key=KEY    cache authenticated commits under KEY
+      --historical-authorizations=FILE
+                         read historical authorizations from FILE
+      --stats            Display commit signing statistics upon completion
+
+  -h, --help             display this help and exit
+  -V, --version          display version information and exit
+")
+          (assoc-ref %default-options 'upstream-commit)
+          (assoc-ref %default-options 'upstream-signer)))
+
+(define (show-help)
+  (display %usage)
+  (newline)
+  (show-bug-report-information))
+
+(define (missing-arguments)
+  (leave (G_ "wrong number of arguments; \
+required UPSTREAM, COMMIT and SIGNER~%")))
+
+
+;;;
+;;; Helper prodecures.
+;;;
+
+(define (fork-config-value repository key)
+  "Return the config value associated with KEY in the
+'guix.fork-authentication' namespace in REPOSITORY, or #f if no such config
+was found."
+  (let* ((config (repository-config repository))
+         (branch (repository-current-branch repository)))
+    (catch 'git-error
+      (lambda ()
+        (config-entry-value
+         (config-get-entry config
+                           (string-append "guix.fork-authentication."
+                                          key))))
+      (const #f))))
+
+(define (fork-configured-introduction repository)
+  "Return three values: the upstream branch name, introductory commit, and
+signer fingerprint (strings) for this fork, as configured in REPOSITORY.
+Error out if any were missing."
+  (let* ((upstream-branch (fork-config-value repository "upstream-branch"))
+         (commit (fork-config-value repository "introduction-commit"))
+         (signer (fork-config-value repository "introduction-signer")))
+    (unless (and upstream-branch commit signer)
+      (leave (G_ "fork information in .git/config is incomplete;
+missing at least one of
+introduction-commit, introduction-signer, upstream-branch
+under [guix \"fork-authentication\"]")))
+    (values upstream-branch commit signer)))
+
+(define (fork-configured-keyring-reference repository)
+  "Return the keyring reference configured in REPOSITORY or #f if missing."
+  (fork-config-value repository "keyring"))
+
+(define (fork-configured? repository)
+  "Return true if REPOSITORY already contains fork introduction info in its
+'config' file."
+  (and (fork-config-value repository "upstream-branch")
+       (fork-config-value repository "introduction-commit")
+       (fork-config-value repository "introduction-signer")))
+
+(define* (record-fork-configuration
+          repository
+          #:key commit signer upstream-branch keyring-reference)
+  "Record COMMIT, SIGNER, UPSTREAM-BRANCH and KEYRING-REFERENCE in the
+'config' file of REPOSITORY."
+  (define config
+    (repository-config repository))
+
+  ;; Guile-Git < 0.7.0 lacks 'set-config-string'.
+  (if (module-defined? (resolve-interface '(git)) 'set-config-string)
+      (begin
+        (set-config-string config "guix.fork-authentication.introduction-commit"
+                           commit)
+        (set-config-string config "guix.fork-authentication.introduction-signer"
+                           signer)
+        (set-config-string config "guix.fork-authentication.upstream-branch"
+                           upstream-branch)
+        (set-config-string config "guix.fork-authentication.keyring"
+                           keyring-reference)
+        (info (G_ "introduction, upstream branch and keyring recorded \
+in repository configuration file~%")))
+      (warning (G_ "could not record introduction and keyring configuration\
+ (Guile-Git too old?)~%"))))
+
+
+(define (guix-fork-authenticate . args)
+  (define options
+    (parse-command-line args %options (list %default-options)
+                        #:build-options? #f))
+
+  (define (command-line-arguments lst)
+    (reverse (filter-map (match-lambda
+                           (('argument . arg) arg)
+                           (_ #f))
+                         lst)))
+
+  (define (make-reporter start-commit end-commit commits)
+    (format (current-error-port)
+            (G_ "Authenticating commits ~a to ~a (~h new \
+commits)...~%")
+            (commit-short-id start-commit)
+            (commit-short-id end-commit)
+            (length commits))
+    (if (isatty? (current-error-port))
+        (progress-reporter/bar (length commits))
+        progress-reporter/silent))
+
+  (with-error-handling
+    (with-git-error-handling
+     ;; TODO: BUG: it doesn't recognize '~' in paths
+     ;; How to do 'realpath' in Guile?
+     (let* ((repository (repository-open (or (assoc-ref options 'directory)
+                                             (repository-discover "."))))
+            (upstream commit signer (match (command-line-arguments options)
+                                      ((upstream commit signer)
+                                       (values
+                                        (branch-lookup repository upstream)
+                                        (string->oid commit)
+                                        (openpgp-fingerprint* signer)))
+                                      (()
+                                       (receive (upstream commit signer)
+                                           (fork-configured-introduction repository)
+                                         (values
+                                          (branch-lookup repository upstream)
+                                          (string->oid commit)
+                                          (openpgp-fingerprint* signer))))
+                                      (_
+                                       (missing-arguments))))
+            (upstream-commit (assoc-ref options 'upstream-commit))
+            (upstream-signer (assoc-ref options 'upstream-signer))
+            (history (match (assoc-ref options 'historical-authorizations)
+                       (#f '())
+                       (file (call-with-input-file file
+                               read-authorizations))))
+            (keyring (or (assoc-ref options 'keyring-reference)
+                         (fork-configured-keyring-reference repository)
+                         "keyring"))
+            (upstream-keyring (assoc-ref options 'upstream-keyring))
+            (end (match (assoc-ref options 'end-commit)
+                   (#f  (reference-target
+                         (repository-head repository)))
+                   (oid oid)))
+            (upstream-end (match (assoc-ref options 'upstream-end-commit)
+                            (#f
+                             (reference-target upstream))
+                            (oid oid)))
+            (cache-key (or (assoc-ref options 'cache-key)
+                           (repository-cache-key repository)))
+            (show-stats? (assoc-ref options 'show-stats?)))
+
+       (define upstream-authentication-args
+         (filter identity
+                 (list
+                  (oid->string upstream-commit)
+                  (bytevector->base16-string upstream-signer)
+                  (string-append "--repository="
+                                 (repository-directory repository))
+                  (string-append "--end="
+                                 (oid->string upstream-end))
+                  (and upstream-keyring
+                       (string-append "--keyring="
+                                      upstream-keyring))
+                  (and show-stats? "--stats"))))
+
+       (info (G_ "calling `guix git authenticate` for branch ~a...~%")
+             (branch-name upstream))
+
+       (apply run-guix-command 'git "authenticate"
+              upstream-authentication-args)
+
+       (define fork-stats
+         (authenticate-repository
+          repository commit signer
+          #:end end
+          #:keyring-reference keyring
+          #:historical-authorizations history
+          #:cache-key cache-key
+          #:make-reporter make-reporter))
+
+       (unless (fork-configured? repository)
+         (record-fork-configuration repository
+                               #:commit (oid->string commit)
+                               #:signer (bytevector->base16-string signer)
+                               #:upstream-branch (branch-name upstream)
+                               #:keyring-reference keyring))
+
+       (when (and show-stats? (not (null? fork-stats)))
+         (show-authentication-stats fork-stats))
+
+       (info (G_ "successfully authenticated commit ~a~%")
+             (oid->string end))))))
-- 
2.48.1





Information forwarded to guix-patches@HIDDEN:
bug#75981; Package guix-patches. Full text available.

Message received at 75981 <at> debbugs.gnu.org:


Received: (at 75981) by debbugs.gnu.org; 31 Jan 2025 21:19:57 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Fri Jan 31 16:19:57 2025
Received: from localhost ([127.0.0.1]:54945 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1tdyQd-0005jT-AO
	for submit <at> debbugs.gnu.org; Fri, 31 Jan 2025 16:19:56 -0500
Received: from mail-pl1-x642.google.com ([2607:f8b0:4864:20::642]:49434)
 by debbugs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)
 (Exim 4.84_2) (envelope-from <45mg.writes@HIDDEN>)
 id 1tdyQU-0005iu-HS
 for 75981 <at> debbugs.gnu.org; Fri, 31 Jan 2025 16:19:48 -0500
Received: by mail-pl1-x642.google.com with SMTP id
 d9443c01a7336-2166f1e589cso61998635ad.3
 for <75981 <at> debbugs.gnu.org>; Fri, 31 Jan 2025 13:19:46 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=gmail.com; s=20230601; t=1738358380; x=1738963180; darn=debbugs.gnu.org;
 h=content-transfer-encoding:mime-version:references:in-reply-to
 :message-id:date:subject:cc:to:from:from:to:cc:subject:date
 :message-id:reply-to;
 bh=8Qcfzz6WaLO9QLkrmpAvxsmLkRJTSrWMDKbZ/+TnOvc=;
 b=PaSP6/kCIzounG1PmRU/tWofxWsgeqGUUXE1B2VNXPORa04ArwzZ7FmFlEp/leJ01m
 MuZ0XdU571pFYBVOv3Yw4iRsxGoxdMI9H5KTsyZ0xWSXn+txJ/VrZWS72i7PbyMW3aXj
 4oY+QhscyicR1hBVyHcmWh6gCjk/gndHcH7U9vIm0wgcBHTlQKwiH87+U7PAks/8bsaW
 e5e5o3NTJPwu0p+qYwgic5iNGHEnzJQfrFCLCYXiDeoCPQojewZnQav+8wPaZTiA7ntH
 MlrlEzgZeNkjTi6do2361fPkcPnI0Yj20Rcj8HxPrjuHusskpAGZsryCu38y2lUM0e/1
 BZSA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20230601; t=1738358380; x=1738963180;
 h=content-transfer-encoding:mime-version:references:in-reply-to
 :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc
 :subject:date:message-id:reply-to;
 bh=8Qcfzz6WaLO9QLkrmpAvxsmLkRJTSrWMDKbZ/+TnOvc=;
 b=r/R+YfC/wC+WL6S+fv/WJWE7bRQ9l4hmkdTOuvr8ZPgm3WbJ823HT7cFZOtyaqxZE9
 56nQzBDbVj2zD5cvf7a0u8wOizQJgnhfZIW/dQBmYWjCXBo7yzGixnxJ4RUtLeNEPTt4
 qMx1XXN8hZPVgY3NuCw+zqVJAxO+qa0331q5d5TG/ospuA0x43B3nez6q7ixei8V/I1f
 HvWrZM77AoTaJyUFz8JRc4eZzM0N/ziaONz3RsM6hP6zPIgC8xn/ns2mkFSvN1AorSy0
 YDMHRWlLhowSfR03zePJZ7q7CLIVpIXif83A6GuHcT4rw3k6p0CGZ212VFNn5Eii0Wbj
 T52Q==
X-Gm-Message-State: AOJu0Yz19tA4FoCGpMTidTEnIy7k7Bzm3zPGkIsRsBH4PskFw2tqHMsn
 U5bV4se8TKzjxYp+46kiAbr0djc+PzM7unjHHo6c3y5WMY4dW/9TzuGbDR9y
X-Gm-Gg: ASbGncsawGnTOOPyaVMVs+VuIRPK/XU6imH7wd+2dQVbyvDnN4X298nTT8QrXt7yWJ6
 SCX7Veg6gFnlOBIruLAjzBiRYRllifax3Pfjrwf2teRrqtaYV+6pFbUyWKiNOoX5ZX8m0c/9p/5
 usxxtoyFpZoehg0XicJYId05IYUqHIDMbnkeXOenG4R6UHEz80PRdHeF7HrcRw2vh95GM6pXZCg
 iOVUetGL03FAo76XnyYZQm6Ehh7QtI7UIRiADxU0s8PDKk39S3dK6RFzFAbsbIzJIV/mqH9cGTc
 dLgPCAJZxd2DU4Iep3G44p5BZ4fb9yVo5qrwBQ==
X-Google-Smtp-Source: AGHT+IFNyH2mrVud6EfDqapYhA/0wbOGhaCg5lWXJSbIQwOZvMADNKjWNsOrxYmBxBybvr6PfESCGg==
X-Received: by 2002:a05:6a00:4acc:b0:72a:8cc8:34aa with SMTP id
 d2e1a72fcca58-72fd097948emr19238636b3a.0.1738358379320; 
 Fri, 31 Jan 2025 13:19:39 -0800 (PST)
Received: from localhost.localdomain (utm3.nitt.edu. [14.139.162.2])
 by smtp.gmail.com with ESMTPSA id
 d2e1a72fcca58-72fe64275c4sm3924008b3a.61.2025.01.31.13.19.36
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Fri, 31 Jan 2025 13:19:39 -0800 (PST)
From: 45mg <45mg.writes@HIDDEN>
To: 75981 <at> debbugs.gnu.org
Subject: [PATCH (WIP) v1 1/4] Add 'guix fork create'.
Date: Sat,  1 Feb 2025 02:48:44 +0530
Message-ID: <2a950d7e5c42768724d1c8fe3bcea3ff54fb81bd.1738357415.git.45mg.writes@HIDDEN>
X-Mailer: git-send-email 2.48.1
In-Reply-To: <cover.1738357415.git.45mg.writes@HIDDEN>
References: <cover.1738357415.git.45mg.writes@HIDDEN>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-Spam-Score: 0.0 (/)
X-Debbugs-Envelope-To: 75981
Cc: Nicolas Graves <ngraves@HIDDEN>, Tomas Volf <~@wolfsden.cz>,
 45mg <45mg.writes@HIDDEN>,
 Liliana Marie Prikler <liliana.prikler@HIDDEN>,
 Ricardo Wurmus <rekado@HIDDEN>, Attila Lendvai <attila@HIDDEN>
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -1.0 (-)

* guix/scripts/fork.scm, guix/scripts/fork/create.scm: New files.
* Makefile.am (MODULES): Add the new files.
* guix/build/utils.scm (invoke/stdout): New procedure.
* guix/utils.scm (chain-cut): New procedure.
* guix/scripts/git/authenticate.scm
(commit-short-id): Remove procedure, and use its existing duplicate in
guix/channels.scm.
(openpgp-fingerprint*, current-branch, show-stats): Move procedures to
the files below.
* guix/channels.scm (openpgp-fingerprint*): Moved here.
* guix/git.scm (repository-current-branch): Moved here and renamed from
'current-branch'.
* guix/git-authenticate.scm (show-authentication-stats): Moved here and
renamed from 'show-stats'.

Change-Id: I45ba37f434e136f6d496c741d9a933280f9ccf88
---
 Makefile.am                       |   2 +
 guix/build/utils.scm              |  20 +++
 guix/channels.scm                 |  13 ++
 guix/git-authenticate.scm         |  17 ++
 guix/git.scm                      |  10 ++
 guix/scripts/fork.scm             |  67 ++++++++
 guix/scripts/fork/create.scm      | 257 ++++++++++++++++++++++++++++++
 guix/scripts/git/authenticate.scm |  45 +-----
 guix/utils.scm                    |  33 ++++
 9 files changed, 423 insertions(+), 41 deletions(-)
 create mode 100644 guix/scripts/fork.scm
 create mode 100644 guix/scripts/fork/create.scm

diff --git a/Makefile.am b/Makefile.am
index f759803b8b..c628450a5a 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -377,6 +377,8 @@ MODULES =					\
   guix/scripts/size.scm				\
   guix/scripts/git.scm				\
   guix/scripts/git/authenticate.scm		\
+  guix/scripts/fork.scm			\
+  guix/scripts/fork/create.scm			\
   guix/scripts/graph.scm			\
   guix/scripts/weather.scm			\
   guix/scripts/container.scm			\
diff --git a/guix/build/utils.scm b/guix/build/utils.scm
index 94714bf397..e8bd39f5de 100644
--- a/guix/build/utils.scm
+++ b/guix/build/utils.scm
@@ -10,6 +10,8 @@
 ;;; Copyright © 2021, 2022 Maxime Devos <maximedevos@HIDDEN>
 ;;; Copyright © 2021 Brendan Tildesley <mail@HIDDEN>
 ;;; Copyright © 2023 Carlo Zancanaro <carlo@HIDDEN>
+;;; Copyright © 2025 Tomas Volf <~@wolfsden.cz>
+;;; Copyright © 2025 45mg <45mg.writes@HIDDEN>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -39,6 +41,7 @@ (define-module (guix build utils)
   #:use-module (ice-9 rdelim)
   #:use-module (ice-9 format)
   #:use-module (ice-9 threads)
+  #:use-module (ice-9 popen)
   #:use-module (rnrs bytevectors)
   #:use-module (rnrs io ports)
   #:re-export (alist-cons
@@ -128,6 +131,7 @@ (define-module (guix build utils)
             report-invoke-error
 
             invoke/quiet
+            invoke/stdout
 
             make-desktop-entry-file
 
@@ -889,6 +893,22 @@ (define (invoke/quiet program . args)
         (line
          (loop (cons line lines)))))))
 
+(define (invoke/stdout program . args)
+  "Invoke PROGRAM with ARGS and capture PROGRAM's standard output.  If PROGRAM
+succeeds, return its standard output as a string.  Otherwise, raise an
+'&invoke-error' condition."
+  (let* ((port (apply open-pipe* OPEN_READ program args))
+         (data (get-string-all port))
+         (code (close-pipe port)))
+    (unless (zero? code)
+      (raise (condition (&invoke-error
+                         (program program)
+                         (arguments args)
+                         (exit-status (status:exit-val code))
+                         (term-signal (status:term-sig code))
+                         (stop-signal (status:stop-sig code))))))
+    data))
+
 
 ;;;
 ;;; Text substitution (aka. sed).
diff --git a/guix/channels.scm b/guix/channels.scm
index 4700f7a45d..6ca8e64881 100644
--- a/guix/channels.scm
+++ b/guix/channels.scm
@@ -47,6 +47,7 @@ (define-module (guix channels)
   #:use-module (guix packages)
   #:use-module (guix progress)
   #:use-module (guix derivations)
+  #:autoload   (rnrs bytevectors) (bytevector-length)
   #:use-module (guix diagnostics)
   #:use-module (guix sets)
   #:use-module (guix store)
@@ -81,6 +82,7 @@ (define-module (guix channels)
 
             openpgp-fingerprint->bytevector
             openpgp-fingerprint
+            openpgp-fingerprint*
 
             %default-guix-channel
             %default-channels
@@ -171,6 +173,17 @@ (define-syntax openpgp-fingerprint
       ((_ str)
        #'(openpgp-fingerprint->bytevector str)))))
 
+(define (openpgp-fingerprint* str)
+  "Like openpgp-fingerprint, but with error handling from (guix diagnostics)."
+    (unless (string-every (char-set-union char-set:hex-digit
+                                          char-set:whitespace)
+                          str)
+      (leave (G_ "~a: invalid OpenPGP fingerprint~%") str))
+    (let ((fingerprint (openpgp-fingerprint str)))
+      (unless (= 20 (bytevector-length fingerprint))
+        (leave (G_ "~a: wrong length for OpenPGP fingerprint~%") str))
+      fingerprint))
+
 (define %guix-channel-introduction
   ;; Introduction of the official 'guix channel.  The chosen commit is the
   ;; first one that introduces '.guix-authorizations' on the 'staging'
diff --git a/guix/git-authenticate.scm b/guix/git-authenticate.scm
index 37c69d0880..8bc7fb6fb3 100644
--- a/guix/git-authenticate.scm
+++ b/guix/git-authenticate.scm
@@ -40,6 +40,7 @@ (define-module (guix git-authenticate)
   #:use-module (rnrs bytevectors)
   #:use-module (rnrs io ports)
   #:use-module (ice-9 match)
+  #:use-module (ice-9 format)
   #:autoload   (ice-9 pretty-print) (pretty-print)
   #:export (read-authorizations
             commit-signing-key
@@ -52,6 +53,7 @@ (define-module (guix git-authenticate)
 
             repository-cache-key
             authenticate-repository
+            show-authentication-stats
 
             git-authentication-error?
             git-authentication-error-commit
@@ -449,3 +451,18 @@ (define* (authenticate-repository repository start signer
                                       (oid->string (commit-id end-commit)))
 
           stats))))
+
+(define (show-authentication-stats stats)
+  "Display STATS, an alist containing commit signing stats as returned by
+'authenticate-repository'."
+  (format #t (G_ "Signing statistics:~%"))
+  (for-each (match-lambda
+              ((signer . count)
+               (format #t "  ~a ~10d~%"
+                       (openpgp-format-fingerprint
+                        (openpgp-public-key-fingerprint signer))
+                       count)))
+            (sort stats
+                  (match-lambda*
+                    (((_ . count1) (_ . count2))
+                     (> count1 count2))))))
diff --git a/guix/git.scm b/guix/git.scm
index 6ac6e4e3a2..afeacb53aa 100644
--- a/guix/git.scm
+++ b/guix/git.scm
@@ -59,6 +59,7 @@ (define-module (guix git)
             with-git-error-handling
             false-if-git-not-found
             repository-info
+            repository-current-branch
             update-cached-checkout
             url+commit->name
             latest-repository-commit
@@ -401,6 +402,15 @@ (define (repository-info directory)
     (lambda _
       (values #f #f #f))))
 
+(define (repository-current-branch repository)
+  "Return the name of the checked out branch of REPOSITORY or #f if it could
+not be determined."
+  (and (not (repository-head-detached? repository))
+       (let* ((head (repository-head repository))
+              (name (reference-name head)))
+         (and (string-prefix? "refs/heads/" name)
+              (string-drop name (string-length "refs/heads/"))))))
+
 (define* (update-submodules repository
                             #:key (log-port (current-error-port))
                             (fetch-options #f))
diff --git a/guix/scripts/fork.scm b/guix/scripts/fork.scm
new file mode 100644
index 0000000000..2d97bcb93f
--- /dev/null
+++ b/guix/scripts/fork.scm
@@ -0,0 +1,67 @@
+;;; GNU Guix --- Functional package management for GNU
+;;; Copyright © 2025 45mg <45mg.writes@HIDDEN>
+;;;
+;;; This file is part of GNU Guix.
+;;;
+;;; GNU Guix is free software; you can redistribute it and/or modify it
+;;; under the terms of the GNU General Public License as published by
+;;; the Free Software Foundation; either version 3 of the License, or (at
+;;; your option) any later version.
+;;;
+;;; GNU Guix is distributed in the hope that it will be useful, but
+;;; WITHOUT ANY WARRANTY; without even the implied warranty of
+;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+;;; GNU General Public License for more details.
+;;;
+;;; You should have received a copy of the GNU General Public License
+;;; along with GNU Guix.  If not, see <http://www.gnu.org/licenses/>.
+
+(define-module (guix scripts fork)
+  #:use-module (ice-9 match)
+  #:use-module (guix ui)
+  #:use-module (guix scripts)
+  #:export (guix-fork))
+
+(define (show-help)
+  (display (G_ "Usage: guix fork ACTION ARGS...
+Create and manage authenticated forks of Guix.\n"))
+  (newline)
+  (display (G_ "The valid values for ACTION are:\n"))
+  (newline)
+  (display (G_ "\
+   create    set up a fork of Guix\n"))
+  (newline)
+  (display (G_ "
+  -h, --help             display this help and exit"))
+  (display (G_ "
+  -V, --version          display version information and exit"))
+  (newline)
+  (show-bug-report-information))
+
+(define %sub-commands '("create"))
+
+(define (resolve-sub-command name)
+  (let ((module (resolve-interface
+                 `(guix scripts fork ,(string->symbol name))))
+        (proc (string->symbol (string-append "guix-fork-" name))))
+    (module-ref module proc)))
+
+(define-command (guix-fork . args)
+  (category plumbing)
+  (synopsis "operate on Guix forks")
+
+  (with-error-handling
+    (match args
+      (()
+       (format (current-error-port)
+               (G_ "guix fork: missing sub-command~%")))
+      ((or ("-h") ("--help"))
+       (leave-on-EPIPE (show-help))
+       (exit 0))
+      ((or ("-V") ("--version"))
+       (show-version-and-exit "guix fork"))
+      ((sub-command args ...)
+       (if (member sub-command %sub-commands)
+           (apply (resolve-sub-command sub-command) args)
+           (format (current-error-port)
+                   (G_ "guix fork: invalid sub-command~%")))))))
diff --git a/guix/scripts/fork/create.scm b/guix/scripts/fork/create.scm
new file mode 100644
index 0000000000..8b5555947b
--- /dev/null
+++ b/guix/scripts/fork/create.scm
@@ -0,0 +1,257 @@
+;;; GNU Guix --- Functional package management for GNU
+;;; Copyright © 2025 Tomas Volf <~@wolfsden.cz>
+;;; Copyright © 2025 45mg <45mg.writes@HIDDEN>
+;;;
+;;; This file is part of GNU Guix.
+;;;
+;;; GNU Guix is free software; you can redistribute it and/or modify it
+;;; under the terms of the GNU General Public License as published by
+;;; the Free Software Foundation; either version 3 of the License, or (at
+;;; your option) any later version.
+;;;
+;;; GNU Guix is distributed in the hope that it will be useful, but
+;;; WITHOUT ANY WARRANTY; without even the implied warranty of
+;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+;;; GNU General Public License for more details.
+;;;
+;;; You should have received a copy of the GNU General Public License
+;;; along with GNU Guix.  If not, see <http://www.gnu.org/licenses/>.
+
+(define-module (guix scripts fork create)
+  #:use-module (guix ui)
+  #:use-module (guix scripts)
+  #:use-module ((guix utils) #:select (chain-cut))
+  #:use-module (guix build utils)
+  #:use-module (guix channels)
+  #:use-module (ice-9 exceptions)
+  #:use-module (ice-9 match)
+  #:use-module (ice-9 popen)
+  #:use-module (ice-9 pretty-print)
+  #:use-module (ice-9 string-fun)
+  #:use-module (ice-9 textual-ports)
+  #:use-module (srfi srfi-1)
+  #:use-module (srfi srfi-13)
+  #:use-module (srfi srfi-26)
+  #:use-module (srfi srfi-37)
+  #:use-module (srfi srfi-71)
+  #:export (guix-fork-create))
+
+;;; Commentary:
+;;;
+;;; Create a fork of Guix, by running a series of git commands.
+;;;
+;;; Code:
+
+(define %options
+  ;; Specifications of the command-line options.
+  (list (option '(#\h "help") #f #f
+                (lambda args
+                  (show-help)
+                  (exit 0)))
+        (option '(#\V "version") #f #f
+                (lambda args
+                  (show-version-and-exit "guix fork create")))
+        (option '("upstream") #t #f
+                (lambda (opt name arg result)
+                  (alist-cons 'upstream arg result)))
+        (option '("channel-url") #t #f
+                (lambda (opt name arg result)
+                  (alist-cons 'channel-url arg result)))
+        (option '("use-existing") #f #f
+                (lambda (opt name arg result)
+                  (alist-cons 'use-existing? #t result)))
+        (option '("git-parameter") #t #f
+                (lambda (opt name arg result)
+                  (let ((git-parameters (assoc-ref result 'git-parameters)))
+                    (if git-parameters
+                        (alist-cons 'git-parameters (cons arg git-parameters) result)
+                        (alist-cons 'git-parameters (list arg) result)))))))
+
+(define %default-options
+  `((upstream . ,(channel-url %default-guix-channel))))
+
+(define %usage
+  (format #f (G_ "Usage: guix fork create SIGNING_KEY [DIRECTORY OPTIONS...]
+Create a fork of Guix in DIRECTORY, using SIGNING_KEY to sign the introductory
+commit.
+DIRECTORY defaults to ./guix.
+
+      --upstream=URI     the repository to clone from
+                         (defaults to ~a)
+      --channel-url=URI  optional URI, used to replace the channel URL
+                         and the existing 'origin' remote (which is
+                         renamed to 'upstream')
+      --use-existing     Use existing clone of Guix in DIRECTORY
+      --git-parameter PARAMETER
+                         Specify configuration PARAMETER for git, via
+                         '-c' option (can pass multiple times)
+
+  -h, --help             display this help and exit
+  -V, --version          display version information and exit
+")
+      (channel-url %default-guix-channel)))
+
+(define (show-help)
+  (display %usage)
+  (newline)
+  (show-bug-report-information))
+
+(define (missing-arguments)
+    (leave (G_ "wrong number of arguments; \
+required SIGNING_KEY~%")))
+
+
+;;;
+;;; Helper prodecures.
+;;;
+
+(define (fingerprint->key-file-name fingerprint)
+  (let* ((listing (invoke/stdout "gpg" "--list-key" "--with-colons" fingerprint))
+         (uid (chain-cut listing
+                           (string-split <> #\newline)
+                           (filter (cut string-prefix? "uid:" <>) <>)
+                           first
+                           (string-split <> #\:)
+                           tenth))
+         (email-name (string-delete
+                      (cut eq? <> #\.)
+                      (substring uid
+                                 (1+ (or (string-index-right uid #\<)
+                                         -1))  ;no name in uid
+                                 (string-index uid #\@))))
+         (key-id (chain-cut listing
+                      (string-split <> #\newline)
+                      (filter (cut string-prefix? "pub:" <>) <>)
+                      car
+                      (string-split <> #\:)
+                      fifth
+                      (string-take-right <> 8))))
+    (string-append email-name "-" key-id ".key")))
+
+(define (update-channel-url file channel-url)
+  "Modify .guix_channel FILE.
+Change the channel url to CHANNEL-URL."
+  (let ((channel-data (call-with-input-file file read)))
+    (assq-set! (cdr channel-data) 'url (list channel-url))
+    (call-with-output-file file
+      (lambda (file)
+        (display ";; This is a Guix channel.\n\n" file)
+        (pretty-print channel-data file)))))
+
+(define (rewrite-authorizations file name fingerprint)
+  "Rewrite .guix-authorizations FILE to contain a single authorization
+consisting of NAME and FINGERPRINT."
+  (let ((auth-data (call-with-input-file file read)))
+    (list-set! auth-data (1- (length auth-data))
+               `((,fingerprint (name ,name))))
+    (call-with-output-file file
+      (lambda (file)
+        (display ";; This file, which is best viewed as -*- Scheme -*-, lists the OpenPGP keys
+;; currently authorized to sign commits in this fork branch.
+
+" file)
+        (pretty-print auth-data file)))))
+
+
+;;;
+;;; Entry point.
+;;;
+
+(define (guix-fork-create . args)
+  (define options
+    (parse-command-line args %options (list %default-options)
+                        #:build-options? #f))
+
+  (define (command-line-arguments lst)
+    (reverse (filter-map (match-lambda
+                           (('argument . arg) arg)
+                           (_ #f))
+                         lst)))
+
+  (with-error-handling
+    (let* ((signing-key directory (match (command-line-arguments options)
+                                    ((signing-key directory)
+                                     (values signing-key directory))
+                                    ((signing-key)
+                                     (values signing-key "guix"))
+                                    (_ (missing-arguments))))
+           (upstream (assoc-ref options 'upstream))
+           (channel-url (assoc-ref options 'channel-url))
+           (use-existing? (assoc-ref options 'use-existing?))
+           (git-parameters (assoc-ref options 'git-parameters))
+           (git-c-options  ;'("-c" "param1" "-c" "param2" ...)
+            (let loop ((opts '()) (params git-parameters))
+              (if (or (not params) (null-list? params))
+                  opts
+                  (loop (append
+                         opts (list "-c" (first params)))
+                        (drop params 1)))))
+
+           (key-file-name (fingerprint->key-file-name signing-key))
+           (introduction-name (car (string-split key-file-name #\-)))
+
+           (upstream-branch-name "master"))
+
+      (define (invoke-git . args)
+        (apply invoke `("git" ,@git-c-options "-C" ,directory ,@args)))
+
+      (unless use-existing?
+        (info (G_ "Cloning from upstream ~a...~%") upstream)
+        (invoke "git" "clone" upstream directory))
+
+      (info (G_ "Authenticating upstream commits...~%"))
+
+      (when channel-url
+        (info (G_ "Renaming existing 'origin' remote to 'upstream'...~%"))
+        (invoke-git "remote" "rename" "origin" "upstream")
+        (info (G_ "Using provided channel URL for new 'origin' remote...~%"))
+        (invoke-git "remote" "add" "origin" channel-url))
+
+      (set! upstream-branch-name
+            (chain-cut
+             (invoke/stdout "git"
+                            "-C" directory
+                            "symbolic-ref"
+                            (string-append "refs/remotes/"
+                                           (if channel-url "upstream" "origin")
+                                           "/HEAD"))
+             string-trim-right
+             (string-split <> #\/)
+             last))
+
+      (info (G_ "Adding key to keyring branch...~%"))
+      (invoke-git "switch" "keyring")
+      (invoke "gpg"
+              "--armor" "--export"
+              "-o" (string-append directory "/" key-file-name)
+              signing-key)
+      (invoke-git "add" "--" key-file-name)
+      (invoke-git "commit" "-m" "Add key for fork introduction.")
+
+      (info (G_ "Setting up fork branch...~%"))
+      (invoke-git "switch" "--create" "fork" "master")
+      (when channel-url
+        (update-channel-url (string-append directory "/.guix-channel")
+                            channel-url))
+      (rewrite-authorizations (string-append directory "/.guix-authorizations")
+                              introduction-name signing-key)
+      (invoke-git "add" "--"
+                  (string-append directory "/.guix-authorizations")
+                  (string-append directory "/.guix-channel"))
+      (invoke-git "commit"
+                  (string-append "--gpg-sign=" signing-key)
+                  "-m"
+                  (string-append
+                   "Initial fork commit.\n\n"
+                   ".guix-authorizations: Allow only " introduction-name "'s key."
+                   (if channel-url
+                       "\n.guix-channels: Update channel URL."
+                       "")))
+
+      (info (G_ "Successfully created Guix fork in ~a.
+You should run the following command next:
+guix fork authenticate ~a ~a ~a~%")
+            directory
+            upstream-branch-name
+            (string-trim-right (invoke/stdout "git" "-C" directory "rev-parse" "HEAD"))
+            signing-key))))
diff --git a/guix/scripts/git/authenticate.scm b/guix/scripts/git/authenticate.scm
index e3ecb67c89..154aae9b14 100644
--- a/guix/scripts/git/authenticate.scm
+++ b/guix/scripts/git/authenticate.scm
@@ -23,8 +23,8 @@ (define-module (guix scripts git authenticate)
   #:use-module (guix git-authenticate)
   #:autoload   (guix openpgp) (openpgp-format-fingerprint
                                openpgp-public-key-fingerprint)
-  #:use-module ((guix channels) #:select (openpgp-fingerprint))
-  #:use-module ((guix git) #:select (with-git-error-handling))
+  #:use-module ((guix channels) #:select (openpgp-fingerprint*))
+  #:use-module ((guix git) #:select (with-git-error-handling commit-short-id repository-current-branch))
   #:use-module (guix progress)
   #:use-module (guix base64)
   #:autoload   (rnrs bytevectors) (bytevector-length)
@@ -76,15 +76,6 @@ (define %options
 (define %default-options
   '())
 
-(define (current-branch repository)
-  "Return the name of the checked out branch of REPOSITORY or #f if it could
-not be determined."
-  (and (not (repository-head-detached? repository))
-       (let* ((head (repository-head repository))
-              (name (reference-name head)))
-         (and (string-prefix? "refs/heads/" name)
-              (string-drop name (string-length "refs/heads/"))))))
-
 (define (config-value repository key)
   "Return the config value associated with KEY in the 'guix.authentication' or
 'guix.authentication-BRANCH' name space in REPOSITORY, or #f if no such config
@@ -94,7 +85,7 @@ (define (config-value repository key)
                   ((_ exp)
                    (catch 'git-error (lambda () exp) (const #f))))))
     (let* ((config (repository-config repository))
-           (branch (current-branch repository)))
+           (branch (repository-current-branch repository)))
       ;; First try the BRANCH-specific value, then the generic one.`
       (or (and branch
                (false-if-git-error
@@ -194,21 +185,6 @@ (define (install-hooks repository)
       (warning (G_ "cannot determine where to install hooks\
  (Guile-Git too old?)~%"))))
 
-(define (show-stats stats)
-  "Display STATS, an alist containing commit signing stats as returned by
-'authenticate-repository'."
-  (format #t (G_ "Signing statistics:~%"))
-  (for-each (match-lambda
-              ((signer . count)
-               (format #t "  ~a ~10d~%"
-                       (openpgp-format-fingerprint
-                        (openpgp-public-key-fingerprint signer))
-                       count)))
-            (sort stats
-                  (match-lambda*
-                    (((_ . count1) (_ . count2))
-                     (> count1 count2))))))
-
 (define (show-help)
   (display (G_ "Usage: guix git authenticate COMMIT SIGNER [OPTIONS...]
 Authenticate the given Git checkout using COMMIT/SIGNER as its introduction.\n"))
@@ -251,19 +227,6 @@ (define (guix-git-authenticate . args)
                            (_ #f))
                          lst)))
 
-  (define commit-short-id
-    (compose (cut string-take <> 7) oid->string commit-id))
-
-  (define (openpgp-fingerprint* str)
-    (unless (string-every (char-set-union char-set:hex-digit
-                                          char-set:whitespace)
-                          str)
-      (leave (G_ "~a: invalid OpenPGP fingerprint~%") str))
-    (let ((fingerprint (openpgp-fingerprint str)))
-      (unless (= 20 (bytevector-length fingerprint))
-        (leave (G_ "~a: wrong length for OpenPGP fingerprint~%") str))
-      fingerprint))
-
   (define (make-reporter start-commit end-commit commits)
     (format (current-error-port)
             (G_ "Authenticating commits ~a to ~a (~h new \
@@ -321,7 +284,7 @@ (define (guix-git-authenticate . args)
          (install-hooks repository))
 
        (when (and show-stats? (not (null? stats)))
-         (show-stats stats))
+         (show-authentication-stats stats))
 
        (info (G_ "successfully authenticated commit ~a~%")
              (oid->string end))))))
diff --git a/guix/utils.scm b/guix/utils.scm
index b6cf5aea4f..e07e89c321 100644
--- a/guix/utils.scm
+++ b/guix/utils.scm
@@ -21,6 +21,8 @@
 ;;; Copyright © 2023 Zheng Junjie <873216071@HIDDEN>
 ;;; Copyright © 2023 Foundation Devices, Inc. <hello@HIDDEN>
 ;;; Copyright © 2024 Herman Rimm <herman@HIDDEN>
+;;; Copyright © 2025 Tomas Volf <~@wolfsden.cz>
+;;; Copyright © 2025 45mg <45mg.writes@HIDDEN>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -163,6 +165,8 @@ (define-module (guix utils)
             call-with-compressed-output-port
             canonical-newline-port
 
+            chain-cut
+
             string-distance
             string-closest
 
@@ -1193,6 +1197,35 @@ (define-syntax current-source-directory
           ;; raising an error would upset Geiser users
           #f))))))
 
+
+;;;
+;;; Higher-order functions.
+;;;
+
+(define-syntax chain-cut
+  (lambda (x)
+    "Apply each successive form to the result of evaluating the previous one.
+Before applying, expand each form (op ...) to (cut op ...).
+
+Examples:
+
+    (chain-cut '(1 2 3) cdr car)
+ => (car (cdr '(1 2 3)))
+
+    (chain-cut 2 (- 3 <>) 1+)
+ => (1+ ((cut - 3 <>) 2))
+ => (1+ (- 3 2))
+"
+    (syntax-case x ()
+      ((chain-cut init op) (identifier? #'op)
+       #'(op init))
+      ((chain-cut init (op ...))
+       #'((cut op ...) init))
+      ((chain-cut init op op* ...) (identifier? #'op)
+       #'(chain-cut (op init) op* ...))
+      ((chain-cut init (op ...) op* ...)
+       #'(chain-cut ((cut op ...) init) op* ...)))))
+
 
 ;;;
 ;;; String comparison.
-- 
2.48.1





Information forwarded to guix-patches@HIDDEN:
bug#75981; Package guix-patches. Full text available.

Message received at submit <at> debbugs.gnu.org:


Received: (at submit) by debbugs.gnu.org; 31 Jan 2025 21:10:49 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Fri Jan 31 16:10:49 2025
Received: from localhost ([127.0.0.1]:54541 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1tdyHo-00055C-7G
	for submit <at> debbugs.gnu.org; Fri, 31 Jan 2025 16:10:48 -0500
Received: from lists.gnu.org ([2001:470:142::17]:56404)
 by debbugs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.84_2) (envelope-from <45mg.writes@HIDDEN>)
 id 1tdyHj-00054g-PM
 for submit <at> debbugs.gnu.org; Fri, 31 Jan 2025 16:10:46 -0500
Received: from eggs.gnu.org ([2001:470:142:3::10])
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <45mg.writes@HIDDEN>)
 id 1tdyHU-00080p-GJ
 for guix-patches@HIDDEN; Fri, 31 Jan 2025 16:10:29 -0500
Received: from mail-pj1-x1042.google.com ([2607:f8b0:4864:20::1042])
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)
 (Exim 4.90_1) (envelope-from <45mg.writes@HIDDEN>)
 id 1tdyHS-0008MU-8E
 for guix-patches@HIDDEN; Fri, 31 Jan 2025 16:10:28 -0500
Received: by mail-pj1-x1042.google.com with SMTP id
 98e67ed59e1d1-2ef87d24c2dso3337361a91.1
 for <guix-patches@HIDDEN>; Fri, 31 Jan 2025 13:10:25 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=gmail.com; s=20230601; t=1738357824; x=1738962624; darn=gnu.org;
 h=content-transfer-encoding:mime-version:message-id:date:subject:cc
 :to:from:from:to:cc:subject:date:message-id:reply-to;
 bh=6vbQZg9QxmIdkwbeWIk3TN/FYCiD4UOzCGk/rt5FNZQ=;
 b=OkLfhrha+DMI5oolDCGdyJ54I1XYuOyzYSz6lBV8H4AFH/8g+K1Iu4Ce0m8aq7s3uV
 U3iAaFPzHXwo9kBuDwvRoc07L/a1G2ueWYHDEzdF0yVEwrvCyzkE9ASf2OR0sbZj68Gf
 Z2N9B3DDSv4yb9z87psuwFpnOOdA9A4IGnJSSdI7kqBIKxRRNujCmPgeOtuUaCrEhgIk
 pE9l3V00e4wAJeCUGqb6xF+RDGv+ZylDLYdo+I/fJJSeWeYqDqmqxd1BufcNNI68BCuM
 GhPhKbknXn9HPgMl0Bk02rfVkJcZt+65XZMxn1UPzd79Pho7yRchdaaM4fYiZg5V5ZJ+
 d5lQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20230601; t=1738357824; x=1738962624;
 h=content-transfer-encoding:mime-version:message-id:date:subject:cc
 :to:from:x-gm-message-state:from:to:cc:subject:date:message-id
 :reply-to;
 bh=6vbQZg9QxmIdkwbeWIk3TN/FYCiD4UOzCGk/rt5FNZQ=;
 b=kJx/G2lUD61LImPWrBQ0rImb1Yrlke0+rvbkx28P6c1EbgbRvJ4oRTtt22auP4Y1bs
 StubOMb0HE1BbNmUd6S9bneAnooOaFX+B+zr7sNFPTkgQnAErUEiVIo8T4MMiy7ca5zX
 7EN80h1Ptt6EKWzcfHGGgITZvShKScy4UMfZvJkDF8gPw0J9ZNGAOhc3VKvStuKpnWZT
 LdcwRjRx8pdIgEt430YcjZSj4pb4Bz36mdJW8vjG6Vd57ECrpXZ2tSIIidzTCEtL1Bs9
 F3TYZhvD6PV8wOhmmihQah7RSFSbNrizbN6ks237jd+eH9ECVwXJU06nXsjhXmNEJxoC
 oaGA==
X-Gm-Message-State: AOJu0YzwgAOj4pDSUqwyjQEgoBLidhfYaVLuICaCn2w1ZzNPJx77EOwg
 v6IsBlOQzWZExmhmzniIN4KyM91W2wpjpyy1ZghvZXH9FYXFOmLmhJC/Mq5P
X-Gm-Gg: ASbGnct1ifyNoUp7R6T79f05dKGZTY1q4LHMwJ94+toV/BSzPV78ryYwTRnbTzSvk2C
 FDiGCfGFY67R78pK79M4BpvhTY3ckQpibKYgW85RYV5ARCxeVwPHCWkL5hNykyx78Fu6DSvqnOA
 cwx/JNY459pi/otHtLc35fLC3cul5LCXOmPcZEW8vlz+0edlwqBAXwMbgB4YY/xWRAMTZMRZmdp
 o2tQnZmGqlfKruftnmtWKbBU3/+uxlQPZPy9VS3DubGMA3J4ajya4Cr36C1OuDSkuyXvED4/Har
 4lwBCcLYPyjNTbnL1MY2V2VOQs6Q7QddGXEgow==
X-Google-Smtp-Source: AGHT+IHd0KjUaTjEscVIwWx3zAZjw6GmPD8Ukqs3CTLnfj7D1CJLN2tOgxlA8OyfoskEFkRWH8zlWA==
X-Received: by 2002:a17:90b:53c8:b0:2ee:c04a:4281 with SMTP id
 98e67ed59e1d1-2f83abb3525mr17134955a91.6.1738357824112; 
 Fri, 31 Jan 2025 13:10:24 -0800 (PST)
Received: from localhost.localdomain (utm3.nitt.edu. [14.139.162.2])
 by smtp.gmail.com with ESMTPSA id
 d9443c01a7336-21de31ef0d0sm34814905ad.25.2025.01.31.13.10.21
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Fri, 31 Jan 2025 13:10:23 -0800 (PST)
From: 45mg <45mg.writes@HIDDEN>
To: guix-patches@HIDDEN
Subject: [PATCH (WIP) v1 0/4] Add 'guix fork'.
Date: Sat,  1 Feb 2025 02:40:08 +0530
Message-ID: <cover.1738357415.git.45mg.writes@HIDDEN>
X-Mailer: git-send-email 2.48.1
MIME-Version: 1.0
X-Debbugs-Cc: Ludovic Courtès <ludo@HIDDEN>, Maxim Cournoyer <maxim.cournoyer@HIDDEN>
Content-Transfer-Encoding: 8bit
Received-SPF: pass client-ip=2607:f8b0:4864:20::1042;
 envelope-from=45mg.writes@HIDDEN; helo=mail-pj1-x1042.google.com
X-Spam_score_int: -20
X-Spam_score: -2.1
X-Spam_bar: --
X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1,
 DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001,
 RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001,
 SPF_PASS=-0.001 autolearn=ham autolearn_force=no
X-Spam_action: no action
X-Spam-Score: 1.0 (+)
X-Debbugs-Envelope-To: submit
Cc: Nicolas Graves <ngraves@HIDDEN>, Tomas Volf <~@wolfsden.cz>,
 45mg <45mg.writes@HIDDEN>,
 Liliana Marie Prikler <liliana.prikler@HIDDEN>,
 Ricardo Wurmus <rekado@HIDDEN>, Attila Lendvai <attila@HIDDEN>
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -0.0 (/)

Please ignore bugs #75973 and #75975. Those were both attempts to send this
patch series, but I sent the first one out before it was done and somehow
messed up the 'CC' and 'In-Reply-To' fields of the second. The best I can do
is close them and try again. Hopefully I'll get it right this time. (The 'v1'
in the subject line here is to differentiate this attempt from those ones.)

Hello Guix,

This patch series aims to enable and automate the creation and management of
authenticated local forks of Guix. The purpose of this work is to allow
contributors to use their own patches before they're applied to
upstream Guix, so that their own use of Guix is not hindered by the slow and
erratic pace of patch review.

This is a solution to bug #75552 [1], in whose discussion thread the design
was conceived and refined. Credit goes to Tomas for being the first person (to
my knowledge) to share their solution to this problem [2], which provided a
blueprint for 'guix fork create'; to Liliana for the idea behind the way 'guix
fork update' works [3]; and to Ricardo for the idea behind 'guix fork
identify' [4]. I've also CC'ed Attila and Nicolas since they replied in the
original thread (apologies in advance if I shouldn't have).

As I mentioned in the original thread [5], this solution aims to satisfy four
conditions which are not met by any existing method to my knowledge:

1. Allows authenticating both upstream and fork commits.
2. Does not require bumping the channel introduction (as distributing channel
introductions is sensitive)
3. Keeps fork history intact (to avoid force pulls).
4. Keeps upstream history intact (to avoid confusion).

Despite the '(WIP)' subject prefix, this patch series should be perfectly
usable in its current state. The easiest way to try it out would be as follows:

1. Apply it to your local clone of Guix (eg. in a branch) and build it.
2. 'cp -r' your local clone to another location.
3. Run the following command:
./pre-inst-env guix fork create <fingerprint-of-your-key> path/to/copy/of/local/clone --use-existing

Now you have the setup needed for an authenticated local fork. From here, you
can create and 'guix pull' (with authentication) from branches starting from
the initial fork commit. You can authenticate both fork and upstream using
'guix fork authenticate', even if the key used to create your fork is not
authorized upstream. You can update your fork with new commits from upstream
using 'guix fork update'.

The documentation (additions to doc/guix.texi and doc/contributing.texi)
should provide a proper overview of these commands and their usage. Easiest
way to view it could be to run 'make doc/guix.html' and then open it in a
browser.

The '(WIP)' subject prefix is there because the following things are yet to be
implemented:
1. The 'guix fork identify' command.
2. Tests, along the lines of tests/guix-git-authenticate.sh.

The code here adapts certain procedures from Tomas Volf's original 'fork-guix'
script [6]; namely: '-->', 'invoke/c', 'create-keyring-branch', 'git-C', and
'git-C/c'. That script is licensed under AGPL, so my understanding is that it,
or the procedures I used from it, would need to be relicensed under GPLv3 to
be included into Guix. Tomas - could you confirm here that you're willing to
do so, as we discussed earlier? (Note that I didn't ask you about the last two
of the five procedures above, since I hadn't used them yet at the time.)

Regards,
45mg

P.S It was helpfully explained to me [8] (in a reply to one of my previous
botched attempts to send this out) that since this patch series modifies (guix
build utils), it will result in almost every derivation changing and almost
everything needing to be rebuilt. I may send a v1.5 that moves those changes
elsewhere, so that it's feasible to 'guix pull' from a clone with this series
applied. Until then, you can test things via pre-inst-env.

[1] https://issues.guix.gnu.org/75552
[2] https://lists.gnu.org/archive/html/help-guix/2023-09/msg00078.html
[3] https://lists.nongnu.org/archive/html/bug-guix/2025-01/msg00139.html
[4] https://lists.nongnu.org/archive/html/bug-guix/2025-01/msg00130.html
[5] https://lists.nongnu.org/archive/html/bug-guix/2025-01/msg00135.html
[6] https://git.wolfsden.cz/guix/tree/etc/fork-guix
[7] https://ci.guix.gnu.org/eval/2036099
[8] https://lists.gnu.org/archive/html/guix-patches/2025-01/msg02844.html

45mg (4):
  Add 'guix fork create'.
  Add 'guix fork authenticate'.
  Add 'guix fork update'.
  Document 'guix fork'.

 Makefile.am                        |   4 +
 doc/contributing.texi              |  50 +++++
 doc/guix.texi                      | 150 +++++++++++++
 guix/build/utils.scm               |  20 ++
 guix/channels.scm                  |  13 ++
 guix/git-authenticate.scm          |  17 ++
 guix/git.scm                       |  10 +
 guix/scripts/fork.scm              |  71 +++++++
 guix/scripts/fork/authenticate.scm | 331 +++++++++++++++++++++++++++++
 guix/scripts/fork/create.scm       | 257 ++++++++++++++++++++++
 guix/scripts/fork/update.scm       | 181 ++++++++++++++++
 guix/scripts/git/authenticate.scm  |  45 +---
 guix/utils.scm                     |  33 +++
 13 files changed, 1141 insertions(+), 41 deletions(-)
 create mode 100644 guix/scripts/fork.scm
 create mode 100644 guix/scripts/fork/authenticate.scm
 create mode 100644 guix/scripts/fork/create.scm
 create mode 100644 guix/scripts/fork/update.scm


base-commit: b85d20e853192a92093cd8d6a5756ec80e94c658
-- 
2.48.1





Acknowledgement sent to 45mg <45mg.writes@HIDDEN>:
New bug report received and forwarded. Copy sent to ludo@HIDDEN, maxim.cournoyer@HIDDEN, guix-patches@HIDDEN. Full text available.
Report forwarded to ludo@HIDDEN, maxim.cournoyer@HIDDEN, guix-patches@HIDDEN:
bug#75981; Package guix-patches. Full text available.
Please note: This is a static page, with minimal formatting, updated once a day.
Click here to see this page with the latest information and nicer formatting.
Last modified: Fri, 7 Feb 2025 10:45:02 UTC

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997 nCipher Corporation Ltd, 1994-97 Ian Jackson.