From patchwork Fri Jan 31 21:18:44 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: 45mg <45mg.writes@gmail.com> X-Patchwork-Id: 38071 Return-Path: X-Original-To: patchwork@mira.cbaines.net Delivered-To: patchwork@mira.cbaines.net Received: by mira.cbaines.net (Postfix, from userid 113) id D931527BBE2; Fri, 31 Jan 2025 21:20:23 +0000 (GMT) X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on mira.cbaines.net X-Spam-Level: X-Spam-Status: No, score=-6.6 required=5.0 tests=BAYES_00,DKIM_ADSP_CUSTOM_MED, DKIM_SIGNED,DKIM_VALID,FREEMAIL_FROM,MAILING_LIST_MULTI, RCVD_IN_DNSWL_BLOCKED,RCVD_IN_VALIDITY_CERTIFIED,RCVD_IN_VALIDITY_RPBL, RCVD_IN_VALIDITY_SAFE,SPF_HELO_PASS,URIBL_BLOCKED autolearn=unavailable autolearn_force=no version=3.4.6 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mira.cbaines.net (Postfix) with ESMTPS id BD30F27BBEA for ; Fri, 31 Jan 2025 21:20:20 +0000 (GMT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1tdyQq-0007s4-8K; Fri, 31 Jan 2025 16:20:08 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1tdyQo-0007rW-6R for guix-patches@gnu.org; Fri, 31 Jan 2025 16:20:06 -0500 Received: from debbugs.gnu.org ([2001:470:142:5::43]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1tdyQk-0002QB-MX for guix-patches@gnu.org; Fri, 31 Jan 2025 16:20:05 -0500 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=debbugs.gnu.org; s=debbugs-gnu-org; h=MIME-Version:References:In-Reply-To:Date:From:To:Subject; bh=8Qcfzz6WaLO9QLkrmpAvxsmLkRJTSrWMDKbZ/+TnOvc=; b=nO/TaKbEy3Dubuqn/haXacUqJTtJiMimm3IbQON9YWdGnk+CsjLw1gUj/EUjM49cFrd4Uh6QiXAiMDiwU+QRco7D7VEYHGhPQ5DyNY8skav3S+QPz2Y0eQ5x52ht3FCLfFd1c7apjhBQqFDZ76qtpb2ZeJzUuxdzT3PmNbmSv4C00tJoTXzoFxjM5HwA/CKnu1glNSncW0HPMRepH2ABy6ftEQnbi/o5GO0QSQ2r2/52qp56fkL/90AUxX735go+wjxWcOEkb3CEXiPlfycLS5JfpY4Iv1nuMfOqgKzw6KfsFE2jTaE0P9PXXqImfxX2uXmUyWaqZX/+L+NHIZNiYw==; Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1tdyQk-0005k6-FR for guix-patches@gnu.org; Fri, 31 Jan 2025 16:20:02 -0500 X-Loop: help-debbugs@gnu.org Subject: [bug#75981] [PATCH (WIP) v1 1/4] Add 'guix fork create'. Resent-From: 45mg <45mg.writes@gmail.com> Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Fri, 31 Jan 2025 21:20:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 75981 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: 75981@debbugs.gnu.org Cc: Nicolas Graves , Tomas Volf <~@wolfsden.cz>, 45mg <45mg.writes@gmail.com>, Liliana Marie Prikler , Ricardo Wurmus , Attila Lendvai Received: via spool by 75981-submit@debbugs.gnu.org id=B75981.173835839722044 (code B ref 75981); Fri, 31 Jan 2025 21:20:02 +0000 Received: (at 75981) by debbugs.gnu.org; 31 Jan 2025 21:19:57 +0000 Received: from localhost ([127.0.0.1]:54945 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1tdyQd-0005jT-AO for submit@debbugs.gnu.org; Fri, 31 Jan 2025 16:19:56 -0500 Received: from mail-pl1-x642.google.com ([2607:f8b0:4864:20::642]:49434) by debbugs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.84_2) (envelope-from <45mg.writes@gmail.com>) id 1tdyQU-0005iu-HS for 75981@debbugs.gnu.org; Fri, 31 Jan 2025 16:19:48 -0500 Received: by mail-pl1-x642.google.com with SMTP id d9443c01a7336-2166f1e589cso61998635ad.3 for <75981@debbugs.gnu.org>; Fri, 31 Jan 2025 13:19:46 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1738358380; x=1738963180; darn=debbugs.gnu.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=8Qcfzz6WaLO9QLkrmpAvxsmLkRJTSrWMDKbZ/+TnOvc=; b=PaSP6/kCIzounG1PmRU/tWofxWsgeqGUUXE1B2VNXPORa04ArwzZ7FmFlEp/leJ01m MuZ0XdU571pFYBVOv3Yw4iRsxGoxdMI9H5KTsyZ0xWSXn+txJ/VrZWS72i7PbyMW3aXj 4oY+QhscyicR1hBVyHcmWh6gCjk/gndHcH7U9vIm0wgcBHTlQKwiH87+U7PAks/8bsaW e5e5o3NTJPwu0p+qYwgic5iNGHEnzJQfrFCLCYXiDeoCPQojewZnQav+8wPaZTiA7ntH MlrlEzgZeNkjTi6do2361fPkcPnI0Yj20Rcj8HxPrjuHusskpAGZsryCu38y2lUM0e/1 BZSA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1738358380; x=1738963180; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=8Qcfzz6WaLO9QLkrmpAvxsmLkRJTSrWMDKbZ/+TnOvc=; b=r/R+YfC/wC+WL6S+fv/WJWE7bRQ9l4hmkdTOuvr8ZPgm3WbJ823HT7cFZOtyaqxZE9 56nQzBDbVj2zD5cvf7a0u8wOizQJgnhfZIW/dQBmYWjCXBo7yzGixnxJ4RUtLeNEPTt4 qMx1XXN8hZPVgY3NuCw+zqVJAxO+qa0331q5d5TG/ospuA0x43B3nez6q7ixei8V/I1f HvWrZM77AoTaJyUFz8JRc4eZzM0N/ziaONz3RsM6hP6zPIgC8xn/ns2mkFSvN1AorSy0 YDMHRWlLhowSfR03zePJZ7q7CLIVpIXif83A6GuHcT4rw3k6p0CGZ212VFNn5Eii0Wbj T52Q== X-Gm-Message-State: AOJu0Yz19tA4FoCGpMTidTEnIy7k7Bzm3zPGkIsRsBH4PskFw2tqHMsn U5bV4se8TKzjxYp+46kiAbr0djc+PzM7unjHHo6c3y5WMY4dW/9TzuGbDR9y X-Gm-Gg: ASbGncsawGnTOOPyaVMVs+VuIRPK/XU6imH7wd+2dQVbyvDnN4X298nTT8QrXt7yWJ6 SCX7Veg6gFnlOBIruLAjzBiRYRllifax3Pfjrwf2teRrqtaYV+6pFbUyWKiNOoX5ZX8m0c/9p/5 usxxtoyFpZoehg0XicJYId05IYUqHIDMbnkeXOenG4R6UHEz80PRdHeF7HrcRw2vh95GM6pXZCg iOVUetGL03FAo76XnyYZQm6Ehh7QtI7UIRiADxU0s8PDKk39S3dK6RFzFAbsbIzJIV/mqH9cGTc dLgPCAJZxd2DU4Iep3G44p5BZ4fb9yVo5qrwBQ== X-Google-Smtp-Source: AGHT+IFNyH2mrVud6EfDqapYhA/0wbOGhaCg5lWXJSbIQwOZvMADNKjWNsOrxYmBxBybvr6PfESCGg== X-Received: by 2002:a05:6a00:4acc:b0:72a:8cc8:34aa with SMTP id d2e1a72fcca58-72fd097948emr19238636b3a.0.1738358379320; Fri, 31 Jan 2025 13:19:39 -0800 (PST) Received: from localhost.localdomain (utm3.nitt.edu. [14.139.162.2]) by smtp.gmail.com with ESMTPSA id d2e1a72fcca58-72fe64275c4sm3924008b3a.61.2025.01.31.13.19.36 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 31 Jan 2025 13:19:39 -0800 (PST) From: 45mg <45mg.writes@gmail.com> Date: Sat, 1 Feb 2025 02:48:44 +0530 Message-ID: <2a950d7e5c42768724d1c8fe3bcea3ff54fb81bd.1738357415.git.45mg.writes@gmail.com> X-Mailer: git-send-email 2.48.1 In-Reply-To: References: MIME-Version: 1.0 X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: guix-patches@gnu.org List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org Sender: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org X-getmail-retrieved-from-mailbox: Patches * guix/scripts/fork.scm, guix/scripts/fork/create.scm: New files. * Makefile.am (MODULES): Add the new files. * guix/build/utils.scm (invoke/stdout): New procedure. * guix/utils.scm (chain-cut): New procedure. * guix/scripts/git/authenticate.scm (commit-short-id): Remove procedure, and use its existing duplicate in guix/channels.scm. (openpgp-fingerprint*, current-branch, show-stats): Move procedures to the files below. * guix/channels.scm (openpgp-fingerprint*): Moved here. * guix/git.scm (repository-current-branch): Moved here and renamed from 'current-branch'. * guix/git-authenticate.scm (show-authentication-stats): Moved here and renamed from 'show-stats'. Change-Id: I45ba37f434e136f6d496c741d9a933280f9ccf88 --- Makefile.am | 2 + guix/build/utils.scm | 20 +++ guix/channels.scm | 13 ++ guix/git-authenticate.scm | 17 ++ guix/git.scm | 10 ++ guix/scripts/fork.scm | 67 ++++++++ guix/scripts/fork/create.scm | 257 ++++++++++++++++++++++++++++++ guix/scripts/git/authenticate.scm | 45 +----- guix/utils.scm | 33 ++++ 9 files changed, 423 insertions(+), 41 deletions(-) create mode 100644 guix/scripts/fork.scm create mode 100644 guix/scripts/fork/create.scm diff --git a/Makefile.am b/Makefile.am index f759803b8b..c628450a5a 100644 --- a/Makefile.am +++ b/Makefile.am @@ -377,6 +377,8 @@ MODULES = \ guix/scripts/size.scm \ guix/scripts/git.scm \ guix/scripts/git/authenticate.scm \ + guix/scripts/fork.scm \ + guix/scripts/fork/create.scm \ guix/scripts/graph.scm \ guix/scripts/weather.scm \ guix/scripts/container.scm \ diff --git a/guix/build/utils.scm b/guix/build/utils.scm index 94714bf397..e8bd39f5de 100644 --- a/guix/build/utils.scm +++ b/guix/build/utils.scm @@ -10,6 +10,8 @@ ;;; Copyright © 2021, 2022 Maxime Devos ;;; Copyright © 2021 Brendan Tildesley ;;; Copyright © 2023 Carlo Zancanaro +;;; Copyright © 2025 Tomas Volf <~@wolfsden.cz> +;;; Copyright © 2025 45mg <45mg.writes@gmail.com> ;;; ;;; This file is part of GNU Guix. ;;; @@ -39,6 +41,7 @@ (define-module (guix build utils) #:use-module (ice-9 rdelim) #:use-module (ice-9 format) #:use-module (ice-9 threads) + #:use-module (ice-9 popen) #:use-module (rnrs bytevectors) #:use-module (rnrs io ports) #:re-export (alist-cons @@ -128,6 +131,7 @@ (define-module (guix build utils) report-invoke-error invoke/quiet + invoke/stdout make-desktop-entry-file @@ -889,6 +893,22 @@ (define (invoke/quiet program . args) (line (loop (cons line lines))))))) +(define (invoke/stdout program . args) + "Invoke PROGRAM with ARGS and capture PROGRAM's standard output. If PROGRAM +succeeds, return its standard output as a string. Otherwise, raise an +'&invoke-error' condition." + (let* ((port (apply open-pipe* OPEN_READ program args)) + (data (get-string-all port)) + (code (close-pipe port))) + (unless (zero? code) + (raise (condition (&invoke-error + (program program) + (arguments args) + (exit-status (status:exit-val code)) + (term-signal (status:term-sig code)) + (stop-signal (status:stop-sig code)))))) + data)) + ;;; ;;; Text substitution (aka. sed). diff --git a/guix/channels.scm b/guix/channels.scm index 4700f7a45d..6ca8e64881 100644 --- a/guix/channels.scm +++ b/guix/channels.scm @@ -47,6 +47,7 @@ (define-module (guix channels) #:use-module (guix packages) #:use-module (guix progress) #:use-module (guix derivations) + #:autoload (rnrs bytevectors) (bytevector-length) #:use-module (guix diagnostics) #:use-module (guix sets) #:use-module (guix store) @@ -81,6 +82,7 @@ (define-module (guix channels) openpgp-fingerprint->bytevector openpgp-fingerprint + openpgp-fingerprint* %default-guix-channel %default-channels @@ -171,6 +173,17 @@ (define-syntax openpgp-fingerprint ((_ str) #'(openpgp-fingerprint->bytevector str))))) +(define (openpgp-fingerprint* str) + "Like openpgp-fingerprint, but with error handling from (guix diagnostics)." + (unless (string-every (char-set-union char-set:hex-digit + char-set:whitespace) + str) + (leave (G_ "~a: invalid OpenPGP fingerprint~%") str)) + (let ((fingerprint (openpgp-fingerprint str))) + (unless (= 20 (bytevector-length fingerprint)) + (leave (G_ "~a: wrong length for OpenPGP fingerprint~%") str)) + fingerprint)) + (define %guix-channel-introduction ;; Introduction of the official 'guix channel. The chosen commit is the ;; first one that introduces '.guix-authorizations' on the 'staging' diff --git a/guix/git-authenticate.scm b/guix/git-authenticate.scm index 37c69d0880..8bc7fb6fb3 100644 --- a/guix/git-authenticate.scm +++ b/guix/git-authenticate.scm @@ -40,6 +40,7 @@ (define-module (guix git-authenticate) #:use-module (rnrs bytevectors) #:use-module (rnrs io ports) #:use-module (ice-9 match) + #:use-module (ice-9 format) #:autoload (ice-9 pretty-print) (pretty-print) #:export (read-authorizations commit-signing-key @@ -52,6 +53,7 @@ (define-module (guix git-authenticate) repository-cache-key authenticate-repository + show-authentication-stats git-authentication-error? git-authentication-error-commit @@ -449,3 +451,18 @@ (define* (authenticate-repository repository start signer (oid->string (commit-id end-commit))) stats)))) + +(define (show-authentication-stats stats) + "Display STATS, an alist containing commit signing stats as returned by +'authenticate-repository'." + (format #t (G_ "Signing statistics:~%")) + (for-each (match-lambda + ((signer . count) + (format #t " ~a ~10d~%" + (openpgp-format-fingerprint + (openpgp-public-key-fingerprint signer)) + count))) + (sort stats + (match-lambda* + (((_ . count1) (_ . count2)) + (> count1 count2)))))) diff --git a/guix/git.scm b/guix/git.scm index 6ac6e4e3a2..afeacb53aa 100644 --- a/guix/git.scm +++ b/guix/git.scm @@ -59,6 +59,7 @@ (define-module (guix git) with-git-error-handling false-if-git-not-found repository-info + repository-current-branch update-cached-checkout url+commit->name latest-repository-commit @@ -401,6 +402,15 @@ (define (repository-info directory) (lambda _ (values #f #f #f)))) +(define (repository-current-branch repository) + "Return the name of the checked out branch of REPOSITORY or #f if it could +not be determined." + (and (not (repository-head-detached? repository)) + (let* ((head (repository-head repository)) + (name (reference-name head))) + (and (string-prefix? "refs/heads/" name) + (string-drop name (string-length "refs/heads/")))))) + (define* (update-submodules repository #:key (log-port (current-error-port)) (fetch-options #f)) diff --git a/guix/scripts/fork.scm b/guix/scripts/fork.scm new file mode 100644 index 0000000000..2d97bcb93f --- /dev/null +++ b/guix/scripts/fork.scm @@ -0,0 +1,67 @@ +;;; GNU Guix --- Functional package management for GNU +;;; Copyright © 2025 45mg <45mg.writes@gmail.com> +;;; +;;; This file is part of GNU Guix. +;;; +;;; GNU Guix is free software; you can redistribute it and/or modify it +;;; under the terms of the GNU General Public License as published by +;;; the Free Software Foundation; either version 3 of the License, or (at +;;; your option) any later version. +;;; +;;; GNU Guix is distributed in the hope that it will be useful, but +;;; WITHOUT ANY WARRANTY; without even the implied warranty of +;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +;;; GNU General Public License for more details. +;;; +;;; You should have received a copy of the GNU General Public License +;;; along with GNU Guix. If not, see . + +(define-module (guix scripts fork) + #:use-module (ice-9 match) + #:use-module (guix ui) + #:use-module (guix scripts) + #:export (guix-fork)) + +(define (show-help) + (display (G_ "Usage: guix fork ACTION ARGS... +Create and manage authenticated forks of Guix.\n")) + (newline) + (display (G_ "The valid values for ACTION are:\n")) + (newline) + (display (G_ "\ + create set up a fork of Guix\n")) + (newline) + (display (G_ " + -h, --help display this help and exit")) + (display (G_ " + -V, --version display version information and exit")) + (newline) + (show-bug-report-information)) + +(define %sub-commands '("create")) + +(define (resolve-sub-command name) + (let ((module (resolve-interface + `(guix scripts fork ,(string->symbol name)))) + (proc (string->symbol (string-append "guix-fork-" name)))) + (module-ref module proc))) + +(define-command (guix-fork . args) + (category plumbing) + (synopsis "operate on Guix forks") + + (with-error-handling + (match args + (() + (format (current-error-port) + (G_ "guix fork: missing sub-command~%"))) + ((or ("-h") ("--help")) + (leave-on-EPIPE (show-help)) + (exit 0)) + ((or ("-V") ("--version")) + (show-version-and-exit "guix fork")) + ((sub-command args ...) + (if (member sub-command %sub-commands) + (apply (resolve-sub-command sub-command) args) + (format (current-error-port) + (G_ "guix fork: invalid sub-command~%"))))))) diff --git a/guix/scripts/fork/create.scm b/guix/scripts/fork/create.scm new file mode 100644 index 0000000000..8b5555947b --- /dev/null +++ b/guix/scripts/fork/create.scm @@ -0,0 +1,257 @@ +;;; GNU Guix --- Functional package management for GNU +;;; Copyright © 2025 Tomas Volf <~@wolfsden.cz> +;;; Copyright © 2025 45mg <45mg.writes@gmail.com> +;;; +;;; This file is part of GNU Guix. +;;; +;;; GNU Guix is free software; you can redistribute it and/or modify it +;;; under the terms of the GNU General Public License as published by +;;; the Free Software Foundation; either version 3 of the License, or (at +;;; your option) any later version. +;;; +;;; GNU Guix is distributed in the hope that it will be useful, but +;;; WITHOUT ANY WARRANTY; without even the implied warranty of +;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +;;; GNU General Public License for more details. +;;; +;;; You should have received a copy of the GNU General Public License +;;; along with GNU Guix. If not, see . + +(define-module (guix scripts fork create) + #:use-module (guix ui) + #:use-module (guix scripts) + #:use-module ((guix utils) #:select (chain-cut)) + #:use-module (guix build utils) + #:use-module (guix channels) + #:use-module (ice-9 exceptions) + #:use-module (ice-9 match) + #:use-module (ice-9 popen) + #:use-module (ice-9 pretty-print) + #:use-module (ice-9 string-fun) + #:use-module (ice-9 textual-ports) + #:use-module (srfi srfi-1) + #:use-module (srfi srfi-13) + #:use-module (srfi srfi-26) + #:use-module (srfi srfi-37) + #:use-module (srfi srfi-71) + #:export (guix-fork-create)) + +;;; Commentary: +;;; +;;; Create a fork of Guix, by running a series of git commands. +;;; +;;; Code: + +(define %options + ;; Specifications of the command-line options. + (list (option '(#\h "help") #f #f + (lambda args + (show-help) + (exit 0))) + (option '(#\V "version") #f #f + (lambda args + (show-version-and-exit "guix fork create"))) + (option '("upstream") #t #f + (lambda (opt name arg result) + (alist-cons 'upstream arg result))) + (option '("channel-url") #t #f + (lambda (opt name arg result) + (alist-cons 'channel-url arg result))) + (option '("use-existing") #f #f + (lambda (opt name arg result) + (alist-cons 'use-existing? #t result))) + (option '("git-parameter") #t #f + (lambda (opt name arg result) + (let ((git-parameters (assoc-ref result 'git-parameters))) + (if git-parameters + (alist-cons 'git-parameters (cons arg git-parameters) result) + (alist-cons 'git-parameters (list arg) result))))))) + +(define %default-options + `((upstream . ,(channel-url %default-guix-channel)))) + +(define %usage + (format #f (G_ "Usage: guix fork create SIGNING_KEY [DIRECTORY OPTIONS...] +Create a fork of Guix in DIRECTORY, using SIGNING_KEY to sign the introductory +commit. +DIRECTORY defaults to ./guix. + + --upstream=URI the repository to clone from + (defaults to ~a) + --channel-url=URI optional URI, used to replace the channel URL + and the existing 'origin' remote (which is + renamed to 'upstream') + --use-existing Use existing clone of Guix in DIRECTORY + --git-parameter PARAMETER + Specify configuration PARAMETER for git, via + '-c' option (can pass multiple times) + + -h, --help display this help and exit + -V, --version display version information and exit +") + (channel-url %default-guix-channel))) + +(define (show-help) + (display %usage) + (newline) + (show-bug-report-information)) + +(define (missing-arguments) + (leave (G_ "wrong number of arguments; \ +required SIGNING_KEY~%"))) + + +;;; +;;; Helper prodecures. +;;; + +(define (fingerprint->key-file-name fingerprint) + (let* ((listing (invoke/stdout "gpg" "--list-key" "--with-colons" fingerprint)) + (uid (chain-cut listing + (string-split <> #\newline) + (filter (cut string-prefix? "uid:" <>) <>) + first + (string-split <> #\:) + tenth)) + (email-name (string-delete + (cut eq? <> #\.) + (substring uid + (1+ (or (string-index-right uid #\<) + -1)) ;no name in uid + (string-index uid #\@)))) + (key-id (chain-cut listing + (string-split <> #\newline) + (filter (cut string-prefix? "pub:" <>) <>) + car + (string-split <> #\:) + fifth + (string-take-right <> 8)))) + (string-append email-name "-" key-id ".key"))) + +(define (update-channel-url file channel-url) + "Modify .guix_channel FILE. +Change the channel url to CHANNEL-URL." + (let ((channel-data (call-with-input-file file read))) + (assq-set! (cdr channel-data) 'url (list channel-url)) + (call-with-output-file file + (lambda (file) + (display ";; This is a Guix channel.\n\n" file) + (pretty-print channel-data file))))) + +(define (rewrite-authorizations file name fingerprint) + "Rewrite .guix-authorizations FILE to contain a single authorization +consisting of NAME and FINGERPRINT." + (let ((auth-data (call-with-input-file file read))) + (list-set! auth-data (1- (length auth-data)) + `((,fingerprint (name ,name)))) + (call-with-output-file file + (lambda (file) + (display ";; This file, which is best viewed as -*- Scheme -*-, lists the OpenPGP keys +;; currently authorized to sign commits in this fork branch. + +" file) + (pretty-print auth-data file))))) + + +;;; +;;; Entry point. +;;; + +(define (guix-fork-create . args) + (define options + (parse-command-line args %options (list %default-options) + #:build-options? #f)) + + (define (command-line-arguments lst) + (reverse (filter-map (match-lambda + (('argument . arg) arg) + (_ #f)) + lst))) + + (with-error-handling + (let* ((signing-key directory (match (command-line-arguments options) + ((signing-key directory) + (values signing-key directory)) + ((signing-key) + (values signing-key "guix")) + (_ (missing-arguments)))) + (upstream (assoc-ref options 'upstream)) + (channel-url (assoc-ref options 'channel-url)) + (use-existing? (assoc-ref options 'use-existing?)) + (git-parameters (assoc-ref options 'git-parameters)) + (git-c-options ;'("-c" "param1" "-c" "param2" ...) + (let loop ((opts '()) (params git-parameters)) + (if (or (not params) (null-list? params)) + opts + (loop (append + opts (list "-c" (first params))) + (drop params 1))))) + + (key-file-name (fingerprint->key-file-name signing-key)) + (introduction-name (car (string-split key-file-name #\-))) + + (upstream-branch-name "master")) + + (define (invoke-git . args) + (apply invoke `("git" ,@git-c-options "-C" ,directory ,@args))) + + (unless use-existing? + (info (G_ "Cloning from upstream ~a...~%") upstream) + (invoke "git" "clone" upstream directory)) + + (info (G_ "Authenticating upstream commits...~%")) + + (when channel-url + (info (G_ "Renaming existing 'origin' remote to 'upstream'...~%")) + (invoke-git "remote" "rename" "origin" "upstream") + (info (G_ "Using provided channel URL for new 'origin' remote...~%")) + (invoke-git "remote" "add" "origin" channel-url)) + + (set! upstream-branch-name + (chain-cut + (invoke/stdout "git" + "-C" directory + "symbolic-ref" + (string-append "refs/remotes/" + (if channel-url "upstream" "origin") + "/HEAD")) + string-trim-right + (string-split <> #\/) + last)) + + (info (G_ "Adding key to keyring branch...~%")) + (invoke-git "switch" "keyring") + (invoke "gpg" + "--armor" "--export" + "-o" (string-append directory "/" key-file-name) + signing-key) + (invoke-git "add" "--" key-file-name) + (invoke-git "commit" "-m" "Add key for fork introduction.") + + (info (G_ "Setting up fork branch...~%")) + (invoke-git "switch" "--create" "fork" "master") + (when channel-url + (update-channel-url (string-append directory "/.guix-channel") + channel-url)) + (rewrite-authorizations (string-append directory "/.guix-authorizations") + introduction-name signing-key) + (invoke-git "add" "--" + (string-append directory "/.guix-authorizations") + (string-append directory "/.guix-channel")) + (invoke-git "commit" + (string-append "--gpg-sign=" signing-key) + "-m" + (string-append + "Initial fork commit.\n\n" + ".guix-authorizations: Allow only " introduction-name "'s key." + (if channel-url + "\n.guix-channels: Update channel URL." + ""))) + + (info (G_ "Successfully created Guix fork in ~a. +You should run the following command next: +guix fork authenticate ~a ~a ~a~%") + directory + upstream-branch-name + (string-trim-right (invoke/stdout "git" "-C" directory "rev-parse" "HEAD")) + signing-key)))) diff --git a/guix/scripts/git/authenticate.scm b/guix/scripts/git/authenticate.scm index e3ecb67c89..154aae9b14 100644 --- a/guix/scripts/git/authenticate.scm +++ b/guix/scripts/git/authenticate.scm @@ -23,8 +23,8 @@ (define-module (guix scripts git authenticate) #:use-module (guix git-authenticate) #:autoload (guix openpgp) (openpgp-format-fingerprint openpgp-public-key-fingerprint) - #:use-module ((guix channels) #:select (openpgp-fingerprint)) - #:use-module ((guix git) #:select (with-git-error-handling)) + #:use-module ((guix channels) #:select (openpgp-fingerprint*)) + #:use-module ((guix git) #:select (with-git-error-handling commit-short-id repository-current-branch)) #:use-module (guix progress) #:use-module (guix base64) #:autoload (rnrs bytevectors) (bytevector-length) @@ -76,15 +76,6 @@ (define %options (define %default-options '()) -(define (current-branch repository) - "Return the name of the checked out branch of REPOSITORY or #f if it could -not be determined." - (and (not (repository-head-detached? repository)) - (let* ((head (repository-head repository)) - (name (reference-name head))) - (and (string-prefix? "refs/heads/" name) - (string-drop name (string-length "refs/heads/")))))) - (define (config-value repository key) "Return the config value associated with KEY in the 'guix.authentication' or 'guix.authentication-BRANCH' name space in REPOSITORY, or #f if no such config @@ -94,7 +85,7 @@ (define (config-value repository key) ((_ exp) (catch 'git-error (lambda () exp) (const #f)))))) (let* ((config (repository-config repository)) - (branch (current-branch repository))) + (branch (repository-current-branch repository))) ;; First try the BRANCH-specific value, then the generic one.` (or (and branch (false-if-git-error @@ -194,21 +185,6 @@ (define (install-hooks repository) (warning (G_ "cannot determine where to install hooks\ (Guile-Git too old?)~%")))) -(define (show-stats stats) - "Display STATS, an alist containing commit signing stats as returned by -'authenticate-repository'." - (format #t (G_ "Signing statistics:~%")) - (for-each (match-lambda - ((signer . count) - (format #t " ~a ~10d~%" - (openpgp-format-fingerprint - (openpgp-public-key-fingerprint signer)) - count))) - (sort stats - (match-lambda* - (((_ . count1) (_ . count2)) - (> count1 count2)))))) - (define (show-help) (display (G_ "Usage: guix git authenticate COMMIT SIGNER [OPTIONS...] Authenticate the given Git checkout using COMMIT/SIGNER as its introduction.\n")) @@ -251,19 +227,6 @@ (define (guix-git-authenticate . args) (_ #f)) lst))) - (define commit-short-id - (compose (cut string-take <> 7) oid->string commit-id)) - - (define (openpgp-fingerprint* str) - (unless (string-every (char-set-union char-set:hex-digit - char-set:whitespace) - str) - (leave (G_ "~a: invalid OpenPGP fingerprint~%") str)) - (let ((fingerprint (openpgp-fingerprint str))) - (unless (= 20 (bytevector-length fingerprint)) - (leave (G_ "~a: wrong length for OpenPGP fingerprint~%") str)) - fingerprint)) - (define (make-reporter start-commit end-commit commits) (format (current-error-port) (G_ "Authenticating commits ~a to ~a (~h new \ @@ -321,7 +284,7 @@ (define (guix-git-authenticate . args) (install-hooks repository)) (when (and show-stats? (not (null? stats))) - (show-stats stats)) + (show-authentication-stats stats)) (info (G_ "successfully authenticated commit ~a~%") (oid->string end)))))) diff --git a/guix/utils.scm b/guix/utils.scm index b6cf5aea4f..e07e89c321 100644 --- a/guix/utils.scm +++ b/guix/utils.scm @@ -21,6 +21,8 @@ ;;; Copyright © 2023 Zheng Junjie <873216071@qq.com> ;;; Copyright © 2023 Foundation Devices, Inc. ;;; Copyright © 2024 Herman Rimm +;;; Copyright © 2025 Tomas Volf <~@wolfsden.cz> +;;; Copyright © 2025 45mg <45mg.writes@gmail.com> ;;; ;;; This file is part of GNU Guix. ;;; @@ -163,6 +165,8 @@ (define-module (guix utils) call-with-compressed-output-port canonical-newline-port + chain-cut + string-distance string-closest @@ -1193,6 +1197,35 @@ (define-syntax current-source-directory ;; raising an error would upset Geiser users #f)))))) + +;;; +;;; Higher-order functions. +;;; + +(define-syntax chain-cut + (lambda (x) + "Apply each successive form to the result of evaluating the previous one. +Before applying, expand each form (op ...) to (cut op ...). + +Examples: + + (chain-cut '(1 2 3) cdr car) + => (car (cdr '(1 2 3))) + + (chain-cut 2 (- 3 <>) 1+) + => (1+ ((cut - 3 <>) 2)) + => (1+ (- 3 2)) +" + (syntax-case x () + ((chain-cut init op) (identifier? #'op) + #'(op init)) + ((chain-cut init (op ...)) + #'((cut op ...) init)) + ((chain-cut init op op* ...) (identifier? #'op) + #'(chain-cut (op init) op* ...)) + ((chain-cut init (op ...) op* ...) + #'(chain-cut ((cut op ...) init) op* ...))))) + ;;; ;;; String comparison. From patchwork Fri Jan 31 21:18:45 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: 45mg <45mg.writes@gmail.com> X-Patchwork-Id: 38074 Return-Path: X-Original-To: patchwork@mira.cbaines.net Delivered-To: patchwork@mira.cbaines.net Received: by mira.cbaines.net (Postfix, from userid 113) id AD14D27BBE9; Fri, 31 Jan 2025 21:21:26 +0000 (GMT) X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on mira.cbaines.net X-Spam-Level: X-Spam-Status: No, score=-6.6 required=5.0 tests=BAYES_00,DKIM_ADSP_CUSTOM_MED, DKIM_SIGNED,DKIM_VALID,FREEMAIL_FROM,MAILING_LIST_MULTI, RCVD_IN_DNSWL_BLOCKED,RCVD_IN_VALIDITY_CERTIFIED,RCVD_IN_VALIDITY_RPBL, RCVD_IN_VALIDITY_SAFE,SPF_HELO_PASS,URIBL_BLOCKED autolearn=unavailable autolearn_force=no version=3.4.6 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mira.cbaines.net (Postfix) with ESMTPS id 0CED927BBE2 for ; Fri, 31 Jan 2025 21:21:25 +0000 (GMT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1tdyRl-00088Q-7A; Fri, 31 Jan 2025 16:21:05 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1tdyRj-00087S-Cr for guix-patches@gnu.org; Fri, 31 Jan 2025 16:21:03 -0500 Received: from debbugs.gnu.org ([2001:470:142:5::43]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1tdyRi-0002fm-AV for guix-patches@gnu.org; Fri, 31 Jan 2025 16:21:03 -0500 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=debbugs.gnu.org; s=debbugs-gnu-org; h=MIME-Version:References:In-Reply-To:Date:From:To:Subject; bh=rASlCkCXzp5SO8O1bmNfoaP77uE1mhNlivO/wDiYLuQ=; b=GODQ96BOL1I7CezMcN63g8paIS/Zm73UGItpZ4/SEIXhb7O2aGR24Cj68Hc1Bfz8k2SQtR+fraThwopz1SwFGM8YojebGJnRKPsV2bSqxpNC6i3ezTCgYRpIxtHAVUW/Z95oHxXoVnb3J6E32XhfuIrUYPYIBryoIM45FmdTPDo2nW2Cptb/rKBh9xt5tA+Rr/cPGGnmhPuA8U7K19wJLNoxP1bbrWofCA+M1sCgNt5ouAGn4NvVtuRFFT8RcfL43XkZfwleuiEweABt40S+9+GF0VB4yEFQ0ORFGKKcIAk07LgyoNU6W6k+C00Tan9KfYppY67gbEZ+ecs5c5DYkQ==; Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1tdyRi-0005sG-4o for guix-patches@gnu.org; Fri, 31 Jan 2025 16:21:02 -0500 X-Loop: help-debbugs@gnu.org Subject: [bug#75981] [PATCH (WIP) v1 2/4] Add 'guix fork authenticate'. Resent-From: 45mg <45mg.writes@gmail.com> Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Fri, 31 Jan 2025 21:21:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 75981 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: 75981@debbugs.gnu.org Cc: Nicolas Graves , Tomas Volf <~@wolfsden.cz>, 45mg <45mg.writes@gmail.com>, Liliana Marie Prikler , Ricardo Wurmus , Attila Lendvai Received: via spool by 75981-submit@debbugs.gnu.org id=B75981.173835840522104 (code B ref 75981); Fri, 31 Jan 2025 21:21:02 +0000 Received: (at 75981) by debbugs.gnu.org; 31 Jan 2025 21:20:05 +0000 Received: from localhost ([127.0.0.1]:54950 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1tdyQl-0005kN-2O for submit@debbugs.gnu.org; Fri, 31 Jan 2025 16:20:04 -0500 Received: from mail-pl1-x641.google.com ([2607:f8b0:4864:20::641]:53379) by debbugs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.84_2) (envelope-from <45mg.writes@gmail.com>) id 1tdyQg-0005jQ-Ps for 75981@debbugs.gnu.org; Fri, 31 Jan 2025 16:19:59 -0500 Received: by mail-pl1-x641.google.com with SMTP id d9443c01a7336-215770613dbso33992515ad.2 for <75981@debbugs.gnu.org>; Fri, 31 Jan 2025 13:19:58 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1738358393; x=1738963193; darn=debbugs.gnu.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=rASlCkCXzp5SO8O1bmNfoaP77uE1mhNlivO/wDiYLuQ=; b=Keu6EuwxRT+Jp4AgnRa1s+u9ZhYR+Z7ZPUedSwUwNBagL3IB0zRYJK5uRNmVh6paSi RDTkHLSZn9fbh9Gu6bSTUu3WCb70pD7F+mfEgnS2b7JlP4j8Q+ld6XtwnI0nY12CbP6M Ttl/zq0uTUWRy+KqYn+w613XuofUR24kOUBt1kikVMQ+iDMcOXGplGUfT3emswlun+5Y 8aCKWxcarqR4GgXQDW6Z+pAAtQi/Mqlp4y++hx37H4ccQ1OjgFcAuafWtJItFdKg9QcS PojI99YLYeF2Xt2VUkHKsHFgl5nNGYI0yXT7pF7Zd4HLlr7q5gUGkHTFeJF6Y01+p+UV /fLQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1738358393; x=1738963193; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=rASlCkCXzp5SO8O1bmNfoaP77uE1mhNlivO/wDiYLuQ=; b=R3h6UmIZz2N25ONDeLJG6jv5oMI9Ujsfz07/Vok4hZMjpPZ3ByYsEEJdBKnODo1wc6 d7ADm9R/3QFtA9Gli9iOQtUC1TxHGt4DRYjdrcLgjrwmZ74WlMU11hl+iZOv993qmz8z KIPJAYDtVNH0nOhhup/YQwhdFDlVg8C0Oad7/ZWKK4tA0N7utbiP8jSWR0/GUsNWa98t cKvi2SR9TpIedSf+ImJ6JrHEoe6dHmnGS/JjOzrm0w7aIwmIpMd9J+EG51ItyztYNK6D zpjpwiTxr9fVKgFXVQt9ygh5GFpRqyYV35neDD9p1z/JHqLnDGs/Ba8t1rrO9CDdFqAl G5qg== X-Gm-Message-State: AOJu0YwoGzD33satlCXOJLrqikoWTQJUgdz2TXYeZLnc7qjDyGD66D6k of92xJmFlRzHz/GMXMHOTJX5gaqaek/sMNcYeSwGd3P4OeRZsep3Ajk4lvky X-Gm-Gg: ASbGncvFErIRLjtUGCKq/dSuJV3D7pRBceNzA1egYQk+d6rhPc7QFSGi+K7q3eac2sE qK9qtj/XcgfQLdGBT/icryGKjHv/55fG8owrX75rDJ/Xx5onoaEY4cu/z2Rp5ubkijnDmYwgpr2 xji1TL6xBsGw1xo/Kzj9JcymNJZCw0avkNG305WWWYGq+Ib0DxRDsjSdaZv02t7199G8+24EdoH 5fwg/ByRq3fInlsed15Z9xEEz7rHf9H+/rTFDGfrsaykRWinY4sel2Lsg7BDz1Tc3hCoBrgz+bM Hrl3ulmnZvCL1J+UzKkAsRDH5dAMWo4P55edqQ== X-Google-Smtp-Source: AGHT+IH2uHf5PjJFoodSfpVpfcV31ObJTIt+Il8PgTG7RPv8wWTxg8niRKDkXoaeFG4dRMEG154EPQ== X-Received: by 2002:a05:6a21:670b:b0:1e1:dbfd:582b with SMTP id adf61e73a8af0-1ed7a4dafd0mr20406091637.15.1738358392489; Fri, 31 Jan 2025 13:19:52 -0800 (PST) Received: from localhost.localdomain (utm3.nitt.edu. [14.139.162.2]) by smtp.gmail.com with ESMTPSA id d2e1a72fcca58-72fe64275c4sm3924008b3a.61.2025.01.31.13.19.49 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 31 Jan 2025 13:19:52 -0800 (PST) From: 45mg <45mg.writes@gmail.com> Date: Sat, 1 Feb 2025 02:48:45 +0530 Message-ID: <97662f19dd262168c9d8c5d76bc4bfee20d9695a.1738357415.git.45mg.writes@gmail.com> X-Mailer: git-send-email 2.48.1 In-Reply-To: References: MIME-Version: 1.0 X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: guix-patches@gnu.org List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org Sender: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org X-getmail-retrieved-from-mailbox: Patches * guix/scripts/fork/authenticate.scm: New file. * Makefile.am (MODULES): Add the new file. * guix/scripts/fork.scm (show-help): Mention new command. (%sub-commands): Add new command. Change-Id: Ic34a1b3d1642cedce8d1ff5bae825df30e47755c --- Makefile.am | 1 + guix/scripts/fork.scm | 6 +- guix/scripts/fork/authenticate.scm | 331 +++++++++++++++++++++++++++++ 3 files changed, 336 insertions(+), 2 deletions(-) create mode 100644 guix/scripts/fork/authenticate.scm diff --git a/Makefile.am b/Makefile.am index c628450a5a..1c1f5d84fd 100644 --- a/Makefile.am +++ b/Makefile.am @@ -379,6 +379,7 @@ MODULES = \ guix/scripts/git/authenticate.scm \ guix/scripts/fork.scm \ guix/scripts/fork/create.scm \ + guix/scripts/fork/authenticate.scm \ guix/scripts/graph.scm \ guix/scripts/weather.scm \ guix/scripts/container.scm \ diff --git a/guix/scripts/fork.scm b/guix/scripts/fork.scm index 2d97bcb93f..c5c7a59ba7 100644 --- a/guix/scripts/fork.scm +++ b/guix/scripts/fork.scm @@ -29,7 +29,9 @@ (define (show-help) (display (G_ "The valid values for ACTION are:\n")) (newline) (display (G_ "\ - create set up a fork of Guix\n")) + create set up a fork of Guix\n")) + (display (G_ "\ + authenticate authenticate a fork of Guix\n")) (newline) (display (G_ " -h, --help display this help and exit")) @@ -38,7 +40,7 @@ (define (show-help) (newline) (show-bug-report-information)) -(define %sub-commands '("create")) +(define %sub-commands '("create" "authenticate")) (define (resolve-sub-command name) (let ((module (resolve-interface diff --git a/guix/scripts/fork/authenticate.scm b/guix/scripts/fork/authenticate.scm new file mode 100644 index 0000000000..83d9d87d44 --- /dev/null +++ b/guix/scripts/fork/authenticate.scm @@ -0,0 +1,331 @@ +;;; GNU Guix --- Functional package management for GNU +;;; Copyright © 2025 45mg <45mg.writes@gmail.com> +;;; +;;; This file is part of GNU Guix. +;;; +;;; GNU Guix is free software; you can redistribute it and/or modify it +;;; under the terms of the GNU General Public License as published by +;;; the Free Software Foundation; either version 3 of the License, or (at +;;; your option) any later version. +;;; +;;; GNU Guix is distributed in the hope that it will be useful, but +;;; WITHOUT ANY WARRANTY; without even the implied warranty of +;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +;;; GNU General Public License for more details. +;;; +;;; You should have received a copy of the GNU General Public License +;;; along with GNU Guix. If not, see . + +(define-module (guix scripts fork authenticate) + #:use-module (git) + #:use-module (guix git) + #:use-module (guix git-authenticate) + #:use-module (guix base16) + #:use-module (guix ui) + #:use-module (guix progress) + #:use-module (guix scripts) + #:use-module (guix build utils) + #:use-module (guix channels) + #:use-module (ice-9 exceptions) + #:use-module (ice-9 match) + #:use-module (ice-9 receive) + #:use-module (ice-9 popen) + #:use-module (ice-9 format) + #:use-module (ice-9 pretty-print) + #:use-module (ice-9 string-fun) + #:use-module (ice-9 textual-ports) + #:use-module (srfi srfi-1) + #:use-module (srfi srfi-13) + #:use-module (srfi srfi-26) + #:use-module (srfi srfi-37) + #:use-module (srfi srfi-71) + #:export (guix-fork-authenticate + + fork-config-value + fork-configured? + fork-configured-keyring-reference + fork-configured-introduction)) + +;;; Commentary: +;;; +;;; Authenticate a fork of Guix, in the same manner as `guix git +;;; authenticate`. +;;; +;;; Code: + +(define %options + ;; Specifications of the command-line options. + (list (option '(#\h "help") #f #f + (lambda args + (show-help) + (exit 0))) + (option '(#\V "version") #f #f + (lambda args + (show-version-and-exit "guix fork authenticate"))) + + (option '(#\r "repository") #t #f + (lambda (opt name arg result) + (alist-cons 'directory arg result))) + (option '("upstream-commit") #f #f + (lambda (opt name arg result) + (alist-cons 'upstream-commit (string->oid arg) result))) + (option '("upstream-signer") #f #f + (lambda (opt name arg result) + (alist-cons 'upstream-signer (openpgp-fingerprint* arg) result))) + + (option '(#\e "end") #t #f + (lambda (opt name arg result) + (alist-cons 'end-commit (string->oid arg) result))) + (option '("upstream-end") #t #f + (lambda (opt name arg result) + (alist-cons 'upstream-end-commit (string->oid arg) result))) + (option '(#\k "keyring") #t #f + (lambda (opt name arg result) + (alist-cons 'keyring-reference arg result))) + (option '("upstream-keyring") #t #f + (lambda (opt name arg result) + (alist-cons 'upstream-keyring arg result))) + (option '("cache-key") #t #f + (lambda (opt name arg result) + (alist-cons 'cache-key arg result))) + (option '("historical-authorizations") #t #f + (lambda (opt name arg result) + (alist-cons 'historical-authorizations arg + result))) + (option '("stats") #f #f + (lambda (opt name arg result) + (alist-cons 'show-stats? #t result))))) + +(define %default-options + (let ((introduction (channel-introduction %default-guix-channel))) + `((upstream-commit + . ,(string->oid (channel-introduction-first-signed-commit introduction))) + (upstream-signer + . ,(openpgp-fingerprint + (string-upcase + (bytevector->base16-string + (channel-introduction-first-commit-signer introduction))))) + (upstream-keyring + . "keyring")))) + +(define %usage + (format #f (G_ "Usage: guix fork authenticate UPSTREAM COMMIT SIGNER [OPTIONS...] +Authenticate a fork of Guix, using COMMIT/SIGNER as the fork introduction. + +First, authenticate new commits from UPSTREAM, using Guix's default +introduction. Then authenticate the remaining commits using the fork +introduction. + + -r, --repository=DIRECTORY + Authenticate the Git repository in DIRECTORY + + --upstream-commit=COMMIT + --upstream-signer=SIGNER + Use COMMIT/SIGNER as the introduction for upstream + Guix, overriding the default values + ~a + /~a + (Guix's default introduction). + + -k, --keyring=REFERENCE + load keyring for fork commits from REFERENCE, a Git + branch (default \"keyring\") + --upstream-keyring=REFERENCE + load keyring for upstream commits from REFERENCE, a + Git branch (default \"keyring\") + --end=COMMIT authenticate fork commits up to COMMIT + --cache-key=KEY cache authenticated commits under KEY + --historical-authorizations=FILE + read historical authorizations from FILE + --stats Display commit signing statistics upon completion + + -h, --help display this help and exit + -V, --version display version information and exit +") + (assoc-ref %default-options 'upstream-commit) + (assoc-ref %default-options 'upstream-signer))) + +(define (show-help) + (display %usage) + (newline) + (show-bug-report-information)) + +(define (missing-arguments) + (leave (G_ "wrong number of arguments; \ +required UPSTREAM, COMMIT and SIGNER~%"))) + + +;;; +;;; Helper prodecures. +;;; + +(define (fork-config-value repository key) + "Return the config value associated with KEY in the +'guix.fork-authentication' namespace in REPOSITORY, or #f if no such config +was found." + (let* ((config (repository-config repository)) + (branch (repository-current-branch repository))) + (catch 'git-error + (lambda () + (config-entry-value + (config-get-entry config + (string-append "guix.fork-authentication." + key)))) + (const #f)))) + +(define (fork-configured-introduction repository) + "Return three values: the upstream branch name, introductory commit, and +signer fingerprint (strings) for this fork, as configured in REPOSITORY. +Error out if any were missing." + (let* ((upstream-branch (fork-config-value repository "upstream-branch")) + (commit (fork-config-value repository "introduction-commit")) + (signer (fork-config-value repository "introduction-signer"))) + (unless (and upstream-branch commit signer) + (leave (G_ "fork information in .git/config is incomplete; +missing at least one of +introduction-commit, introduction-signer, upstream-branch +under [guix \"fork-authentication\"]"))) + (values upstream-branch commit signer))) + +(define (fork-configured-keyring-reference repository) + "Return the keyring reference configured in REPOSITORY or #f if missing." + (fork-config-value repository "keyring")) + +(define (fork-configured? repository) + "Return true if REPOSITORY already contains fork introduction info in its +'config' file." + (and (fork-config-value repository "upstream-branch") + (fork-config-value repository "introduction-commit") + (fork-config-value repository "introduction-signer"))) + +(define* (record-fork-configuration + repository + #:key commit signer upstream-branch keyring-reference) + "Record COMMIT, SIGNER, UPSTREAM-BRANCH and KEYRING-REFERENCE in the +'config' file of REPOSITORY." + (define config + (repository-config repository)) + + ;; Guile-Git < 0.7.0 lacks 'set-config-string'. + (if (module-defined? (resolve-interface '(git)) 'set-config-string) + (begin + (set-config-string config "guix.fork-authentication.introduction-commit" + commit) + (set-config-string config "guix.fork-authentication.introduction-signer" + signer) + (set-config-string config "guix.fork-authentication.upstream-branch" + upstream-branch) + (set-config-string config "guix.fork-authentication.keyring" + keyring-reference) + (info (G_ "introduction, upstream branch and keyring recorded \ +in repository configuration file~%"))) + (warning (G_ "could not record introduction and keyring configuration\ + (Guile-Git too old?)~%")))) + + +(define (guix-fork-authenticate . args) + (define options + (parse-command-line args %options (list %default-options) + #:build-options? #f)) + + (define (command-line-arguments lst) + (reverse (filter-map (match-lambda + (('argument . arg) arg) + (_ #f)) + lst))) + + (define (make-reporter start-commit end-commit commits) + (format (current-error-port) + (G_ "Authenticating commits ~a to ~a (~h new \ +commits)...~%") + (commit-short-id start-commit) + (commit-short-id end-commit) + (length commits)) + (if (isatty? (current-error-port)) + (progress-reporter/bar (length commits)) + progress-reporter/silent)) + + (with-error-handling + (with-git-error-handling + ;; TODO: BUG: it doesn't recognize '~' in paths + ;; How to do 'realpath' in Guile? + (let* ((repository (repository-open (or (assoc-ref options 'directory) + (repository-discover ".")))) + (upstream commit signer (match (command-line-arguments options) + ((upstream commit signer) + (values + (branch-lookup repository upstream) + (string->oid commit) + (openpgp-fingerprint* signer))) + (() + (receive (upstream commit signer) + (fork-configured-introduction repository) + (values + (branch-lookup repository upstream) + (string->oid commit) + (openpgp-fingerprint* signer)))) + (_ + (missing-arguments)))) + (upstream-commit (assoc-ref options 'upstream-commit)) + (upstream-signer (assoc-ref options 'upstream-signer)) + (history (match (assoc-ref options 'historical-authorizations) + (#f '()) + (file (call-with-input-file file + read-authorizations)))) + (keyring (or (assoc-ref options 'keyring-reference) + (fork-configured-keyring-reference repository) + "keyring")) + (upstream-keyring (assoc-ref options 'upstream-keyring)) + (end (match (assoc-ref options 'end-commit) + (#f (reference-target + (repository-head repository))) + (oid oid))) + (upstream-end (match (assoc-ref options 'upstream-end-commit) + (#f + (reference-target upstream)) + (oid oid))) + (cache-key (or (assoc-ref options 'cache-key) + (repository-cache-key repository))) + (show-stats? (assoc-ref options 'show-stats?))) + + (define upstream-authentication-args + (filter identity + (list + (oid->string upstream-commit) + (bytevector->base16-string upstream-signer) + (string-append "--repository=" + (repository-directory repository)) + (string-append "--end=" + (oid->string upstream-end)) + (and upstream-keyring + (string-append "--keyring=" + upstream-keyring)) + (and show-stats? "--stats")))) + + (info (G_ "calling `guix git authenticate` for branch ~a...~%") + (branch-name upstream)) + + (apply run-guix-command 'git "authenticate" + upstream-authentication-args) + + (define fork-stats + (authenticate-repository + repository commit signer + #:end end + #:keyring-reference keyring + #:historical-authorizations history + #:cache-key cache-key + #:make-reporter make-reporter)) + + (unless (fork-configured? repository) + (record-fork-configuration repository + #:commit (oid->string commit) + #:signer (bytevector->base16-string signer) + #:upstream-branch (branch-name upstream) + #:keyring-reference keyring)) + + (when (and show-stats? (not (null? fork-stats))) + (show-authentication-stats fork-stats)) + + (info (G_ "successfully authenticated commit ~a~%") + (oid->string end)))))) From patchwork Fri Jan 31 21:18:46 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: 45mg <45mg.writes@gmail.com> X-Patchwork-Id: 38073 Return-Path: X-Original-To: patchwork@mira.cbaines.net Delivered-To: patchwork@mira.cbaines.net Received: by mira.cbaines.net (Postfix, from userid 113) id 8EBAA27BBEA; Fri, 31 Jan 2025 21:21:22 +0000 (GMT) X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on mira.cbaines.net X-Spam-Level: X-Spam-Status: No, score=-6.6 required=5.0 tests=BAYES_00,DKIM_ADSP_CUSTOM_MED, DKIM_SIGNED,DKIM_VALID,FREEMAIL_FROM,MAILING_LIST_MULTI, RCVD_IN_DNSWL_BLOCKED,RCVD_IN_VALIDITY_CERTIFIED,RCVD_IN_VALIDITY_RPBL, RCVD_IN_VALIDITY_SAFE,SPF_HELO_PASS,URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.6 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mira.cbaines.net (Postfix) with ESMTPS id D442227BBE2 for ; Fri, 31 Jan 2025 21:21:21 +0000 (GMT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1tdyRl-00088S-Gj; Fri, 31 Jan 2025 16:21:05 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1tdyRj-00087T-Ct for guix-patches@gnu.org; Fri, 31 Jan 2025 16:21:03 -0500 Received: from debbugs.gnu.org ([2001:470:142:5::43]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1tdyRi-0002fn-Q8 for guix-patches@gnu.org; Fri, 31 Jan 2025 16:21:03 -0500 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=debbugs.gnu.org; s=debbugs-gnu-org; h=MIME-Version:References:In-Reply-To:Date:From:To:Subject; bh=+XspKeyjomk44e0/WIApWppbYgKqZm7vtWqBqkgLKjs=; b=rhsR9AZxf48PU6kVL1DpEk0vwAeu3gVDG4jpxh63vnboWv2yY6dUb1rrrpM6s6UqhTk4ZNrRm/xvHGTCsmFjXGOwpzZ5Mve4siJvsQOchXJHy9obHd9JNRhgev6w2u9fBXPXADDRIeQmy/d/8J6wed67F+1fSySUFxoBj6+ejVPlKRQJdtDL4FuwkVhIODa6hedAck3k1+XupMoxKtMIZTRmv8ZcZTiyFBgO5E5Jq+EFJ5WqSf09V34wC/PheM2VncRbwAkxpIPrDZ3FT3pfqHOo3j077VeVViDUKCYnUeUtoU0myRgUPnQJ/0DOwMLqJ+0QnesTZ3HL1QDH59zEhg==; Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1tdyRi-0005sX-KZ for guix-patches@gnu.org; Fri, 31 Jan 2025 16:21:02 -0500 X-Loop: help-debbugs@gnu.org Subject: [bug#75981] [PATCH (WIP) v1 3/4] Add 'guix fork update'. Resent-From: 45mg <45mg.writes@gmail.com> Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Fri, 31 Jan 2025 21:21:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 75981 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: 75981@debbugs.gnu.org Cc: Nicolas Graves , Tomas Volf <~@wolfsden.cz>, 45mg <45mg.writes@gmail.com>, Liliana Marie Prikler , Ricardo Wurmus , Attila Lendvai Received: via spool by 75981-submit@debbugs.gnu.org id=B75981.173835841222193 (code B ref 75981); Fri, 31 Jan 2025 21:21:02 +0000 Received: (at 75981) by debbugs.gnu.org; 31 Jan 2025 21:20:12 +0000 Received: from localhost ([127.0.0.1]:54953 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1tdyQt-0005l7-UL for submit@debbugs.gnu.org; Fri, 31 Jan 2025 16:20:12 -0500 Received: from mail-pl1-x642.google.com ([2607:f8b0:4864:20::642]:61737) by debbugs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.84_2) (envelope-from <45mg.writes@gmail.com>) id 1tdyQr-0005kQ-Cl for 75981@debbugs.gnu.org; Fri, 31 Jan 2025 16:20:10 -0500 Received: by mail-pl1-x642.google.com with SMTP id d9443c01a7336-21669fd5c7cso43783225ad.3 for <75981@debbugs.gnu.org>; Fri, 31 Jan 2025 13:20:09 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1738358403; x=1738963203; darn=debbugs.gnu.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=+XspKeyjomk44e0/WIApWppbYgKqZm7vtWqBqkgLKjs=; b=WN3ZvX4BM5x32buT4f9WgMP/X3Fw/FSvcXdxBbTtnQUvZjQwI0+4+bWHfrs2IQplCU 0PhSC4oVpuHZ4/IVeeUnun/oBgjiKR9IdToUNxESlM4bLCiB5sBa1K7avMoNNIc+Jj4s dloy/HY0wYg2R8neZ9pyk7XRa59R4LdpAx1PILmNp1bAXtx36C4po+EYTV0/A+H+vkXk ipOj4BLyCQDQvbITMF7vmDcBH/9CtI1ILVN8YbTX0/avYy59DRM5CdswyhMkWgW4MGG4 P9snyronE3oScSefiIKsTEPEZReDE3nwyFc05jMGZNg/vPGvzYZGbzODBpkChwp6YhjR CCsA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1738358403; x=1738963203; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=+XspKeyjomk44e0/WIApWppbYgKqZm7vtWqBqkgLKjs=; b=QhPVs2VxnUEmOnJgI7TVA7vjmugWl8gje5yPc3qqa5iqSIhhQDg2Bm1YPaGi3CpYu8 4/uXlWuL4AsOPEtQIHvjubRepVqWeNFwOHwtsYlOMerjE4TVLm//nmwqwzdxoolzK4WN 7+JHB6EAQ+tk0FUNXJoojPXbwnNa72vY5GWWSls4rsmG5QL6K7/z78lunbiZjArj3HUP h59LqoXZP9hXpkHp1KZX6JkOskjOsLrU4ScU1CHn1yVOPmP/6dhjw19jmGb/rGH95htv Fn8raIIp+Wg2vOuIXhzSpjg4xaXTqC1x+Mv2nICC+CiWJp88XyqFfYUI0OWcRtoY94U4 MNBw== X-Gm-Message-State: AOJu0Ywr7MHG6v4C4hvvBWRvz+4Zvldva/3jfQ1V4v+NE7jR7wgun5xY NcMajEWAATau6zM3lZ27g0RoEEcp1n+KcP43g1/6i7qejAid1PyqPDJmm+4l X-Gm-Gg: ASbGncv7cBd7Q5JtUT9+3kbhF4L7NiuzdkON2+zTo8aR2TCEgwIbeJathPP8XNdZio0 +o/imU+BllZxpR6cXDRkVVyRoFtp7H9a2JpoARgStu1A0ZTWMuJQRgkxcX045qxZ1y5DlM00JWk rWJuGtTeHT6xU2M3FywJ8drbiIPKulJejYgSUnJSXKXWFasMEAgDTRW+N7h6+TI3G91Pis5XzgX Qj9vDO9YxG0TgFSHdlumLBpbt3PHb4zGE1feomADVL2HsUMWVrV8TrOhVfJzWAo+QUozZf6v9FH gE9TMzPGPwV5MN/S0wdevHvxENxOAgIlb1IxOg== X-Google-Smtp-Source: AGHT+IFuPwf+hRwCp1jyv0amn0b8uDVXPs1L12kBLRKlcDR+W4P1f35RRYEbXR5K2ea+nOOHqSxyxQ== X-Received: by 2002:a05:6a00:e8a:b0:72a:bc6a:3a87 with SMTP id d2e1a72fcca58-72fd096a0a5mr18685827b3a.0.1738358403090; Fri, 31 Jan 2025 13:20:03 -0800 (PST) Received: from localhost.localdomain (utm3.nitt.edu. [14.139.162.2]) by smtp.gmail.com with ESMTPSA id d2e1a72fcca58-72fe64275c4sm3924008b3a.61.2025.01.31.13.20.00 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 31 Jan 2025 13:20:02 -0800 (PST) From: 45mg <45mg.writes@gmail.com> Date: Sat, 1 Feb 2025 02:48:46 +0530 Message-ID: X-Mailer: git-send-email 2.48.1 In-Reply-To: References: MIME-Version: 1.0 X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: guix-patches@gnu.org List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org Sender: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org X-getmail-retrieved-from-mailbox: Patches * guix/scripts/fork/update.scm: New file. * Makefile.am (MODULES): Add the new file. * guix/scripts/fork.scm (show-help): Mention new command. (%sub-commands): Add new command. Change-Id: I2017eb9a9286c02ca8bdf962bcbfe89d7607c413 --- Makefile.am | 1 + guix/scripts/fork.scm | 4 +- guix/scripts/fork/update.scm | 181 +++++++++++++++++++++++++++++++++++ 3 files changed, 185 insertions(+), 1 deletion(-) create mode 100644 guix/scripts/fork/update.scm diff --git a/Makefile.am b/Makefile.am index 1c1f5d84fd..8edd371ccd 100644 --- a/Makefile.am +++ b/Makefile.am @@ -380,6 +380,7 @@ MODULES = \ guix/scripts/fork.scm \ guix/scripts/fork/create.scm \ guix/scripts/fork/authenticate.scm \ + guix/scripts/fork/update.scm \ guix/scripts/graph.scm \ guix/scripts/weather.scm \ guix/scripts/container.scm \ diff --git a/guix/scripts/fork.scm b/guix/scripts/fork.scm index c5c7a59ba7..bf9c86e0aa 100644 --- a/guix/scripts/fork.scm +++ b/guix/scripts/fork.scm @@ -32,6 +32,8 @@ (define (show-help) create set up a fork of Guix\n")) (display (G_ "\ authenticate authenticate a fork of Guix\n")) + (display (G_ "\ + update update a fork of Guix\n")) (newline) (display (G_ " -h, --help display this help and exit")) @@ -40,7 +42,7 @@ (define (show-help) (newline) (show-bug-report-information)) -(define %sub-commands '("create" "authenticate")) +(define %sub-commands '("create" "authenticate" "update")) (define (resolve-sub-command name) (let ((module (resolve-interface diff --git a/guix/scripts/fork/update.scm b/guix/scripts/fork/update.scm new file mode 100644 index 0000000000..5aed337b85 --- /dev/null +++ b/guix/scripts/fork/update.scm @@ -0,0 +1,181 @@ +;;; GNU Guix --- Functional package management for GNU +;;; Copyright © 2025 Tomas Volf <~@wolfsden.cz> +;;; Copyright © 2025 45mg <45mg.writes@gmail.com> +;;; +;;; This file is part of GNU Guix. +;;; +;;; GNU Guix is free software; you can redistribute it and/or modify it +;;; under the terms of the GNU General Public License as published by +;;; the Free Software Foundation; either version 3 of the License, or (at +;;; your option) any later version. +;;; +;;; GNU Guix is distributed in the hope that it will be useful, but +;;; WITHOUT ANY WARRANTY; without even the implied warranty of +;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +;;; GNU General Public License for more details. +;;; +;;; You should have received a copy of the GNU General Public License +;;; along with GNU Guix. If not, see . + +(define-module (guix scripts fork update) + #:use-module (guix scripts fork authenticate) + #:use-module (git repository) + #:use-module (git structs) + #:use-module (git config) + #:use-module (guix ui) + #:use-module (guix scripts) + #:use-module (guix build utils) + #:use-module (guix channels) + #:use-module (ice-9 exceptions) + #:use-module (ice-9 match) + #:use-module (ice-9 popen) + #:use-module (ice-9 pretty-print) + #:use-module (ice-9 string-fun) + #:use-module (ice-9 textual-ports) + #:use-module (srfi srfi-1) + #:use-module (srfi srfi-13) + #:use-module (srfi srfi-26) + #:use-module (srfi srfi-37) + #:use-module (srfi srfi-71) + #:export (guix-fork-update)) + +;;; Commentary: +;;; +;;; Update a fork of Guix created via `guix fork create` and authenticated via +;;; `guix fork authenticate`, by applying new commits from the upstream branch +;;; onto it. +;;; +;;; Code: + +(define %options + ;; Specifications of the command-line options. + (list (option '(#\h "help") #f #f + (lambda args + (show-help) + (exit 0))) + (option '(#\V "version") #f #f + (lambda args + (show-version-and-exit "guix fork create"))) + + (option '( "fork-branch") #t #f + (lambda (opt name arg result) + (alist-cons 'fork-branch-name arg result))) + (option '(#\r "repository") #t #f + (lambda (opt name arg result) + (alist-cons 'directory arg result))))) + +(define %default-options + '()) + +(define %usage + (G_ "Usage: guix fork update [OPTIONS...] +Pull into this Guix fork's configured upstream branch, then apply new commits +onto the current branch. + + -r, --repository=DIRECTORY + Act in the Git repository in DIRECTORY + --fork-branch=BRANCH + Apply new commits onto BRANCH instead of the current + branch + + -h, --help display this help and exit + -V, --version display version information and exit +")) + +(define (show-help) + (display %usage) + (newline) + (show-bug-report-information)) + +(define (missing-arguments) + (leave (G_ "wrong number of arguments; \ +required ~%"))) + + +;;; +;;; Entry point. +;;; + +(define (guix-fork-update . args) + + (define options + (parse-command-line args %options (list %default-options) + #:build-options? #f)) + + (define (command-line-arguments lst) + (reverse (filter-map (match-lambda + (('argument . arg) arg) + (_ #f)) + lst))) + + (define-syntax invoke-git + (lambda (x) + (syntax-case x () + ((_ args ...) + #`(invoke "git" "-C" #,(datum->syntax x 'directory) args ...))))) + + (define-syntax invoke-git/stdout + (lambda (x) + (syntax-case x () + ((_ args ...) + #`(string-trim-right + (invoke/stdout "git" "-C" #,(datum->syntax x 'directory) args ...)))))) + + (with-error-handling + (let* ((directory (or (assoc-ref options 'directory) ".")) + (current-branch-name (invoke-git/stdout + "branch" + "--show-current")) + (current-head-location (invoke-git/stdout + "rev-parse" + "HEAD")) + (fork-branch-name (or (assoc-ref options 'fork-branch-name) + (if (string= current-branch-name "") + (leave (G_ "no current branch and --fork-branch not given")) + current-branch-name))) + + (repository (repository-open directory)) + (upstream-branch-name introduction-commit introduction-signer + (if (fork-configured? repository) + (fork-configured-introduction + (repository-open directory)) + (leave (G_ "fork not fully configured. +(Did you remember to run `guix fork authenticate` first?)%~")))) + (upstream-branch-commit + (invoke-git/stdout "rev-parse" upstream-branch-name)) + (new-upstream-branch-commit "") + (config (repository-config repository)) + (signing-key + (or + (catch 'git-error + (lambda () + (config-entry-value + (config-get-entry config "user.signingkey"))) + (const #f)) + (begin + (info (G_ "user.signingkey not set for this repository.~%")) + (info (G_ "Will attempt to sign commits with fork introduction key.~%")) + introduction-signer)))) + + (info (G_ "Pulling into '~a'...~%") upstream-branch-name) + (invoke-git "switch" upstream-branch-name) + (invoke-git "pull") + (set! new-upstream-branch-commit + (invoke-git/stdout "rev-parse" upstream-branch-name)) + + (info (G_ "Rebasing commits from '~a' to '~a' onto fork branch '~a'...~%") + upstream-branch-commit + new-upstream-branch-commit + fork-branch-name) + (invoke-git "rebase" "--rebase-merges" + (string-append "--gpg-sign=" signing-key) + fork-branch-name new-upstream-branch-commit) + + (info (G_ "Resetting fork branch '~a' to latest rebased commit...~%") + fork-branch-name) + (invoke-git "branch" "--force" fork-branch-name "HEAD") + + (invoke-git "checkout" (or current-branch-name current-head-location)) + + (info (G_ "Successfully updated Guix fork in ~a~%") + directory)))) From patchwork Fri Jan 31 21:18:47 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: 45mg <45mg.writes@gmail.com> X-Patchwork-Id: 38072 Return-Path: X-Original-To: patchwork@mira.cbaines.net Delivered-To: patchwork@mira.cbaines.net Received: by mira.cbaines.net (Postfix, from userid 113) id 0B20927BBEA; Fri, 31 Jan 2025 21:21:16 +0000 (GMT) X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on mira.cbaines.net X-Spam-Level: X-Spam-Status: No, score=-6.6 required=5.0 tests=BAYES_00,DKIM_ADSP_CUSTOM_MED, DKIM_SIGNED,DKIM_VALID,FREEMAIL_FROM,MAILING_LIST_MULTI, RCVD_IN_DNSWL_BLOCKED,RCVD_IN_VALIDITY_CERTIFIED,RCVD_IN_VALIDITY_RPBL, RCVD_IN_VALIDITY_SAFE,SPF_HELO_PASS,URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.6 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mira.cbaines.net (Postfix) with ESMTPS id 1BD6727BBE2 for ; Fri, 31 Jan 2025 21:21:15 +0000 (GMT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1tdyRl-00088W-Vx; Fri, 31 Jan 2025 16:21:06 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1tdyRj-00087a-Jv for guix-patches@gnu.org; Fri, 31 Jan 2025 16:21:03 -0500 Received: from debbugs.gnu.org ([2001:470:142:5::43]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1tdyRj-0002fw-B1 for guix-patches@gnu.org; Fri, 31 Jan 2025 16:21:03 -0500 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=debbugs.gnu.org; s=debbugs-gnu-org; h=MIME-Version:References:In-Reply-To:Date:From:To:Subject; bh=kTLhP7eOxVAyBixFBetnmK4lTMHiffyZRO+XOSa3nEo=; b=HrvqrEdBVupqXVd92ff+7b3W/rJ5skqWiW/XoMPOLaRARUZn2Nrju1hvhidU8kBGlDzeVm9ts9EDRd1Be13i+KbZC8nnoR0SJB9aA2+nQyYkE3dwv34x6eFZfofWWp9kFdalJfbBduIYr0dhtKvXUYtbDkhInKnlJcjIeUtGFhkh8JqYpBIK7dvRYdPrBFY2tdfVX9mjQoVb5mvNE99QQ/Xy0BN1Z0kqbcAbuvAXmQSYqIv6BJ9/e2/tLnNcxKf9xPFmelBZYdXBsl/flBV+S10SiL3AmzfvRF9qJ/4YnXj/HBAxoq2ELBkOtXg9Lp9sEOet3Qv7cDcvpi5ZPCJFlg==; Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1tdyRj-0005se-5s for guix-patches@gnu.org; Fri, 31 Jan 2025 16:21:03 -0500 X-Loop: help-debbugs@gnu.org Subject: [bug#75981] [PATCH (WIP) v1 4/4] Document 'guix fork'. Resent-From: 45mg <45mg.writes@gmail.com> Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Fri, 31 Jan 2025 21:21:03 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 75981 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: 75981@debbugs.gnu.org Cc: Nicolas Graves , Tomas Volf <~@wolfsden.cz>, 45mg <45mg.writes@gmail.com>, Liliana Marie Prikler , Ricardo Wurmus , Attila Lendvai Received: via spool by 75981-submit@debbugs.gnu.org id=B75981.173835842022504 (code B ref 75981); Fri, 31 Jan 2025 21:21:03 +0000 Received: (at 75981) by debbugs.gnu.org; 31 Jan 2025 21:20:20 +0000 Received: from localhost ([127.0.0.1]:54959 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1tdyR1-0005qu-QN for submit@debbugs.gnu.org; Fri, 31 Jan 2025 16:20:20 -0500 Received: from mail-pl1-x643.google.com ([2607:f8b0:4864:20::643]:46164) by debbugs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.84_2) (envelope-from <45mg.writes@gmail.com>) id 1tdyQx-0005kj-EP for 75981@debbugs.gnu.org; Fri, 31 Jan 2025 16:20:16 -0500 Received: by mail-pl1-x643.google.com with SMTP id d9443c01a7336-219f8263ae0so46830385ad.0 for <75981@debbugs.gnu.org>; Fri, 31 Jan 2025 13:20:15 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1738358409; x=1738963209; darn=debbugs.gnu.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=kTLhP7eOxVAyBixFBetnmK4lTMHiffyZRO+XOSa3nEo=; b=QxOiMvz/NyzwMd3WiSrAOGDFtKyG/uPlceSeR+ItNUGkSPCOSelYsA6BUhLzVOatMY xWha+6gcZDk418SUs3CPPKA2Tx/r6ugA0GcZY3TcOOs+k3Ze914UgAmg2VqxbT+6Y8yJ lOM+MpX2cBbB4TuKj6O9mbkqfINcHnbFkL1FnSdSYUwTJO30eZQIPNR0Aw23s6bJhUpl eu5hlEo3Eo3aIsA2O9XIgEjxfjXO6bLuI72ghhkGQk+CM16CR8ihDu7Ey5H/rN+Bcg7i MSmA5Rm8ZMkmmv2lLq3JktU93CDFf1jxdoHU1Wg252sSoEjDXERflSFYTxvTQVCQmIQg LE5Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1738358409; x=1738963209; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=kTLhP7eOxVAyBixFBetnmK4lTMHiffyZRO+XOSa3nEo=; b=wmWo3RpkjQgQUAIJJgut/VDwS0N+P051UxGCCHeHRY5d60qRrdpTnA18SyMYh88ahe IOgMWzOwO3Y9Kc593VY1susjgBwx+yEUr/kYTJauP38LCL2bi5IvEyZK4sXBKI8d1MUe 86C+smMcy7aH5NEq4XVtwd6BHzwrgpjFKxL+XUs0wEH6TK1PuqCNb+vLReQIz28cstbp dCUESDfDdLhx5ax9oVSkAEFUkT2Avw3X1kjejTEz/F2sLC7CJ5/dusuQWOoqS6D680KG Jq//v2BZYj6fPrQcgwoQbZQep/oYHwLyzoFLxiM8h/TiVNXq///OqtDSK66ZYikLBk4G NHVw== X-Gm-Message-State: AOJu0YwG36efi9gylCk+qvejO20AJ4Dx5LCHRb+fWqotTqAUmkdU1cFp GexJ5o1JNawqD5Yha4wwOdNcPdLQlVeZB+ey57iVQMKaPsuO9E2x/bUA0j6L X-Gm-Gg: ASbGncsmzG1E99cTUtxzI1rsaK0weBUidFBJYXCTO+qpwRxj2+SfPzhHoUUI/jgodH4 6gXgdEGv+vH2jd+bzB8glHo1CFp9LEW+9IiK2n7DXEa9CuM1UDF1xdo22Oo2y0r0ShQlI0+xpx5 EnFDHX9Tc6lfbLO6rKF1vRydRk1sbM0QMj/R87lf0HDM5l9+H4PxRyzVoE36K2wGGGe6DVnnOBi PH1cZmybpyaKb7pLdIHaT2ZmzD0WKerCGmWXkrlkF5hZFoQ0odRoV97SzZV1yt5XYxsMl86bsOd sX4jpj0cDviMpA8xEn/a9TvAXMKcqh3jdatvrA== X-Google-Smtp-Source: AGHT+IF63NhnKRm4Eq91FSP0/ppF7N5+C7xl0PJy8TMR1CA94SRIizjkowJ0AVBGVczgYZ+HJAz62A== X-Received: by 2002:a05:6a00:1411:b0:725:9f02:489a with SMTP id d2e1a72fcca58-72fd0c5ee8cmr16921091b3a.17.1738358409143; Fri, 31 Jan 2025 13:20:09 -0800 (PST) Received: from localhost.localdomain (utm3.nitt.edu. [14.139.162.2]) by smtp.gmail.com with ESMTPSA id d2e1a72fcca58-72fe64275c4sm3924008b3a.61.2025.01.31.13.20.06 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 31 Jan 2025 13:20:08 -0800 (PST) From: 45mg <45mg.writes@gmail.com> Date: Sat, 1 Feb 2025 02:48:47 +0530 Message-ID: X-Mailer: git-send-email 2.48.1 In-Reply-To: References: MIME-Version: 1.0 X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: guix-patches@gnu.org List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org Sender: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org X-getmail-retrieved-from-mailbox: Patches * doc/guix.texi (Invoking guix fork): New node. * doc/contributing.texi (Using Your Own Patches): New node. Change-Id: I06240f0fe8d1fe39f27130a72f5d0d92949c99da --- doc/contributing.texi | 50 ++++++++++++++ doc/guix.texi | 150 ++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 200 insertions(+) diff --git a/doc/contributing.texi b/doc/contributing.texi index c94ae940fa..bd4fd6c2ac 100644 --- a/doc/contributing.texi +++ b/doc/contributing.texi @@ -35,6 +35,7 @@ Contributing * Making Decisions:: Collectively choosing the way forward. * Commit Access:: Pushing to the official repository. * Reviewing the Work of Others:: Some guidelines for sharing reviews. +* Using Your Own Patches:: Using your own work before it's accepted. * Updating the Guix Package:: Updating the Guix package definition. * Deprecation Policy:: Commitments and tools for deprecation. * Writing Documentation:: Improving documentation in GNU Guix. @@ -3095,6 +3096,55 @@ Reviewing the Work of Others have reviewed more easily by adding a @code{reviewed-looks-good} usertag for the @code{guix} user (@pxref{Debbugs Usertags}). +@node Using Your Own Patches +@section Using Your Own Patches + +If you've taken the time to contribute code to Guix, chances are that +you want the changes you've made to be reflected in your own Guix +installation as soon as possible. Maybe you've added a package you want, +and you want to start using it @emph{right now}. Or you've fixed a bug +that affects you, and you want it to @emph{go away}. + +As described in the preceding sections, all contributions to Guix first +go through a review process to ensure code quality. Sometimes, this can +take longer than one would like. Ideally, the pace of the review process +should not prevent you from benefiting from your own work. + +One way to work around this issue is to create an additional channel of +your own (@pxref{Creating a Channel}), and add your code to it. For +certain kinds of contributions, such as adding a new package, this is +fairly straightforward - simply copy your new package definition(s) into +a new file in the channel, and remove them when your contribution is +accepted. + +However, there may be cases where this is not convenient. Certain kinds +of changes, such as those that need to modify existing Guix internals, +may be more challenging to incorporate into a channel. Moreoever, the +more substantial your contribution is, the more work it will be to do +so. + +@cindex fork, of Guix +For such cases, there is another option. Recall that the patch series +that you sent (@pxref{Sending a Patch Series}) was created from a one or +more commits on a checkout of the Guix repository (@pxref{Building from +Git}). You could simply specify this repository (referred to as your +`Guix fork', or simply `fork', from here onwards), and its relevant +branch, as your `@code{guix}' channel (@pxref{Using a Custom Guix +Channel}). Now `@code{guix pull}' will fetch your new commits, and +you'll see the changes you made reflected in your Guix installation! + +However, there's a potential complication to this approach - the issue +of authentication (@pxref{Channel Authentication}). If your fork only +exists on your local filesystem (a `local fork'), then you probably +don't need to worry about this, and can pull without authentication +(@pxref{Invoking guix pull}). But other situations, such as a remotely +hosted fork, may make it important for your fork to be authenticated, in +the same way that all channels are expected to be. + +Guix provides a @command{guix fork} command in order to simplify and +automate many details of creating and managing and authenticated +fork. For more information, @pxref{Invoking guix fork}. + @node Updating the Guix Package @section Updating the Guix Package diff --git a/doc/guix.texi b/doc/guix.texi index b1b6d98e74..bbb5666d0a 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -311,6 +311,7 @@ Top * Invoking guix pack:: Creating software bundles. * The GCC toolchain:: Working with languages supported by GCC. * Invoking guix git authenticate:: Authenticating Git repositories. +* Invoking guix fork:: Creating and managing authenticated forks of Guix. Programming Interface @@ -5930,6 +5931,7 @@ Development * Invoking guix pack:: Creating software bundles. * The GCC toolchain:: Working with languages supported by GCC. * Invoking guix git authenticate:: Authenticating Git repositories. +* Invoking guix fork:: Creating and managing authenticated forks of Guix. @end menu @node Invoking guix shell @@ -7534,6 +7536,154 @@ Invoking guix git authenticate @end table +@node Invoking guix fork +@section Invoking @command{guix fork} + +@cindex @command{guix fork} + +The @command{guix fork} command provides the means to quickly set up, +authenticate, and keep up-to-date an authenticated fork of Guix. For +more information on authentication of a Guix checkout, @pxref{Invoking +guix git authenticate}. + +Its syntax is: + +guix fork ACTION ARGS... + +ACTION specifies the fork-related action to perform. Currently, the +following values are supported: + +@table @code +@item create SIGNING_KEY [DIRECTORY OPTIONS...] +Create a fork of Guix in DIRECTORY, using SIGNING_KEY to sign the introductory +commit. +DIRECTORY defaults to ./guix. + +First, clone Guix into DIRECTORY, unless @code{--use-existing} is +given. Then, add SIGNING_KEY to the `@code{keyring}' branch of the +repository. Finally, create a new `@code{fork}' branch based starting +from the default branch, whose initial commit authorizes SIGNING_KEY +alone (by adding it to @file{.guix-authorizations}) and is signed by it. + +The new `@code{fork}' branch is intended to mirror upstream +Guix. Updating the fork amounts to applying all new commits to it (see +the `@code{update}' command below for further explanation). You can work +on patches in branches based off of this one, in much the same way as +you would base them on Guix's default branch - every commit from the +latter will be present in the former. + +To @command{guix pull} your changes, you could create a `build' branch +starting from the initial fork commit, onto which you can cherry-pick or +rebase commits from patch branches. This branch can then be specified +for the `@code{guix}' channel (@pxref{Using a Custom Guix Channel}). +Updating this channel can be done by merging the `@code{fork}' branch +into it. + +OPTIONS can be one or more of the following: + +@table @code +@item --use-existing +Use existing clone of Guix in DIRECTORY. This is useful if you've +already created commits for a patch series (@pxref{Using Your Own +Patches}). However, all commits to the default branch, as well as any +branches that may be merged into it in the future, must have been signed +with an authorized key; otherwise, authentication will fail later. +@item --upstream=URI +The repository to clone from. This defaults to the default URL for the +Guix repository. +@item --channel-url=URI +Optional URI, which if given, will be used to replace the channel URL. +Furthermore, the existing `origin' remote (which tracks +`@code{upstream}') is renamed to `upstream', and a new `origin' remote +is created to track URI. +@item --git-parameter PARAMETER +Specify configuration PARAMETER for git, via `-c' option. You can pass +this option multiple times. +@end table + +@cindex authentication, of Guix forks +@item authenticate UPSTREAM COMMIT SIGNER [OPTIONS...] +Authenticate a Guix fork, using COMMIT and SIGNER as the fork +introduction. + +First, authenticate new commits from UPSTREAM, using Guix's default +introduction. Then authenticate the remaining commits using the fork +introduction. + +As with @code{guix git authenticate}, all three of UPSTREAM, COMMIT and +SIGNER will be cached in .git/config, so that you don't need to specify +them after the first time. + +OPTIONS can be one or more of the following: + +@table @code +@item --repository=DIRECTORY +@itemx -r DIRECTORY +Authenticate the git repository in DIRECTORY, instead of the current +directory. +@item --upstream-commit=COMMIT +@itemx --upstream-signer=SIGNER +Use COMMIT/SIGNER as the introduction for upstream +Guix, instead of Guix's default channel introduction. +@item --keyring=REFERENCE +@itemx -k REFERENCE +Load keyring for fork commits from REFERENCE, a Git branch (default +`@code{keyring}'). +@item --upstream-keyring=REFERENCE +Load keyring for upstream commits from REFERENCE, a Git branch (default +`@code{keyring}'). +@item --end=COMMIT +Authenticate fork commits up to COMMIT. +@item --upstream-end=COMMIT +Authenticate upstream commits up to COMMIT. + +@item --cache-key=KEY +@itemx --historical-authorizations=FILE +@itemx --stats +Identical to the correponding options in @command{guix git authenticate} +(@pxref{Invoking guix git authenticate}). +@end table + +@item update [OPTIONS...] +Pull into this Guix fork's configured upstream branch (from running +@command{guix fork authenticate}), then apply new commits onto the +current branch. + +This approach may seem less convenient than simply merging the upstream +branch into the fork branch. Indeed, it duplicates every upstream commit +under a different commit hash, and applying a large number of commits +can be slow. However, this is currently the only feasible approach due +to the nature of Guix's authentication mechanism. Namely, merge commits +can only be authenticated if both their parents are signed by an +authorized key, meaning that you can only use the merge workflow if +you're authorized to commit to upstream Guix. + +For mapping commits on the fork branch to their equivalents on the +upstream branch, you can use @command{guix fork identify} (see below). + +OPTIONS can be one or more of the following: + +@table @code +@item --repository=DIRECTORY +@itemx -r DIRECTORY +Act in the Git repository in DIRECTORY. +@item --fork-branch=BRANCH +Apply new commits onto BRANCH instead of the current branch. +@end table + +@item identify +Coming soon! + +Given a commit hash from upstream Guix, print its equivalent on the fork +branch, or vice versa. +This uses the 'Change-Id:' line added to commit messages by Guix's +'commit-msg' hook. +The first invocation of this command will be slow, as the entire set of +corresponding commits is built up as a hash table, and then +cached. Subsequent invocations should be nearly instant. + +@end table + @c ********************************************************************* @node Programming Interface @chapter Programming Interface