From patchwork Mon Jul 6 08:43:52 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: =?utf-8?q?Ludovic_Court=C3=A8s?= X-Patchwork-Id: 23075 Return-Path: X-Original-To: patchwork@mira.cbaines.net Delivered-To: patchwork@mira.cbaines.net Received: by mira.cbaines.net (Postfix, from userid 113) id 4B1CE27BBE3; Mon, 6 Jul 2020 09:45:31 +0100 (BST) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on mira.cbaines.net X-Spam-Level: X-Spam-Status: No, score=-2.9 required=5.0 tests=BAYES_00,MAILING_LIST_MULTI, RCVD_IN_MSPIKE_H4,RCVD_IN_MSPIKE_WL autolearn=unavailable autolearn_force=no version=3.4.2 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mira.cbaines.net (Postfix) with ESMTP id 3A70327BBE1 for ; Mon, 6 Jul 2020 09:45:30 +0100 (BST) Received: from localhost ([::1]:56602 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1jsMkj-00051S-PM for patchwork@mira.cbaines.net; Mon, 06 Jul 2020 04:45:29 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:37772) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1jsMkI-0004bn-9q for guix-patches@gnu.org; Mon, 06 Jul 2020 04:45:02 -0400 Received: from debbugs.gnu.org ([209.51.188.43]:50264) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1jsMkI-0000af-03 for guix-patches@gnu.org; Mon, 06 Jul 2020 04:45:02 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1jsMkH-0005qq-Ud for guix-patches@gnu.org; Mon, 06 Jul 2020 04:45:01 -0400 X-Loop: help-debbugs@gnu.org Subject: [bug#42225] [PATCH 1/5] git-authenticate: Factorize 'authenticate-repository'. References: <20200706083755.11778-1-ludo@gnu.org> In-Reply-To: <20200706083755.11778-1-ludo@gnu.org> Resent-From: Ludovic =?utf-8?q?Court=C3=A8s?= Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Mon, 06 Jul 2020 08:45:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 42225 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: 42225@debbugs.gnu.org Cc: Ludovic =?utf-8?q?Court=C3=A8s?= Received: via spool by 42225-submit@debbugs.gnu.org id=B42225.159402505022362 (code B ref 42225); Mon, 06 Jul 2020 08:45:01 +0000 Received: (at 42225) by debbugs.gnu.org; 6 Jul 2020 08:44:10 +0000 Received: from localhost ([127.0.0.1]:33564 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1jsMjR-0005oV-Hl for submit@debbugs.gnu.org; Mon, 06 Jul 2020 04:44:10 -0400 Received: from eggs.gnu.org ([209.51.188.92]:51328) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1jsMjQ-0005oG-1s for 42225@debbugs.gnu.org; Mon, 06 Jul 2020 04:44:08 -0400 Received: from fencepost.gnu.org ([2001:470:142:3::e]:50383) by eggs.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1jsMjK-0000RB-OW; Mon, 06 Jul 2020 04:44:02 -0400 Received: from [2a01:e0a:1d:7270:af76:b9b:ca24:c465] (port=50318 helo=gnu.org) by fencepost.gnu.org with esmtpsa (TLS1.2:DHE_RSA_AES_256_CBC_SHA1:256) (Exim 4.82) (envelope-from ) id 1jsMjK-0000pX-6W; Mon, 06 Jul 2020 04:44:02 -0400 From: Ludovic =?utf-8?q?Court=C3=A8s?= Date: Mon, 6 Jul 2020 10:43:52 +0200 Message-Id: <20200706084356.13013-1-ludo@gnu.org> X-Mailer: git-send-email 2.27.0 MIME-Version: 1.0 X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: guix-patches@gnu.org List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org Sender: "Guix-patches" X-getmail-retrieved-from-mailbox: Patches * guix/git-authenticate.scm (repository-cache-key) (verify-introductory-commit, authenticate-repository): New procedures. * guix/channels.scm (verify-introductory-commit): Remove. (authenticate-channel): Rewrite in terms of 'authenticate-repository'. --- guix/channels.scm | 118 ++++++++++---------------------------- guix/git-authenticate.scm | 101 +++++++++++++++++++++++++++++++- 2 files changed, 131 insertions(+), 88 deletions(-) diff --git a/guix/channels.scm b/guix/channels.scm index 500c956f0f..bbabf654a9 100644 --- a/guix/channels.scm +++ b/guix/channels.scm @@ -315,100 +315,44 @@ result is unspecified." (define commit-short-id (compose (cut string-take <> 7) oid->string commit-id)) -(define (verify-introductory-commit repository introduction keyring) - "Raise an exception if the first commit described in INTRODUCTION doesn't -have the expected signer." - (define commit-id - (channel-introduction-first-signed-commit introduction)) - - (define actual-signer - (openpgp-public-key-fingerprint - (commit-signing-key repository (string->oid commit-id) - keyring))) - - (define expected-signer - (channel-introduction-first-commit-signer introduction)) - - (unless (bytevector=? expected-signer actual-signer) - (raise (condition - (&message - (message (format #f (G_ "initial commit ~a is signed by '~a' \ -instead of '~a'") - commit-id - (openpgp-format-fingerprint actual-signer) - (openpgp-format-fingerprint expected-signer)))))))) - (define* (authenticate-channel channel checkout commit #:key (keyring-reference-prefix "origin/")) "Authenticate the given COMMIT of CHANNEL, available at CHECKOUT, a directory containing a CHANNEL checkout. Raise an error if authentication fails." + (define intro + (channel-introduction channel)) + + (define cache-key + (string-append "channels/" (symbol->string (channel-name channel)))) + + (define keyring-reference + (channel-metadata-keyring-reference + (read-channel-metadata-from-source checkout))) + + (define (make-reporter start-commit end-commit commits) + (format (current-error-port) + (G_ "Authenticating channel '~a', commits ~a to ~a (~h new \ +commits)...~%") + (channel-name channel) + (commit-short-id start-commit) + (commit-short-id end-commit) + (length commits)) + + (progress-reporter/bar (length commits))) + ;; XXX: Too bad we need to re-open CHECKOUT. (with-repository checkout repository - (define start-commit - (commit-lookup repository - (string->oid - (channel-introduction-first-signed-commit - (channel-introduction channel))))) - - (define end-commit - (commit-lookup repository (string->oid commit))) - - (define cache-key - (string-append "channels/" (symbol->string (channel-name channel)))) - - (define keyring-reference - (channel-metadata-keyring-reference - (read-channel-metadata-from-source checkout))) - - (define keyring - (load-keyring-from-reference repository - (string-append keyring-reference-prefix - keyring-reference))) - - (define authenticated-commits - ;; Previously-authenticated commits that don't need to be checked again. - (filter-map (lambda (id) - (false-if-exception - (commit-lookup repository (string->oid id)))) - (previously-authenticated-commits cache-key))) - - (define commits - ;; Commits to authenticate, excluding the closure of - ;; AUTHENTICATED-COMMITS. - (commit-difference end-commit start-commit - authenticated-commits)) - - (define reporter - (progress-reporter/bar (length commits))) - - ;; When COMMITS is empty, it's because END-COMMIT is in the closure of - ;; START-COMMIT and/or AUTHENTICATED-COMMITS, in which case it's known to - ;; be authentic already. - (unless (null? commits) - (format (current-error-port) - (G_ "Authenticating channel '~a', \ -commits ~a to ~a (~h new commits)...~%") - (channel-name channel) - (commit-short-id start-commit) - (commit-short-id end-commit) - (length commits)) - - ;; If it's our first time, verify CHANNEL's introductory commit. - (when (null? authenticated-commits) - (verify-introductory-commit repository - (channel-introduction channel) - keyring)) - - (call-with-progress-reporter reporter - (lambda (report) - (authenticate-commits repository commits - #:keyring keyring - #:report-progress report))) - - (cache-authenticated-commit cache-key - (oid->string - (commit-id end-commit)))))) + (authenticate-repository repository + (string->oid + (channel-introduction-first-signed-commit intro)) + (channel-introduction-first-commit-signer intro) + #:end (string->oid commit) + #:keyring-reference + (string-append keyring-reference-prefix + keyring-reference) + #:make-reporter make-reporter + #:cache-key cache-key))) (define* (latest-channel-instance store channel #:key (patches %patches) diff --git a/guix/git-authenticate.scm b/guix/git-authenticate.scm index 082c44ee06..99fd9c3594 100644 --- a/guix/git-authenticate.scm +++ b/guix/git-authenticate.scm @@ -18,14 +18,18 @@ (define-module (guix git-authenticate) #:use-module (git) + #:autoload (gcrypt hash) (sha256) #:use-module (guix base16) - #:use-module ((guix git) #:select (false-if-git-not-found)) + #:autoload (guix base64) (base64-encode) + #:use-module ((guix git) + #:select (commit-difference false-if-git-not-found)) #:use-module (guix i18n) #:use-module (guix openpgp) #:use-module ((guix utils) #:select (cache-directory with-atomic-file-output)) #:use-module ((guix build utils) #:select (mkdir-p)) + #:use-module (guix progress) #:use-module (srfi srfi-1) #:use-module (srfi srfi-11) #:use-module (srfi srfi-26) @@ -44,6 +48,9 @@ previously-authenticated-commits cache-authenticated-commit + repository-cache-key + authenticate-repository + git-authentication-error? git-authentication-error-commit unsigned-commit-error? @@ -339,3 +346,95 @@ authenticated (only COMMIT-ID is written to cache, though)." (display ";; List of previously-authenticated commits.\n\n" port) (pretty-print lst port)))))) + + +;;; +;;; High-level interface. +;;; + +(define (repository-cache-key repository) + "Return a unique key to store the authenticate commit cache for REPOSITORY." + (string-append "checkouts/" + (base64-encode + (sha256 (string->utf8 (repository-directory repository)))))) + +(define (verify-introductory-commit repository keyring commit expected-signer) + "Look up COMMIT in REPOSITORY, and raise an exception if it is not signed by +EXPECTED-SIGNER." + (define actual-signer + (openpgp-public-key-fingerprint + (commit-signing-key repository (commit-id commit) keyring))) + + (unless (bytevector=? expected-signer actual-signer) + (raise (condition + (&message + (message (format #f (G_ "initial commit ~a is signed by '~a' \ +instead of '~a'") + (oid->string (commit-id commit)) + (openpgp-format-fingerprint actual-signer) + (openpgp-format-fingerprint expected-signer)))))))) + +(define* (authenticate-repository repository start signer + #:key + (keyring-reference "keyring") + (cache-key (repository-cache-key repository)) + (end (reference-target + (repository-head repository))) + (historical-authorizations '()) + (make-reporter + (const progress-reporter/silent))) + "Authenticate REPOSITORY up to commit END, an OID. Authentication starts +with commit START, an OID, which must be signed by SIGNER; an exception is +raised if that is not the case. Return an alist mapping OpenPGP public keys +to the number of commits signed by that key that have been traversed. + +The OpenPGP keyring is loaded from KEYRING-REFERENCE in REPOSITORY, where +KEYRING-REFERENCE is the name of a branch. The list of authenticated commits +is cached in the authentication cache under CACHE-KEY. + +HISTORICAL-AUTHORIZATIONS must be a list of OpenPGP fingerprints (bytevectors) +denoting the authorized keys for commits whose parent lack the +'.guix-authorizations' file." + (define start-commit + (commit-lookup repository start)) + (define end-commit + (commit-lookup repository end)) + + (define keyring + (load-keyring-from-reference repository keyring-reference)) + + (define authenticated-commits + ;; Previously-authenticated commits that don't need to be checked again. + (filter-map (lambda (id) + (false-if-git-not-found + (commit-lookup repository (string->oid id)))) + (previously-authenticated-commits cache-key))) + + (define commits + ;; Commits to authenticate, excluding the closure of + ;; AUTHENTICATED-COMMITS. + (commit-difference end-commit start-commit + authenticated-commits)) + + ;; When COMMITS is empty, it's because END-COMMIT is in the closure of + ;; START-COMMIT and/or AUTHENTICATED-COMMITS, in which case it's known to + ;; be authentic already. + (if (null? commits) + '() + (let ((reporter (make-reporter start-commit end-commit commits))) + ;; If it's our first time, verify START-COMMIT's signature. + (when (null? authenticated-commits) + (verify-introductory-commit repository keyring + start-commit signer)) + + (let ((stats (call-with-progress-reporter reporter + (lambda (report) + (authenticate-commits repository commits + #:keyring keyring + #:default-authorizations + historical-authorizations + #:report-progress report))))) + (cache-authenticated-commit cache-key + (oid->string (commit-id end-commit))) + + stats)))) From patchwork Mon Jul 6 08:43:53 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: =?utf-8?q?Ludovic_Court=C3=A8s?= X-Patchwork-Id: 23076 Return-Path: X-Original-To: patchwork@mira.cbaines.net Delivered-To: patchwork@mira.cbaines.net Received: by mira.cbaines.net (Postfix, from userid 113) id 5B60527BBE3; Mon, 6 Jul 2020 09:45:41 +0100 (BST) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on mira.cbaines.net X-Spam-Level: X-Spam-Status: No, score=-2.9 required=5.0 tests=BAYES_00,MAILING_LIST_MULTI, RCVD_IN_MSPIKE_H4,RCVD_IN_MSPIKE_WL,URIBL_BLOCKED autolearn=unavailable autolearn_force=no version=3.4.2 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mira.cbaines.net (Postfix) with ESMTP id 2B4DF27BBE1 for ; Mon, 6 Jul 2020 09:45:40 +0100 (BST) Received: from localhost ([::1]:56824 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1jsMkt-00059b-Md for patchwork@mira.cbaines.net; Mon, 06 Jul 2020 04:45:39 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:37774) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1jsMkI-0004cC-Ll for guix-patches@gnu.org; Mon, 06 Jul 2020 04:45:02 -0400 Received: from debbugs.gnu.org ([209.51.188.43]:50265) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1jsMkI-0000bM-C5 for guix-patches@gnu.org; Mon, 06 Jul 2020 04:45:02 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1jsMkI-0005r0-As for guix-patches@gnu.org; Mon, 06 Jul 2020 04:45:02 -0400 X-Loop: help-debbugs@gnu.org Subject: [bug#42225] [PATCH 2/5] Add 'etc/historical-authorizations'. Resent-From: Ludovic =?utf-8?q?Court=C3=A8s?= Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Mon, 06 Jul 2020 08:45:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 42225 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: 42225@debbugs.gnu.org Cc: Ludovic =?utf-8?q?Court=C3=A8s?= Received: via spool by 42225-submit@debbugs.gnu.org id=B42225.159402505122377 (code B ref 42225); Mon, 06 Jul 2020 08:45:02 +0000 Received: (at 42225) by debbugs.gnu.org; 6 Jul 2020 08:44:11 +0000 Received: from localhost ([127.0.0.1]:33568 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1jsMjT-0005or-48 for submit@debbugs.gnu.org; Mon, 06 Jul 2020 04:44:11 -0400 Received: from eggs.gnu.org ([209.51.188.92]:51338) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1jsMjQ-0005oH-QG for 42225@debbugs.gnu.org; Mon, 06 Jul 2020 04:44:09 -0400 Received: from fencepost.gnu.org ([2001:470:142:3::e]:50384) by eggs.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1jsMjL-0000Sp-Gz; Mon, 06 Jul 2020 04:44:03 -0400 Received: from [2a01:e0a:1d:7270:af76:b9b:ca24:c465] (port=50318 helo=gnu.org) by fencepost.gnu.org with esmtpsa (TLS1.2:DHE_RSA_AES_256_CBC_SHA1:256) (Exim 4.82) (envelope-from ) id 1jsMjL-0000pX-1Z; Mon, 06 Jul 2020 04:44:03 -0400 From: Ludovic =?utf-8?q?Court=C3=A8s?= Date: Mon, 6 Jul 2020 10:43:53 +0200 Message-Id: <20200706084356.13013-2-ludo@gnu.org> X-Mailer: git-send-email 2.27.0 In-Reply-To: <20200706084356.13013-1-ludo@gnu.org> References: <20200706084356.13013-1-ludo@gnu.org> MIME-Version: 1.0 X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: guix-patches@gnu.org List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org Sender: "Guix-patches" X-getmail-retrieved-from-mailbox: Patches * etc/historical-authorizations: New file. Data extracted from 'build-aux/git-authenticate.scm'. * Makefile.am (EXTRA_DIST): Add it. --- Makefile.am | 1 + etc/historical-authorizations | 179 ++++++++++++++++++++++++++++++++++ 2 files changed, 180 insertions(+) create mode 100644 etc/historical-authorizations diff --git a/Makefile.am b/Makefile.am index 8988cdfa12..e125e07e99 100644 --- a/Makefile.am +++ b/Makefile.am @@ -552,6 +552,7 @@ EXTRA_DIST += \ etc/news.scm \ etc/release-manifest.scm \ etc/system-tests.scm \ + etc/historical-authorizations \ build-aux/build-self.scm \ build-aux/compile-all.scm \ build-aux/hydra/evaluate.scm \ diff --git a/etc/historical-authorizations b/etc/historical-authorizations new file mode 100644 index 0000000000..429054c9a5 --- /dev/null +++ b/etc/historical-authorizations @@ -0,0 +1,179 @@ +;; List of "historical" committers---people once authorized committers before +;; the '.guix-authorizations' file was created. +;; +;; This file is provided for historical and auditing purposes. It is known +;; good starting at least at 'v1.0.0'. +;; +;; The format is the same as for '.guix-authorizations'. User names are those +;; found on along +;; with the fingerprint of the signing (sub)key. + +(authorizations + (version 0) + + (("AD17 A21E F8AE D8F1 CC02 DBD9 F7D5 C9BF 765C 61E3" + (name "andreas")) + ("2A39 3FFF 68F4 EF7A 3D29 12AF 6F51 20A0 22FB B2D5" + (name "ajgrf")) + ("306F CB8F 2C01 C25D 29D3 0556 61EF 502E F602 52F2" + (name "alexvong1995")) + ("4FB9 9F49 2B12 A365 7997 E664 8246 0C08 2A0E E98F" + (name "alezost")) + ("50F3 3E2E 5B0C 3D90 0424 ABE8 9BDC F497 A4BB CC7F" + (name "ambrevar")) + ("27D5 86A4 F890 0854 329F F09F 1260 E464 82E6 3562" + (name "apteryx")) + ("7F73 0343 F2F0 9F3C 77BF 79D3 2E25 EE8B 6180 2BB3" + (name "arunisaac")) + (;; primary: "3B12 9196 AE30 0C3C 0E90 A26F A715 5567 3271 9948" + "9A2B 401E D001 0650 1584 BAAC 8BC4 F447 6E8A 8E00" + (name "atheia")) + (;; primary: "BE62 7373 8E61 6D6D 1B3A 08E8 A21A 0202 4881 6103" + "39B3 3C8D 9448 0D2D DCC2 A498 8B44 A0CD C7B9 56F2" + (name "bandali")) + (;; primary: "34FF 38BC D151 25A6 E340 A0B5 3453 2F9F AFCA 8B8E" + "A0C5 E352 2EF8 EF5C 64CD B7F0 FD73 CAC7 19D3 2566" + (name "bavier")) + ("3774 8024 880F D3FF DCA2 C9AB 5893 6E0E 2F1B 5A4C" + (name "beffa")) + ("BCF8 F737 2CED 080A 67EB 592D 2A6A D9F4 AAC2 0DF6" + (name "benwoodcroft")) + ("45CC 63B8 5258 C9D5 5F34 B239 D37D 0EA7 CECC 3912" + (name "biscuolo")) + ("7988 3B9F 7D6A 4DBF 3719 0367 2506 A96C CF63 0B21" + (name "boskovits")) + ("DFC0 C7F7 9EE6 0CA7 AE55 5E19 6722 43C4 A03F 0EEE" + (name "brettgilio")) + (;; primary: "0401 7A2A 6D9A 0CCD C81D 8EC2 96AB 007F 1A7E D999" + "09CD D25B 5244 A376 78F6 EEA8 0CC5 2153 1979 91A5" + (name "carl")) + ("3E89 EEE7 458E 720D 9754 E0B2 5E28 A33B 0B84 F577" + (name "cbaines")) + ("3CE4 6455 8A84 FDC6 9DB4 0CFB 090B 1199 3D9A EBB5" + (name "civodul")) + ("510A 8628 E2A7 7678 8F8C 709C 4BC0 2592 5FF8 F4D3" + (name "cwebber")) + (;; primary: "295A F991 6F46 F8A1 34B0 29DA 8086 3842 F0FE D83B" + "76CE C6B1 7274 B465 C02D B3D9 E71A 3554 2C30 BAA5" + (name "dannym")) + ("B3C0 DB4D AD73 BA5D 285E 19AE 5143 0234 CEFD 87C3" + (name "davexunit")) + ( ;FIXME: to be confirmed! + "8CCB A7F5 52B9 CBEA E1FB 2915 8328 C747 0FF1 D807" + (name "davexunit (2nd)")) + ("53C4 1E6E 41AA FE55 335A CA5E 446A 2ED4 D940 BF14" + (name "daviwil")) + ("6909 6DFD D702 8BED ACC5 884B C5E0 51C7 9C0B ECDB" + (name "dvc")) + ("5F43 B681 0437 2F4B A898 A64B 33B9 E9FD E28D 2C23" + (name "dvc (old)")) + ("A28B F40C 3E55 1372 662D 14F7 41AA E7DC CA3D 8351" + (name "efraim")) + ("9157 41FE B22F A4E3 3B6E 8F8D F4C1 D391 7EAC EE93" + (name "efraim (old)")) + (;; primary: "2453 02B1 BAB1 F867 FDCA 96BC 8F3F 861F 82EB 7A9A" + "CBC5 9C66 EC27 B971 7940 6B3E 6BE8 208A DF21 FE3F" + (name "glv")) + ("2219 43F4 9E9F 276F 9499 3382 BF28 6CB6 593E 5FFD" + (name "hoebjo")) + ("B943 509D 633E 80DD 27FC 4EED 634A 8DFF D3F6 31DF" + (name "htgoebel")) + ("7440 26BA 7CA3 C668 E940 1D53 0B43 1E98 3705 6942" + (name "ipetkov")) + (;; primary: "66A5 6D9C 9A98 BE7F 719A B401 2652 5665 AE72 7D37" + "0325 78A6 8298 94E7 2AA2 66F5 D415 BF25 3B51 5976" + (name "iyzsong")) + + ;; https://lists.gnu.org/archive/html/guix-devel/2018-04/msg00229.html + ("DB34 CB51 D25C 9408 156F CDD6 A12F 8797 8D70 1B99" + (name "janneke (old)")) + ("1A85 8392 E331 EAFD B8C2 7FFB F3C1 A0D9 C1D6 5273" + (name "janneke")) + + (;; primary: "1BA4 08C5 8BF2 0EA7 3179 635A 865D C0A3 DED9 B5D0" + "E31D 9DDE EBA5 4A14 8A20 4550 DA45 97F9 47B4 1025" + (name "jlicht")) + ("8797 A26D 0854 2EAB 0285 A290 8A67 719C 2DE8 27B3" + (name "jmd")) + ("83B6 703A DCCA 3B69 4BCE 2DA6 E6A5 EE3C 1946 7A0D" + (name "kkebreau")) + ("45E5 75FA 53EA 8BD6 1BCE 0B4E 3ADC 75F0 13D6 78F9" + (name "leungbk")) + (;; primary: "4F71 6F9A 8FA2 C80E F1B5 E1BA 5E35 F231 DE1A C5E0" + "B051 5948 F1E7 D3C1 B980 38A0 2646 FA30 BACA 7F08" + (name "lfam")) + ("2AE3 1395 932B E642 FC0E D99C 9BED 6EDA 32E5 B0BC" + (name "lsl88")) + ("CBF5 9755 CBE7 E7EF EF18 3FB1 DD40 9A15 D822 469D" + (name "marusich")) + ("BBB0 2DDF 2CEA F6A8 0D1D E643 A2A0 6DF2 A33A 54FA" + (name "mbakke")) + ("D919 0965 CE03 199E AF28 B3BE 7CEF 2984 7562 C516" + (name "mhw")) + ("4008 6A7E 0252 9B60 31FB 8607 8354 7635 3176 9CA6" + (name "mothacehe")) + ("F2A3 8D7E EB2B 6640 5761 070D 0ADE E100 9460 4D37" + (name "mthl")) + (;; primary: "F5BC 5534 C36F 0087 B39D 36EF 1C9D C4FE B9DB 7C4B" + "F5DA 2032 4B87 3D0B 7A38 7672 0DB0 FF88 4F55 6D79" + (name "nckx")) + (;; primary: "F5BC 5534 C36F 0087 B39D 36EF 1C9D C4FE B9DB 7C4B" + "7E8F AED0 0944 78EF 72E6 4D16 D889 B0F0 18C5 493C" + (name "nckx (revoked; not compromised)")) + ("E576 BFB2 CF6E B13D F571 33B9 E315 A758 4613 1564" + (name "niedzejkob")) + ("ED0E F1C8 E126 BA83 1B48 5FE9 DA00 B4F0 48E9 2F2D" + (name "ngz")) + ("CEF4 CB91 4856 BA38 0A20 A7E2 3008 88CB 39C6 3817" + (name "pelzflorian")) + (;; primary: "B68B DF22 73F9 DA0E 63C1 8A32 515B F416 9242 D600" + "C699 ED09 E51B CE89 FD1D A078 AAC7 E891 896B 568A" + (name "pgarlick")) + ("3A86 380E 58A8 B942 8D39 60E1 327C 1EF3 8DF5 4C32" + (name "phant0mas")) + ("74D6 A930 F44B 9B84 9EA5 5606 C166 AA49 5F7F 189C" + (name "reepca")) + ("BCA6 89B6 3655 3801 C3C6 2150 197A 5888 235F ACAC" + (name "rekado")) + ("0154 E1B9 1CC9 D9EF 7764 8DE7 F3A7 27DB 44FC CA36" + (name "rhelling")) + ("17CB 2812 EB63 3DFF 2C7F 0452 C3EC 1DCA 8430 72E1" + (name "roelj (old)")) + (;; From commit cc51c03ff867d4633505354819c6d88af88bf919 (March 2020). + ;; See . + "F556 FD94 FB8F 8B87 79E3 6832 CBD0 CD51 38C1 9AFC" + (name "roelj")) + ("B5FA E628 5B41 3728 B2A0 FAED 4311 1F45 2008 6A0C" + (name "roptat (old)")) + (;; From commit 2cbede5935eb6a40173bbdf30a9ad22bf7574c22 (Jan. 2020). See + ;; . + "1EFB 0909 1F17 D28C CBF9 B13A 53D4 57B2 D636 EE82" + (name "roptat")) + (;; primary: "D6B0 C593 DA8C 5EDC A44C 7A58 C336 91F7 1188 B004" + "A02C 2D82 0EF4 B25B A6B5 1D90 2AC6 A5EC 1C35 7C59" + (name "samplet")) + ("77DD AD2D 97F5 31BB C0F3 C7FD DFB5 EB09 AA62 5423" + (name "sleep_walker")) + ("F494 72F4 7A59 00D5 C235 F212 89F9 6D48 08F3 59C7" + (name "snape")) + ("4E26 CCE9 578E 0828 9855 BDD4 1C79 95D2 D5A3 8336" + (name "steap")) + ("9ADE 9ECF 2B19 C180 9C99 5CEA A1F4 CFCC 5283 6BAC" + (name "taylanub")) + + ;; https://lists.gnu.org/archive/html/guix-devel/2017-03/msg00826.html + (;; primary: "1DD1 681F E285 E07F 11DC 0C59 2E15 A6BC D77D 54FD" + "3D2C DA58 819C 08C2 A649 D43D 5C3B 064C 724A 5726" + (name "thomasd")) + ("A5C5 92EA 606E 7106 A6A3 BC08 98B2 1575 91E1 2B08" + (name "thomasd (old)")) + + ("D712 1D73 A40A 7264 9E43 ED7D F284 6B1A 0D32 C442" + (name "toothbrush")) + ("6580 7361 3BFC C5C7 E2E4 5D45 DC51 8FC8 7F97 16AA" + (name "vagrantc")) + (;; primary: "C955 CC5D C048 7FB1 7966 40A9 199A F6A3 67E9 4ABB" + "7238 7123 8EAC EB63 4548 5857 167F 8EA5 001A FA9C" + (name "wigust")) + ("FF47 8FB2 64DE 32EC 2967 25A3 DDC0 F535 8812 F8F2" + (name "wingo")))) From patchwork Mon Jul 6 08:43:54 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: =?utf-8?q?Ludovic_Court=C3=A8s?= X-Patchwork-Id: 23077 Return-Path: X-Original-To: patchwork@mira.cbaines.net Delivered-To: patchwork@mira.cbaines.net Received: by mira.cbaines.net (Postfix, from userid 113) id 293AE27BBE3; Mon, 6 Jul 2020 09:45:53 +0100 (BST) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on mira.cbaines.net X-Spam-Level: X-Spam-Status: No, score=-2.9 required=5.0 tests=BAYES_00,MAILING_LIST_MULTI, RCVD_IN_MSPIKE_H4,RCVD_IN_MSPIKE_WL autolearn=unavailable autolearn_force=no version=3.4.2 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mira.cbaines.net (Postfix) with ESMTP id A48AD27BBE1 for ; Mon, 6 Jul 2020 09:45:52 +0100 (BST) Received: from localhost ([::1]:57168 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1jsMl6-0005L2-6m for patchwork@mira.cbaines.net; Mon, 06 Jul 2020 04:45:52 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:37784) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1jsMkJ-0004cZ-1l for guix-patches@gnu.org; Mon, 06 Jul 2020 04:45:03 -0400 Received: from debbugs.gnu.org ([209.51.188.43]:50266) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1jsMkI-0000bk-OS for guix-patches@gnu.org; Mon, 06 Jul 2020 04:45:02 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1jsMkI-0005r7-NE for guix-patches@gnu.org; Mon, 06 Jul 2020 04:45:02 -0400 X-Loop: help-debbugs@gnu.org Subject: [bug#42225] [PATCH 3/5] git: Add 'with-git-error-handling'. Resent-From: Ludovic =?utf-8?q?Court=C3=A8s?= Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Mon, 06 Jul 2020 08:45:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 42225 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: 42225@debbugs.gnu.org Cc: Ludovic =?utf-8?q?Court=C3=A8s?= Received: via spool by 42225-submit@debbugs.gnu.org id=B42225.159402505322392 (code B ref 42225); Mon, 06 Jul 2020 08:45:02 +0000 Received: (at 42225) by debbugs.gnu.org; 6 Jul 2020 08:44:13 +0000 Received: from localhost ([127.0.0.1]:33571 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1jsMjU-0005p5-MM for submit@debbugs.gnu.org; Mon, 06 Jul 2020 04:44:12 -0400 Received: from eggs.gnu.org ([209.51.188.92]:51360) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1jsMjR-0005oJ-LF for 42225@debbugs.gnu.org; Mon, 06 Jul 2020 04:44:10 -0400 Received: from fencepost.gnu.org ([2001:470:142:3::e]:50386) by eggs.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1jsMjM-0000TW-CM; Mon, 06 Jul 2020 04:44:04 -0400 Received: from [2a01:e0a:1d:7270:af76:b9b:ca24:c465] (port=50318 helo=gnu.org) by fencepost.gnu.org with esmtpsa (TLS1.2:DHE_RSA_AES_256_CBC_SHA1:256) (Exim 4.82) (envelope-from ) id 1jsMjL-0000pX-RN; Mon, 06 Jul 2020 04:44:04 -0400 From: Ludovic =?utf-8?q?Court=C3=A8s?= Date: Mon, 6 Jul 2020 10:43:54 +0200 Message-Id: <20200706084356.13013-3-ludo@gnu.org> X-Mailer: git-send-email 2.27.0 In-Reply-To: <20200706084356.13013-1-ludo@gnu.org> References: <20200706084356.13013-1-ludo@gnu.org> MIME-Version: 1.0 X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: guix-patches@gnu.org List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org Sender: "Guix-patches" X-getmail-retrieved-from-mailbox: Patches * guix/scripts/pull.scm (report-git-error, with-git-error-handling): Move to... * guix/git.scm: ... here. * guix/scripts/time-machine.scm: Adjust accordingly. --- guix/git.scm | 19 +++++++++++++++++++ guix/scripts/pull.scm | 18 ------------------ guix/scripts/time-machine.scm | 4 +++- 3 files changed, 22 insertions(+), 19 deletions(-) diff --git a/guix/git.scm b/guix/git.scm index 0d8e617cc9..19c1cb59d3 100644 --- a/guix/git.scm +++ b/guix/git.scm @@ -29,6 +29,7 @@ #:use-module (guix records) #:use-module (guix gexp) #:use-module (guix sets) + #:use-module ((guix diagnostics) #:select (leave)) #:use-module (rnrs bytevectors) #:use-module (ice-9 match) #:use-module (srfi srfi-1) @@ -39,6 +40,7 @@ honor-system-x509-certificates! with-repository + with-git-error-handling false-if-git-not-found update-cached-checkout url+commit->name @@ -209,6 +211,23 @@ dynamic extent of EXP." (call-with-repository directory (lambda (repository) exp ...))) +(define (report-git-error error) + "Report the given Guile-Git error." + ;; Prior to Guile-Git commit b6b2760c2fd6dfaa5c0fedb43eeaff06166b3134, + ;; errors would be represented by integers. + (match error + ((? integer? error) ;old Guile-Git + (leave (G_ "Git error ~a~%") error)) + ((? git-error? error) ;new Guile-Git + (leave (G_ "Git error: ~a~%") (git-error-message error))))) + +(define-syntax-rule (with-git-error-handling body ...) + (catch 'git-error + (lambda () + body ...) + (lambda (key err) + (report-git-error err)))) + (define (load-git-submodules) "Attempt to load (git submodules), which was missing until Guile-Git 0.2.0. Return true on success, false on failure." diff --git a/guix/scripts/pull.scm b/guix/scripts/pull.scm index f953957161..807daec593 100644 --- a/guix/scripts/pull.scm +++ b/guix/scripts/pull.scm @@ -63,7 +63,6 @@ #:re-export (display-profile-content channel-commit-hyperlink) #:export (channel-list - with-git-error-handling guix-pull)) @@ -464,23 +463,6 @@ true, display what would be built without actually building it." (unless (honor-system-x509-certificates!) (honor-lets-encrypt-certificates! store))) -(define (report-git-error error) - "Report the given Guile-Git error." - ;; Prior to Guile-Git commit b6b2760c2fd6dfaa5c0fedb43eeaff06166b3134, - ;; errors would be represented by integers. - (match error - ((? integer? error) ;old Guile-Git - (leave (G_ "Git error ~a~%") error)) - ((? git-error? error) ;new Guile-Git - (leave (G_ "Git error: ~a~%") (git-error-message error))))) - -(define-syntax-rule (with-git-error-handling body ...) - (catch 'git-error - (lambda () - body ...) - (lambda (key err) - (report-git-error err)))) - ;;; ;;; Profile. diff --git a/guix/scripts/time-machine.scm b/guix/scripts/time-machine.scm index f9bcec651a..441673b780 100644 --- a/guix/scripts/time-machine.scm +++ b/guix/scripts/time-machine.scm @@ -24,10 +24,12 @@ #:use-module (guix channels) #:use-module (guix store) #:use-module (guix status) + #:use-module ((guix git) + #:select (with-git-error-handling)) #:use-module ((guix utils) #:select (%current-system)) #:use-module ((guix scripts pull) - #:select (with-git-error-handling channel-list)) + #:select (channel-list)) #:use-module ((guix scripts build) #:select (%standard-build-options show-build-options-help From patchwork Mon Jul 6 08:43:55 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Ludovic_Court=C3=A8s?= X-Patchwork-Id: 23074 Return-Path: X-Original-To: patchwork@mira.cbaines.net Delivered-To: patchwork@mira.cbaines.net Received: by mira.cbaines.net (Postfix, from userid 113) id 77EA527BBE1; Mon, 6 Jul 2020 09:45:19 +0100 (BST) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on mira.cbaines.net X-Spam-Level: X-Spam-Status: No, score=-2.9 required=5.0 tests=BAYES_00,MAILING_LIST_MULTI, RCVD_IN_MSPIKE_H4,RCVD_IN_MSPIKE_WL,URIBL_BLOCKED autolearn=unavailable autolearn_force=no version=3.4.2 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mira.cbaines.net (Postfix) with ESMTP id C4C3E27BBE5 for ; Mon, 6 Jul 2020 09:45:11 +0100 (BST) Received: from localhost ([::1]:55726 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1jsMkR-0004f9-BO for patchwork@mira.cbaines.net; Mon, 06 Jul 2020 04:45:11 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:37798) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1jsMkJ-0004dG-SX for guix-patches@gnu.org; Mon, 06 Jul 2020 04:45:04 -0400 Received: from debbugs.gnu.org ([209.51.188.43]:50268) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1jsMkJ-0000bu-Io for guix-patches@gnu.org; Mon, 06 Jul 2020 04:45:03 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1jsMkJ-0005rM-HX for guix-patches@gnu.org; Mon, 06 Jul 2020 04:45:03 -0400 X-Loop: help-debbugs@gnu.org Subject: [bug#42225] [PATCH 4/5] Add 'guix git-authenticate'. Resent-From: Ludovic =?utf-8?q?Court=C3=A8s?= Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Mon, 06 Jul 2020 08:45:03 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 42225 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: 42225@debbugs.gnu.org Cc: Ludovic =?utf-8?q?Court=C3=A8s?= Received: via spool by 42225-submit@debbugs.gnu.org id=B42225.159402506422425 (code B ref 42225); Mon, 06 Jul 2020 08:45:03 +0000 Received: (at 42225) by debbugs.gnu.org; 6 Jul 2020 08:44:24 +0000 Received: from localhost ([127.0.0.1]:33575 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1jsMjY-0005pU-N1 for submit@debbugs.gnu.org; Mon, 06 Jul 2020 04:44:24 -0400 Received: from eggs.gnu.org ([209.51.188.92]:51392) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1jsMjS-0005oL-I9 for 42225@debbugs.gnu.org; Mon, 06 Jul 2020 04:44:15 -0400 Received: from fencepost.gnu.org ([2001:470:142:3::e]:50388) by eggs.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1jsMjN-0000Tl-8s; Mon, 06 Jul 2020 04:44:05 -0400 Received: from [2a01:e0a:1d:7270:af76:b9b:ca24:c465] (port=50318 helo=gnu.org) by fencepost.gnu.org with esmtpsa (TLS1.2:DHE_RSA_AES_256_CBC_SHA1:256) (Exim 4.82) (envelope-from ) id 1jsMjM-0000pX-M3; Mon, 06 Jul 2020 04:44:05 -0400 From: Ludovic =?utf-8?q?Court=C3=A8s?= Date: Mon, 6 Jul 2020 10:43:55 +0200 Message-Id: <20200706084356.13013-4-ludo@gnu.org> X-Mailer: git-send-email 2.27.0 In-Reply-To: <20200706084356.13013-1-ludo@gnu.org> References: <20200706084356.13013-1-ludo@gnu.org> MIME-Version: 1.0 X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: guix-patches@gnu.org List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org Sender: "Guix-patches" X-getmail-retrieved-from-mailbox: Patches * guix/scripts/git-authenticate.scm: New file. * tests/guix-git-authenticate.sh: New files. * Makefile.am (MODULES): Add the former. (SH_TESTS): Add the latter. * doc/guix.texi (Channels)[Specifying Channel Authorizations]: Mention 'guix git-authenticate'. (Invoking guix git-authenticate): New node. * po/guix/POTFILES.in: Add 'guix/scripts/git-authenticate.scm'. --- Makefile.am | 2 + doc/guix.texi | 83 +++++++++++++- guix/scripts/git-authenticate.scm | 176 ++++++++++++++++++++++++++++++ po/guix/POTFILES.in | 1 + tests/guix-git-authenticate.sh | 56 ++++++++++ 5 files changed, 315 insertions(+), 3 deletions(-) create mode 100644 guix/scripts/git-authenticate.scm create mode 100644 tests/guix-git-authenticate.sh diff --git a/Makefile.am b/Makefile.am index e125e07e99..2058f9d1ea 100644 --- a/Makefile.am +++ b/Makefile.am @@ -281,6 +281,7 @@ MODULES = \ guix/scripts/publish.scm \ guix/scripts/edit.scm \ guix/scripts/size.scm \ + guix/scripts/git-authenticate.scm \ guix/scripts/graph.scm \ guix/scripts/weather.scm \ guix/scripts/container.scm \ @@ -463,6 +464,7 @@ SH_TESTS = \ tests/guix-build-branch.sh \ tests/guix-download.sh \ tests/guix-gc.sh \ + tests/guix-git-authenticate.sh \ tests/guix-hash.sh \ tests/guix-pack.sh \ tests/guix-pack-localstatedir.sh \ diff --git a/doc/guix.texi b/doc/guix.texi index ce17c2de8e..77e2971acd 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -3981,6 +3981,7 @@ Before that, some security considerations. @subsection Channel Authentication +@anchor{channel-authentication} @cindex authentication, of channel code The @command{guix pull} and @command{guix time-machine} commands @dfn{authenticate} the code retrieved from channels: they make sure each @@ -4200,6 +4201,7 @@ add a meta-data file @file{.guix-channel} that contains: @cindex channel authorizations @subsection Specifying Channel Authorizations +@anchor{channel-authorizations} As we saw above, Guix ensures the source code it pulls from channels comes from authorized developers. As a channel author, you need to specify the list of authorized developers in the @@ -4259,6 +4261,18 @@ pair---i.e., the commit that introduced @file{.guix-authorizations}, and the fingerprint of the OpenPGP used to sign it. @end enumerate +Before pushing to your public Git repository, you can run @command{guix +git-authenticate} to verify that you did sign all the commits you are +about to push with an authorized key: + +@example +guix git-authenticate @var{commit} @var{signer} +@end example + +@noindent +where @var{commit} and @var{signer} are your channel introduction. +@xref{Invoking guix git-authenticate}, for details. + Publishing a signed channel requires discipline: any mistake, such as an unsigned commit or a commit signed by an unauthorized key, will prevent users from pulling from your channel---well, that's the whole point of @@ -4862,9 +4876,10 @@ pack} command allows you to create @dfn{application bundles} that can be easily distributed to users who do not run Guix. @menu -* Invoking guix environment:: Setting up development environments. -* Invoking guix pack:: Creating software bundles. -* The GCC toolchain:: Working with languages supported by GCC. +* Invoking guix environment:: Setting up development environments. +* Invoking guix pack:: Creating software bundles. +* The GCC toolchain:: Working with languages supported by GCC. +* Invoking guix git-authenticate:: Authenticating Git repositories. @end menu @node Invoking guix environment @@ -5602,6 +5617,68 @@ The package @code{gfortran-toolchain} provides a complete GCC toolchain for Fortran development. For other languages, please use @samp{guix search gcc toolchain} (@pxref{guix-search,, Invoking guix package}). + +@node Invoking guix git-authenticate +@section Invoking @command{guix git-authenticate} + +The @command{guix git-authenticate} command authenticates a Git checkout +following the same rule as for channels (@pxref{channel-authentication, +channel authentication}). That is, starting from a given commit, it +ensures that all subsequent commits are signed by an OpenPGP key whose +fingerprint appears in the @file{.guix-authorizations} file of its +parent commit(s). + +You will find this command useful if you maintain a channel. But in +fact, this authentication mechanism is useful in a broader context, so +you might want to use it for Git repositories that have nothing to do +with Guix. + +The general syntax is: + +@example +guix git-authenticate @var{commit} @var{signer} [@var{options}@dots{}] +@end example + +By default, this command authenticates the Git checkout in the current +directory; it outputs nothing and exits with exit code zero on success +and non-zero on failure. @var{commit} above denotes the first commit +where authentication takes place, and @var{signer} is the OpenPGP +fingerprint of public key used to sign @var{commit}. Together, they +form a ``channel introduction'' (@pxref{channel-authentication, channel +introduction}). The options below allow you to fine-tune the process. + +@table @code +@item --repository=@var{directory} +@itemx -r @var{directory} +Open the Git repository in @var{directory} instead of the current +directory. + +@item --keyring=@var{reference} +@itemx -k @var{reference} +Load OpenPGP keyring from @var{reference}, the reference of a branch +such as @code{origin/keyring} or @code{my-keyring}. The branch must +contain OpenPGP public keys in @file{.key} files, either in binary form +or ``ASCII-armored''. By default the keyring is loaded from the branch +named @code{keyring}. + +@item --stats +Display commit signing statistics upon completion. + +@item --cache-key=@var{key} +Previously-authenticated commits are cached in a file under +@file{~/.cache/guix/authentication}. This option forces the cache to be +stored in file @var{key} in that directory. + +@item --historical-authorizations=@var{file} +By default, any commit whose parent commit(s) lack the +@file{.guix-authorizations} file is considered inauthentic. In +contrast, this option considers the authorizations in @var{file} for any +commit that lacks @file{.guix-authorizations}. The format of @var{file} +is the same as that of @file{.guix-authorizations} +(@pxref{channel-authorizations, @file{.guix-authorizations} format}). +@end table + + @c ********************************************************************* @node Programming Interface @chapter Programming Interface diff --git a/guix/scripts/git-authenticate.scm b/guix/scripts/git-authenticate.scm new file mode 100644 index 0000000000..e3ba767675 --- /dev/null +++ b/guix/scripts/git-authenticate.scm @@ -0,0 +1,176 @@ +;;; GNU Guix --- Functional package management for GNU +;;; Copyright © 2020 Ludovic Courtès +;;; +;;; This file is part of GNU Guix. +;;; +;;; GNU Guix is free software; you can redistribute it and/or modify it +;;; under the terms of the GNU General Public License as published by +;;; the Free Software Foundation; either version 3 of the License, or (at +;;; your option) any later version. +;;; +;;; GNU Guix is distributed in the hope that it will be useful, but +;;; WITHOUT ANY WARRANTY; without even the implied warranty of +;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +;;; GNU General Public License for more details. +;;; +;;; You should have received a copy of the GNU General Public License +;;; along with GNU Guix. If not, see . + +(define-module (guix scripts git-authenticate) + #:use-module (git) + #:use-module (guix ui) + #:use-module (guix scripts) + #:use-module (guix git-authenticate) + #:autoload (guix openpgp) (openpgp-format-fingerprint + openpgp-public-key-fingerprint) + #:use-module ((guix channels) #:select (openpgp-fingerprint)) + #:use-module ((guix git) #:select (with-git-error-handling)) + #:use-module (guix progress) + #:use-module (guix base64) + #:use-module (srfi srfi-1) + #:use-module (srfi srfi-26) + #:use-module (srfi srfi-37) + #:use-module (ice-9 format) + #:use-module (ice-9 match) + #:export (guix-git-authenticate)) + +;;; Commentary: +;;; +;;; Authenticate a Git checkout by reading '.guix-authorizations' files and +;;; following the "authorizations invariant" also used by (guix channels). +;;; +;;; Code: + +(define %options + ;; Specifications of the command-line options. + (list (option '(#\h "help") #f #f + (lambda args + (show-help) + (exit 0))) + (option '(#\V "version") #f #f + (lambda args + (show-version-and-exit "guix git-authenticate"))) + + (option '(#\r "repository") #t #f + (lambda (opt name arg result) + (alist-cons 'directory arg result))) + (option '(#\e "end") #t #f + (lambda (opt name arg result) + (alist-cons 'end-commit (string->oid arg) result))) + (option '(#\k "keyring") #t #f + (lambda (opt name arg result) + (alist-cons 'keyring-reference arg result))) + (option '("cache-key") #t #f + (lambda (opt name arg result) + (alist-cons 'cache-key arg result))) + (option '("historical-authorizations") #t #f + (lambda (opt name arg result) + (alist-cons 'historical-authorizations arg + result))) + (option '("stats") #f #f + (lambda (opt name arg result) + (alist-cons 'show-stats? #t result))))) + +(define %default-options + '((directory . ".") + (keyring-reference . "keyring"))) + +(define (show-stats stats) + "Display STATS, an alist containing commit signing stats as returned by +'authenticate-repository'." + (format #t (G_ "Signing statistics:~%")) + (for-each (match-lambda + ((signer . count) + (format #t " ~a ~10d~%" + (openpgp-format-fingerprint + (openpgp-public-key-fingerprint signer)) + count))) + (sort stats + (match-lambda* + (((_ . count1) (_ . count2)) + (> count1 count2)))))) + +(define (show-help) + (display (G_ "Usage: guix git-authenticate COMMIT SIGNER [OPTIONS...] +Authenticate the given Git checkout using COMMIT/SIGNER as its introduction.\n")) + (display (G_ " + -r, --repository=DIRECTORY + open the Git repository at DIRECTORY")) + (display (G_ " + -k, --keyring=REFERENCE + load keyring from REFERENCE, a Git branch")) + (display (G_ " + --stats display commit signing statistics upon completion")) + (display (G_ " + --cache-key=KEY cache authenticated commits under KEY")) + (display (G_ " + --historical-authorizations=FILE + read historical authorizations from FILE")) + (newline) + (display (G_ " + -h, --help display this help and exit")) + (display (G_ " + -V, --version display version information and exit")) + (newline) + (show-bug-report-information)) + + +;;; +;;; Entry point. +;;; + +(define (guix-git-authenticate . args) + (define options + (parse-command-line args %options (list %default-options) + #:build-options? #f)) + + (define (command-line-arguments lst) + (reverse (filter-map (match-lambda + (('argument . arg) arg) + (_ #f)) + lst))) + + (define commit-short-id + (compose (cut string-take <> 7) oid->string commit-id)) + + (define (make-reporter start-commit end-commit commits) + (format (current-error-port) + (G_ "Authenticating commits ~a to ~a (~h new \ +commits)...~%") + (commit-short-id start-commit) + (commit-short-id end-commit) + (length commits)) + + (if (isatty? (current-error-port)) + (progress-reporter/bar (length commits)) + progress-reporter/silent)) + + (with-error-handling + (with-git-error-handling + (match (command-line-arguments options) + ((commit signer) + (let* ((directory (assoc-ref options 'directory)) + (show-stats? (assoc-ref options 'show-stats?)) + (keyring (assoc-ref options 'keyring-reference)) + (repository (repository-open directory)) + (end (match (assoc-ref options 'end-commit) + (#f (reference-target + (repository-head repository))) + (oid oid))) + (history (match (assoc-ref options 'historical-authorizations) + (#f '()) + (file (call-with-input-file file + read-authorizations)))) + (cache-key (or (assoc-ref options 'cache-key) + (repository-cache-key repository)))) + (define stats + (authenticate-repository repository (string->oid commit) + (openpgp-fingerprint signer) + #:end end + #:keyring-reference keyring + #:historical-authorizations history + #:cache-key cache-key + #:make-reporter make-reporter)) + + (when (and show-stats? (not (null? stats))) + (show-stats stats)))))))) diff --git a/po/guix/POTFILES.in b/po/guix/POTFILES.in index 62b3cbf4e4..bd2aacd164 100644 --- a/po/guix/POTFILES.in +++ b/po/guix/POTFILES.in @@ -53,6 +53,7 @@ guix/scripts/upgrade.scm guix/scripts/search.scm guix/scripts/show.scm guix/scripts/gc.scm +guix/scripts/git-authenticate.scm guix/scripts/hash.scm guix/scripts/import.scm guix/scripts/import/cran.scm diff --git a/tests/guix-git-authenticate.sh b/tests/guix-git-authenticate.sh new file mode 100644 index 0000000000..a149584421 --- /dev/null +++ b/tests/guix-git-authenticate.sh @@ -0,0 +1,56 @@ +# GNU Guix --- Functional package management for GNU +# Copyright © 2020 Ludovic Courtès +# +# This file is part of GNU Guix. +# +# GNU Guix is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 3 of the License, or (at +# your option) any later version. +# +# GNU Guix is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with GNU Guix. If not, see . + +# +# Test the 'guix git-authenticate' command-line utility. +# + +# Skip if we're not in a Git checkout. +[ -d "$abs_top_srcdir/.git" ] || exit 77 + +# Skip if there's no 'keyring' branch. +guile -c '(use-modules (git)) + (member "refs/heads/keyring" (branch-list (repository-open ".")))' || \ + exit 77 + +# Keep in sync with '%default-channels' in (guix channels)! +intro_commit="9edb3f66fd807b096b48283debdcddccfea34bad" +intro_signer="BBB0 2DDF 2CEA F6A8 0D1D E643 A2A0 6DF2 A33A 54FA" + +cache_key="test-$$" + +guix git-authenticate "$intro_commit" "$intro_signer" \ + --cache-key="$cache_key" --stats \ + --end=9549f0283a78fe36f2d4ff2a04ef8ad6b0c02604 + +rm "$XDG_CACHE_HOME/guix/authentication/$cache_key" + +# Commit and signer of the 'v1.0.0' tag. +v1_0_0_commit="6298c3ffd9654d3231a6f25390b056483e8f407c" +v1_0_0_signer="3CE4 6455 8A84 FDC6 9DB4 0CFB 090B 1199 3D9A EBB5" # civodul +v1_0_1_commit="d68de958b60426798ed62797ff7c96c327a672ac" + +# This should fail because these commits lack '.guix-authorizations'. +if guix git-authenticate "$v1_0_0_commit" "$v1_0_0_signer" \ + --cache-key="$cache_key" --end="$v1_0_1_commit"; +then false; else true; fi + +# This should work thanks to '--historical-authorizations'. +guix git-authenticate "$v1_0_0_commit" "$v1_0_0_signer" \ + --cache-key="$cache_key" --end="$v1_0_1_commit" --stats \ + --historical-authorizations="$abs_top_srcdir/etc/historical-authorizations" From patchwork Mon Jul 6 08:43:56 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Ludovic_Court=C3=A8s?= X-Patchwork-Id: 23073 Return-Path: X-Original-To: patchwork@mira.cbaines.net Delivered-To: patchwork@mira.cbaines.net Received: by mira.cbaines.net (Postfix, from userid 113) id 02D8127BBE1; Mon, 6 Jul 2020 09:45:19 +0100 (BST) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on mira.cbaines.net X-Spam-Level: X-Spam-Status: No, score=-2.9 required=5.0 tests=BAYES_00,MAILING_LIST_MULTI, RCVD_IN_MSPIKE_H4,RCVD_IN_MSPIKE_WL,URIBL_BLOCKED autolearn=unavailable autolearn_force=no version=3.4.2 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mira.cbaines.net (Postfix) with ESMTP id BF7D127BBE4 for ; Mon, 6 Jul 2020 09:45:11 +0100 (BST) Received: from localhost ([::1]:55718 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1jsMkR-0004ep-5o for patchwork@mira.cbaines.net; Mon, 06 Jul 2020 04:45:11 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:37796) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1jsMkJ-0004d3-IC for guix-patches@gnu.org; Mon, 06 Jul 2020 04:45:03 -0400 Received: from debbugs.gnu.org ([209.51.188.43]:50267) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1jsMkJ-0000bp-7N for guix-patches@gnu.org; Mon, 06 Jul 2020 04:45:03 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1jsMkJ-0005rF-5B for guix-patches@gnu.org; Mon, 06 Jul 2020 04:45:03 -0400 X-Loop: help-debbugs@gnu.org Subject: [bug#42225] [PATCH 5/5] maint: Remove 'build-aux/git-authenticate.scm'. Resent-From: Ludovic =?utf-8?q?Court=C3=A8s?= Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Mon, 06 Jul 2020 08:45:03 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 42225 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: 42225@debbugs.gnu.org Cc: Ludovic =?utf-8?q?Court=C3=A8s?= Received: via spool by 42225-submit@debbugs.gnu.org id=B42225.159402505422401 (code B ref 42225); Mon, 06 Jul 2020 08:45:03 +0000 Received: (at 42225) by debbugs.gnu.org; 6 Jul 2020 08:44:14 +0000 Received: from localhost ([127.0.0.1]:33573 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1jsMjV-0005pE-VB for submit@debbugs.gnu.org; Mon, 06 Jul 2020 04:44:14 -0400 Received: from eggs.gnu.org ([209.51.188.92]:51428) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1jsMjT-0005oN-DK for 42225@debbugs.gnu.org; Mon, 06 Jul 2020 04:44:12 -0400 Received: from fencepost.gnu.org ([2001:470:142:3::e]:50389) by eggs.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1jsMjO-0000UB-4w; Mon, 06 Jul 2020 04:44:06 -0400 Received: from [2a01:e0a:1d:7270:af76:b9b:ca24:c465] (port=50318 helo=gnu.org) by fencepost.gnu.org with esmtpsa (TLS1.2:DHE_RSA_AES_256_CBC_SHA1:256) (Exim 4.82) (envelope-from ) id 1jsMjN-0000pX-JG; Mon, 06 Jul 2020 04:44:05 -0400 From: Ludovic =?utf-8?q?Court=C3=A8s?= Date: Mon, 6 Jul 2020 10:43:56 +0200 Message-Id: <20200706084356.13013-5-ludo@gnu.org> X-Mailer: git-send-email 2.27.0 In-Reply-To: <20200706084356.13013-1-ludo@gnu.org> References: <20200706084356.13013-1-ludo@gnu.org> MIME-Version: 1.0 X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: guix-patches@gnu.org List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org Sender: "Guix-patches" X-getmail-retrieved-from-mailbox: Patches * Makefile.am (channel_intro_commit, channel_intro_signer): New variables. (authenticate): Use it. (EXTRA_DIST): Remove 'build-aux/git-authenticate.scm'. * build-aux/git-authenticate.scm: Remove. --- Makefile.am | 12 +- build-aux/git-authenticate.scm | 322 --------------------------------- 2 files changed, 7 insertions(+), 327 deletions(-) delete mode 100644 build-aux/git-authenticate.scm diff --git a/Makefile.am b/Makefile.am index 2058f9d1ea..f321b3c4e1 100644 --- a/Makefile.am +++ b/Makefile.am @@ -568,7 +568,6 @@ EXTRA_DIST += \ build-aux/check-channel-news.scm \ build-aux/compile-as-derivation.scm \ build-aux/generate-authors.scm \ - build-aux/git-authenticate.scm \ build-aux/test-driver.scm \ build-aux/update-guix-package.scm \ build-aux/update-NEWS.scm \ @@ -640,14 +639,17 @@ install-data-hook: # Commit corresponding to the 'v1.0.0' tag. commit_v1_0_0 = 6298c3ffd9654d3231a6f25390b056483e8f407c +# Introduction of the 'guix' channel. Keep in sync with (guix channels)! +channel_intro_commit = 9edb3f66fd807b096b48283debdcddccfea34bad +channel_intro_signer = BBB0 2DDF 2CEA F6A8 0D1D E643 A2A0 6DF2 A33A 54FA + # Authenticate the current Git checkout by checking signatures on every commit # starting from $(commit_v1_0_0). authenticate: guix/openpgp.go guix/git-authenticate.go guix/git.go $(AM_V_at)echo "Authenticating Git checkout..." ; \ - "$(top_builddir)/pre-inst-env" $(GUILE) \ - --no-auto-compile -e git-authenticate \ - "$(top_srcdir)/build-aux/git-authenticate.scm" \ - "$(commit_v1_0_0)" + "$(top_builddir)/pre-inst-env" guix git-authenticate \ + --cache-key=channels/guix --stats \ + "$(channel_intro_commit)" "$(channel_intro_signer)" # Assuming Guix is already installed and the daemon is up and running, this # rule builds from $(srcdir), creating and building derivations. diff --git a/build-aux/git-authenticate.scm b/build-aux/git-authenticate.scm deleted file mode 100644 index e670264f28..0000000000 --- a/build-aux/git-authenticate.scm +++ /dev/null @@ -1,322 +0,0 @@ -;;; GNU Guix --- Functional package management for GNU -;;; Copyright © 2019, 2020 Ludovic Courtès -;;; Copyright © 2020 Tobias Geerinckx-Rice -;;; -;;; This file is part of GNU Guix. -;;; -;;; GNU Guix is free software; you can redistribute it and/or modify it -;;; under the terms of the GNU General Public License as published by -;;; the Free Software Foundation; either version 3 of the License, or (at -;;; your option) any later version. -;;; -;;; GNU Guix is distributed in the hope that it will be useful, but -;;; WITHOUT ANY WARRANTY; without even the implied warranty of -;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -;;; GNU General Public License for more details. -;;; -;;; You should have received a copy of the GNU General Public License -;;; along with GNU Guix. If not, see . - -;;; -;;; Authenticate a range of commits. -;;; - -(use-modules (git) - (guix base16) - (guix git) - (guix git-authenticate) - (guix i18n) - ((guix openpgp) - #:select (openpgp-public-key-fingerprint - openpgp-format-fingerprint)) - (guix progress) - (srfi srfi-1) - (srfi srfi-26) - (ice-9 match) - (ice-9 format) - (ice-9 pretty-print)) - - -(define %historical-committers - ;; List of "historical" committers---people once authorized committers - ;; before the '.guix-authorizations' file was created. - ;; - ;; These are the user names found on - ;; along with - ;; the fingerprint of the signing (sub)key. - '(("andreas" - "AD17 A21E F8AE D8F1 CC02 DBD9 F7D5 C9BF 765C 61E3") - ("ajgrf" - "2A39 3FFF 68F4 EF7A 3D29 12AF 6F51 20A0 22FB B2D5") - ("alexvong1995" - "306F CB8F 2C01 C25D 29D3 0556 61EF 502E F602 52F2") - ("alezost" - "4FB9 9F49 2B12 A365 7997 E664 8246 0C08 2A0E E98F") - ("ambrevar" - "50F3 3E2E 5B0C 3D90 0424 ABE8 9BDC F497 A4BB CC7F") - ("apteryx" - "27D5 86A4 F890 0854 329F F09F 1260 E464 82E6 3562") - ("arunisaac" - "7F73 0343 F2F0 9F3C 77BF 79D3 2E25 EE8B 6180 2BB3") - ("atheia" - ;; primary: "3B12 9196 AE30 0C3C 0E90 A26F A715 5567 3271 9948" - "9A2B 401E D001 0650 1584 BAAC 8BC4 F447 6E8A 8E00") - ("bandali" - ;; primary: "BE62 7373 8E61 6D6D 1B3A 08E8 A21A 0202 4881 6103" - "39B3 3C8D 9448 0D2D DCC2 A498 8B44 A0CD C7B9 56F2") - ("bavier" - ;; primary: "34FF 38BC D151 25A6 E340 A0B5 3453 2F9F AFCA 8B8E" - "A0C5 E352 2EF8 EF5C 64CD B7F0 FD73 CAC7 19D3 2566") - ("beffa" - "3774 8024 880F D3FF DCA2 C9AB 5893 6E0E 2F1B 5A4C") - ("benwoodcroft" - "BCF8 F737 2CED 080A 67EB 592D 2A6A D9F4 AAC2 0DF6") - ("biscuolo" - "45CC 63B8 5258 C9D5 5F34 B239 D37D 0EA7 CECC 3912") - ("boskovits" - "7988 3B9F 7D6A 4DBF 3719 0367 2506 A96C CF63 0B21") - ("brettgilio" - "DFC0 C7F7 9EE6 0CA7 AE55 5E19 6722 43C4 A03F 0EEE") - ("carl" - ;; primary: "0401 7A2A 6D9A 0CCD C81D 8EC2 96AB 007F 1A7E D999" - "09CD D25B 5244 A376 78F6 EEA8 0CC5 2153 1979 91A5") - ("cbaines" - "3E89 EEE7 458E 720D 9754 E0B2 5E28 A33B 0B84 F577") - ("civodul" - "3CE4 6455 8A84 FDC6 9DB4 0CFB 090B 1199 3D9A EBB5") - ("cwebber" - "510A 8628 E2A7 7678 8F8C 709C 4BC0 2592 5FF8 F4D3") - ("dannym" - ;; primary: "295A F991 6F46 F8A1 34B0 29DA 8086 3842 F0FE D83B" - "76CE C6B1 7274 B465 C02D B3D9 E71A 3554 2C30 BAA5") - ("davexunit" - "B3C0 DB4D AD73 BA5D 285E 19AE 5143 0234 CEFD 87C3") - ("davexunit (2nd)" ;FIXME: to be confirmed! - "8CCB A7F5 52B9 CBEA E1FB 2915 8328 C747 0FF1 D807") - ("daviwil" - "53C4 1E6E 41AA FE55 335A CA5E 446A 2ED4 D940 BF14") - ("dvc" - "6909 6DFD D702 8BED ACC5 884B C5E0 51C7 9C0B ECDB") - ("dvc (old)" - "5F43 B681 0437 2F4B A898 A64B 33B9 E9FD E28D 2C23") - ("efraim" - "A28B F40C 3E55 1372 662D 14F7 41AA E7DC CA3D 8351") - ("efraim (old)" - "9157 41FE B22F A4E3 3B6E 8F8D F4C1 D391 7EAC EE93") - ("glv" - ;; primary: "2453 02B1 BAB1 F867 FDCA 96BC 8F3F 861F 82EB 7A9A" - "CBC5 9C66 EC27 B971 7940 6B3E 6BE8 208A DF21 FE3F") - ("hoebjo" - "2219 43F4 9E9F 276F 9499 3382 BF28 6CB6 593E 5FFD") - ("htgoebel" - "B943 509D 633E 80DD 27FC 4EED 634A 8DFF D3F6 31DF") - ("ipetkov" - "7440 26BA 7CA3 C668 E940 1D53 0B43 1E98 3705 6942") - ("iyzsong" - ;; primary: "66A5 6D9C 9A98 BE7F 719A B401 2652 5665 AE72 7D37" - "0325 78A6 8298 94E7 2AA2 66F5 D415 BF25 3B51 5976") - - ;; https://lists.gnu.org/archive/html/guix-devel/2018-04/msg00229.html - ("janneke (old)" - "DB34 CB51 D25C 9408 156F CDD6 A12F 8797 8D70 1B99") - ("janneke" - "1A85 8392 E331 EAFD B8C2 7FFB F3C1 A0D9 C1D6 5273") - - ("jlicht" - ;; primary: "1BA4 08C5 8BF2 0EA7 3179 635A 865D C0A3 DED9 B5D0" - "E31D 9DDE EBA5 4A14 8A20 4550 DA45 97F9 47B4 1025") - ("jmd" - "8797 A26D 0854 2EAB 0285 A290 8A67 719C 2DE8 27B3") - ("kkebreau" - "83B6 703A DCCA 3B69 4BCE 2DA6 E6A5 EE3C 1946 7A0D") - ("leungbk" - "45E5 75FA 53EA 8BD6 1BCE 0B4E 3ADC 75F0 13D6 78F9") - ("lfam" - ;; primary: "4F71 6F9A 8FA2 C80E F1B5 E1BA 5E35 F231 DE1A C5E0" - "B051 5948 F1E7 D3C1 B980 38A0 2646 FA30 BACA 7F08") - ("lsl88" - "2AE3 1395 932B E642 FC0E D99C 9BED 6EDA 32E5 B0BC") - ("marusich" - "CBF5 9755 CBE7 E7EF EF18 3FB1 DD40 9A15 D822 469D") - ("mbakke" - "BBB0 2DDF 2CEA F6A8 0D1D E643 A2A0 6DF2 A33A 54FA") - ("mhw" - "D919 0965 CE03 199E AF28 B3BE 7CEF 2984 7562 C516") - ("mothacehe" - "4008 6A7E 0252 9B60 31FB 8607 8354 7635 3176 9CA6") - ("mthl" - "F2A3 8D7E EB2B 6640 5761 070D 0ADE E100 9460 4D37") - ("nckx" - ;; primary: "F5BC 5534 C36F 0087 B39D 36EF 1C9D C4FE B9DB 7C4B" - "F5DA 2032 4B87 3D0B 7A38 7672 0DB0 FF88 4F55 6D79") - ("nckx (revoked; not compromised)" - ;; primary: "F5BC 5534 C36F 0087 B39D 36EF 1C9D C4FE B9DB 7C4B" - "7E8F AED0 0944 78EF 72E6 4D16 D889 B0F0 18C5 493C") - ("niedzejkob" - "E576 BFB2 CF6E B13D F571 33B9 E315 A758 4613 1564") - ("ngz" - "ED0E F1C8 E126 BA83 1B48 5FE9 DA00 B4F0 48E9 2F2D") - ("pelzflorian" - "CEF4 CB91 4856 BA38 0A20 A7E2 3008 88CB 39C6 3817") - ("pgarlick" - ;; primary: "B68B DF22 73F9 DA0E 63C1 8A32 515B F416 9242 D600" - "C699 ED09 E51B CE89 FD1D A078 AAC7 E891 896B 568A") - ("phant0mas" - "3A86 380E 58A8 B942 8D39 60E1 327C 1EF3 8DF5 4C32") - ("reepca" - "74D6 A930 F44B 9B84 9EA5 5606 C166 AA49 5F7F 189C") - ("rekado" - "BCA6 89B6 3655 3801 C3C6 2150 197A 5888 235F ACAC") - ("rhelling" - "0154 E1B9 1CC9 D9EF 7764 8DE7 F3A7 27DB 44FC CA36") - ("roelj (old)" - "17CB 2812 EB63 3DFF 2C7F 0452 C3EC 1DCA 8430 72E1") - ("roelj" - ;; From commit cc51c03ff867d4633505354819c6d88af88bf919 (March 2020). - ;; See . - "F556 FD94 FB8F 8B87 79E3 6832 CBD0 CD51 38C1 9AFC") - ("roptat (old)" - "B5FA E628 5B41 3728 B2A0 FAED 4311 1F45 2008 6A0C") - ("roptat" - ;; From commit 2cbede5935eb6a40173bbdf30a9ad22bf7574c22 (Jan. 2020). See - ;; . - "1EFB 0909 1F17 D28C CBF9 B13A 53D4 57B2 D636 EE82") - ("samplet" - ;; primary: "D6B0 C593 DA8C 5EDC A44C 7A58 C336 91F7 1188 B004" - "A02C 2D82 0EF4 B25B A6B5 1D90 2AC6 A5EC 1C35 7C59") - ("sleep_walker" - "77DD AD2D 97F5 31BB C0F3 C7FD DFB5 EB09 AA62 5423") - ("snape" - "F494 72F4 7A59 00D5 C235 F212 89F9 6D48 08F3 59C7") - ("steap" - "4E26 CCE9 578E 0828 9855 BDD4 1C79 95D2 D5A3 8336") - ("taylanub" - "9ADE 9ECF 2B19 C180 9C99 5CEA A1F4 CFCC 5283 6BAC") - - ;; https://lists.gnu.org/archive/html/guix-devel/2017-03/msg00826.html - ("thomasd" - ;; primary: "1DD1 681F E285 E07F 11DC 0C59 2E15 A6BC D77D 54FD" - "3D2C DA58 819C 08C2 A649 D43D 5C3B 064C 724A 5726") - ("thomasd (old)" - "A5C5 92EA 606E 7106 A6A3 BC08 98B2 1575 91E1 2B08") - - ("toothbrush" - "D712 1D73 A40A 7264 9E43 ED7D F284 6B1A 0D32 C442") - ("vagrantc" - "6580 7361 3BFC C5C7 E2E4 5D45 DC51 8FC8 7F97 16AA") - ("wigust" - ;; primary: "C955 CC5D C048 7FB1 7966 40A9 199A F6A3 67E9 4ABB" - "7238 7123 8EAC EB63 4548 5857 167F 8EA5 001A FA9C") - ("wingo" - "FF47 8FB2 64DE 32EC 2967 25A3 DDC0 F535 8812 F8F2"))) - -(define %historical-authorized-signing-keys - ;; Fingerprint of historically authorized signing keys. - (map (match-lambda - ((name fingerprint) - (base16-string->bytevector - (string-downcase (string-filter char-set:graphic fingerprint))))) - %historical-committers)) - -(define %use-historical-authorizations? - ;; Whether to allow authentication of past commits using - ;; %HISTORICAL-AUTHORIZED-SIGNING-KEYS for when '.guix-authorizations' was - ;; missing. - (getenv "GUIX_USE_HISTORICAL_AUTHORIZATIONS")) - -(define %introductory-commit - ;; This is the commit that appears in the official 'guix' channel - ;; introduction. XXX: Keep in sync with (guix channels)! - "9edb3f66fd807b096b48283debdcddccfea34bad") - -(define %commits-with-bad-signature - ;; Commits with a known-bad signature. - '("6a34f4ccc8a5d4a48e25ad3c9c512f8634928b91")) ;2016-12-29 - -(define %unsigned-commits - ;; Commits lacking a signature. - '()) - -(define commit-short-id - (compose (cut string-take <> 7) oid->string commit-id)) - - -;;; -;;; Entry point. -;;; - -(define (git-authenticate args) - (define repository - (repository-open ".")) - - (let loop ((args args)) - (match args - ((_ start end) - (define start-commit - (commit-lookup repository - (string->oid (if %use-historical-authorizations? - start - %introductory-commit)))) - (define end-commit - (commit-lookup repository (string->oid end))) - - (define authenticated-commits - ;; Previously-authenticated commits that don't need to be checked - ;; again. - (filter-map (lambda (id) - (false-if-exception - (commit-lookup repository (string->oid id)))) - (previously-authenticated-commits "channels/guix"))) - - (define commits - ;; Commits to authenticate, excluding the closure of - ;; AUTHENTICATED-COMMITS. - (commit-difference end-commit start-commit - authenticated-commits)) - - (define reporter - (progress-reporter/bar (length commits))) - - (define historical-authorizations - ;; List of authorizations in effect before '.guix-authorizations' was - ;; introduced. By default, assume there were no authorizations; this - ;; is what 'guix pull' does. - (if %use-historical-authorizations? - %historical-authorized-signing-keys - '())) - - (format #t (G_ "Authenticating ~a to ~a (~a commits)...~%") - (commit-short-id start-commit) - (commit-short-id end-commit) - (length commits)) - - (let ((stats (call-with-progress-reporter reporter - (lambda (report) - (authenticate-commits repository commits - #:default-authorizations - historical-authorizations - #:report-progress report))))) - (cache-authenticated-commit "channels/guix" - (oid->string (commit-id end-commit))) - - (unless (null? stats) - (format #t (G_ "Signing statistics:~%")) - (for-each (match-lambda - ((signer . count) - (format #t " ~a ~10d~%" - (openpgp-format-fingerprint - (openpgp-public-key-fingerprint signer)) - count))) - (sort stats - (match-lambda* - (((_ . count1) (_ . count2)) - (> count1 count2)))))))) - ((command start) - (let* ((head (repository-head repository)) - (end (reference-target head))) - (loop (list command start (oid->string end))))) - (_ - (format (current-error-port) - (G_ "Usage: git-authenticate START [END] - -Authenticate commits START to END or the current head.\n"))))))