bug-guix
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

bug#22883: Authenticating a Git checkout

From: Ludovic Courtès
Subject: bug#22883: Authenticating a Git checkout
Date: Fri, 01 May 2020 19:20:38 +0200
User-agent: Gnus/5.13 (Gnus v5.13) Emacs/26.3 (gnu/linux) 
Ludovic Courtès <address@hidden> skribis:

>   • Generalize that to channels.

As I see it, the generalization would be made by adding the
authentication parameters to the ‘.guix-channel’ file, along these
lines:

  (channel
    (version 0)
    (keyring-reference "my-keyring-branch")
    (historical-authorizations ".guix-authorizations.old"))

where:

  • ‘keyring-reference’ specifies the branch where to look for *.key
    files that constitute the keyring.  It can be ‘master’ and have the
    key mixed up with other files if that’s OK for the channel.  By
    default, it could be the current branch.

  • ‘historical-authorizations’ specifies a file to load in this branch
    and that contains a ‘.guix-authorizations’-formatted list of
    fingerprints for commits that lack a ‘.guix-authorizations’ file.
    By default, we could ignore historical commits—more specifically,
    commits whose parent(s) lack(s) ‘.guix-authorizations’.  It does
    mean that if an authorized commit removes ‘.guix-authorizations’,
    then we’re back to unauthenticated commits.

‘guix pull’ would error out before attempting to build anything if
authentication fails.  It could display a warning when pulling a commit
whose parent(s) lack(s) ‘.guix-authorizations’.

Thoughts?

In terms of code, everything is already there, so it’d be mostly about
moving code around and double-checking the new data formats since
they’ll be hard to change.

In terms of processes, it’ll be tricky: if we committers make a mistake
(sign with the wrong key, forget to add a new committer’s key, etc.),
nobody is able to pull.  In such a case, we’ll probably have to do a
hard-reset of the affected branch.

It would be best if we had a server-side hook to perform all these
checks, so that we don’t encounter such problems.  That would mean
running some of this code on Savannah, I don’t know if it’ll be
possible.  If it’s not, we can set up our own Git repo elsewhere and
make Savannah a mirror.

More thoughts?  :-)

Ludo’.
reply via email to
[Prev in Thread] Current Thread [Next in Thread]