Hello! Vagrant Cascadian <vagr...@debian.org> skribis:
> On 2019-12-27, Ricardo Wurmus wrote: [...] >> Thank you for the instructions. I thought I had all keys, but >> apparently at least one of them is missing. “make authenticate” fails >> for me with this error: >> >> Throw to key `srfi-34' with args `(#<condition &message [message: "could not >> authenticate commit b291c9570d5a27b11472df3df61cef9ed012241b: key >> B943509D633E80DD27FC4EED634A8DFFD3F631DF is missing"] 7f70fb08c240>)'. >> >> I previously downloaded the gpg keyring from Savannah: >> >> https://savannah.gnu.org/project/memberlist-gpgkeys.php?group=guix >> >> Looks like Hartmut used to use a different key, which I don’t have. > > I got this too, and manually worked around it by downloading > guix-keyring.gpg from: > > > https://savannah.gnu.org/project/memberlist-gpgkeys.php?group=guix&download=1 > > And running: > > gpg --no-default-keyring --keyring > ~/.config/guix/keyrings/channels/guix.kbx --import ~/guix-keyring.gpg > > It seems to be working now... how is the keyring *supposed* to be > populated? Before I manually imported guix-keyring.gpg into guix.kbx, > there were a very small number of keys present. By default, the script currently automatically downloads keys from keyserver into ~/.config/…/guix.kbx: see ‘gnupg-verify*’ in (guix gnupg). This is unreliable and rather undesirable, so the real solution will be to have the keyring in the repo. > It's a little awkward that it uses the fingerprint of the signing key > rather than the primary key, as by default things like "gpg --list-keys" > do not display the fingerprint of signing keys, only the primary key, so > it is an adventure in gpg commandline options to correlate them. > > "gpg log --show-signature" also reports the the primary key fingerprint, > if the key is available in the keyring, and only the subkey fingerprint > for unknown keys if I remember correctly. Yeah, well. Apparently ‘gpgv --status-fd’ reports the fingerprint of the subkey, not that of the primary key, which is why we’re storing the fingerprint of the subkey. I think it actually makes sense, but I wonder why ‘gpg’ makes it so hard to see the fingerprint of subkeys. > It would be nice if the statistics would display the primary uid > instead, as it is something a little more human readable, and the > primary key fingerprint, as it is a little easier to find. :) Ah, true! > I'm hoping the eventual goal is to integrate this into guix pull? Of course! Ludo’.
