Hi, I try to follow the tutorial on guix blog (https://guix.gnu.org/en/blog/2024/authenticate-your-git-checkouts/) to authenticate my commit for a personal channel. I have some feedback to do, and possible missing info. for padawan like me.
- A / There are no information for pushing keyring branch to origin repo.
Commit for keyring come before Introductory commit so pushing keyring to
<yourforge> repository failed. Talking with ludovic, the tutorial doesn't say
that pre-push hook need to be desactivated to push on <yourforge> repository.
- B / I follow the tutorial on an existing channel repo, two times, because i
made some errors that imply : a reset --hard of the repo, the delete of the
keyring branch, removing the authenticate line in git/config, removing the
post-merge and pre-push hook. But, now my repository is probably in a strange
state and guix git authenticate failed even if the commit is a correct
descendant of the introductory commit. More info after :
An example with one commit after Introductory Commit
(fcf50534c7fec17e689597cfaaec9f4cedb397de) :
---
commit 2eddf958be68a5a4df7fd43feb604707472f89a4 (HEAD -> master,
origin/master)gpg: Signature faite le mar. 19 nov. 2024 23:05:17 CET
gpg: avec la clef RSA 41D051592D59A9C07AB4DF25DC55CB6B7043416E
gpg: Bonne signature de « xxx <xxx> » [ultime]
Author: xxx <xxx>
Date: Tue Nov 19 23:05:17 2024 +0100
add README
commit fcf50534c7fec17e689597cfaaec9f4cedb397de
gpg: Signature faite le mar. 19 nov. 2024 22:55:40 CET
gpg: avec la clef RSA 41D051592D59A9C07AB4DF25DC55CB6B7043416E
gpg: Bonne signature de « xxx <> » [ultime]
Author: xxx <>
Date: Tue Nov 19 22:55:40 2024 +0100
Introductory commit.
---
In my .git/config i have :
[core]repositoryformatversion = 0
filemode = true
bare = false
logallrefupdates = true
[remote "origin"]
url = g...@codeberg.org:reycoseb/extra-guix-channel.git
fetch = +refs/heads/*:refs/remotes/origin/*
[branch "master"]
remote = origin
merge = refs/heads/master
[guix "authentication"]
introduction-commit = fcf50534c7fec17e689597cfaaec9f4cedb397de
introduction-signer = 41D051592D59A9C07AB4DF25DC55CB6B7043416E
keyring = keyring
[branch "keyring"]
remote = origin
merge = refs/heads/keyring
I use a Yubikey with a specific subkey used to sign :
Signature key ....: 41D0 5159 2D59 A9C0 7AB4 DF25 DC55 CB6B 7043 416E
created ....: 2020-09-01 12:13:40
Encryption key....: 04E1 4065 2E41 C847 4D7F B0EE D788 9EAF B20E C927
created ....: 2020-09-01 12:14:39
Authentication key: D57E C3C4 1288 E30D 17C1 290B 1DB9 AAD6 04D0 60C0
created ....: 2020-09-01 12:15:08
My .guix authorization file :
(authorizations (version 0) ;current file format version
(("41D0 5159 2D59 A9C0 7AB4 DF25 DC55 CB6B 7043 416E"
(name "xxx"))))
When i run guix git authenticate in my master branch, with yubikey activated, i
have
Authentification des commits fcf5053 à 2eddf95 (1 nouveaux commits)...guix git:
erreur : commit 2eddf958be68a5a4df7fd43feb604707472f89a4 not signed by an
authorized key: 41D0 5159 2D59 A9C0 7AB4 DF25 DC55 CB6B 7043 416E
Strange ? Also, the git push command say the same thing. If you have
I use guix 4c56d0c URL du dépôt : https://git.savannah.gnu.org/git/guix.git
branche : master
commit : 4c56d0cccdc44e12484b26332715f54768738c5f
Best regards,
Sebastien RC.
publickey - s.rey.coyrehourcq@proton.me - 0xC3237850.asc
Description: application/pgp-keys
signature.asc
Description: OpenPGP digital signature
