45mg <45mg.wri...@gmail.com> writes: > Hi Tomas, > > Tomas Volf <~@wolfsden.cz> writes: > >> I do have some ideas regarding how to do it, but all of them are fixes >> intended to solve "authenticating my Guix fork", not general fixes for >> guix-git-authenticate. But I think it can be made to work (sadly it >> will not be pretty though).
Right, so I finally found some time to think about this, and I believe doing this safely should be possible with minor modification of the code. Currently Guix uses *intersection* of keys from all parents. I would like to suggest modifying the check to use an *union* of: 1. *Intersection* of keys from all parents (the current logic). 2. Keys listed in $GUIX_AUTHENTICATE_EXTRA_KEYS. (and, if you are soft-forking Guix, you could also add your key to:) 3. Keys listed in new variable ((@ (guix git-authenticate) extra-keys). This, while much less elegant compared to your solution, seems much easier to reason about. It still requires you to add the actual keys to keyring branch, but that branch does not use authentication, so that should not be a problem. It would *not* be an error to have a key listed in the environment variable which does not have actual key material (on the keyring branch), it would just be silently skipped. Opinions? > > I think I may have an idea myself; one that seems reasonably clean, > would fix our use-case of authenticating our own personal Guix forks, > and would even allow pulling branches from other people's forks and > authenticating those. > > [..] > > What do you think? I don't actually know when I can work on a patch for > this (I've spent far too much time on this issue already), but it'd be > nice to have a sanity check on this anyway, so that if the approach is > fundamentally flawed in some obvious way that I'm missing, then I don't > have to waste my time on it. Sadly I have to admit I am not smart enough to be able to judge whether this is safe. I do understand the direction of your proposal, but I do not have enough confidence (especially after the flop my original patch is) to say either way. Tomas -- There are only two hard things in Computer Science: cache invalidation, naming things and off-by-one errors.
signature.asc
Description: PGP signature
