From debbugs-submit-bounces@debbugs.gnu.org Fri Dec 27 07:58:46 2019 Received: (at 22883) by debbugs.gnu.org; 27 Dec 2019 12:58:47 +0000 Received: from localhost ([127.0.0.1]:56627 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1ikpCY-0000bw-L8 for submit@debbugs.gnu.org; Fri, 27 Dec 2019 07:58:46 -0500 Received: from eggs.gnu.org ([209.51.188.92]:42228) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1ikpCW-0000bi-FA for 22883@debbugs.gnu.org; Fri, 27 Dec 2019 07:58:44 -0500 Received: from fencepost.gnu.org ([2001:470:142:3::e]:42707) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1ikpCR-00078Z-8O; Fri, 27 Dec 2019 07:58:39 -0500 Received: from [2a01:e35:2ffd:930:f25f:2121:7012:6c8e] (port=57946 helo=ribbon) by fencepost.gnu.org with esmtpsa (TLS1.2:RSA_AES_256_CBC_SHA1:256) (Exim 4.82) (envelope-from ) id 1ikpCQ-00015W-C1; Fri, 27 Dec 2019 07:58:38 -0500 From: =?utf-8?Q?Ludovic_Court=C3=A8s?= To: 22883@debbugs.gnu.org Subject: Re: bug#22883: Authenticating Git checkouts: step #1 References: <87io14sqoa.fsf@dustycloud.org> <87tvnemfjh.fsf@aikidev.net> <871sab7ull.fsf@gnu.org> <87zhwz6ct4.fsf@aikidev.net> <877ek364u5.fsf@gnu.org> <87mubmodfb.fsf_-_@gnu.org> Date: Fri, 27 Dec 2019 13:58:36 +0100 In-Reply-To: <87mubmodfb.fsf_-_@gnu.org> ("Ludovic \=\?utf-8\?Q\?Court\=C3\=A8s\?\= \=\?utf-8\?Q\?\=22's\?\= message of "Fri, 20 Dec 2019 23:11:20 +0100") Message-ID: <87eewqgc1v.fsf@gnu.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/26.3 (gnu/linux) MIME-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha256; protocol="application/pgp-signature" X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Spam-Score: -2.3 (--) X-Debbugs-Envelope-To: 22883 Cc: Guix-devel X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -3.3 (---) --=-=-= Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Hello Guix! Ludovic Court=C3=A8s skribis: > To begin with, I propose the attached script: when given a commit range, > it authenticates each commit, meaning that it ensures commits have a > valid signature and that that signature was made by one of the > authorized keys. Sample session: > > $ time ./pre-inst-env guile -e git-authenticate build-aux/git-authenticat= e.scm d68de958b60426798ed62797ff7c96c327a672ac 099ce5d4901706dc2c5be888a5c8= cbf8fcd0d576 > Authenticating d68de95 to 099ce5d (7938 commits)... > Signing statistics: > BCA689B636553801C3C62150197A5888235FACAC 1454 > 3CE464558A84FDC69DB40CFB090B11993D9AEBB5 1025 > BBB02DDF2CEAF6A80D1DE643A2A06DF2A33A54FA 941 > > [...] > > real 2m21.272s > user 1m38.741s > sys 0m59.546s I=E2=80=99ve now committed this file: b3011dbbd2 doc: Mention "make authenticate". 787766ed1e git-authenticate: Keep a local cache of previously-authenticat= ed commits. 785af04a75 git: 'commit-difference' takes a list of excluded commits. 1e43ab2c03 Add 'build-aux/git-authenticate.scm'. Commit 787766ed1e takes care of caching (one of the limitations I mentioned in my previous message). Commit b3011dbbd2 adds instructions for contributors on how to authenticate a checkout (copied below). It=E2=80=99s a bit bumpy so I would very much welcome feedback and suggestions on how to improve this! Thanks in advance! Ludo=E2=80=99. =2D-8<---------------cut here---------------start------------->8--- If you want to hack Guix itself, it is recommended to use the latest version from the Git repository: git clone https://git.savannah.gnu.org/git/guix.git How do you ensure that you obtained a genuine copy of the repository? Guix itself provides a tool to =E2=80=9Cauthenticate=E2=80=9D your checkout= , but you must first make sure this tool is genuine in order to =E2=80=9Cbootstrap=E2= =80=9D the trust chain. To do that, run: git verify-commit `git log --format=3D%H build-aux/git-authenticate.sc= m` The output must look something like: gpg: Signature made Fri 27 Dec 2019 01:27:41 PM CET gpg: using RSA key 3CE464558A84FDC69DB40CFB090B11993D9A= EBB5 ... gpg: Signature made Fri 27 Dec 2019 01:25:22 PM CET gpg: using RSA key 3CE464558A84FDC69DB40CFB090B11993D9A= EBB5 ... ... meaning that changes to this file are all signed with key =E2=80=983CE464558A84FDC69DB40CFB090B11993D9AEBB5=E2=80=99 (you may need to= fetch this key from a key server, if you have not done it yet). From there on, you can authenticate all the commits included in your checkout by running: make authenticate The first run takes a couple of minutes, but subsequent runs are faster. Note: You are advised to run =E2=80=98make authenticate=E2=80=99 after= every =E2=80=98git pull=E2=80=99 invocation. This ensures you keep receiving valid chang= es to the repository =2D-8<---------------cut here---------------end--------------->8--- --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEPORkVYqE/cadtAz7CQsRmT2a67UFAl4F//wACgkQCQsRmT2a 67WiVg/+NshLhNZOl+0kj5kOePRtM6tNRTFWVyik6Qob/jKQwwjghd9lYI/fmHUM gNrDsNJyzju4RefVHG5ifht7ukCFqlQPmcTvIXNzx5mJsXqe0TPvsr9kVQaDt/52 ED5XVRnzrB/xzEewsieLn0CvI6LBTlMGC/RdCKLkStHaOzXdjIhxJUuGfO6Ykj6z HfI5j6wJX59TyDryu9VfSFw124/mzjaCSucN1X7LBPmS4jvYk4SlE5tLxorL0R/V Ub/bw/5ZFgqxjtwRywWs/TpnKNyt2RLbm2BqS7crS9S9EfiZ0juDDllt7ZBGKAbe QkZBHFO/EM+jWClOcb2f8fYR8m2yw9jcXuoRdcJRlzrwO5+1oX5Tjgn0gOIdzulW Ws+objf1YtOaHpbrM+sRSrPmZ9TqfUqaWz3VKLPwZVUwsYBaqSakHFgYRz8WJF9H 0ER/5YveRUxOANSGBC6nWcVpKsYhp7sf/gLg9l+9lkIKttQFkJ9MF3svWrYnBIQo J+V/GfdNXSmYsxa/CqVyZIwuily3VXiw8wz4MdjXhSG0iGMIfV+dg/l253WN8tVL 3Rtqay6EBjqBjzy0UjcGNGwmt3arRB8B7OaeqxkaTnHgGwD0M9UIcsDS1lkeRJEk gVm9sPojR8j2H39hKXjLYWc9wa5wGcusUHPg001dNOPtbYZLf9I= =q+Ez -----END PGP SIGNATURE----- --=-=-=--