bug#42048: closed ([PATCH 0/6] Authenticated channels for everyone!)

[GNU bug Tracking System]

Your message dated Wed, 01 Jul 2020 23:50:21 +0200
with message-id <87imf6ykf6.fsf@gnu.org>
and subject line Re: [bug#42048] [PATCH 6/6] services: provenance: Save channel 
introductions.
has caused the debbugs.gnu.org bug report #42048,
regarding [PATCH 0/6] Authenticated channels for everyone!
to be marked as done.

(If you believe you have received this mail in error, please contact
help-debbugs@gnu.org.)


-- 
42048: http://debbugs.gnu.org/cgi/bugreport.cgi?bug=42048
GNU Bug Tracking System
Contact help-debbugs@gnu.org with problems
> --- Begin Message ---
>
>
>
> Subject: 
>
> [PATCH 0/6] Authenticated channels for everyone!
>
>
>
>
> Date: 
>
> Thu, 25 Jun 2020 23:04:00 +0200
>
>
>
>
> Hello Guix!
>
> This patch series follows up on channel authentication support:
>
>   https://issues.guix.gnu.org/41767
>
> This time the goal is to expose and document the authentication
> mechanism so that third-party channel authors can use it.  This
> should be the last series on this theme in the foreseeable
> future.  :-)
>
> The most visible effect is that channel introductions are now
> part of the API and shown by ‘guix describe’.  It becomes a long-term
> commitment because we want to be able to pass the output of
> ‘guix describe -C channels’ or /run/current-system/channels.scm
> to ‘guix pull’ and ‘guix time-machine’ in the future.
>
> Contrary to what I initially proposed¹, channel introductions are
> stripped to the bare minimum: a commit/fingerprint pair (as is
> currently the case on master, internally).  I figured it doesn’t
> buy us much to have the commit/fingerprint pair signed; what
> matters is that users obtain the introduction from a trusted
> source, and the signature wouldn’t help with that.  I also got
> rid of the idea of rendering introductions are opaque base64 blobs.
>
> In the manual I tried to distinguish instructions for users
> (“what do I need to put in my channels.scm file?”) from
> instructions for channel authors (“how do I allow users of my
> channel to authenticate it?”).
>
> If people have a channel that they’d like to make “authenticable”,
> please do try and report back!  You can even test with master,
> you only need to add ‘@@’ to access (guix channels) internals
> to create the introduction.
>
> Feedback welcome!
>
> Thanks,
> Ludo’.
>
> ¹ https://issues.guix.gnu.org/issue/22883#69
>
>
>
> Ludovic Courtès (6):
>   channels: Add 'openpgp-fingerprint->bytevector'.
>   channels: Make channel introductions public.
>   channels: Remove 'signature' from <channel-introduction>.
>   channels: Save and interpret 'introduction' field in provenance data.
>   guix describe: Display channel introductions and add
>     'channels-sans-intro'.
>   services: provenance: Save channel introductions.
>
>  doc/guix.texi             | 130 +++++++++++++++++++++++++++++++++++++-
>  gnu/services.scm          |  26 ++++++--
>  guix/channels.scm         |  86 +++++++++++++++++++------
>  guix/scripts/describe.scm |  56 +++++++++++++---
>  guix/scripts/system.scm   |   4 +-
>  tests/channels.scm        |  10 ++-
>  6 files changed, 269 insertions(+), 43 deletions(-)
>
> -- 
> 2.26.2
>
>
>
>
> --- End Message ---
> --- Begin Message ---
>
>
>
> Subject: 
>
> Re: [bug#42048] [PATCH 6/6] services: provenance: Save channel introductions.
>
>
>
>
> Date: 
>
> Wed, 01 Jul 2020 23:50:21 +0200
>
>
>
>
> User-agent: 
>
> Gnus/5.13 (Gnus v5.13) Emacs/26.3 (gnu/linux)
>
>
>
>
> Hi,
>
> Ricardo Wurmus <rekado@elephly.net> skribis:
>
> > Ludovic Courtès <ludo@gnu.org> writes:
> >
> >> So yes, I suppose we would need to extend the ‘.guix-channel’ format for
> >> dependencies.  Luckily it should be quite simply because that format is
> >> extensible; older Guix versions would ignore the ‘introduction’ field.
> >> It would look something like this:
> >>
> >>      (channel
> >>       (version 0)
> >>       (dependencies
> >>        (channel
> >>         (name some-collection)
> >>         (url "https://example.org/first-collection.git";)
> >>         (introduction (channel-introduction
> >>                         (version 0)
> >>                         (commit "…")
> >>                         (signer "…"))))
> >>        (channel
> >>         (name some-other-collection)
> >>         (url "https://example.org/second-collection.git";)
> >>         (branch "testing"))))   ;not an authenticated channel
> >>
> >> It does mean that a channel can indirectly trick you into turning off
> >> authentication for a dependent channel.  But I think that’s within the
> >> expectations for channels: when you choose a channel, you trust it
> >> enough to run its code.
> >>
> >> WDYT?
> >
> > This sounds reasonable.  I agree that you’ve got to trust the channel
> > authors anyway, so allowing them to provide the introduction is fair.
>
> I went ahead and did that:
>
>   
> https://git.savannah.gnu.org/cgit/guix.git/commit/?id=d774c7b1218a3cc20079b19812da119f9ed26b54
>
> Let me know what you think!
>
> The whole series is now pushed:
>
>   d774c7b121 channels: Dependencies listed in '.guix-channel' can have an 
> introduction.
>   884df77640 channels: Properly diagnose test failure.
>   eb5cf39e66 services: provenance: Save channel introductions.
>   6d39f0cb77 guix describe: Display channel introductions and add 
> 'channels-sans-intro'.
>   471550c28c channels: Save and interpret 'introduction' field in provenance 
> data.
>   22a9699257 channels: Remove 'signature' from <channel-introduction>.
>   8b7d982e6a channels: Make channel introductions public.
>   6577682a6c channels: Add 'openpgp-fingerprint->bytevector'.
>
> Thanks for your feedback,
> Ludo’.
>
>
> --- End Message ---