guix-commits
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

branch master updated: website: commit-authentication: Write about the i

From: Ludovic Courtčs
Subject: branch master updated: website: commit-authentication: Write about the implementation and process.
Date: Tue, 30 Jun 2020 10:23:06 -0400 
This is an automated email from the git hooks/post-receive script.

civodul pushed a commit to branch master
in repository guix-artwork.

The following commit(s) were added to refs/heads/master by this push:
     new 437e0cb  website: commit-authentication: Write about the 
implementation and process.
437e0cb is described below

commit 437e0cbc168a9505c990e99223e942a76d971e7a
Author: Ludovic Courtès <ludo@gnu.org>
AuthorDate: Tue Jun 30 16:20:47 2020 +0200

    website: commit-authentication: Write about the implementation and process.
    
    * website/drafts/commit-authentication.md (A long process): Write.
---
 website/drafts/commit-authentication.md | 69 +++++++++++++++++++++++++++++----
 1 file changed, 62 insertions(+), 7 deletions(-)

diff --git a/website/drafts/commit-authentication.md 
b/website/drafts/commit-authentication.md
index 938e65c..1abac17 100644
--- a/website/drafts/commit-authentication.md
+++ b/website/drafts/commit-authentication.md
@@ -276,13 +276,68 @@ a quick tour of the implementation, the next section is 
for you!
 
 # A long process
 
-  - start signing commits
-  - add "make authenticate"
-  - implement .guix-authorizations
-  - generalize to channels
-  - prevent downgrades
-  - add primary URL
-  - third-party channels
+We’re kinda celebrating these days, but the [initial bug
+report](https://issues.guix.gnu.org/22883) was opened… in 2016.  One of
+the reasons was that we were hoping the general problem was solved
+already and we’d “just” have to adapt what others had done.  As for the
+actual design: you would think it can be implemented in ten lines of
+shell script invoking `gpgv` and `git`.  Perhaps that’s a possibility,
+but the resulting performance would be problematic—keep in mind that
+users may routinely have to authenticate hundreds of commits.  So we
+took a long road, but the end result is worth it.  Let’s recap.
+
+Back in April 2016, committers [started signing
+commits](https://issues.guix.gnu.org/22883#4), with a [server-side hook
+prohibiting unsigned commits](https://issues.guix.gnu.org/22883#36).  In
+July 2016, we had [proof-of-concept libgit2
+bindings](https://issues.guix.gnu.org/22883#33) with the primitives
+needed to verify signatures on commits, passing them to `gpgv`; later
+[Guile-Git](https://gitlab.com/guile-git/guile-git/) was born, providing
+good coverage of the libgit2 interface.  Then there was a two-year
+hiatus during which no code was produced in that area.
+
+Everything went faster starting from December 2019.  Progress was
+incremental and may have been hard to follow, even for die-hard Guix
+hackers, so here are the major milestones:
+
+  - In December 2019, a first [authentication program for use by Guix
+    developers](https://issues.guix.gnu.org/22883#48) landed; it could
+    be run from a checkout with the `make authenticate` command.  It
+    would use Guile-Git but call out to `gpgv` for signature
+    verification, which made it rather slow.  The list of authorized
+    keys was hard-coded.
+  - In April 2020, we had [an implementation of OpenPGP for signature
+    verification purposes](https://issues.guix.gnu.org/22883#61)
+    available as [`(guix
+    
openpgp)`](https://git.savannah.gnu.org/cgit/guix.git/tree/guix/openpgp.scm).
+    The code is based on Göran Weinholt’s pure Scheme
+    [Industria](https://github.com/weinholt/industria/) library, with
+    the addition of a few features and using
+    [Guile-Gcrypt](https://notabug.org/cwebber/guile-gcrypt) for faster
+    crypto.  That led to a tenfold speedup compared to invoking `gpgv`,
+    which is primarily due to the fact that our code [foregoes OpenPGP
+    bells and whistles](https://issues.guix.gnu.org/22883#62) and
+    focuses on “just” signature verification.
+  - In May, [`.guix-authorizations` support was
+    added](https://issues.guix.gnu.org/22883#64), superseding the
+    hard-coded list of authorized keys.  The OpenPGP keyring could now
+    be loaded straight from a [Git branch containing all the OpenPGP
+    keys ever
+    used](https://git.savannah.gnu.org/cgit/guix.git/tree/?h=keyring).
+  - Early June, the authentication code was [moved to its own
+    module](https://issues.guix.gnu.org/41653), `(guix
+    git-authenticate)` with a test suite.
+  - Soon after, Git authentication was [integrated in
+    channels](https://issues.guix.gnu.org/41767): `guix pull` would now
+    authenticate the `guix` channel, [closing the 4-year old
+    mega-issue](https://issues.guix.gnu.org/22883).
+  - Just today, we added the final bits, [allowing channel authors to
+    benefit from the feature](https://issues.guix.gnu.org/42048).
+
+Whether you’re a channel author or a user, the feature is now [fully
+documented in the
+manual](https://guix.gnu.org/manual/devel/en/html_node/Channels.html),
+and we’d love to get your feedback!
 
 # SHA1
 # Related work
reply via email to
[Prev in Thread] Current Thread [Next in Thread]