`make authenticate` fails to find the keyring branch

Done

Details

4 participants

guix-vits via web
Leo Famulari
Ludovic Courtès
Miguel Ángel Arruga Vivas

Owner: unassigned

Submitted by: Leo Famulari

Severity: normal

Leo Famulari wrote on 8 Jun 2020 20:54

Recipients:(address . bug-guix@gnu.org)

Message-ID:20200608185404.GA2356@jasmine.lan

I just tried pushing for the first time since installing the new

pre-push hook that runs `make authenticate`.

This failed with the following error:

Git error: cannot locate remote-tracking branch 'keyring'

However, `git branch --all` includes "remotes/origin/keyring".

After I did `git checkout origin/keyring`, it worked.

Let's update the manual section Commit Access with the recommended way

to make this branch accessible to `make authenticate`. Maybe it should

even do it automatically?

Ludovic Courtès wrote on 9 Jun 2020 18:16

Recipients:(name . Leo Famulari)(address . leo@famulari.name)(address . 41764@debbugs.gnu.org)

Message-ID:87img0gqpr.fsf@gnu.org

Hi,

Leo Famulari <leo@famulari.name> skribis:

Toggle quote (11 lines)> I just tried pushing for the first time since installing the new
> pre-push hook that runs `make authenticate`.
>
> This failed with the following error:
>
> Git error: cannot locate remote-tracking branch 'keyring'
>
> However, `git branch --all` includes "remotes/origin/keyring".
>
> After I did `git checkout origin/keyring`, it worked.

Right, since commit 512b9e2da26968ebafdd47f701edd8fc3936d3e8, you have

to have a local ‘keyring’ branch.

Toggle quote (4 lines)

> Let's update the manual section Commit Access with the recommended way

> to make this branch accessible to `make authenticate`. Maybe it should

> even do it automatically?

I don’t think it can do it automatically because it cannot guess what

the remote is called (Tobias reported an issue earlier because

“origin/keyring” was hard-coded and Tobias didn’t have an “origin”

remote.)

Regarding documentation, do you think it would suffice to say that one

needs to have a local ‘keyring’ branch tracking upstream’s?

Thanks,

Ludo’.

guix-vits via web wrote on 7 Aug 2020 14:33

`make authenticate` fails to find the keyring branch

Recipients:(address . 41764@debbugs.gnu.org)

Message-ID:7fc08cc00770.12ef49168b33d84b@guile.gnu.org

Please do :)

Miguel Ángel Arruga Vivas wrote on 24 Oct 2020 14:49

Recipients:(name . Ludovic Courtès)(address . ludo@gnu.org)

Message-ID:87v9ezhjq0.fsf@gmail.com

Hi,

Ludovic Courtès <ludo@gnu.org> writes:

Toggle quote (18 lines)> Hi,
>
> Leo Famulari <leo@famulari.name> skribis:
>
>> I just tried pushing for the first time since installing the new
>> pre-push hook that runs `make authenticate`.
>>
>> This failed with the following error:
>>
>> Git error: cannot locate remote-tracking branch 'keyring'
>>
>> However, `git branch --all` includes "remotes/origin/keyring".
>>
>> After I did `git checkout origin/keyring`, it worked.
>
> Right, since commit 512b9e2da26968ebafdd47f701edd8fc3936d3e8, you have
> to have a local ‘keyring’ branch.

I've hit this too...

Toggle quote (9 lines)

>> Let's update the manual section Commit Access with the recommended way

>> to make this branch accessible to `make authenticate`. Maybe it should

>> even do it automatically?

> I don’t think it can do it automatically because it cannot guess what

> the remote is called (Tobias reported an issue earlier because

> “origin/keyring” was hard-coded and Tobias didn’t have an “origin”

> remote.)

I'd say this isn't really a solution: hard-coding the origin is bad but

not the branch name? Someone who wants to have a local branch called

keyring for whatever reason will have the exact same problem.

From my POV, "origin/keyring" should be the *default*, as only people

modifying its contents should have a local branch pointing to it, but

the moment you name it hard- instead of normal-code you can clearly say

there's a configuration need. :-)

The attached patch exposes a variable for make called GUIX_GIT_KEYRING

to provide the keyring reference to guix git authenticate, including an

example in the manual, as everything else is already there. WDYT?

Happy hacking!

Miguel

From 479ac6846cb228b67b778965f0f5299ea3172424 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Miguel=20=C3=81ngel=20Arruga=20Vivas?=
 <rosen644835@gmail.com>
Date: Sat, 24 Oct 2020 14:35:09 +0200
Subject: [PATCH] build: Add GUIX_GIT_KEYRING variable for make authenticate.

* Makefile.am (GUIX_GIT_KEYRING): New variable.
(authenticate): Use GUIX_GIT_KEYRING to select the keyring branch
reference.
* doc/contributing.texi (Building from Git): Add an example about the
use of GUIX_GIT_KEYRING.
---
 Makefile.am           |  2 ++
 doc/contributing.texi | 10 ++++++++++
 2 files changed, 12 insertions(+)

Toggle diff (39 lines)diff --git a/Makefile.am b/Makefile.am
index c509562567..e6cef9ec1a 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -666,9 +666,11 @@ channel_intro_commit = 9edb3f66fd807b096b48283debdcddccfea34bad
 channel_intro_signer = BBB0 2DDF 2CEA F6A8 0D1D  E643 A2A0 6DF2 A33A 54FA
 
 # Authenticate the current Git checkout by checking signatures on every commit.
+GUIX_GIT_KEYRING = origin/keyring
 authenticate:
 	$(AM_V_at)echo "Authenticating Git checkout..." ;	\
 	guix git authenticate					\
+	    --keyring=$(GUIX_GIT_KEYRING)			\
 	    --cache-key=channels/guix --stats			\
 	    "$(channel_intro_commit)" "$(channel_intro_signer)"
 
diff --git a/doc/contributing.texi b/doc/contributing.texi
index 26a4627464..9312faa849 100644
--- a/doc/contributing.texi
+++ b/doc/contributing.texi
@@ -140,6 +140,16 @@ make authenticate
 
 The first run takes a couple of minutes, but subsequent runs are faster.
 
+Or, when your configuration for your local git repository doesn't match
+the default one, you can provide the reference for the @code{keyring}
+branch through the variable @code{GUIX_GIT_KEYRING}.  The following
+example assumes that you have a git remote called @samp{myremote}
+pointing to the official repository:
+
+@example
+make authenticate GUIX_GIT_KEYRING=myremote/keyring
+@end example
+
 @quotation Note
 You are advised to run @command{make authenticate} after every
 @command{git pull} invocation.  This ensures you keep receiving valid
-- 
2.28.0

Ludovic Courtès wrote on 24 Oct 2020 17:02

Recipients:(name . Miguel Ángel Arruga Vivas)(address . rosen644835@gmail.com)

Message-ID:87h7qjk6pn.fsf@gnu.org

Hi!

Miguel Ángel Arruga Vivas <rosen644835@gmail.com> skribis:

Toggle quote (26 lines)> From 479ac6846cb228b67b778965f0f5299ea3172424 Mon Sep 17 00:00:00 2001
> From: =?UTF-8?q?Miguel=20=C3=81ngel=20Arruga=20Vivas?=
>  <rosen644835@gmail.com>
> Date: Sat, 24 Oct 2020 14:35:09 +0200
> Subject: [PATCH] build: Add GUIX_GIT_KEYRING variable for make authenticate.
>
> * Makefile.am (GUIX_GIT_KEYRING): New variable.
> (authenticate): Use GUIX_GIT_KEYRING to select the keyring branch
> reference.
> * doc/contributing.texi (Building from Git): Add an example about the
> use of GUIX_GIT_KEYRING.
> ---
>  Makefile.am           |  2 ++
>  doc/contributing.texi | 10 ++++++++++
>  2 files changed, 12 insertions(+)
>
> diff --git a/Makefile.am b/Makefile.am
> index c509562567..e6cef9ec1a 100644
> --- a/Makefile.am
> +++ b/Makefile.am
> @@ -666,9 +666,11 @@ channel_intro_commit = 9edb3f66fd807b096b48283debdcddccfea34bad
>  channel_intro_signer = BBB0 2DDF 2CEA F6A8 0D1D  E643 A2A0 6DF2 A33A 54FA
>  
>  # Authenticate the current Git checkout by checking signatures on every commit.
> +GUIX_GIT_KEYRING = origin/keyring

You need “?=” or users won’t be able to override it.

Toggle quote (25 lines)>  authenticate:
>  	$(AM_V_at)echo "Authenticating Git checkout..." ;	\
>  	guix git authenticate					\
> +	    --keyring=$(GUIX_GIT_KEYRING)			\
>  	    --cache-key=channels/guix --stats			\
>  	    "$(channel_intro_commit)" "$(channel_intro_signer)"
>  
> diff --git a/doc/contributing.texi b/doc/contributing.texi
> index 26a4627464..9312faa849 100644
> --- a/doc/contributing.texi
> +++ b/doc/contributing.texi
> @@ -140,6 +140,16 @@ make authenticate
>  
>  The first run takes a couple of minutes, but subsequent runs are faster.
>  
> +Or, when your configuration for your local git repository doesn't match
> +the default one, you can provide the reference for the @code{keyring}
> +branch through the variable @code{GUIX_GIT_KEYRING}.  The following
> +example assumes that you have a git remote called @samp{myremote}
> +pointing to the official repository:
> +
> +@example
> +make authenticate GUIX_GIT_KEYRING=myremote/keyring
> +@end example

s/git/Git/ in the paragraph, but otherwise LGTM! ‘origin/keyring’ is

certainly a better default than ‘keyring’.

Thanks,

Ludo’.

Miguel Ángel Arruga Vivas wrote on 24 Oct 2020 17:41

Recipients:(name . Ludovic Courtès)(address . ludo@gnu.org)

Message-ID:87h7qjhbrb.fsf@gmail.com

Hi Ludo,

Thanks for the quick revision.

Ludovic Courtès <ludo@gnu.org> writes:

Toggle quote (5 lines)

>> # Authenticate the current Git checkout by checking signatures on every commit.

>> +GUIX_GIT_KEYRING = origin/keyring

> You need “?=” or users won’t be able to override it.

The macro definitions provided through the command line are equivalent
to adding these definitions to the end of the file, so this wouldn't
make any difference, so I leave it as only =.

Toggle quote (4 lines)

> s/git/Git/ in the paragraph, but otherwise LGTM! ‘origin/keyring’ is

> certainly a better default than ‘keyring’.

Pushed with this change as ef6596a20c to master.

Happy hacking!

Miguel

Closed

Your comment

This issue is archived.

To comment on this conversation send an email to 41764@debbugs.gnu.org

is:open	open issues
is:done	closed issues
submitter:<who>	search issue submitter
author:<who>	search by message author
date:yesterday..now	search by issue date
mdate:3m..2d	search by message date