This patch series follows up on channel authentication support:
This time the goal is to expose and document the authentication
mechanism so that third-party channel authors can use it. This
should be the last series on this theme in the foreseeable
The most visible effect is that channel introductions are now
part of the API and shown by ‘guix describe’. It becomes a long-term
commitment because we want to be able to pass the output of
‘guix describe -C channels’ or /run/current-system/channels.scm
to ‘guix pull’ and ‘guix time-machine’ in the future.
Contrary to what I initially proposed¹, channel introductions are
stripped to the bare minimum: a commit/fingerprint pair (as is
currently the case on master, internally). I figured it doesn’t
buy us much to have the commit/fingerprint pair signed; what
matters is that users obtain the introduction from a trusted
source, and the signature wouldn’t help with that. I also got
rid of the idea of rendering introductions are opaque base64 blobs.
In the manual I tried to distinguish instructions for users
(“what do I need to put in my channels.scm file?”) from
instructions for channel authors (“how do I allow users of my
channel to authenticate it?”).
If people have a channel that they’d like to make “authenticable”,
please do try and report back! You can even test with master,
you only need to add ‘@@’ to access (guix channels) internals
to create the introduction.
Ludovic Courtès (6):
channels: Add 'openpgp-fingerprint->bytevector'.
channels: Make channel introductions public.
channels: Remove 'signature' from <channel-introduction>.
channels: Save and interpret 'introduction' field in provenance data.
guix describe: Display channel introductions and add
services: provenance: Save channel introductions.
doc/guix.texi | 130 +++++++++++++++++++++++++++++++++++++-
gnu/services.scm | 26 ++++++--
guix/channels.scm | 86 +++++++++++++++++++------
guix/scripts/describe.scm | 56 +++++++++++++---
guix/scripts/system.scm | 4 +-
tests/channels.scm | 10 ++-
6 files changed, 269 insertions(+), 43 deletions(-)