[cuirass] doc: Document authentication.

  • Done
  • quality assurance status badge
Details
3 participants
  • Ludovic Courtès
  • Maxim Cournoyer
  • Simon Tournier
Owner
unassigned
Submitted by
Maxim Cournoyer
Severity
normal
M
M
Maxim Cournoyer wrote on 8 May 2023 18:07
(address . guix-patches@gnu.org)(name . Maxim Cournoyer)(address . maxim.cournoyer@gmail.com)
20230508160745.10144-1-maxim.cournoyer@gmail.com
* etc/new-client-cert.scm: Add script.
* doc/cuirass.texi (Authentication): Document it.
* Makefile.am (noinst_SCRIPTS): Register it.
---
Makefile.am | 2 +-
doc/cuirass.texi | 34 ++++++++++++++++
etc/new-client-cert.scm | 90 +++++++++++++++++++++++++++++++++++++++++
3 files changed, 125 insertions(+), 1 deletion(-)
create mode 100755 etc/new-client-cert.scm

Toggle diff (165 lines)
diff --git a/Makefile.am b/Makefile.am
index a40a76d..62b0860 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -25,7 +25,7 @@
bin_SCRIPTS = \
bin/cuirass
-noinst_SCRIPTS = pre-inst-env
+noinst_SCRIPTS = pre-inst-env etc/new-client-cert.scm
guilesitedir = $(datarootdir)/guile/site/@GUILE_EFFECTIVE_VERSION@
guileobjectdir = $(libdir)/guile/@GUILE_EFFECTIVE_VERSION@/site-ccache
diff --git a/doc/cuirass.texi b/doc/cuirass.texi
index db46a33..4441996 100644
--- a/doc/cuirass.texi
+++ b/doc/cuirass.texi
@@ -57,6 +57,7 @@ Documentation License''.
* Parameters:: Cuirass parameters.
* Build modes:: Build modes.
* Invocation:: How to run Cuirass.
+* Authentication:: Configuring TLS authentication.
* Web API:: Description of the Web API.
* Database:: About the database schema.
@@ -711,6 +712,39 @@ Display the actual version of @code{cuirass}.
Display an help message that summarize all the options provided.
@end table
+@c *********************************************************************
+@node Authentication
+@chapter Authentication
+@cindex authentication
+
+It is necessary to be authenticated to accomplish some of the actions
+exposed via the web interface of Cuirass, such as cancelling or
+restarting a build. The authentication mechanism of Cuirass currently
+relies on the use of a private TLS certificate authority.
+
+To automate the creation of new user certificates, the
+@file{etc/new-client-cert.scm} Guile script can be used. It requires
+the @command{guix} command to be available and a preexisting certificate
+authority at @file{/etc/ssl-ca}. To issue a new user certificate, run
+it from your home directory with:
+
+@example
+sudo -E ./etc/new-client-cert.scm
+@end example
+
+You will be asked to input the password for the CA private key, if any,
+and again for your new certificate; save it carefully. The script
+requires to run as root to have access to the private certificate
+authority key; it outputs the new user certificate files in various
+formats to the current working directory.
+
+After your new certificate is generated, it needs to be registered with
+your web browser. To do so using GNU IceCat, for example, you can
+navigate to @samp{Parameters -> Security -> Show certificates} and then
+click the @samp{Import...} button and select to your @file{.pk12}
+personal certificate file. You should now be authenticated to perform
+privileged actions via the web interface of Cuirass.
+
@c *********************************************************************
@node Web API
@chapter Web API
diff --git a/etc/new-client-cert.scm b/etc/new-client-cert.scm
new file mode 100755
index 0000000..fa8ac5c
--- /dev/null
+++ b/etc/new-client-cert.scm
@@ -0,0 +1,90 @@
+#!/usr/bin/env -S guix shell guile openssl -- guile \\
+--no-auto-compile -e main -s
+!#
+;;;; cuirass.scm -- Cuirass public interface.
+;;; Copyright © 2023 Ricardo Wurmus <rekado@elephly.net>
+;;;
+;;; This file is part of Cuirass.
+;;;
+;;; Cuirass is free software: you can redistribute it and/or modify
+;;; it under the terms of the GNU General Public License as published by
+;;; the Free Software Foundation, either version 3 of the License, or
+;;; (at your option) any later version.
+;;;
+;;; Cuirass is distributed in the hope that it will be useful,
+;;; but WITHOUT ANY WARRANTY; without even the implied warranty of
+;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+;;; GNU General Public License for more details.
+;;;
+;;; You should have received a copy of the GNU General Public License
+;;; along with Cuirass. If not, see <http://www.gnu.org/licenses/>.
+
+(use-modules (ice-9 match)
+ (guix build utils))
+
+(define %CA-directory
+ "/etc/ssl-ca")
+
+(define CA-key
+ (string-append %CA-directory "/private/ca.key"))
+(define CA-cert
+ (string-append %CA-directory "/certs/ca.crt"))
+
+(define* (output who file)
+ (string-append (getcwd) "/" who file))
+
+(define (key-file who)
+ "Return the absolute file name of the key file for WHO."
+ (output who ".key"))
+
+(define (csr-file who)
+ "Return the absolute file name of the CSR file for WHO."
+ (output who ".csr"))
+
+(define (client-cert-file who)
+ "Return the absolute file name of the client certificate file for
+WHO."
+ (output who ".crt"))
+
+(define (exported-cert-file who)
+ "Return the absolute file name of the pkcs12 client certificate file
+for WHO. This is the file that users should import into their
+browsers."
+ (output who ".p12"))
+
+(define (generate-csr! who)
+ "Generate a new certificate signing request and key for WHO."
+ (invoke "openssl" "req" "-newkey" "rsa:4096"
+ "-nodes" ;no password
+ "-subj"
+ (format #false "/C=DE/ST=Berlin/L=Berlin/O=GNU Guix/OU=Cuirass/CN=~a" who)
+ "-keyout" (key-file who)
+ "-out" (csr-file who)))
+
+(define* (generate-client-certificate! who #:key (expiry 365))
+ "Generate a client certificate for WHO."
+ (invoke "openssl" "x509" "-req"
+ "-in" (csr-file who)
+ "-CA" CA-cert
+ "-CAkey" CA-key
+ "-out" (client-cert-file who)
+ "-days" (number->string expiry)))
+
+(define (export-p12! who)
+ (invoke "openssl" "pkcs12" "-export"
+ "-in" (client-cert-file who)
+ "-inkey" (key-file who)
+ "-out" (exported-cert-file who)))
+
+(define (main args)
+ (match (command-line)
+ ((script)
+ (set-program-arguments (list script (or (getenv "SUDO_USER")
+ (getenv "USER"))))
+ (apply main args))
+ ((script who)
+ (generate-csr! who)
+ (generate-client-certificate! who)
+ (export-p12! who))
+ ((script . rest)
+ (format (current-error-port) "usage: ~a [name]~%" script))))

base-commit: cf4e3e4ac4a9c8d6f0d82b0a173826f15bbca7f3
--
2.39.2
M
M
Maxim Cournoyer wrote on 8 May 2023 19:07
[cuirass v2] doc: Document authentication.
(address . 63375@debbugs.gnu.org)(name . Maxim Cournoyer)(address . maxim.cournoyer@gmail.com)
20230508170701.11548-1-maxim.cournoyer@gmail.com
* etc/new-client-cert.scm: Add script.
* doc/cuirass.texi (Authentication): Document it.
* Makefile.am (noinst_SCRIPTS): Register it.
---
Makefile.am | 2 +-
doc/cuirass.texi | 34 ++++++++++++++++
etc/new-client-cert.scm | 90 +++++++++++++++++++++++++++++++++++++++++
3 files changed, 125 insertions(+), 1 deletion(-)
create mode 100755 etc/new-client-cert.scm

Toggle diff (165 lines)
diff --git a/Makefile.am b/Makefile.am
index a40a76d..62b0860 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -25,7 +25,7 @@
bin_SCRIPTS = \
bin/cuirass
-noinst_SCRIPTS = pre-inst-env
+noinst_SCRIPTS = pre-inst-env etc/new-client-cert.scm
guilesitedir = $(datarootdir)/guile/site/@GUILE_EFFECTIVE_VERSION@
guileobjectdir = $(libdir)/guile/@GUILE_EFFECTIVE_VERSION@/site-ccache
diff --git a/doc/cuirass.texi b/doc/cuirass.texi
index db46a33..4441996 100644
--- a/doc/cuirass.texi
+++ b/doc/cuirass.texi
@@ -57,6 +57,7 @@ Documentation License''.
* Parameters:: Cuirass parameters.
* Build modes:: Build modes.
* Invocation:: How to run Cuirass.
+* Authentication:: Configuring TLS authentication.
* Web API:: Description of the Web API.
* Database:: About the database schema.
@@ -711,6 +712,39 @@ Display the actual version of @code{cuirass}.
Display an help message that summarize all the options provided.
@end table
+@c *********************************************************************
+@node Authentication
+@chapter Authentication
+@cindex authentication
+
+It is necessary to be authenticated to accomplish some of the actions
+exposed via the web interface of Cuirass, such as cancelling or
+restarting a build. The authentication mechanism of Cuirass currently
+relies on the use of a private TLS certificate authority.
+
+To automate the creation of new user certificates, the
+@file{etc/new-client-cert.scm} Guile script can be used. It requires
+the @command{guix} command to be available and a preexisting certificate
+authority at @file{/etc/ssl-ca}. To issue a new user certificate, run
+it from your home directory with:
+
+@example
+sudo -E ./etc/new-client-cert.scm
+@end example
+
+You will be asked to input the password for the CA private key, if any,
+and again for your new certificate; save it carefully. The script
+requires to run as root to have access to the private certificate
+authority key; it outputs the new user certificate files in various
+formats to the current working directory.
+
+After your new certificate is generated, it needs to be registered with
+your web browser. To do so using GNU IceCat, for example, you can
+navigate to @samp{Parameters -> Security -> Show certificates} and then
+click the @samp{Import...} button and select to your @file{.pk12}
+personal certificate file. You should now be authenticated to perform
+privileged actions via the web interface of Cuirass.
+
@c *********************************************************************
@node Web API
@chapter Web API
diff --git a/etc/new-client-cert.scm b/etc/new-client-cert.scm
new file mode 100755
index 0000000..fa8ac5c
--- /dev/null
+++ b/etc/new-client-cert.scm
@@ -0,0 +1,90 @@
+#!/usr/bin/env -S guix shell guile openssl -- guile \\
+--no-auto-compile -e main -s
+!#
+;;;; cuirass.scm -- Cuirass public interface.
+;;; Copyright © 2023 Ricardo Wurmus <rekado@elephly.net>
+;;;
+;;; This file is part of Cuirass.
+;;;
+;;; Cuirass is free software: you can redistribute it and/or modify
+;;; it under the terms of the GNU General Public License as published by
+;;; the Free Software Foundation, either version 3 of the License, or
+;;; (at your option) any later version.
+;;;
+;;; Cuirass is distributed in the hope that it will be useful,
+;;; but WITHOUT ANY WARRANTY; without even the implied warranty of
+;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+;;; GNU General Public License for more details.
+;;;
+;;; You should have received a copy of the GNU General Public License
+;;; along with Cuirass. If not, see <http://www.gnu.org/licenses/>.
+
+(use-modules (ice-9 match)
+ (guix build utils))
+
+(define %CA-directory
+ "/etc/ssl-ca")
+
+(define CA-key
+ (string-append %CA-directory "/private/ca.key"))
+(define CA-cert
+ (string-append %CA-directory "/certs/ca.crt"))
+
+(define* (output who file)
+ (string-append (getcwd) "/" who file))
+
+(define (key-file who)
+ "Return the absolute file name of the key file for WHO."
+ (output who ".key"))
+
+(define (csr-file who)
+ "Return the absolute file name of the CSR file for WHO."
+ (output who ".csr"))
+
+(define (client-cert-file who)
+ "Return the absolute file name of the client certificate file for
+WHO."
+ (output who ".crt"))
+
+(define (exported-cert-file who)
+ "Return the absolute file name of the pkcs12 client certificate file
+for WHO. This is the file that users should import into their
+browsers."
+ (output who ".p12"))
+
+(define (generate-csr! who)
+ "Generate a new certificate signing request and key for WHO."
+ (invoke "openssl" "req" "-newkey" "rsa:4096"
+ "-nodes" ;no password
+ "-subj"
+ (format #false "/C=DE/ST=Berlin/L=Berlin/O=GNU Guix/OU=Cuirass/CN=~a" who)
+ "-keyout" (key-file who)
+ "-out" (csr-file who)))
+
+(define* (generate-client-certificate! who #:key (expiry 365))
+ "Generate a client certificate for WHO."
+ (invoke "openssl" "x509" "-req"
+ "-in" (csr-file who)
+ "-CA" CA-cert
+ "-CAkey" CA-key
+ "-out" (client-cert-file who)
+ "-days" (number->string expiry)))
+
+(define (export-p12! who)
+ (invoke "openssl" "pkcs12" "-export"
+ "-in" (client-cert-file who)
+ "-inkey" (key-file who)
+ "-out" (exported-cert-file who)))
+
+(define (main args)
+ (match (command-line)
+ ((script)
+ (set-program-arguments (list script (or (getenv "SUDO_USER")
+ (getenv "USER"))))
+ (apply main args))
+ ((script who)
+ (generate-csr! who)
+ (generate-client-certificate! who)
+ (export-p12! who))
+ ((script . rest)
+ (format (current-error-port) "usage: ~a [name]~%" script))))

base-commit: cf4e3e4ac4a9c8d6f0d82b0a173826f15bbca7f3
--
2.39.2
M
M
Maxim Cournoyer wrote on 11 May 2023 06:34
[cuirass v3] doc: Document authentication.
(address . 63375@debbugs.gnu.org)(name . Maxim Cournoyer)(address . maxim.cournoyer@gmail.com)
20230511043452.14263-1-maxim.cournoyer@gmail.com
* etc/new-client-cert.scm: Add script.
* doc/cuirass.texi (Authentication): Document it.
* Makefile.am (noinst_SCRIPTS): Register it.
---
Makefile.am | 2 +-
doc/cuirass.texi | 86 ++++++++++++++++++++++++++++
etc/new-client-cert.scm | 121 ++++++++++++++++++++++++++++++++++++++++
3 files changed, 208 insertions(+), 1 deletion(-)
create mode 100755 etc/new-client-cert.scm

Toggle diff (255 lines)
diff --git a/Makefile.am b/Makefile.am
index a40a76d..62b0860 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -25,7 +25,7 @@
bin_SCRIPTS = \
bin/cuirass
-noinst_SCRIPTS = pre-inst-env
+noinst_SCRIPTS = pre-inst-env etc/new-client-cert.scm
guilesitedir = $(datarootdir)/guile/site/@GUILE_EFFECTIVE_VERSION@
guileobjectdir = $(libdir)/guile/@GUILE_EFFECTIVE_VERSION@/site-ccache
diff --git a/doc/cuirass.texi b/doc/cuirass.texi
index db46a33..728ca7f 100644
--- a/doc/cuirass.texi
+++ b/doc/cuirass.texi
@@ -13,6 +13,7 @@ Copyright @copyright{} 2016, 2017 Mathieu Lirzin@*
Copyright @copyright{} 2017, 2020, 2021 Mathieu Othacehe@*
Copyright @copyright{} 2018, 2021 Ludovic Courtès@*
Copyright @copyright{} 2018 Clément Lassieur
+Copyright @copyright{} 2023 Maxim Cournoyer@*
@quotation
Permission is granted to copy, distribute and/or modify this document
@@ -57,6 +58,7 @@ Documentation License''.
* Parameters:: Cuirass parameters.
* Build modes:: Build modes.
* Invocation:: How to run Cuirass.
+* Authentication:: Configuring TLS authentication.
* Web API:: Description of the Web API.
* Database:: About the database schema.
@@ -711,6 +713,90 @@ Display the actual version of @code{cuirass}.
Display an help message that summarize all the options provided.
@end table
+@c *********************************************************************
+@node Authentication
+@chapter Authentication
+@cindex authentication
+
+Cuirass does not provide its own authentication mechanism; by default,
+any user can do anything via its web interface. To restrict this to
+only authorized users, one approach is to proxy the Cuirass web site via
+a web server such as Nginx and configure the web server to require
+client certificate verification for pages under the @samp{/admin}
+prefix. The following minimal Nginx configuration can be used to
+accomplish this on a Guix System:
+
+@lisp
+(service nginx-service-type
+ (nginx-configuration
+ (server-blocks
+ (list
+ ;; TLS is required for authentication; serve the site via
+ ;; HTTPS only.
+ (nginx-server-configuration
+ (listen '("80"))
+ (raw-content
+ (list "return 308 https://$host$request_uri;")))
+
+ (nginx-server-configuration
+ (listen '("443 ssl"))
+ (server-name '("ci.your-host.org"))
+ (ssl-certificate "/etc/certs/ci.your-host.org.crt")
+ (ssl-certificate-key "/etc/certs/ci.your-host.org.key")
+ (locations
+ (list
+ ;; Proxy the whole Cuirass web site...
+ (nginx-location-configuration
+ (uri "/")
+ (body (list "proxy_pass http://localhost:8081;")))
+ ;; ... but require authentication for the admin pages.
+ (nginx-location-configuration
+ (uri "~ ^/admin")
+ (body
+ (list "if ($ssl_client_verify != SUCCESS) \
+@{ return 403; @} proxy_pass http://localhost:8081;")))))
+ (raw-content
+ ;; Register your self-generated certificate authority.
+ (list "ssl_client_certificate /etc/ssl-ca/certs/ca.crt;"
+ "ssl_verify_client optional;")))))))
+@end lisp
+
+Your host TLS certificate could have been obtained via Let's Encrypt or
+directly via the @command{openssl} command, among other means. To
+create a private certificate authority (CA) that can sign user
+certificates, a convenience script is provided. It's main requirement
+is to have the @command{guix} command available. It can be invoked
+like:
+
+@example
+sudo -E ./etc/new-client-cert.scm --generate-ca
+@end example
+
+It should generate the @file{/etc/ssl-ca/private/ca.key} private key as
+well as the @file{/etc/ssl-ca/certs/ca.crt} certificate authority as
+used in the Nginx configuration above.
+
+To issue a new user certificate, run the same script from your home
+directory with:
+
+@example
+sudo -E ./etc/new-client-cert.scm
+@end example
+
+You will be asked to input the password for the CA private key, if any,
+and again for your new certificate; save it carefully. The script
+requires to run as root to have access to the private certificate
+authority key; it outputs the new user certificate files to the current
+working directory.
+
+After your new CA-signed user certificate is generated, it needs to be
+registered with your web browser. To do so using GNU IceCat, for
+example, you can navigate to @samp{Parameters -> Security -> Show
+certificates} and then click the @samp{Import...} button and select your
+@file{.pk12} personal certificate file. The web interface of Cuirass
+should now only allow authenticated users to perform administrative
+tasks.
+
@c *********************************************************************
@node Web API
@chapter Web API
diff --git a/etc/new-client-cert.scm b/etc/new-client-cert.scm
new file mode 100755
index 0000000..4fac772
--- /dev/null
+++ b/etc/new-client-cert.scm
@@ -0,0 +1,121 @@
+#!/usr/bin/env -S guix shell guile openssl -- guile \\
+--no-auto-compile -e main -s
+!#
+;;;; cuirass.scm -- Cuirass public interface.
+;;; Copyright © 2023 Ricardo Wurmus <rekado@elephly.net>
+;;; Copyright © 2023 Maxim Cournoyer <maxim.cournoyer@gmail.com>
+;;;
+;;; This file is part of Cuirass.
+;;;
+;;; Cuirass is free software: you can redistribute it and/or modify
+;;; it under the terms of the GNU General Public License as published by
+;;; the Free Software Foundation, either version 3 of the License, or
+;;; (at your option) any later version.
+;;;
+;;; Cuirass is distributed in the hope that it will be useful,
+;;; but WITHOUT ANY WARRANTY; without even the implied warranty of
+;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+;;; GNU General Public License for more details.
+;;;
+;;; You should have received a copy of the GNU General Public License
+;;; along with Cuirass. If not, see <http://www.gnu.org/licenses/>.
+
+(use-modules (ice-9 format)
+ (ice-9 match)
+ (guix build utils))
+
+(define %user (or (getenv "SUDO_USER")
+ (getenv "USER")))
+
+(define %user-id (passwd:uid (getpwnam %user)))
+
+(define %group-id (passwd:gid (getpwnam %user)))
+
+(define %CA-directory
+ "/etc/ssl-ca")
+
+(define subject-template
+ "/C=DE/ST=Berlin/L=Berlin/O=GNU Guix/OU=Cuirass/CN=~a")
+
+(define CA-key
+ (string-append %CA-directory "/private/ca.key"))
+(define CA-cert
+ (string-append %CA-directory "/certs/ca.crt"))
+
+(define* (output who file)
+ (string-append (getcwd) "/" who file))
+
+(define (key-file who)
+ "Return the absolute file name of the key file for WHO."
+ (output who ".key"))
+
+(define (csr-file who)
+ "Return the absolute file name of the CSR file for WHO."
+ (output who ".csr"))
+
+(define (client-cert-file who)
+ "Return the absolute file name of the client certificate file for
+WHO."
+ (output who ".crt"))
+
+(define (exported-cert-file who)
+ "Return the absolute file name of the pkcs12 client certificate file
+for WHO. This is the file that users should import into their
+browsers."
+ (output who ".p12"))
+
+(define (generate-ca!)
+ "Generate a private certificate authority (CA) valid for 10 years."
+ (mkdir-p (dirname CA-key))
+ (mkdir-p (dirname CA-cert))
+ (invoke "openssl" "req" "-newkey" "rsa" "-x509" "-days" "3650"
+ "-noenc" ;no password
+ "-subj" (format #false "~@?" subject-template "Cuirass CA")
+ "-keyout" CA-key "-out" CA-cert))
+
+(define (generate-csr! who)
+ "Generate a new certificate signing request and key for WHO."
+ (let ((key (key-file who))
+ (csr (csr-file who)))
+ (invoke "openssl" "req" "-newkey" "rsa"
+ "-noenc" ;no password
+ "-subj" (format #false "~@?" subject-template who)
+ "-keyout" key
+ "-out" csr)
+ (chown key %user-id %group-id)
+ (chown csr %user-id %group-id)))
+
+(define* (generate-client-certificate! who #:key (expiry 365))
+ "Generate a client certificate for WHO."
+ (let ((cert (client-cert-file who)))
+ (invoke "openssl" "x509" "-req"
+ "-in" (csr-file who)
+ "-CA" CA-cert
+ "-CAkey" CA-key
+ "-out" cert
+ "-days" (number->string expiry))
+ (chown cert %user-id %group-id)))
+
+(define (export-p12! who)
+ (let ((key (key-file who))
+ (exported-cert (exported-cert-file who)))
+ (invoke "openssl" "pkcs12" "-export"
+ "-in" (client-cert-file who)
+ "-inkey" key
+ "-out" exported-cert)
+ (chown key %user-id %group-id)
+ (chown exported-cert %user-id %group-id)))
+
+(define (main args)
+ (match (command-line)
+ ((script)
+ (set-program-arguments (list script %user))
+ (apply main args))
+ ((script "--generate-ca")
+ (generate-ca!))
+ ((script who)
+ (generate-csr! who)
+ (generate-client-certificate! who)
+ (export-p12! who))
+ ((script . rest)
+ (format (current-error-port) "usage: ~a [--generate-ca|name]~%" script))))

base-commit: cf4e3e4ac4a9c8d6f0d82b0a173826f15bbca7f3
--
2.39.2
S
S
Simon Tournier wrote on 16 May 2023 14:23
86fs7w79e0.fsf@gmail.com
Hi Maxim,

On Thu, 11 May 2023 at 00:34, Maxim Cournoyer <maxim.cournoyer@gmail.com> wrote:

Toggle quote (4 lines)
> * etc/new-client-cert.scm: Add script.
> * doc/cuirass.texi (Authentication): Document it.
> * Makefile.am (noinst_SCRIPTS): Register it.

Well, this LGTM. For what my eyes are worth on this topic. :-)


Cheers,
simon
M
M
Maxim Cournoyer wrote on 19 May 2023 05:54
(name . Simon Tournier)(address . zimon.toutoune@gmail.com)
875y8pkmbe.fsf@gmail.com
Hi Simon,

Simon Tournier <zimon.toutoune@gmail.com> writes:

Toggle quote (10 lines)
> Hi Maxim,
>
> On Thu, 11 May 2023 at 00:34, Maxim Cournoyer <maxim.cournoyer@gmail.com> wrote:
>
>> * etc/new-client-cert.scm: Add script.
>> * doc/cuirass.texi (Authentication): Document it.
>> * Makefile.am (noinst_SCRIPTS): Register it.
>
> Well, this LGTM. For what my eyes are worth on this topic. :-)

Thanks! I am not in the .guix-authorizations of the Cuirass repo, so
I'll need one of the Shepherd committers (CC'd) to install the change.

--
Thanks,
Maxim
L
L
Ludovic Courtès wrote on 14 Jun 2023 23:17
Re: bug#63375: [cuirass] doc: Document authentication.
(name . Maxim Cournoyer)(address . maxim.cournoyer@gmail.com)
87cz1xrbfo.fsf_-_@gnu.org
Hi Maxim,

Maxim Cournoyer <maxim.cournoyer@gmail.com> skribis:

Toggle quote (4 lines)
> * etc/new-client-cert.scm: Add script.
> * doc/cuirass.texi (Authentication): Document it.
> * Makefile.am (noinst_SCRIPTS): Register it.

I had completely overlooked this patch; great work! Applied now.

BTW, if you’re interested, I can add you to ‘.guix-authorizations’ of
course; we need to increase the bus factor. Let me know what you think!

Thanks, and apologies for the delay.

Ludo’.
Closed
M
M
Maxim Cournoyer wrote on 15 Jun 2023 15:46
Re: bug#63375: closed (Re: bug#63375: [cuirass] doc: Document authentication.)
(name . GNU bug Tracking System)(address . help-debbugs@gnu.org)(address . 63375@debbugs.gnu.org)
87h6r8vnx7.fsf@gmail.com
Hi,

help-debbugs@gnu.org (GNU bug Tracking System) writes:

Toggle quote (33 lines)
> Your bug report
>
> #63375: [cuirass] doc: Document authentication.
>
> which was filed against the guix-patches package, has been closed.
>
> The explanation is attached below, along with your original report.
> If you require more details, please reply to 63375@debbugs.gnu.org.
>
> --
> 63375: https://debbugs.gnu.org/cgi/bugreport.cgi?bug=63375
> GNU Bug Tracking System
> Contact help-debbugs@gnu.org with problems
>
> From: Ludovic Courtès <ludo@gnu.org>
> Subject: Re: bug#63375: [cuirass] doc: Document authentication.
> To: Maxim Cournoyer <maxim.cournoyer@gmail.com>
> Cc: rekado@elephly.net, 63375-done@debbugs.gnu.org, efraim@flashner.co.il, othacehe@gnu.org
> Date: Wed, 14 Jun 2023 23:17:15 +0200 (16 hours, 28 minutes, 1 second ago)
>
> Hi Maxim,
>
> Maxim Cournoyer <maxim.cournoyer@gmail.com> skribis:
>
>> * etc/new-client-cert.scm: Add script.
>> * doc/cuirass.texi (Authentication): Document it.
>> * Makefile.am (noinst_SCRIPTS): Register it.
>
> I had completely overlooked this patch; great work! Applied now.
>
> BTW, if you’re interested, I can add you to ‘.guix-authorizations’ of
> course; we need to increase the bus factor. Let me know what you think!

I'd be happy to be added to it. I have at least a small UI bug I'd like
to fix.

Toggle quote (2 lines)
> Thanks, and apologies for the delay.

Thank you!

--
Maxim
?
Your comment

This issue is archived.

To comment on this conversation send an email to 63375@debbugs.gnu.org

To respond to this issue using the mumi CLI, first switch to it
mumi current 63375
Then, you may apply the latest patchset in this issue (with sign off)
mumi am -- -s
Or, compose a reply to this issue
mumi compose
Or, send patches to this issue
mumi send-email *.patch