[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Losing signing keys for custom Guix channel
|
From: |
elaexuotee |
|
Subject: |
Re: Losing signing keys for custom Guix channel |
|
Date: |
Fri, 29 Mar 2024 12:42:57 +0900 |
|
User-agent: |
mblaze/1.2 |
> > from reading about guix authentication I think the new signing key
> > must be first added to the .guix-authoriations file and that commit
> > must signed with the current signing keys before the new signing
> > key can be used.
>
> Yes, it’s likely the problem; the rest of the description you gave
> elaexuotee looks fine to me.
>
> (No need to rewrite the history; changing the introduction is enough.)
>
> Ludo’.
Well, the catch 22 is that I've lost the original key and so can only sign
.guix-authorizations with the new one.
> (No need to rewrite the history; changing the introduction is enough.)
Without the old key, I'm gathering that a history rewrite is the only way right
now. Seems like a fresh channel introduction should be enough, but our current
authorization check appears to look at earlier commits even in that case, IIUC.
Maybe forcing history rewrites on key loss is the desired behavior? I'm not
sure. From a client perspective, the only difference is whether or not you have
to specify --allow-downgrades on the next pull. In either case a channel intro
update is necessary.