[bug#50814] [PATCH] guix: git-authenticate: Also authenticate the channel intro commit.

[Attila Lendvai]

* guix/git-authenticate.scm (authenticate-commit): Reword and extend the error
message to point to the relevant part of the manual.
(authenticate-repository): Explicitly authenticate the channel introduction
commit, so that it's also rejected unless it is signed by an authorized
key. Otherwise only the second commit would yield an error, which
is confusing.
---

here's how i tested this:

i set up pulling from a local checkout of guix.
in that branch i created a signed dummy commit, and added it as a channel
introduction, replacing guix in my /etc/guix/channels.scm. then tried to
guix pull, which worked.

then i added another dummy commit, which resulted in an error when pulling.

then i reset the branch back to only contain the first commit, and added
this code that then resulted in an error even with a single commit.

i have encountered it while i was trying to set up my local checkout to
test my patches on my live guix, and i was utterly confused why my commit
was rejected as unauthenticated (i misunderstood how git-authenticate
works).

 guix/git-authenticate.scm | 11 ++++++++---
 1 file changed, 8 insertions(+), 3 deletions(-)

diff --git a/guix/git-authenticate.scm b/guix/git-authenticate.scm
index ab3fcd8b2f..7d66bf0754 100644
--- a/guix/git-authenticate.scm
+++ b/guix/git-authenticate.scm
@@ -236,8 +236,8 @@ not specify anything, fall back to DEFAULT-AUTHORIZATIONS."
             (condition
              (&unauthorized-commit-error (commit id)
                                          (signing-key signing-key)))
-            (formatted-message (G_ "commit ~a not signed by an authorized \
-key: ~a")
+            (formatted-message (G_ "commit ~a is signed by an unauthorized \
+key: ~a\nSee info guix \"Specifying Channel Authorizations\".")
                                (oid->string id)
                                (openpgp-format-fingerprint
                                 (openpgp-public-key-fingerprint
@@ -424,7 +424,12 @@ denoting the authorized keys for commits whose parent lack 
the
         ;; If it's our first time, verify START-COMMIT's signature.
         (when (null? authenticated-commits)
           (verify-introductory-commit repository keyring
-                                      start-commit signer))
+                                      start-commit signer)
+          ;; Explicitly authenticate the channel introduction commit, so that
+          ;; it's also rejected unless it's signed by an authorized
+          ;; key. Otherwise only the second commit would yield an error, which
+          ;; is confusing.
+          (authenticate-commits repository (list start-commit)))
 
         (let ((stats (call-with-progress-reporter reporter
                        (lambda (report)
-- 
2.33.0