help-guix
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

guix pull: error: commit 3946540 not signed by an authorized key: 2841 9

From: Tobias Geerinckx-Rice
Subject: guix pull: error: commit 3946540 not signed by an authorized key: 2841 9AC6 5038 7440 C7E9 2FFA 2208 D209 58C1 DEB0
Date: Sat, 06 Aug 2022 20:48:09 +0200 
Hi all,

If you try to guix pull now, this is what you'll see:

  guix pull: error: commit 39465409f0481f27d252ce25d2b02d3f5cbc6723
  not signed by an authorized key:
  2841 9AC6 5038 7440 C7E9 2FFA 2208 D209 58C1 DEB0

There is and was no security risk.
This is Guix working as intended in the presence of a commit pushed earlier today. The failing commit[0] is benign, and the committer did nothing wrong.
The commit is signed by a subkey of the main key that Guix expects, and it does not deal well with that fact. This is something we'll have to discuss and probably fix, both in Guix and in the git push hook on Savannah[1].
I'm currently waiting to hear from the Savannah admins, who are the only ones who can roll back master for us. I'm not aware of any way we could do this ourselves. I'll follow up when it's done. 

Until then, you can:
1. Not pull. If your Guix was relatively recent, you're not missing much if anything. 

  2. If you must have the very latest (valid) commit, you can run:

     guix pull --commit=ad878a2c5e5313c534ccf2546cb8c978e5295ae1

     which will validate just fine.
3. I do NOT recommend disabling authentication. There is simply no benefit to that. 

TTYL,

T G-R
[0]: https://git.savannah.gnu.org/cgit/guix.git/commit/?id=39465409f0481f27d252ce25d2b02d3f5cbc6723 [1]: Which has been deficient for years, which I've known about, and did nothing about. 

Sent from a Web browser.  Excuse or enjoy my brevity.
reply via email to
[Prev in Thread] Current Thread [Next in Thread]