Add @horizon namespace.
Closed this issue · 13 comments
Horizon now has a foliage instance at https://packages.horizon-haskell.net/
Would we be able to add an @ horizon namespace at flora.pm?
With great pleasure!
@locallycompact hey, it appears you aren't documenting the root keys of your foliage instance. It would be helpful for adoption if you could provide a sample cabal config to produce your package repo. We would like to include this configuration bit in the namespace for flora, similarly to this: https://flora.pm/documentation/namespaces#cardano-packages
I'm not sure what I've done wrong here. At the time of writing, I believe this should be true.
repository horizon
url: https://packages.horizon-haskell.net/
secure: True
root-keys:
29b2edcf288217a83d29e59ad7bd32f854697392489651147fc13aecbd02c14e
565119309501f67e66ae7d465f799a579c88e4e0929605b6a6cf08ae05e3977c
6e9e65a9b9c819be8d3e7e7f949c795d930c9d0e3ebc6b92b449a6033b231420
The repository is here:
https://gitlab.horizon-haskell.net/publishing/horizon-haskell-packages
Result:
> cabal update
Config file path source is default config file.
Config file not found: /home/lc/.config/cabal/config
Writing default configuration to /home/lc/.config/cabal/config
Downloading the latest package lists from:
- hackage.haskell.org
- horizon
<repo>/root.json does not have enough signatures signed with the appropriate keys
It should be the result of this artifact: https://gitlab.horizon-haskell.net/publishing/horizon-haskell-packages/-/jobs/1226097
cat root.json | jq
{
"signatures": [
{
"keyid": "29b2edcf288217a83d29e59ad7bd32f854697392489651147fc13aecbd02c14e",
"method": "ed25519",
"sig": "GhESrCZsH5s8WoL2JOzwIxGX8cOtvwgmKa55b1uPFWTLZPaEBelJoZFFGHY+jbQqStVNSH0Ir0CSfroxOLtoCg=="
},
{
"keyid": "565119309501f67e66ae7d465f799a579c88e4e0929605b6a6cf08ae05e3977c",
"method": "ed25519",
"sig": "Xyl9opdykVaNS3IzEgvz0W/ctiyk5zQ/UoQ9XlyrrJn4DEB20W0Ye2OusOJDZplLT2FCSdxwcGkEU0pdqC2QBA=="
},
{
"keyid": "6e9e65a9b9c819be8d3e7e7f949c795d930c9d0e3ebc6b92b449a6033b231420",
"method": "ed25519",
"sig": "d/OR10TECPAIPF/ps9XLMyCA3hsKUge8/hLS6CdgdAFclt+cgIWFuNbiunnJxjQ5BQkHoAkwUxsBjXCPcYcuCQ=="
}
],
That seems to be the case here: https://packages.horizon-haskell.net/root.json
Actually I think this might just be botched on my machine.
Edit: Confirmed, false alarm. I think we can go ahead.
@locallycompact I'll try and have a look at this over the weekend for you :)
Hello, thanks for your patience! Unfortunately we have ran into this error:
<repo>/root.json does not have enough signatures signed with the appropriate keys
Expected at least 2 signatures from:
272e995c7a74de109518100e1422193fe5e5971e52c92b98147c9355b47d7bb6
ea5c1bc0944dabe64d9d68c6813a8141d747cda042b870576d7af63a2326c31b
eb47482ddf51da1d3610094f5c57a626d42cfd7d9c248f53e23420b02b21c695
Found signatures from:
29b2edcf288217a83d29e59ad7bd32f854697392489651147fc13aecbd02c14e
565119309501f67e66ae7d465f799a579c88e4e0929605b6a6cf08ae05e3977c
6e9e65a9b9c819be8d3e7e7f949c795d930c9d0e3ebc6b92b449a6033b231420
In doubt, we have tried to use both of these keys - it appears that there could possibly be a misconfiguration of foliage on the server.
Where is the first set of three keys from?
All looks good to me.
~/Scratchpad/tmp-horizon
λ cat cabal.project
repository horizon
url: https://packages.horizon-haskell.net/
secure: True
root-keys:
29b2edcf288217a83d29e59ad7bd32f854697392489651147fc13aecbd02c14e
565119309501f67e66ae7d465f799a579c88e4e0929605b6a6cf08ae05e3977c
6e9e65a9b9c819be8d3e7e7f949c795d930c9d0e3ebc6b92b449a6033b231420
~/Scratchpad/tmp-horizon 8s
λ cabal update horizon
...
Updating index cache file /home/andrea/.cabal/packages/horizon/01-index.cache
...
Package list of horizon has been updated.
The index-state is set to 2024-02-27T15:08:00Z.
~/Scratchpad/tmp-horizon
λ cat ~/.cabal/packages/horizon/root.json | jq -r ".signatures[].keyid"
29b2edcf288217a83d29e59ad7bd32f854697392489651147fc13aecbd02c14e
565119309501f67e66ae7d465f799a579c88e4e0929605b6a6cf08ae05e3977c
6e9e65a9b9c819be8d3e7e7f949c795d930c9d0e3ebc6b92b449a6033b231420
@andreabedini @mau5mat would you mind giving me the output of your respective cabal --version
?
~/Scratchpad/tmp-horizon
λ cabal --version
cabal-install version 3.10.2.1
compiled using version 3.10.2.1 of the Cabal library
note that cabal follows trust-on-first-use, if by any chance you have a leftover $CABAL_DIR/packages/horizon/root.json
laying around, cabal will use that file to validate the repo.
But that's easy to fix: rm -rf $CABAL_DIR/packages/horizon
.
Where is the first set of three keys from?
Not quite sure, it was part of the error message - we had tried building it with the keys that were provided.
@andreabedini @mau5mat would you mind giving me the output of your respective
cabal --version
?
cabal-install version 3.11.0.0
compiled using version 3.11.0.0 of the Cabal library
note that cabal follows trust-on-first-use, if by any chance you have a leftover
$CABAL_DIR/packages/horizon/root.json
laying around, cabal will use that file to validate the repo. But that's easy to fix:rm -rf $CABAL_DIR/packages/horizon
.
This seems to have fixed the issue and has unblocked the rest of the work, thank you! 🚀