Add @horizon namespace.

Question

Add @horizon namespace.

Closed this issue 6 months ago · 13 comments

locallycompact commented 8 months ago

Horizon now has a foliage instance at https://packages.horizon-haskell.net/

Would we be able to add an @ horizon namespace at flora.pm?

Answer 1 · 2024-01-14T11:02:13.000Z

With great pleasure!

Answer 2 · 2024-01-21T18:13:48.000Z

@locallycompact hey, it appears you aren't documenting the root keys of your foliage instance. It would be helpful for adoption if you could provide a sample cabal config to produce your package repo. We would like to include this configuration bit in the namespace for flora, similarly to this: https://flora.pm/documentation/namespaces#cardano-packages

Answer 3 · 2024-02-04T13:50:29.000Z

I'm not sure what I've done wrong here. At the time of writing, I believe this should be true.

repository horizon
  url: https://packages.horizon-haskell.net/
  secure: True
  root-keys:
    29b2edcf288217a83d29e59ad7bd32f854697392489651147fc13aecbd02c14e
    565119309501f67e66ae7d465f799a579c88e4e0929605b6a6cf08ae05e3977c
    6e9e65a9b9c819be8d3e7e7f949c795d930c9d0e3ebc6b92b449a6033b231420

The repository is here:

https://gitlab.horizon-haskell.net/publishing/horizon-haskell-packages

Result:

> cabal update
Config file path source is default config file.
Config file not found: /home/lc/.config/cabal/config
Writing default configuration to /home/lc/.config/cabal/config
Downloading the latest package lists from:
- hackage.haskell.org
- horizon
<repo>/root.json does not have enough signatures signed with the appropriate keys

It should be the result of this artifact: https://gitlab.horizon-haskell.net/publishing/horizon-haskell-packages/-/jobs/1226097

cat root.json  | jq
{
  "signatures": [
    {
      "keyid": "29b2edcf288217a83d29e59ad7bd32f854697392489651147fc13aecbd02c14e",
      "method": "ed25519",
      "sig": "GhESrCZsH5s8WoL2JOzwIxGX8cOtvwgmKa55b1uPFWTLZPaEBelJoZFFGHY+jbQqStVNSH0Ir0CSfroxOLtoCg=="
    },
    {
      "keyid": "565119309501f67e66ae7d465f799a579c88e4e0929605b6a6cf08ae05e3977c",
      "method": "ed25519",
      "sig": "Xyl9opdykVaNS3IzEgvz0W/ctiyk5zQ/UoQ9XlyrrJn4DEB20W0Ye2OusOJDZplLT2FCSdxwcGkEU0pdqC2QBA=="
    },
    {
      "keyid": "6e9e65a9b9c819be8d3e7e7f949c795d930c9d0e3ebc6b92b449a6033b231420",
      "method": "ed25519",
      "sig": "d/OR10TECPAIPF/ps9XLMyCA3hsKUge8/hLS6CdgdAFclt+cgIWFuNbiunnJxjQ5BQkHoAkwUxsBjXCPcYcuCQ=="
    }
  ],

That seems to be the case here: https://packages.horizon-haskell.net/root.json

Answer 4 · 2024-02-04T14:45:35.000Z

Actually I think this might just be botched on my machine.

Edit: Confirmed, false alarm. I think we can go ahead.

Answer 5 · 2024-02-07T12:38:58.000Z

@locallycompact I'll try and have a look at this over the weekend for you :)

Answer 6 · 2024-03-21T22:50:34.000Z

@locallycompact @andreabedini

Hello, thanks for your patience! Unfortunately we have ran into this error:

<repo>/root.json does not have enough signatures signed with the appropriate keys
Expected at least 2 signatures from:
  272e995c7a74de109518100e1422193fe5e5971e52c92b98147c9355b47d7bb6
  ea5c1bc0944dabe64d9d68c6813a8141d747cda042b870576d7af63a2326c31b
  eb47482ddf51da1d3610094f5c57a626d42cfd7d9c248f53e23420b02b21c695
Found signatures from:
  29b2edcf288217a83d29e59ad7bd32f854697392489651147fc13aecbd02c14e
  565119309501f67e66ae7d465f799a579c88e4e0929605b6a6cf08ae05e3977c
  6e9e65a9b9c819be8d3e7e7f949c795d930c9d0e3ebc6b92b449a6033b231420

In doubt, we have tried to use both of these keys - it appears that there could possibly be a misconfiguration of foliage on the server.

Answer 7 · 2024-03-22T07:24:11.000Z

Where is the first set of three keys from?

Answer 8 · 2024-03-22T14:01:43.000Z

All looks good to me.

~/Scratchpad/tmp-horizon
λ cat cabal.project
repository horizon
  url: https://packages.horizon-haskell.net/
  secure: True
  root-keys:
    29b2edcf288217a83d29e59ad7bd32f854697392489651147fc13aecbd02c14e
    565119309501f67e66ae7d465f799a579c88e4e0929605b6a6cf08ae05e3977c
    6e9e65a9b9c819be8d3e7e7f949c795d930c9d0e3ebc6b92b449a6033b231420

~/Scratchpad/tmp-horizon 8s
λ cabal update horizon
...
Updating index cache file /home/andrea/.cabal/packages/horizon/01-index.cache
...
Package list of horizon has been updated.
The index-state is set to 2024-02-27T15:08:00Z.

~/Scratchpad/tmp-horizon
λ cat ~/.cabal/packages/horizon/root.json | jq -r ".signatures[].keyid"
29b2edcf288217a83d29e59ad7bd32f854697392489651147fc13aecbd02c14e
565119309501f67e66ae7d465f799a579c88e4e0929605b6a6cf08ae05e3977c
6e9e65a9b9c819be8d3e7e7f949c795d930c9d0e3ebc6b92b449a6033b231420

Answer 9 · 2024-03-22T14:04:37.000Z

@andreabedini @mau5mat would you mind giving me the output of your respective cabal --version?

Answer 10 · 2024-03-22T14:09:29.000Z

~/Scratchpad/tmp-horizon
λ cabal --version
cabal-install version 3.10.2.1
compiled using version 3.10.2.1 of the Cabal library

note that cabal follows trust-on-first-use, if by any chance you have a leftover $CABAL_DIR/packages/horizon/root.json laying around, cabal will use that file to validate the repo.
But that's easy to fix: rm -rf $CABAL_DIR/packages/horizon.

Answer 11 · 2024-03-22T14:11:38.000Z

Where is the first set of three keys from?

Not quite sure, it was part of the error message - we had tried building it with the keys that were provided.

@andreabedini @mau5mat would you mind giving me the output of your respective cabal --version?

cabal-install version 3.11.0.0
compiled using version 3.11.0.0 of the Cabal library

Answer 12 · 2024-03-22T18:14:45.000Z

note that cabal follows trust-on-first-use, if by any chance you have a leftover $CABAL_DIR/packages/horizon/root.json laying around, cabal will use that file to validate the repo. But that's easy to fix: rm -rf $CABAL_DIR/packages/horizon.

This seems to have fixed the issue and has unblocked the rest of the work, thank you! 🚀

Answer 13 · 2024-03-27T08:52:23.000Z

fixed by #540