04/04: doc: Mention "make authenticate".

guix-commits

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

04/04: doc: Mention "make authenticate".

From:	guix-commits
Subject:	04/04: doc: Mention "make authenticate".
Date:	Fri, 27 Dec 2019 07:53:05 -0500 (EST)

civodul pushed a commit to branch master
in repository guix.

commit b3011dbbd2235eb2308de6855e9a377de7e484f6
Author: Ludovic Courtès <address@hidden>
Date:   Fri Dec 27 13:52:05 2019 +0100

    doc: Mention "make authenticate".
    
    * doc/contributing.texi (Building from Git): Add instructions to run
    'git verify-commit' and 'make authenticate'.
---
 doc/contributing.texi | 42 ++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 42 insertions(+)

diff --git a/doc/contributing.texi b/doc/contributing.texi
index 3c13005..e656676 100644
--- a/doc/contributing.texi
+++ b/doc/contributing.texi
@@ -38,6 +38,48 @@ version from the Git repository:
 git clone https://git.savannah.gnu.org/git/guix.git
 @end example
 
+@cindex authentication, of a Guix checkout
+How do you ensure that you obtained a genuine copy of the repository?
+Guix itself provides a tool to @dfn{authenticate} your checkout, but you
+must first make sure this tool is genuine in order to ``bootstrap'' the
+trust chain.  To do that, run:
+
+@c XXX: Adjust instructions when there's a known tag to start from.
+@example
+git verify-commit `git log --format=%H build-aux/git-authenticate.scm`
+@end example
+
+The output must look something like:
+
+@example
+gpg: Signature made Fri 27 Dec 2019 01:27:41 PM CET
+gpg:                using RSA key 3CE464558A84FDC69DB40CFB090B11993D9AEBB5
+@dots{}
+gpg: Signature made Fri 27 Dec 2019 01:25:22 PM CET
+gpg:                using RSA key 3CE464558A84FDC69DB40CFB090B11993D9AEBB5
+@dots{}
+@end example
+
+@noindent
+... meaning that changes to this file are all signed with key
+@code{3CE464558A84FDC69DB40CFB090B11993D9AEBB5} (you may need to fetch
+this key from a key server, if you have not done it yet).
+
+From there on, you can authenticate all the commits included in your
+checkout by running:
+
+@example
+make authenticate
+@end example
+
+The first run takes a couple of minutes, but subsequent runs are faster.
+
+@quotation Note
+You are advised to run @command{make authenticate} after every
+@command{git pull} invocation.  This ensures you keep receiving valid
+changes to the repository
+@end quotation
+
 The easiest way to set up a development environment for Guix is, of
 course, by using Guix!  The following command starts a new shell where
 all the dependencies and appropriate environment variables are set up to

[Prev in Thread]

Current Thread

[Next in Thread]

branch master updated (6ab59cf -> b3011db), guix-commits, 2019/12/27
- 04/04: doc: Mention "make authenticate"., guix-commits <=
- 01/04: Add 'build-aux/git-authenticate.scm'., guix-commits, 2019/12/27
- 03/04: git-authenticate: Keep a local cache of previously-authenticated commits., guix-commits, 2019/12/27
- 02/04: git: 'commit-difference' takes a list of excluded commits., guix-commits, 2019/12/27

Prev by Date: branch master updated (6ab59cf -> b3011db)
Next by Date: 01/04: Add 'build-aux/git-authenticate.scm'.
Previous by thread: branch master updated (6ab59cf -> b3011db)
Next by thread: 01/04: Add 'build-aux/git-authenticate.scm'.
Index(es):
- Date
- Thread