tribes/guix

Fork 0

mirror of https://git.savannah.gnu.org/git/guix.git synced 2026-04-07 21:50:35 +02:00

Commit Graph

Author	SHA1	Message	Date
Maxim Cournoyer	83dfc5475d	etc: Ensure guix.authenticate section is populated in post-merge hook. This provides some extra automation. * etc/git/post-merge [!guix.authenticate.introduction-commit]: Run initial 'guix authenticate' command, as documented in (info "(guix) Building from Git"). Fixes: <https://issues.guix.gnu.org/80564> Change-Id: I5775514c6b8785213e2d0e834bdd7e3a961c8930 Reported-by: Tomas Volf <~@wolfsden.cz>	2026-03-24 08:53:50 +09:00
Ludovic Courtès	73b3f941d7	maint: Suggest ‘guix git authenticate’ for initial authentication. The previous recommendation, running ‘make authenticate’, was insecure because it led users to run code from the very repository they want to authenticate: https://lists.gnu.org/archive/html/guix-devel/2024-04/msg00252.html * Makefile.am (commit_v1_0_0, channel_intro_commit) (channel_intro_signer, GUIX_GIT_KEYRING, authenticate): Remove. * Makefile.am (.git/hooks/%): New target, generalization of previous ‘.git/hooks/pre-push’ target. (nodist_noinst_DATA): Add ‘.git/hooks/post-merge’. * doc/contributing.texi (Building from Git): Suggest ‘guix git authenticate’ instead of ‘make authenticate’. * etc/git/post-merge: New file. * etc/git/pre-push: Run ‘guix git authenticate’ instead of ‘make authenticate’. Reviewed-by: Maxim Cournoyer <maxim.cournoyer@gmail.com> Reported-by: Skyler Ferris <skyvine@protonmail.com> Change-Id: Ia415aa8375013d0dd095e891116f6ce841d93efd	2024-05-25 16:23:56 +02:00

Author

SHA1

Message

Date

Maxim Cournoyer

83dfc5475d

etc: Ensure guix.authenticate section is populated in post-merge hook.

This provides some extra automation.

* etc/git/post-merge [!guix.authenticate.introduction-commit]: Run
initial 'guix authenticate' command, as documented in (info "(guix) Building
from Git").

Fixes: <https://issues.guix.gnu.org/80564>
Change-Id: I5775514c6b8785213e2d0e834bdd7e3a961c8930
Reported-by: Tomas Volf <~@wolfsden.cz>

2026-03-24 08:53:50 +09:00

Ludovic Courtès

73b3f941d7

maint: Suggest ‘guix git authenticate’ for initial authentication.

The previous recommendation, running ‘make authenticate’, was insecure
because it led users to run code from the very repository they want to
authenticate:

  https://lists.gnu.org/archive/html/guix-devel/2024-04/msg00252.html

* Makefile.am (commit_v1_0_0, channel_intro_commit)
(channel_intro_signer, GUIX_GIT_KEYRING, authenticate): Remove.
* Makefile.am (.git/hooks/%): New target, generalization of previous
‘.git/hooks/pre-push’ target.
(nodist_noinst_DATA): Add ‘.git/hooks/post-merge’.
* doc/contributing.texi (Building from Git): Suggest ‘guix git
authenticate’ instead of ‘make authenticate’.
* etc/git/post-merge: New file.
* etc/git/pre-push: Run ‘guix git authenticate’ instead of ‘make
authenticate’.

Reviewed-by: Maxim Cournoyer <maxim.cournoyer@gmail.com>
Reported-by: Skyler Ferris <skyvine@protonmail.com>
Change-Id: Ia415aa8375013d0dd095e891116f6ce841d93efd

2024-05-25 16:23:56 +02:00

2 Commits