summary refs log tree commit diff
path: root/doc
diff options
context:
space:
mode:
authorLudovic Courtès <ludo@gnu.org>2024-05-07 15:54:44 +0200
committerLudovic Courtès <ludo@gnu.org>2024-05-25 16:23:56 +0200
commit73b3f941d7d911a1b2bb2bf77d37cb3a12ed4291 (patch)
treee9bad56f9dd556a77c7fe52ade2a418b14d49716 /doc
parent0efa1daad354216e9ce2adb078eb4d5254792e49 (diff)
downloadguix-73b3f941d7d911a1b2bb2bf77d37cb3a12ed4291.tar.gz
maint: Suggest ‘guix git authenticate’ for initial authentication.
The previous recommendation, running ‘make authenticate’, was insecure
because it led users to run code from the very repository they want to
authenticate:

  https://lists.gnu.org/archive/html/guix-devel/2024-04/msg00252.html

* Makefile.am (commit_v1_0_0, channel_intro_commit)
(channel_intro_signer, GUIX_GIT_KEYRING, authenticate): Remove.
* Makefile.am (.git/hooks/%): New target, generalization of previous
‘.git/hooks/pre-push’ target.
(nodist_noinst_DATA): Add ‘.git/hooks/post-merge’.
* doc/contributing.texi (Building from Git): Suggest ‘guix git
authenticate’ instead of ‘make authenticate’.
* etc/git/post-merge: New file.
* etc/git/pre-push: Run ‘guix git authenticate’ instead of ‘make
authenticate’.

Reviewed-by: Maxim Cournoyer <maxim.cournoyer@gmail.com>
Reported-by: Skyler Ferris <skyvine@protonmail.com>
Change-Id: Ia415aa8375013d0dd095e891116f6ce841d93efd
Diffstat (limited to 'doc')
-rw-r--r--doc/contributing.texi30
1 files changed, 23 insertions, 7 deletions
diff --git a/doc/contributing.texi b/doc/contributing.texi
index ecff6300bf..a0d6b5304a 100644
--- a/doc/contributing.texi
+++ b/doc/contributing.texi
@@ -276,25 +276,41 @@ From there on, you can authenticate all the commits included in your
 checkout by running:
 
 @example
-make authenticate
+guix git authenticate \
+  9edb3f66fd807b096b48283debdcddccfea34bad \
+  "BBB0 2DDF 2CEA F6A8 0D1D  E643 A2A0 6DF2 A33A 54FA"
 @end example
 
 The first run takes a couple of minutes, but subsequent runs are faster.
+On subsequent runs, you can run the command without any arguments since
+the @dfn{introduction} (the commit ID and OpenPGP fingerprints above)
+will have been recorded@footnote{This requires a recent version of Guix,
+from May 2024 or more recent.}:
 
-Or, when your configuration for your local Git repository doesn't match
+@example
+guix git authenticate
+@end example
+
+When your configuration for your local Git repository doesn't match
 the default one, you can provide the reference for the @code{keyring}
-branch through the variable @code{GUIX_GIT_KEYRING}.  The following
+branch @i{via} the @option{-k} option.  The following
 example assumes that you have a Git remote called @samp{myremote}
 pointing to the official repository:
 
 @example
-make authenticate GUIX_GIT_KEYRING=myremote/keyring
+guix git authenticate \
+  -k myremote/keyring \
+  9edb3f66fd807b096b48283debdcddccfea34bad \
+  "BBB0 2DDF 2CEA F6A8 0D1D  E643 A2A0 6DF2 A33A 54FA"
 @end example
 
+@xref{Invoking guix git authenticate}, for more information on this
+command.
+
 @quotation Note
-You are advised to run @command{make authenticate} after every
-@command{git pull} invocation.  This ensures you keep receiving valid
-changes to the repository.
+By default, hooks are installed such that @command{guix git
+authenticate} is invoked anytime you run @command{git pull} or
+@command{git push}.
 @end quotation
 
 After updating the repository, @command{make} might fail with an error