guix-bioinformatics
/
guix
mirror of http://git.savannah.gnu.org/git/guix.git
3
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

doc: Recommend running 'guix git authenticate' when cloning the repo. 

* doc/contributing.texi (Building from Git): Adjust instruction and
recommend 'guix git authenticate'.
wip-filesearch
Ludovic Courtès 2 years ago
parent
2f648809e3
commit
63c799c1c5
No known key found for this signature in database GPG Key ID: 90B11993D9AEBB5
1 changed files with 16 additions and 19 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 35
      doc/contributing.texi

35
doc/contributing.texi
View File

@ -42,30 +42,27 @@ git clone https://git.savannah.gnu.org/git/guix.git
@cindex authentication, of a Guix checkout
How do you ensure that you obtained a genuine copy of the repository?
Guix itself provides a tool to @dfn{authenticate} your checkout, but you
must first make sure this tool is genuine in order to ``bootstrap'' the
trust chain. To do that, run:
To do that, run @command{guix git authenticate}, passing if the commit
and OpenPGP fingerprint of the @dfn{channel introduction}
(@pxref{Invoking guix git authenticate}):
@c XXX: Adjust instructions when there's a known tag to start from.
@c The commit and fingerprint below must match those of the channel
@c introduction in '%default-channels'.
@example
git verify-commit `git log --format=%H build-aux/git-authenticate.scm`
@end example
The output must look something like:
@example
gpg: Signature made Fri 27 Dec 2019 01:27:41 PM CET
gpg: using RSA key 3CE464558A84FDC69DB40CFB090B11993D9AEBB5
@dots{}
gpg: Signature made Fri 27 Dec 2019 01:25:22 PM CET
gpg: using RSA key 3CE464558A84FDC69DB40CFB090B11993D9AEBB5
@dots{}
guix git authenticate 9edb3f66fd807b096b48283debdcddccfea34bad \
"BBB0 2DDF 2CEA F6A8 0D1D E643 A2A0 6DF2 A33A 54FA"
@end example
@noindent
... meaning that changes to this file are all signed with key
@code{3CE464558A84FDC69DB40CFB090B11993D9AEBB5} (you may need to fetch
this key from a key server, if you have not done it yet).
This command completes with exit code zero on success; it prints an
error message and exits with a non-zero code otherwise.
As you can see, there is a chicken-and-egg problem: you first need to
have Guix installed. Typically you would install Guix System
(@pxref{System Installation}) or Guix on top of another distro
(@pxref{Binary Installation}); in either case, you would verify the
OpenPGP signature on the installation medium. This ``bootstraps'' the
trust chain.
The easiest way to set up a development environment for Guix is, of
course, by using Guix! The following command starts a new shell where

Write Preview
Loading…
Cancel
Save