doc: Mention "make authenticate".
* doc/contributing.texi (Building from Git): Add instructions to run 'git verify-commit' and 'make authenticate'.
This commit is contained in:
parent
787766ed1e
commit
b3011dbbd2
@ -38,6 +38,48 @@ version from the Git repository:
|
||||
git clone https://git.savannah.gnu.org/git/guix.git
|
||||
@end example
|
||||
|
||||
@cindex authentication, of a Guix checkout
|
||||
How do you ensure that you obtained a genuine copy of the repository?
|
||||
Guix itself provides a tool to @dfn{authenticate} your checkout, but you
|
||||
must first make sure this tool is genuine in order to ``bootstrap'' the
|
||||
trust chain. To do that, run:
|
||||
|
||||
@c XXX: Adjust instructions when there's a known tag to start from.
|
||||
@example
|
||||
git verify-commit `git log --format=%H build-aux/git-authenticate.scm`
|
||||
@end example
|
||||
|
||||
The output must look something like:
|
||||
|
||||
@example
|
||||
gpg: Signature made Fri 27 Dec 2019 01:27:41 PM CET
|
||||
gpg: using RSA key 3CE464558A84FDC69DB40CFB090B11993D9AEBB5
|
||||
@dots{}
|
||||
gpg: Signature made Fri 27 Dec 2019 01:25:22 PM CET
|
||||
gpg: using RSA key 3CE464558A84FDC69DB40CFB090B11993D9AEBB5
|
||||
@dots{}
|
||||
@end example
|
||||
|
||||
@noindent
|
||||
... meaning that changes to this file are all signed with key
|
||||
@code{3CE464558A84FDC69DB40CFB090B11993D9AEBB5} (you may need to fetch
|
||||
this key from a key server, if you have not done it yet).
|
||||
|
||||
From there on, you can authenticate all the commits included in your
|
||||
checkout by running:
|
||||
|
||||
@example
|
||||
make authenticate
|
||||
@end example
|
||||
|
||||
The first run takes a couple of minutes, but subsequent runs are faster.
|
||||
|
||||
@quotation Note
|
||||
You are advised to run @command{make authenticate} after every
|
||||
@command{git pull} invocation. This ensures you keep receiving valid
|
||||
changes to the repository
|
||||
@end quotation
|
||||
|
||||
The easiest way to set up a development environment for Guix is, of
|
||||
course, by using Guix! The following command starts a new shell where
|
||||
all the dependencies and appropriate environment variables are set up to
|
||||
|
Loading…
Reference in New Issue
Block a user