73b3f941d7
The previous recommendation, running ‘make authenticate’, was insecure because it led users to run code from the very repository they want to authenticate: https://lists.gnu.org/archive/html/guix-devel/2024-04/msg00252.html * Makefile.am (commit_v1_0_0, channel_intro_commit) (channel_intro_signer, GUIX_GIT_KEYRING, authenticate): Remove. * Makefile.am (.git/hooks/%): New target, generalization of previous ‘.git/hooks/pre-push’ target. (nodist_noinst_DATA): Add ‘.git/hooks/post-merge’. * doc/contributing.texi (Building from Git): Suggest ‘guix git authenticate’ instead of ‘make authenticate’. * etc/git/post-merge: New file. * etc/git/pre-push: Run ‘guix git authenticate’ instead of ‘make authenticate’. Reviewed-by: Maxim Cournoyer <maxim.cournoyer@gmail.com> Reported-by: Skyler Ferris <skyvine@protonmail.com> Change-Id: Ia415aa8375013d0dd095e891116f6ce841d93efd |
||
---|---|---|
.. | ||
completion | ||
git | ||
init.d | ||
openrc | ||
snippets | ||
substitutes | ||
teams | ||
committer.scm.in | ||
copyright.el | ||
disarchive-manifest.scm | ||
gnu-store.mount.in | ||
guix-daemon.cil.in | ||
guix-daemon.conf.in | ||
guix-daemon.service.in | ||
guix-gc.service.in | ||
guix-gc.timer | ||
guix-install.sh | ||
guix-publish.conf.in | ||
guix-publish.service.in | ||
historical-authorizations | ||
hurd-manifest.scm | ||
kernels-manifest.scm | ||
news.scm | ||
release-manifest.scm | ||
source-manifest.scm | ||
system-tests.scm | ||
teams.scm | ||
time-travel-manifest.scm |