Commit graph

6 commits

Author SHA1 Message Date
Ludovic Courtès
73b3f941d7
maint: Suggest ‘guix git authenticate’ for initial authentication.
The previous recommendation, running ‘make authenticate’, was insecure
because it led users to run code from the very repository they want to
authenticate:

  https://lists.gnu.org/archive/html/guix-devel/2024-04/msg00252.html

* Makefile.am (commit_v1_0_0, channel_intro_commit)
(channel_intro_signer, GUIX_GIT_KEYRING, authenticate): Remove.
* Makefile.am (.git/hooks/%): New target, generalization of previous
‘.git/hooks/pre-push’ target.
(nodist_noinst_DATA): Add ‘.git/hooks/post-merge’.
* doc/contributing.texi (Building from Git): Suggest ‘guix git
authenticate’ instead of ‘make authenticate’.
* etc/git/post-merge: New file.
* etc/git/pre-push: Run ‘guix git authenticate’ instead of ‘make
authenticate’.

Reviewed-by: Maxim Cournoyer <maxim.cournoyer@gmail.com>
Reported-by: Skyler Ferris <skyvine@protonmail.com>
Change-Id: Ia415aa8375013d0dd095e891116f6ce841d93efd
2024-05-25 16:23:56 +02:00
Leo Famulari
80ebcdd100
maint: Only run make authenticate when pushing commits.
* etc/git/pre-push: Exit early when deleting a branch.
2020-12-14 12:15:06 -05:00
Ludovic Courtès
6f6758c45d
maint: Adjust comment in 'pre-push' hook.
* etc/git/pre-push: Adjust comment.
2020-06-01 00:51:38 +02:00
Ludovic Courtès
e65a44649e
maint: Git pre-push hook runs "make authenticate check-channel-news".
* etc/git/pre-push: Change to run "make authenticate check-channel-news".
2020-05-29 18:31:38 +02:00
Leo Famulari
f0d0c5bb18
etc: The pre-push hook says which commits failed the signature check.
* etc/git/pre-push: Check each commit's signature individually so that
we can report which commits fail the check.
2017-02-08 03:42:08 +01:00
Leo Famulari
69355e1283
doc: Add a Git hook that verifies signatures before pushing.
* HACKING (Commit Access): Describe the pre-push Git hook.
* etc/git/pre-push: New file.
2017-01-04 16:27:20 -05:00