mirror of
https://git.in.rschanz.org/ryan77627/guix.git
synced 2024-12-26 06:18:07 -05:00
73b3f941d7
The previous recommendation, running ‘make authenticate’, was insecure because it led users to run code from the very repository they want to authenticate: https://lists.gnu.org/archive/html/guix-devel/2024-04/msg00252.html * Makefile.am (commit_v1_0_0, channel_intro_commit) (channel_intro_signer, GUIX_GIT_KEYRING, authenticate): Remove. * Makefile.am (.git/hooks/%): New target, generalization of previous ‘.git/hooks/pre-push’ target. (nodist_noinst_DATA): Add ‘.git/hooks/post-merge’. * doc/contributing.texi (Building from Git): Suggest ‘guix git authenticate’ instead of ‘make authenticate’. * etc/git/post-merge: New file. * etc/git/pre-push: Run ‘guix git authenticate’ instead of ‘make authenticate’. Reviewed-by: Maxim Cournoyer <maxim.cournoyer@gmail.com> Reported-by: Skyler Ferris <skyvine@protonmail.com> Change-Id: Ia415aa8375013d0dd095e891116f6ce841d93efd
3 lines
90 B
Bash
Executable file
3 lines
90 B
Bash
Executable file
#!/bin/sh
|
|
# Authenticate the repo upon 'git pull' and similar.
|
|
exec guix git authenticate
|