aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorLudovic Courtès <ludo@gnu.org>2020-07-22 15:04:21 +0200
committerLudovic Courtès <ludo@gnu.org>2020-07-23 00:22:25 +0200
commit63c799c1c585214cce4bfe3b9f8493255afa561e (patch)
treea374f7b8fcb0af2a3e28f2d251986b380ef7a903
parent2f648809e3eccd8997e671b2105b055e3d51db61 (diff)
downloadguix-63c799c1c585214cce4bfe3b9f8493255afa561e.tar
guix-63c799c1c585214cce4bfe3b9f8493255afa561e.tar.gz
doc: Recommend running 'guix git authenticate' when cloning the repo.
* doc/contributing.texi (Building from Git): Adjust instruction and recommend 'guix git authenticate'.
-rw-r--r--doc/contributing.texi35
1 files changed, 16 insertions, 19 deletions
diff --git a/doc/contributing.texi b/doc/contributing.texi
index 4049073b96..f5d73e78aa 100644
--- a/doc/contributing.texi
+++ b/doc/contributing.texi
@@ -42,30 +42,27 @@ git clone https://git.savannah.gnu.org/git/guix.git
@cindex authentication, of a Guix checkout
How do you ensure that you obtained a genuine copy of the repository?
-Guix itself provides a tool to @dfn{authenticate} your checkout, but you
-must first make sure this tool is genuine in order to ``bootstrap'' the
-trust chain. To do that, run:
+To do that, run @command{guix git authenticate}, passing if the commit
+and OpenPGP fingerprint of the @dfn{channel introduction}
+(@pxref{Invoking guix git authenticate}):
-@c XXX: Adjust instructions when there's a known tag to start from.
+@c The commit and fingerprint below must match those of the channel
+@c introduction in '%default-channels'.
@example
-git verify-commit `git log --format=%H build-aux/git-authenticate.scm`
-@end example
-
-The output must look something like:
-
-@example
-gpg: Signature made Fri 27 Dec 2019 01:27:41 PM CET
-gpg: using RSA key 3CE464558A84FDC69DB40CFB090B11993D9AEBB5
-@dots{}
-gpg: Signature made Fri 27 Dec 2019 01:25:22 PM CET
-gpg: using RSA key 3CE464558A84FDC69DB40CFB090B11993D9AEBB5
-@dots{}
+guix git authenticate 9edb3f66fd807b096b48283debdcddccfea34bad \
+ "BBB0 2DDF 2CEA F6A8 0D1D E643 A2A0 6DF2 A33A 54FA"
@end example
@noindent
-... meaning that changes to this file are all signed with key
-@code{3CE464558A84FDC69DB40CFB090B11993D9AEBB5} (you may need to fetch
-this key from a key server, if you have not done it yet).
+This command completes with exit code zero on success; it prints an
+error message and exits with a non-zero code otherwise.
+
+As you can see, there is a chicken-and-egg problem: you first need to
+have Guix installed. Typically you would install Guix System
+(@pxref{System Installation}) or Guix on top of another distro
+(@pxref{Binary Installation}); in either case, you would verify the
+OpenPGP signature on the installation medium. This ``bootstraps'' the
+trust chain.
The easiest way to set up a development environment for Guix is, of
course, by using Guix! The following command starts a new shell where