Previous: The GCC toolchain, Up: Development [Contents][Index]
guix git authenticateThe guix git authenticate command authenticates a Git checkout
following the same rule as for channels (see channel authentication). That is, starting from a given commit, it
ensures that all subsequent commits are signed by an OpenPGP key whose
fingerprint appears in the .guix-authorizations file of its
parent commit(s).
You will find this command useful if you maintain a channel. But in fact, this authentication mechanism is useful in a broader context, so you might want to use it for Git repositories that have nothing to do with Guix.
The general syntax is:
guix git authenticate commit signer [options…]
By default, this command authenticates the Git checkout in the current directory; it outputs nothing and exits with exit code zero on success and non-zero on failure. commit above denotes the first commit where authentication takes place, and signer is the OpenPGP fingerprint of public key used to sign commit. Together, they form a channel introduction (see channel introduction). On your first successful run, the introduction is recorded in the .git/config file of your checkout, allowing you to omit them from subsequent invocations:
guix git authenticate [options…]
Should you have branches that require different introductions, you can
specify them directly in .git/config. For example, if the branch
called personal-fork has a different introduction than other
branches, you can extend .git/config along these lines:
[guix "authentication-personal-fork"] introduction-commit = cabba936fd807b096b48283debdcddccfea3900d introduction-signer = C0FF EECA BBA9 E6A8 0D1D E643 A2A0 6DF2 A33A 54FA keyring = keyring
The first run also attempts to install pre-push and post-merge hooks,
such that guix git authenticate is invoked as soon as you run
git push, git pull, and related commands; it does
not overwrite preexisting hooks though.
The command-line options described below allow you to fine-tune the process.
--repository=directory-r directoryOpen the Git repository in directory instead of the current directory.
--keyring=reference-k referenceLoad OpenPGP keyring from reference, the reference of a branch
such as origin/keyring or my-keyring. The branch must
contain OpenPGP public keys in .key files, either in binary form
or “ASCII-armored”. By default the keyring is loaded from the branch
named keyring.
--end=commitAuthenticate revisions up to commit.
--statsDisplay commit signing statistics upon completion.
--cache-key=keyPreviously-authenticated commits are cached in a file under ~/.cache/guix/authentication. This option forces the cache to be stored in file key in that directory.
--historical-authorizations=fileBy default, any commit whose parent commit(s) lack the .guix-authorizations file is considered inauthentic. In contrast, this option considers the authorizations in file for any commit that lacks .guix-authorizations. The format of file is the same as that of .guix-authorizations (see .guix-authorizations format).
Previous: The GCC toolchain, Up: Development [Contents][Index]