Re: Building from git

[Nicolas Débonnaire]

Hi,

Looks like it's working.

I was able to complete the "building from git" section of the documentation after an update of guix.

Thanks everyone.

Le sam. 9 sept. 2023 à 11:01, Simon Tournier <zimon.toutoune@gmail.com> a écrit :

Hi,

On Thu, 07 Sep 2023 at 19:45, wolf <wolf@wolfsden.cz> wrote:

>> The Makefile does not run ‘guix git authenticate’ using ./pre-inst-env.
>> And that’s probably to ensure the source of trust.  If one corrupt the
>> commit that is built, then ’make authenticate’ would authenticate the
>> corruption because it would run the corrupted newly built guix command.
>> Currently, ’make authenticate’ run one guix command that had already
>> been authenticated.  Well, that’s my understanding.
>
> Hmm, but the recipe for the authenticate rule comes from the (possibly)
> compromised source, no?  So the attacker can just modify the recipe instead of
> the command going the authentication.  Am I missing something?

Yes, the corruption of Makefile.am can be the corruption I was talking about.

Well, for more explanations one can maybe read:

        [bug#57909] bug#57910: [PATCH] Add link to 'pre-inst-env' from 'installing from git' docs
        Ludovic Courtès <ludo@gnu.org>
        Sat, 24 Sep 2022 17:58:29 +0200
        id:87k05s7oii.fsf_-_@gnu.org
        https://issues.guix.gnu.org//57910
        https://issues.guix.gnu.org/msgid/87k05s7oii.fsf_-_@gnu.org
        https://yhetil.org/guix/87k05s7oii.fsf_-_@gnu.org

        [bug#57909] bug#57910: [PATCH] Add link to 'pre-inst-env' from 'installing from git' docs
        Maxime Devos <maximedevos@telenet.be>
        Sat, 24 Sep 2022 18:23:10 +0200
        id:ec49e6c2-a542-7d95-0d73-10b2816c59d2@telenet.be
        https://issues.guix.gnu.org//57910
        https://issues.guix.gnu.org/msgid/ec49e6c2-a542-7d95-0d73-10b2816c59d2@telenet.be
        https://yhetil.org/guix/ec49e6c2-a542-7d95-0d73-10b2816c59d2@telenet.be

Cheers,
simon