GNU bug report logs - #53827
[PATCH] Add a TLDR entry to the cookbook for building Guix from Git.

Reported by: Pierre-Henry Fröhring <contact <at> phfrohring.com>

Date: Sun, 6 Feb 2022 21:36:01 UTC

Severity: normal

Tags: patch

Message #17 received at 53827 <at> debbugs.gnu.org (full text, mbox):

From: Maxime Devos <maximedevos <at> telenet.be>
To: Pierre-Henry Fröhring <contact <at> phfrohring.com>, 
 53827 <at> debbugs.gnu.org
Subject: Re: [bug#53827] [PATCH] Add a TLDR entry to the cookbook for
 building Guix from Git.
Date: Sun, 06 Feb 2022 23:06:32 +0100

[Message part 1 (text/plain, inline)]

Pierre-Henry Fröhring schreef op zo 06-02-2022 om 22:33 [+0100]:
> +guix environment guix --pure --ad-hoc fd
> +./bootstrap
> +guix_db_prefix=$(fd -p '.*/guix/db$' /)
> +guix_db_prefix=$@{guix_db_prefix%/guix/db@}

What's this 'fd' and guix_db_prefix about?
If this is necessary, shouldn't it be documented in the main manual.

> +./configure --localstatedir="$guix_db_prefix"
> +exit
> +make authenticate

This "make authenticate" gives a false sense of security -- the MITM
attacker could have changed the Makefile.am to let the 'authenticate'
target be a no-op.  Likewise, authentication must happen before
./bootstrap and ./configure otherwise it's too late.

Also, didn't this authentication already happen in

> +@node Authentication
> +@section Authentication
> +
> +@example
> +git fetch origin keyring:keyring
> +guix git authenticate 9edb3f66fd807b096b48283debdcddccfea34bad \
> +  "BBB0 2DDF 2CEA F6A8 0D1D  E643 A2A0 6DF2 A33A 54FA"

Greetings,
Maxime.

[signature.asc (application/pgp-signature, inline)]

This bug report was last modified 3 years and 121 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.

GNU bug report logs - #53827 [PATCH] Add a TLDR entry to the cookbook for building Guix from Git.

GNU bug report logs - #53827
[PATCH] Add a TLDR entry to the cookbook for building Guix from Git.