Anterior: A cadeia de ferramentas do GCC, Acima: Desenvolvimento [Conteúdo][Índice]
guix git authenticate
The guix git authenticate
command authenticates a Git checkout
following the same rule as for channels (veja channel authentication). That is, starting from a given commit, it ensures
that all subsequent commits are signed by an OpenPGP key whose fingerprint
appears in the .guix-authorizations file of its parent commit(s).
You will find this command useful if you maintain a channel. But in fact, this authentication mechanism is useful in a broader context, so you might want to use it for Git repositories that have nothing to do with Guix.
A sintaxe geral é:
guix git authenticate commit signer [options…]
By default, this command authenticates the Git checkout in the current directory; it outputs nothing and exits with exit code zero on success and non-zero on failure. commit above denotes the first commit where authentication takes place, and signer is the OpenPGP fingerprint of public key used to sign commit. Together, they form a channel introduction (veja channel introduction). On your first successful run, the introduction is recorded in the .git/config file of your checkout, allowing you to omit them from subsequent invocations:
guix git authenticate [options…]
Should you have branches that require different introductions, you can
specify them directly in .git/config. For example, if the branch
called personal-fork
has a different introduction than other
branches, you can extend .git/config along these lines:
[guix "authentication-personal-fork"] introduction-commit = cabba936fd807b096b48283debdcddccfea3900d introduction-signer = C0FF EECA BBA9 E6A8 0D1D E643 A2A0 6DF2 A33A 54FA keyring = keyring
The first run also attempts to install pre-push and post-merge hooks, such
that guix git authenticate
is invoked as soon as you run
git push
, git pull
, and related commands; it does not
overwrite preexisting hooks though.
The command-line options described below allow you to fine-tune the process.
--repository=directory
-r directory
Open the Git repository in directory instead of the current directory.
--keyring=reference
-k reference
Load OpenPGP keyring from reference, the reference of a branch such as
origin/keyring
or my-keyring
. The branch must contain OpenPGP
public keys in .key files, either in binary form or
“ASCII-armored”. By default the keyring is loaded from the branch named
keyring
.
--end=commit
Authenticate revisions up to commit.
--stats
Display commit signing statistics upon completion.
--cache-key=key
Previously-authenticated commits are cached in a file under ~/.cache/guix/authentication. This option forces the cache to be stored in file key in that directory.
--historical-authorizations=file
By default, any commit whose parent commit(s) lack the .guix-authorizations file is considered inauthentic. In contrast, this option considers the authorizations in file for any commit that lacks .guix-authorizations. The format of file is the same as that of .guix-authorizations (veja .guix-authorizations format).
Anterior: A cadeia de ferramentas do GCC, Acima: Desenvolvimento [Conteúdo][Índice]