Hello! The manual describes how to fetch Guix from Git in section ‘14.1 Building from Git’, including how to verify the authenticity of the copy. Quoting the part in question:
> If you want to hack Guix itself, it is recommended to use the latest > version from the Git repository: > > git clone https://git.savannah.gnu.org/git/guix.git > > How do you ensure that you obtained a genuine copy of the > repository? To do that, run ‘guix git authenticate’, passing if the > commit and OpenPGP fingerprint of the “channel introduction” (*note > Invoking guix git authenticate::): > > guix git authenticate 9edb3f66fd807b096b48283debdcddccfea34bad \ > "BBB0 2DDF 2CEA F6A8 0D1D E643 A2A0 6DF2 A33A 54FA" > > This command completes with exit code zero on success; it prints an > error message and exits with a non-zero code otherwise. I have encountered two problems here: 1.‘guix git authenticate’ only works after the branch ‘keyring’ has been set up locally; I’ve been told to achieve this with the command ‘git fetch upstream keyring:keyring’, but ‘git checkout keyring’ has worked for me, too. After that, it seems to be necessary to switch back to the master branch to successfully run ‘guix git authenticate’. I think the commands for this should be included in this section. 2. The word ‘if’ seems to be a typo of ‘it’. I first thought that the sentence was incomplete and that the command should pass if the commit and the fingerprint [did something]. :) Not sure how the first one would be solved the best. Best of wishes // Tirifto