Hi, Looks like it's working. I was able to complete the "building from git" section of the documentation after an update of guix. Thanks everyone.
Le sam. 9 sept. 2023 à 11:01, Simon Tournier <[email protected]> a écrit : > Hi, > > On Thu, 07 Sep 2023 at 19:45, wolf <[email protected]> wrote: > > >> The Makefile does not run ‘guix git authenticate’ using ./pre-inst-env. > >> And that’s probably to ensure the source of trust. If one corrupt the > >> commit that is built, then ’make authenticate’ would authenticate the > >> corruption because it would run the corrupted newly built guix command. > >> Currently, ’make authenticate’ run one guix command that had already > >> been authenticated. Well, that’s my understanding. > > > > Hmm, but the recipe for the authenticate rule comes from the (possibly) > > compromised source, no? So the attacker can just modify the recipe > instead of > > the command going the authentication. Am I missing something? > > Yes, the corruption of Makefile.am can be the corruption I was talking > about. > > Well, for more explanations one can maybe read: > > [bug#57909] bug#57910: [PATCH] Add link to 'pre-inst-env' from > 'installing from git' docs > Ludovic Courtès <[email protected]> > Sat, 24 Sep 2022 17:58:29 +0200 > id:[email protected] > https://issues.guix.gnu.org//57910 > https://issues.guix.gnu.org/msgid/[email protected] > https://yhetil.org/guix/[email protected] > > [bug#57909] bug#57910: [PATCH] Add link to 'pre-inst-env' from > 'installing from git' docs > Maxime Devos <[email protected]> > Sat, 24 Sep 2022 18:23:10 +0200 > id:[email protected] > https://issues.guix.gnu.org//57910 > > https://issues.guix.gnu.org/msgid/[email protected] > > https://yhetil.org/guix/[email protected] > > Cheers, > simon >
