Let us know if you have any questions about setting up authorization.
I'm planning to create a template that can be used with cookiecutter for quickly setting up a Guix channel.
Not unlike this one for doing C development with
guix shell:
Let us know if you have any questions about setting up authorization.
I my main question is, do all the commits need to be signed? Or just the 'introduction' commit?
On the topic of channels, something else that is on my list is to understand how to setup 'pre-inst' scripts. Like the one found at https://codeberg.org/SystemCrafters/crafted-guix/src/commit/fc831fa6b54e77e923b5d72509dffcc75c13da97/pre-inst-env. I'm unsure why one needs to add
:+:to the path. Currently I doguix $subcmd -L . ....
Ok, I've setup the gpg keyring. Can I pick any signed commit as the introduction one or does it have to be the first commit in the branch? Any way to verify that things are working as expected for guix?
Any way to verify that things are working as expected for guix?
Here's a just file that I use locally with guixrus:
channel_git_keyring := "origin/keyring" channel_intro_commit := "7c67c3a9f299517bfc4ce8235628657898dd26b2" channel_intro_signer := "CD2D 5EAA A98C CB37 DA91 D6B0 5F58 1664 7F8B E551" email := "jgart@dismail.de" alias v := auth alias r := repl alias a := ares alias c := chans alias b := build-package alias l := lint-package @build-package package: ./pre-inst-env guix build {{package}} @lint-package package: ./pre-inst-env guix lint -n {{package}} auth: guix git authenticate --keyring={{channel_git_keyring}} \ --cache-key=channels/guix --stats "{{channel_intro_commit}}" "{{channel_intro_signer}}" repl: guix repl --listen=tcp:37146 -L ./conf ares: guix shell guile-next guix guile-ares-rs -- guile \ -c "((@ (nrepl server) run-nrepl-server) #:port 7888)" chans: cat .guix-authorizationsSee the
authtarget orguix git authenticate
Can I pick any signed commit as the introduction one or does it have to be the first commit in the branch?
IIRC it can be any.
I my main question is, do all the commits need to be signed? Or just the 'introduction' commit?
All the commits need to be signed. There's a way to automate that signing. Let me know if you need more info on that.
Lately, I just make sure to commit with
git commit -Sin order to sign because I don't sign all my projects.Maybe there's a way to add a gitconfig or .dir.locals for configuring automated signing just for your Guix channel.
I'm going to be working on a channel template for Guix channels soon and this would be a good option to prompt for when first generating the template.
Ok, I got everything working now. I had to use git filter-branch to sign past commits and then --allow-downgrades on the first pull
git filter-branch --commit-filter 'git commit-tree -S "$@";' <root-commit>..HEADThanks for all the help!
~puercopop Nice and congrats!
Can you send a patch adding the
gluechannel to the toys search instance?If so, here are some instructions on how to do that:
https://git.sr.ht/~whereiseveryone/toys#join
Let me know if you have any questions.
Thanks!