From 33eeb76c9bc4f55af78528c7cecfeb3b0e0c5204 Mon Sep 17 00:00:00 2001 From: "Collin J. Doering" Date: Mon, 18 Mar 2024 19:04:48 -0400 Subject: [PATCH] Make this repository a authenticated Guix channel In order to ease distribution of the various machine configurations defined within this repository, make this repository an authenticated Guix channel. * .guix-authorizations: Add a single authorized key to start * .guix-channel: Set various channel details * news.txt: Provide an initial news item --- .guix-authorizations | 11 +++++++++++ .guix-channel | 6 ++++++ news.txt | 22 ++++++++++++++++++++++ 3 files changed, 39 insertions(+) create mode 100644 .guix-authorizations create mode 100644 .guix-channel create mode 100644 news.txt diff --git a/.guix-authorizations b/.guix-authorizations new file mode 100644 index 0000000..032c6ec --- /dev/null +++ b/.guix-authorizations @@ -0,0 +1,11 @@ +;; -*- mode: scheme; -*- + +;; This is the list of OpenPGP keys currently authorized to sign commits in +;; this repository. + +(authorizations + (version 0) + + ((;; primary: "F7BD DC6D BBE6 B16B 2C71 1A02 5FAB 9938 E05B FEC8" + "F8D5 46F3 AF37 EF53 D1B6 48BE 7B4D EB93 212B 3022" + (name "rekahsoft")))) diff --git a/.guix-channel b/.guix-channel new file mode 100644 index 0000000..b3ddf82 --- /dev/null +++ b/.guix-channel @@ -0,0 +1,6 @@ +;; -*- mode: scheme; -*- + +(channel + (version 0) + (news-file "news.txt") + (url "https://git.rekahsoft.ca/rekahsoft/guix-north-america.git")) diff --git a/news.txt b/news.txt new file mode 100644 index 0000000..7d414fb --- /dev/null +++ b/news.txt @@ -0,0 +1,22 @@ +(channel-news + (version 0) + (entry (commit "6cf7f9a72eae0333705518ee865a72ea4b63399b") + (title (en "guix-north-america channel with authenticated updates")) + (body + (en "guix-north-america is now a channel (which primary is used as a means to distributes configuration). + +This channel takes advantage of support for authenticated updates in @command{guix pull}, +which protects you from attempts to tamper with this repository and ship malicious code +instead. To ensure you only receive genuine updates from this channel, you should update your +@file{~/.config/guix/channels.scm} to include the channel introduction: + +@lisp +(channel + (name 'guix-north-america) + (url \"https://git.rekahsoft.ca/rekahsoft/guix-north-america\") + (INTRODUCTION + (make-channel-introduction + \"6cf7f9a72eae0333705518ee865a72ea4b63399b\" + (openpgp-fingerprint + \"F8D5 46F3 AF37 EF53 D1B6 48BE 7B4D EB93 212B 3022\")))) +@end lisp "))))