Introduce channel authentication

Signed-off-by: Collin J. Doering <collin@rekahsoft.ca>
2020-08-09 19:50:21 -04:00 · 2020-08-09 19:50:21 -04:00 · d910ac4ca1
commit d910ac4ca1
parent d9894bbe5d
4 changed files with 157 additions and 0 deletions
--- a/.dir-locals.el
+++ b/.dir-locals.el
@ -0,0 +1,117 @@
+;; Per-directory local variables for GNU Emacs 23 and later.
+
+((nil
+  . ((fill-column . 78)
+     (tab-width   .  8)
+     (sentence-end-double-space . t)
+
+     ;; For use with 'bug-reference-prog-mode'.
+     (bug-reference-url-format . "http://git.rekahsoft.ca/rekahsoft/rekahsoft-guix/issues/%s")
+     (bug-reference-bug-regexp
+      . "<https?://git.rekahsoft.ca/rekahsoft/rekahsoft-guix/issues\\([0-9]+\\)>")))
+ (c-mode          . ((c-file-style . "gnu")))
+ (scheme-mode
+  .
+  ((indent-tabs-mode . nil)
+   (eval . (put 'eval-when 'scheme-indent-function 1))
+   (eval . (put 'call-with-prompt 'scheme-indent-function 1))
+   (eval . (put 'test-assert 'scheme-indent-function 1))
+   (eval . (put 'test-assertm 'scheme-indent-function 1))
+   (eval . (put 'test-equalm 'scheme-indent-function 1))
+   (eval . (put 'test-equal 'scheme-indent-function 1))
+   (eval . (put 'test-eq 'scheme-indent-function 1))
+   (eval . (put 'call-with-input-string 'scheme-indent-function 1))
+   (eval . (put 'guard 'scheme-indent-function 1))
+   (eval . (put 'lambda* 'scheme-indent-function 1))
+   (eval . (put 'substitute* 'scheme-indent-function 1))
+   (eval . (put 'match-record 'scheme-indent-function 2))
+
+   ;; 'modify-phases' and its keywords.
+   (eval . (put 'modify-phases 'scheme-indent-function 1))
+   (eval . (put 'replace 'scheme-indent-function 1))
+   (eval . (put 'add-before 'scheme-indent-function 2))
+   (eval . (put 'add-after 'scheme-indent-function 2))
+
+   (eval . (put 'modify-services 'scheme-indent-function 1))
+   (eval . (put 'with-directory-excursion 'scheme-indent-function 1))
+   (eval . (put 'with-file-lock 'scheme-indent-function 1))
+   (eval . (put 'with-file-lock/no-wait 'scheme-indent-function 1))
+   (eval . (put 'with-profile-lock 'scheme-indent-function 1))
+   (eval . (put 'with-writable-file 'scheme-indent-function 1))
+
+   (eval . (put 'package 'scheme-indent-function 0))
+   (eval . (put 'origin 'scheme-indent-function 0))
+   (eval . (put 'build-system 'scheme-indent-function 0))
+   (eval . (put 'bag 'scheme-indent-function 0))
+   (eval . (put 'graft 'scheme-indent-function 0))
+   (eval . (put 'operating-system 'scheme-indent-function 0))
+   (eval . (put 'file-system 'scheme-indent-function 0))
+   (eval . (put 'manifest-entry 'scheme-indent-function 0))
+   (eval . (put 'manifest-pattern 'scheme-indent-function 0))
+   (eval . (put 'substitute-keyword-arguments 'scheme-indent-function 1))
+   (eval . (put 'with-store 'scheme-indent-function 1))
+   (eval . (put 'with-external-store 'scheme-indent-function 1))
+   (eval . (put 'with-error-handling 'scheme-indent-function 0))
+   (eval . (put 'with-mutex 'scheme-indent-function 1))
+   (eval . (put 'with-atomic-file-output 'scheme-indent-function 1))
+   (eval . (put 'call-with-compressed-output-port 'scheme-indent-function 2))
+   (eval . (put 'call-with-decompressed-port 'scheme-indent-function 2))
+   (eval . (put 'call-with-gzip-input-port 'scheme-indent-function 1))
+   (eval . (put 'call-with-gzip-output-port 'scheme-indent-function 1))
+   (eval . (put 'call-with-lzip-input-port 'scheme-indent-function 1))
+   (eval . (put 'call-with-lzip-output-port 'scheme-indent-function 1))
+   (eval . (put 'signature-case 'scheme-indent-function 1))
+   (eval . (put 'emacs-batch-eval 'scheme-indent-function 0))
+   (eval . (put 'emacs-batch-edit-file 'scheme-indent-function 1))
+   (eval . (put 'emacs-substitute-sexps 'scheme-indent-function 1))
+   (eval . (put 'emacs-substitute-variables 'scheme-indent-function 1))
+   (eval . (put 'with-derivation-narinfo 'scheme-indent-function 1))
+   (eval . (put 'with-derivation-substitute 'scheme-indent-function 2))
+   (eval . (put 'with-status-report 'scheme-indent-function 1))
+   (eval . (put 'with-status-verbosity 'scheme-indent-function 1))
+   (eval . (put 'with-build-handler 'scheme-indent-function 1))
+
+   (eval . (put 'mlambda 'scheme-indent-function 1))
+   (eval . (put 'mlambdaq 'scheme-indent-function 1))
+   (eval . (put 'syntax-parameterize 'scheme-indent-function 1))
+   (eval . (put 'with-monad 'scheme-indent-function 1))
+   (eval . (put 'mbegin 'scheme-indent-function 1))
+   (eval . (put 'mwhen 'scheme-indent-function 1))
+   (eval . (put 'munless 'scheme-indent-function 1))
+   (eval . (put 'mlet* 'scheme-indent-function 2))
+   (eval . (put 'mlet 'scheme-indent-function 2))
+   (eval . (put 'run-with-store 'scheme-indent-function 1))
+   (eval . (put 'run-with-state 'scheme-indent-function 1))
+   (eval . (put 'wrap-program 'scheme-indent-function 1))
+   (eval . (put 'with-imported-modules 'scheme-indent-function 1))
+   (eval . (put 'with-extensions 'scheme-indent-function 1))
+   (eval . (put 'with-parameters 'scheme-indent-function 1))
+   (eval . (put 'let-system 'scheme-indent-function 1))
+
+   (eval . (put 'with-database 'scheme-indent-function 2))
+   (eval . (put 'call-with-transaction 'scheme-indent-function 2))
+   (eval . (put 'with-statement 'scheme-indent-function 3))
+   (eval . (put 'call-with-retrying-transaction 'scheme-indent-function 2))
+   (eval . (put 'call-with-savepoint 'scheme-indent-function 1))
+   (eval . (put 'call-with-retrying-savepoint 'scheme-indent-function 1))
+
+   (eval . (put 'call-with-container 'scheme-indent-function 1))
+   (eval . (put 'container-excursion 'scheme-indent-function 1))
+   (eval . (put 'eventually 'scheme-indent-function 1))
+
+   (eval . (put 'call-with-progress-reporter 'scheme-indent-function 1))
+   (eval . (put 'with-repository 'scheme-indent-function 2))
+   (eval . (put 'with-temporary-git-repository 'scheme-indent-function 2))
+   (eval . (put 'with-environment-variables 'scheme-indent-function 1))
+   (eval . (put 'with-fresh-gnupg-setup 'scheme-indent-function 1))
+
+   (eval . (put 'with-paginated-output-port 'scheme-indent-function 1))
+
+   ;; This notably allows '(' in Paredit to not insert a space when the
+   ;; preceding symbol is one of these.
+   (eval . (modify-syntax-entry ?~ "'"))
+   (eval . (modify-syntax-entry ?$ "'"))
+   (eval . (modify-syntax-entry ?+ "'"))))
+ (emacs-lisp-mode . ((indent-tabs-mode . nil)))
+ (texinfo-mode    . ((indent-tabs-mode . nil)
+                     (fill-column . 72))))
--- a/.guix-authorizations
+++ b/.guix-authorizations
@ -0,0 +1,9 @@
+;; This is the list of OpenPGP keys currently authorized to sign commits in
+;; this repository.
+
+(authorizations
+ (version 0)
+
+ ((;; primary: "F7BD DC6D BBE6 B16B 2C71  1A02 5FAB 9938 E05B FEC8"
+   "F8D5 46F3 AF37 EF53 D1B6  48BE 7B4D EB93 212B 3022"
+   (name "rekahsoft"))))
--- a/.guix-channel
+++ b/.guix-channel
@ -0,0 +1,6 @@
+;; -*- mode: scheme; -*-
+
+(channel
+ (version 0)
+ (news-file "news.txt")
+ (url "https://git.rekahsoft.ca/rekahsoft/rekahsoft-guix.git"))
--- a/news.txt
+++ b/news.txt
@ -0,0 +1,25 @@
+(channel-news
+ (version 0)
+
+ (entry (commit "1ac29b33f3ca19134fcbedd6dc22deb45c15229f")
+        (title (en "Nonguix authenticated updates"))
+        (body
+         (en "This is a personal channel that is meant as a staging ground
+for changes I plan on making upstream to guix, however there may be packages
+that may never be contributed due to technical or ideological reasons.
+This channel can now take advantage of the new support for
+authenticated updates in @command{guix pull}, which protects you from attempts
+to tamper with this repository and ship malicious code instead.
+To ensure you only receive genuine updates from rekahsoft-guix, you should update your
+@file{~/.config/guix/channels.scm} to include the channel introduction:
+
+@lisp
+(channel
+ (name 'rekahsoft-guix)
+ (url \"https://git.rekahsoft.ca/rekahsoft/rekahsoft-guix\")
+ (introduction
+  (make-channel-introduction
+   \"<TODO:commit-sha>\"
+   (openpgp-fingerprint
+    \"F7BD DC6D BBE6 B16B 2C71  1A02 5FAB 9938 E05B FEC8\"))))
+@end lisp "))))