aboutsummaryrefslogtreecommitdiff
path: root/contrib/guix/guix-attest
AgeCommit message (Collapse)Author
2022-03-15guix: make it possible to override gpg binaryPavol Rusnak
For example on Qubes OS one might want to use qubes-gpg-client-wrapper instead
2021-08-18guix: Don't include directory name in SHA256SUMSAndrew Chow
The SHA256SUMS file can be used in a sha256sum -c command to verify downloaded binaries. However users are likely to download just a single file and not place this file in the correct directory relative to the SHA256SUMS file for the simple verification command to work. By not including the directory name in the SHA256SUMS file, it will be easier for users to verify downloaded binaries. Co-authored-by: Carl Dong <contact@carldong.me>
2021-08-05release: Release with separate SHA256SUMS and sig filesCarl Dong
This allows us to remove the rfc4880 EOL hacks and release with a SHA256SUMS.asc file that's a combination of all signer signatures.
2021-07-28guix: Remove extra \r from all.SHA256SUMS line endingAndrew Chow
guix-attest mistakenly added an extra \r to the line endings in all.SHA256SUMS, causing guix-verify to erroneously fail. Co-Authored-By: Carl Dong <contact@carldong.me>
2021-07-22guix: Make all.SHA256SUMS rather than codesigned.SHA256SUMSAndrew Chow
2021-07-19guix-attest: Produce and sign normalized documentsCarl Dong
That way we can easily combine the document and detached signature to produce cleartext signature files for upload during the release process. See subsequent commits which modify doc/release-process.md for more details.
2021-07-08guix: Update various check_tools listsCarl Dong
2021-06-14guix-attest: Error out if SHA256SUMS is unexpectedCarl Dong
2021-06-09Rewrite guix-{attest,verify} for new hierCarl Dong
2021-05-03guix-attest: Avoid incomplete sigdirs with ERR trapsCarl Dong
Sometimes GPG connects to the wrong agent... or you don't have your smartcard handy...
2021-05-03guix: Skip attesting to dist-archiveCarl Dong
We already attest to the relevant dist-archive in inputs.SHA256SUMS, which is recorded at build-time. We use a SKIPATTEST.TAG file to indicate output directories which do not require attestation (much like the CACHEDIR.TAG specification). Generally, it's better to have build scripts declare properties of directories instead of introducing name-based special cases in attest scripts since build scripts have a more detailed context of what is going on.
2021-05-03guix: Attest to inputs in inputs.SHA256SUMSCarl Dong
At build/codesigning-time, hash build inputs and output the digest to ${OUTDIR}/inputs.SHA256SUMS, which gets included in the final SHA256SUMS constructed by guix-attest. Example final SHA256SUMS: ee832d2a35b7701bff581dea05a536118b118e3ad0a587a2855b6ee8cd6fba20 inputs/bitcoin-78199266af7b.tar.gz ca765e70a0c12866dd63c0be228b675278a26329e5f8f5b5c52fd09200fedf21 bitcoin-78199266af7b-powerpc64le-linux-gnu-debug.tar.gz dae95327d7f2c324e2728c4b73627be6cb2c0d2f2e5bea940d1d5e6463939327 bitcoin-78199266af7b-powerpc64le-linux-gnu.tar.gz
2021-05-03guix-attest: Allow skipping GPG signing with NO_SIGNCarl Dong
2021-05-03guix-attest: Use ascii-armor signaturesCarl Dong
2021-05-03guix-attest: Only use cross-platform flags for find+xargsCarl Dong
2021-05-03guix: Add guix-attest scriptCarl Dong
generated by cgit v1.2.3 (git 2.26.2) at 2024-09-15 10:34:14 +0000