Short version: Run
shadowenv trust to tell Shadowenv that it’s ok to run from the directory
Because of how shadowenv works (loading code from whichever directory you
cd into), it’s important
to have some concept of trusting shadowlisp code before it’s allowed to run. Shadowenv does this in
a fairly lightweight way, by marking an entire directory as trusted, and allowing any code to be run
from within it forever. The main case we’re trying to defend against is downloading a random tarball
and having it modify your environment upon
cd‘ing into it.
The first time Shadowenv runs, it will create a cryptographic signing key at
~/.config/shadowenv/trust-key. When you
cd into a directory with a
.shadowenv.d (or create
one), you’ll see an error message:
shadowenv failure: directory contains untrusted shadowenv program: shadowenv help trust to learn more.
If you run
shadowenv trust, a new file will be created at
<fingerprint> is derived from your key. The contents of the file is a signature of the
directory in which the
.shadowenv.d lives. Before loading any code, shadowenv verifies this
This signature will become invalid if you move the directory, and it does resolve symbolic links before signing.