summaryrefslogtreecommitdiff
path: root/guix/git-authenticate.scm
AgeCommit message (Collapse)Author
2026-04-10guix: openpgp: Refactor openpgp-fingerprint->bytevector.Nicolas Graves
Both (guix channel) and (guix git-authenticate) use similar procedures. To refactor the one in (guix git-authenticate), move the procedure to (guix openpgp). * guix/channels.scm: Replace autoloaded import openpgp-public-key-fingerprint with openpgp-fingerprint->bytevector. (openpgp-fingerprint->bytevector): Move function definition from here... * guix/openpgp.scm (openpgp-fingerprint->bytevector): ...to here. * guix/git-authenticate.scm (read-authorizations): Use openpgp-fingerprint->bytevector. * guix/scripts/git/authenticate.scm: Avoid using the (guix channels) module. * tests/git-authenticate.scm : Likewise. Change-Id: Ifd20588fcfaab601990098bd8575ee985e87394a Reviewed-by: Danny Milosavljevic <dannym@friendly-machines.com> Signed-off-by: Nguyễn Gia Phong <cnx@loang.net>
2026-04-10guix: git-authenticate: Migrate to (srfi srfi-71).Nicolas Graves
* guix/git-authenticate.scm (commit-signing-key): Use srfi-71 instead of srfi-11 in case of multiple values. Change-Id: I6a35880bc97385b4424b7218a757c226e044555c Reviewed-by: Danny Milosavljevic <dannym@friendly-machines.com> Signed-off-by: Nguyễn Gia Phong <cnx@loang.net>
2026-01-25git-authenticate, inferior: Autoload Git modules.Ludovic Courtès
The primary motivation is that, since (guix git-authenticate) is part of the (guix describe) closure and might thus end up on the build side, autoloading allows us to not add a ‘with-extensions’ stanza for Guile-Git to every gexp that pulls in (guix describe). This situation happens with (guix platform) in the following commit. * guix/git-authenticate.scm: Explicitly autoload (git …) modules and (guix git). * guix/inferior.scm: Autoload (guix git). Change-Id: Ie26f302cd88603d2d787048213864013bfff572f Signed-off-by: Ludovic Courtès <ludo@gnu.org> Signed-off-by: Rutherther <rutherther@ditigal.xyz>
2025-08-23git-authenticate: Print a clear error message for malformed keys.Ludovic Courtès
Fixes guix/guix#1141. * guix/git-authenticate.scm (load-keyring-from-blob): Change ‘oid’ to ‘entry’ and adjust accordingly. Raise a ‘&formatted-message’ error when ‘read-radix-64’ returns #f or EOF. (load-keyring-from-reference): Adjust accordingly. Change-Id: Ib88c94dac543caf6b1e0855242ba50063c944765
2025-04-14guix: Avoid ‘fdatasync’ call for caches and regular files.Ludovic Courtès
Fixes <https://issues.guix.gnu.org/77606>. Calling ‘fdatasync’ for each and every narinfo file created by ‘guix substitute’ proved to be too expensive on spinning HDDs and/or under load (from 0.1s to 1.3s for the ‘fdatasync’ call alone). * guix/git-authenticate.scm (cache-authenticated-commit): Pass #:sync? #f. * guix/http-client.scm (http-fetch/cached): Likewise. * guix/scripts/discover.scm (write-publish-file): Likewise. * guix/scripts/style.scm (format-whole-file): Likewise. * guix/substitutes.scm (cache-narinfo!): Likewise. Reported-by: Christopher Baines <mail@cbaines.net> Change-Id: I82297eae737bc5aae8a3f7604119e9f3d4b625bf
2023-03-13guix: Strip #:use-module lists.Ludovic Courtès
This was obtained by setting up this environment: guix shell -D guix --with-input=guile@3.0.9=guile-next \ --with-commit=guile-next=e2ed33ef0445c867fe56c247054aa67e834861f2 -- make -j5 then adding 'unused-module' to (@@ (guix build compiler) %warnings), building, and checking all the "unused module" warnings and removing those that were definitely unused.
2022-02-14git-authenticate: Ensure the target is a descendant of the introductory commit.Ludovic Courtès
Fixes a bug whereby authentication of a commit *not* descending from the introductory commit could succeed, provided the commit verifies the authorization invariant. In the example below, A is a common ancestor of the introductory commit I and of commit X. Authentication of X would succeed, even though it is not a descendant of I, as long as X is authorized according to the '.guix-authorizations' in A: X I \ / A This is because, 'authenticate-repository' would not check whether X descends from I, and the call (commit-difference X I) would return X. In practice that only affects forks because it means that ancestors of the introductory commit already contain a '.guix-authorizations' file. * guix/git-authenticate.scm (authenticate-repository): Add call to 'commit-descendant?'. * tests/channels.scm ("authenticate-channel, not a descendant of introductory commit"): New test. * tests/git-authenticate.scm ("authenticate-repository, target not a descendant of intro"): New test. * tests/guix-git-authenticate.sh: Expect earlier test to fail since 9549f0283a78fe36f2d4ff2a04ef8ad6b0c02604 is not a descendant of $intro_commit. Add new test targeting an ancestor of the introductory commit, and another test targeting the v1.2.0 commit. * doc/guix.texi (Specifying Channel Authorizations): Add a sentence.
2021-02-04channels: Consider the current channel commit as authentic.Ludovic Courtès
Fixes <https://bugs.gnu.org/45895>. When the ~/.cache/guix/authentication is empty, this change allows authentication to start at the current commit, as shown by 'guix describe', instead of starting from the introductory commit, which would take more and more time (there's currently 18K commits per year). * guix/git-authenticate.scm (authenticate-repository): Add #:authentic-commits. [authenticated-commits]: Append it. * guix/channels.scm (authenticate-channel)[authentic-commits]: New variable. Pass it to 'authenticate-repository'.
2020-07-25Use 'formatted-message' instead of '&message' where appropriate.Ludovic Courtès
* gnu.scm (%try-use-modules): Use 'formatted-message' instead of '&message'. * gnu/machine/digital-ocean.scm (maybe-raise-unsupported-configuration-error): Likewise. * gnu/machine/ssh.scm (machine-check-file-system-availability): Likewise. (machine-check-building-for-appropriate-system): Likewise. (deploy-managed-host): Likewise. (maybe-raise-unsupported-configuration-error): Likewise. * gnu/packages.scm (search-patch): Likewise. * gnu/services.scm (%service-with-default-value): Likewise. (files->etc-directory): Likewise. (fold-services): Likewise. * gnu/system.scm (locale-name->definition*): Likewise. * gnu/system/mapped-devices.scm (check-device-initrd-modules): Likewise. (check-luks-device): Likewise. * guix/channels.scm (latest-channel-instance): Likewise. * guix/cve.scm (json->cve-items): Likewise. * guix/git-authenticate.scm (commit-signing-key): Likewise. (commit-authorized-keys): Likewise. (authenticate-commit): Likewise. (verify-introductory-commit): Likewise. * guix/remote.scm (remote-pipe-for-gexp): Likewise. * guix/scripts/graph.scm (assert-package): Likewise. * guix/scripts/offload.scm (private-key-from-file*): Likewise. * guix/ssh.scm (authenticate-server*): Likewise. (open-ssh-session): Likewise. (remote-inferior): Likewise. * guix/ui.scm (matching-generations): Likewise. * guix/upstream.scm (package-update): Likewise. * tests/channels.scm ("latest-channel-instances, missing introduction for 'guix'"): Catch 'formatted-message?'. ("authenticate-channel, wrong first commit signer"): Likewise. * tests/lint.scm ("patches: not found"): Adjust message string. * tests/packages.scm ("patch not found yields a run-time error"): Catch 'formatted-message?'. * guix/lint.scm (check-patch-file-names): Handle 'formatted-message?'. (check-derivation): Ditto.
2020-07-21git-authenticate: Show fingerprint in missing-key error message.Ludovic Courtès
* guix/git-authenticate.scm (commit-signing-key): In the 'missing-key' case, add call to 'openpgp-format-fingerprint'.
2020-07-11git-authenticate: Factorize 'authenticate-repository'.Ludovic Courtès
* guix/git-authenticate.scm (repository-cache-key) (verify-introductory-commit, authenticate-repository): New procedures. * guix/channels.scm (verify-introductory-commit): Remove. (authenticate-channel): Rewrite in terms of 'authenticate-repository'.
2020-06-21git-authenticate: Ignore authenticated commit cache when it's not #o600.Ludovic Courtès
* guix/git-authenticate.scm (previously-authenticated-commits): Stat PORT; return the empty list if it's no #o600 and change it to #o600.
2020-06-16git-authenticate: 'authenticate-commits' takes a #:keyring parameter.Ludovic Courtès
* guix/git-authenticate.scm (authenticate-commits): Add #:keyring parameter.
2020-06-16git-authenticate: Cache takes a key parameter.Ludovic Courtès
* guix/git-authenticate.scm (authenticated-commit-cache-file) (cache-authenticated-commit, previously-authenticated-commits): Add 'key' parameter and honor it. * build-aux/git-authenticate.scm (git-authenticate): Pass "channels/guix" as the key.
2020-06-12git-authenticate: Disallow SHA1 (and MD5) signatures.Ludovic Courtès
* guix/git-authenticate.scm (commit-signing-key): Add #:disallowed-hash-algorithms and honor it. (authenticate-commit)[recent-commit?]: New variable. Pass #:disallowed-hash-algorithms to 'commit-signing-key'. * tests/git-authenticate.scm ("signed commits, SHA1 signature"): New test.
2020-06-09git-authenticate: 'commit-authorized-keys' properly handles orphan commits.Ludovic Courtès
Previously it would trigger a wrong-number-of-arguments error for 'lset-intersection'. * guix/git-authenticate.scm (commit-authorized-keys): Add case for when 'commit-parents' returns the empty list.
2020-06-07git-authenticate: Prevent removal of '.guix-authorizations'.Ludovic Courtès
* guix/git-authenticate.scm (commit-authorized-keys) [parents-have-authorizations-file?, assert-parents-lack-authorizations]: New procedures. Use the latter before returning DEFAULT-AUTHORIZATIONS. * guix/git.scm (false-if-git-not-found): Export. * guix/tests/git.scm (populate-git-repository): Add 'remove' clause. * tests/git-authenticate.scm ("signed commits, .guix-authorizations removed"): New test.
2020-06-05git-authenticate: Raise proper SRFI-35 conditions.Ludovic Courtès
* guix/git-authenticate.scm (&git-authentication-error) (&unsigned-commit-error, &unauthorized-commit-error) (&signature-verification-error, &missing-key-error): New condition types. (commit-signing-key, authenticate-commit): Raise them.
2020-06-05git-authenticate: Don't hard-code "origin/" for keyring reference.Ludovic Courtès
* guix/git-authenticate.scm (load-keyring-from-reference): Remove hard-coded "origin/". Use BRANCH-ALL instead of BRANCH-REMOTE.
2020-06-05Add (guix git-authenticate).Ludovic Courtès
* build-aux/git-authenticate.scm (commit-signing-key) (read-authorizations, commit-authorized-keys, authenticate-commit) (load-keyring-from-blob, load-keyring-from-reference) (authenticate-commits, authenticated-commit-cache-file) (previously-authenticated-commits, cache-authenticated-commit): Remove. * build-aux/git-authenticate.scm (git-authenticate): Pass #:default-authorizations to 'authenticate-commits'. * guix/git-authenticate.scm: New file, with code taken from 'build-aux/git-authenticate.scm'. Remove references to '%historical-authorized-signing-keys' and add #:default-authorizations parameter instead. * Makefile.am (MODULES): Add it. (authenticate): Depend on guix/git-authenticate.go.