[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
12/15: git-authenticate: Load the keyring from the repository.
From: |
guix-commits |
Subject: |
12/15: git-authenticate: Load the keyring from the repository. |
Date: |
Mon, 4 May 2020 03:59:35 -0400 (EDT) |
civodul pushed a commit to branch master
in repository guix.
commit 041dc3a9c0694ada41b86115b9774a23c9d50f73
Author: Ludovic Courtès <address@hidden>
AuthorDate: Fri May 1 18:27:21 2020 +0200
git-authenticate: Load the keyring from the repository.
* build-aux/git-authenticate.scm (load-keyring-from-blob)
(load-keyring-from-reference): New procedures.
(authenticate-commits): Add #:keyring-reference and use
'load-keyring-from-reference'.
---
build-aux/git-authenticate.scm | 40 +++++++++++++++++++++++++++++++++-------
1 file changed, 33 insertions(+), 7 deletions(-)
diff --git a/build-aux/git-authenticate.scm b/build-aux/git-authenticate.scm
index fc02f9e..632471a 100644
--- a/build-aux/git-authenticate.scm
+++ b/build-aux/git-authenticate.scm
@@ -24,7 +24,6 @@
(use-modules (git)
(guix git)
(guix openpgp)
- ((guix utils) #:select (config-directory))
(guix base16)
((guix build utils) #:select (mkdir-p))
(guix i18n)
@@ -323,15 +322,42 @@ key: ~a")
signing-key)
+(define (load-keyring-from-blob repository oid keyring)
+ "Augment KEYRING with the keyring available in the blob at OID, which may or
+may not be ASCII-armored."
+ (let* ((blob (blob-lookup repository oid))
+ (port (open-bytevector-input-port (blob-content blob))))
+ (get-openpgp-keyring (if (port-ascii-armored? port)
+ (open-bytevector-input-port (read-radix-64 port))
+ port)
+ keyring)))
+
+(define (load-keyring-from-reference repository reference)
+ "Load the '.key' files from the tree at REFERENCE in REPOSITORY and return
+an OpenPGP keyring."
+ (let* ((reference (reference-lookup repository reference))
+ (target (reference-target reference))
+ (commit (commit-lookup repository target))
+ (tree (commit-tree commit)))
+ (fold (lambda (name keyring)
+ (if (string-suffix? ".key" name)
+ (let ((entry (tree-entry-bypath tree name)))
+ (load-keyring-from-blob repository
+ (tree-entry-id entry)
+ keyring))
+ keyring))
+ %empty-keyring
+ (tree-list tree))))
+
(define* (authenticate-commits repository commits
- #:key (report-progress (const #t)))
+ #:key
+ (keyring-reference "refs/heads/keyring")
+ (report-progress (const #t)))
"Authenticate COMMITS, a list of commit objects, calling REPORT-PROGRESS for
-each of them. Return an alist showing the number of occurrences of each key."
- (define keyring-file
- (string-append (config-directory) "/keyrings/channels/guix.kbx"))
-
+each of them. Return an alist showing the number of occurrences of each key.
+The OpenPGP keyring is loaded from KEYRING-REFERENCE in REPOSITORY."
(define keyring
- (call-with-input-file keyring-file get-openpgp-keyring))
+ (load-keyring-from-reference repository keyring-reference))
(fold (lambda (commit stats)
(report-progress)
- 04/15: openpgp: Store the issuer key id and fingerprint in <openpgp-signature>., (continued)
- 04/15: openpgp: Store the issuer key id and fingerprint in <openpgp-signature>., guix-commits, 2020/05/04
- 03/15: openpgp: Decode the issuer-fingerprint signature subpacket., guix-commits, 2020/05/04
- 06/15: openpgp: 'verify-openpgp-signature' looks up by fingerprint when possible., guix-commits, 2020/05/04
- 09/15: git-authenticate: Use (guix openpgp)., guix-commits, 2020/05/04
- 10/15: .guix-authorizations: Augment., guix-commits, 2020/05/04
- 05/15: openpgp: Add 'lookup-key-by-fingerprint'., guix-commits, 2020/05/04
- 07/15: openpgp: 'lookup-key-by-{id, fingerprint}' return the key first., guix-commits, 2020/05/04
- 08/15: openpgp: Add 'string->openpgp-packet'., guix-commits, 2020/05/04
- 13/15: openpgp: Raise error conditions instead of calling 'error'., guix-commits, 2020/05/04
- 11/15: git-authenticate: Load the list of authorized keys from the tree., guix-commits, 2020/05/04
- 12/15: git-authenticate: Load the keyring from the repository.,
guix-commits <=
- 14/15: doc: Document committer authorization., guix-commits, 2020/05/04
- 15/15: doc: Recommend against SHA1 OpenPGP signatures., guix-commits, 2020/05/04