12/15: git-authenticate: Load the keyring from the repository.

[guix-commits]

civodul pushed a commit to branch master
in repository guix.

commit 041dc3a9c0694ada41b86115b9774a23c9d50f73
Author: Ludovic Courtès <address@hidden>
AuthorDate: Fri May 1 18:27:21 2020 +0200

    git-authenticate: Load the keyring from the repository.
    
    * build-aux/git-authenticate.scm (load-keyring-from-blob)
    (load-keyring-from-reference): New procedures.
    (authenticate-commits): Add #:keyring-reference and use
    'load-keyring-from-reference'.
---
 build-aux/git-authenticate.scm | 40 +++++++++++++++++++++++++++++++++-------
 1 file changed, 33 insertions(+), 7 deletions(-)

diff --git a/build-aux/git-authenticate.scm b/build-aux/git-authenticate.scm
index fc02f9e..632471a 100644
--- a/build-aux/git-authenticate.scm
+++ b/build-aux/git-authenticate.scm
@@ -24,7 +24,6 @@
 (use-modules (git)
              (guix git)
              (guix openpgp)
-             ((guix utils) #:select (config-directory))
              (guix base16)
              ((guix build utils) #:select (mkdir-p))
              (guix i18n)
@@ -323,15 +322,42 @@ key: ~a")
 
   signing-key)
 
+(define (load-keyring-from-blob repository oid keyring)
+  "Augment KEYRING with the keyring available in the blob at OID, which may or
+may not be ASCII-armored."
+  (let* ((blob (blob-lookup repository oid))
+         (port (open-bytevector-input-port (blob-content blob))))
+    (get-openpgp-keyring (if (port-ascii-armored? port)
+                             (open-bytevector-input-port (read-radix-64 port))
+                             port)
+                         keyring)))
+
+(define (load-keyring-from-reference repository reference)
+  "Load the '.key' files from the tree at REFERENCE in REPOSITORY and return
+an OpenPGP keyring."
+  (let* ((reference (reference-lookup repository reference))
+         (target    (reference-target reference))
+         (commit    (commit-lookup repository target))
+         (tree      (commit-tree commit)))
+    (fold (lambda (name keyring)
+            (if (string-suffix? ".key" name)
+                (let ((entry (tree-entry-bypath tree name)))
+                  (load-keyring-from-blob repository
+                                          (tree-entry-id entry)
+                                          keyring))
+                keyring))
+          %empty-keyring
+          (tree-list tree))))
+
 (define* (authenticate-commits repository commits
-                               #:key (report-progress (const #t)))
+                               #:key
+                               (keyring-reference "refs/heads/keyring")
+                               (report-progress (const #t)))
   "Authenticate COMMITS, a list of commit objects, calling REPORT-PROGRESS for
-each of them.  Return an alist showing the number of occurrences of each key."
-  (define keyring-file
-    (string-append (config-directory) "/keyrings/channels/guix.kbx"))
-
+each of them.  Return an alist showing the number of occurrences of each key.
+The OpenPGP keyring is loaded from KEYRING-REFERENCE in REPOSITORY."
   (define keyring
-    (call-with-input-file keyring-file get-openpgp-keyring))
+    (load-keyring-from-reference repository keyring-reference))
 
   (fold (lambda (commit stats)
           (report-progress)