[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
11/11: maint: "make authenticate" behaves like 'guix pull' by default.
|
From: |
guix-commits |
|
Subject: |
11/11: maint: "make authenticate" behaves like 'guix pull' by default. |
|
Date: |
Tue, 16 Jun 2020 10:16:13 -0400 (EDT) |
civodul pushed a commit to branch master
in repository guix.
commit 619972f7b5dc34457ad9c474bf8f9f98786d70e0
Author: Ludovic Courtès <ludo@gnu.org>
AuthorDate: Tue Jun 16 15:52:46 2020 +0200
maint: "make authenticate" behaves like 'guix pull' by default.
* build-aux/git-authenticate.scm (%use-historical-authorizations?)
(%introductory-commit): New variables.
* build-aux/git-authenticate.scm (git-authenticate): Use pass the empty
list as #:default-authorizations when %USE-HISTORICAL-AUTHORIZATIONS? is
false.
---
build-aux/git-authenticate.scm | 26 ++++++++++++++++++++++++--
1 file changed, 24 insertions(+), 2 deletions(-)
diff --git a/build-aux/git-authenticate.scm b/build-aux/git-authenticate.scm
index a3d4b40..e670264 100644
--- a/build-aux/git-authenticate.scm
+++ b/build-aux/git-authenticate.scm
@@ -218,6 +218,17 @@
(string-downcase (string-filter char-set:graphic fingerprint)))))
%historical-committers))
+(define %use-historical-authorizations?
+ ;; Whether to allow authentication of past commits using
+ ;; %HISTORICAL-AUTHORIZED-SIGNING-KEYS for when '.guix-authorizations' was
+ ;; missing.
+ (getenv "GUIX_USE_HISTORICAL_AUTHORIZATIONS"))
+
+(define %introductory-commit
+ ;; This is the commit that appears in the official 'guix' channel
+ ;; introduction. XXX: Keep in sync with (guix channels)!
+ "9edb3f66fd807b096b48283debdcddccfea34bad")
+
(define %commits-with-bad-signature
;; Commits with a known-bad signature.
'("6a34f4ccc8a5d4a48e25ad3c9c512f8634928b91")) ;2016-12-29
@@ -242,7 +253,10 @@
(match args
((_ start end)
(define start-commit
- (commit-lookup repository (string->oid start)))
+ (commit-lookup repository
+ (string->oid (if %use-historical-authorizations?
+ start
+ %introductory-commit))))
(define end-commit
(commit-lookup repository (string->oid end)))
@@ -263,6 +277,14 @@
(define reporter
(progress-reporter/bar (length commits)))
+ (define historical-authorizations
+ ;; List of authorizations in effect before '.guix-authorizations' was
+ ;; introduced. By default, assume there were no authorizations; this
+ ;; is what 'guix pull' does.
+ (if %use-historical-authorizations?
+ %historical-authorized-signing-keys
+ '()))
+
(format #t (G_ "Authenticating ~a to ~a (~a commits)...~%")
(commit-short-id start-commit)
(commit-short-id end-commit)
@@ -272,7 +294,7 @@
(lambda (report)
(authenticate-commits repository commits
#:default-authorizations
-
%historical-authorized-signing-keys
+ historical-authorizations
#:report-progress report)))))
(cache-authenticated-commit "channels/guix"
(oid->string (commit-id end-commit)))
- branch master updated (3646a44 -> 619972f), guix-commits, 2020/06/16
- 01/11: doc: Recommend "make authenticate" after ./bootstrap., guix-commits, 2020/06/16
- 02/11: git-authenticate: Cache takes a key parameter., guix-commits, 2020/06/16
- 03/11: git-authenticate: 'authenticate-commits' takes a #:keyring parameter., guix-commits, 2020/06/16
- 05/11: channels: 'latest-channel-instance' authenticates Git checkouts., guix-commits, 2020/06/16
- 06/11: channels: Make 'validate-pull' call right after clone/pull., guix-commits, 2020/06/16
- 07/11: .guix-channel: Add 'keyring-reference'., guix-commits, 2020/06/16
- 09/11: pull: Add '--disable-authentication'., guix-commits, 2020/06/16
- 04/11: tests: Move OpenPGP helpers to (guix tests gnupg)., guix-commits, 2020/06/16
- 08/11: channels: Automatically add introduction for the official 'guix' channel., guix-commits, 2020/06/16
- 11/11: maint: "make authenticate" behaves like 'guix pull' by default.,
guix-commits <=
- 10/11: time-machine: Add '--disable-authentication'., guix-commits, 2020/06/16