summaryrefslogtreecommitdiff
path: root/guix/git-authenticate.scm
AgeCommit message (Collapse)Author
2020-07-25Use 'formatted-message' instead of '&message' where appropriate.Ludovic Courtès
* gnu.scm (%try-use-modules): Use 'formatted-message' instead of '&message'. * gnu/machine/digital-ocean.scm (maybe-raise-unsupported-configuration-error): Likewise. * gnu/machine/ssh.scm (machine-check-file-system-availability): Likewise. (machine-check-building-for-appropriate-system): Likewise. (deploy-managed-host): Likewise. (maybe-raise-unsupported-configuration-error): Likewise. * gnu/packages.scm (search-patch): Likewise. * gnu/services.scm (%service-with-default-value): Likewise. (files->etc-directory): Likewise. (fold-services): Likewise. * gnu/system.scm (locale-name->definition*): Likewise. * gnu/system/mapped-devices.scm (check-device-initrd-modules): Likewise. (check-luks-device): Likewise. * guix/channels.scm (latest-channel-instance): Likewise. * guix/cve.scm (json->cve-items): Likewise. * guix/git-authenticate.scm (commit-signing-key): Likewise. (commit-authorized-keys): Likewise. (authenticate-commit): Likewise. (verify-introductory-commit): Likewise. * guix/remote.scm (remote-pipe-for-gexp): Likewise. * guix/scripts/graph.scm (assert-package): Likewise. * guix/scripts/offload.scm (private-key-from-file*): Likewise. * guix/ssh.scm (authenticate-server*): Likewise. (open-ssh-session): Likewise. (remote-inferior): Likewise. * guix/ui.scm (matching-generations): Likewise. * guix/upstream.scm (package-update): Likewise. * tests/channels.scm ("latest-channel-instances, missing introduction for 'guix'"): Catch 'formatted-message?'. ("authenticate-channel, wrong first commit signer"): Likewise. * tests/lint.scm ("patches: not found"): Adjust message string. * tests/packages.scm ("patch not found yields a run-time error"): Catch 'formatted-message?'. * guix/lint.scm (check-patch-file-names): Handle 'formatted-message?'. (check-derivation): Ditto.
2020-07-21git-authenticate: Show fingerprint in missing-key error message.Ludovic Courtès
* guix/git-authenticate.scm (commit-signing-key): In the 'missing-key' case, add call to 'openpgp-format-fingerprint'.
2020-07-11git-authenticate: Factorize 'authenticate-repository'.Ludovic Courtès
* guix/git-authenticate.scm (repository-cache-key) (verify-introductory-commit, authenticate-repository): New procedures. * guix/channels.scm (verify-introductory-commit): Remove. (authenticate-channel): Rewrite in terms of 'authenticate-repository'.
2020-06-21git-authenticate: Ignore authenticated commit cache when it's not #o600.Ludovic Courtès
* guix/git-authenticate.scm (previously-authenticated-commits): Stat PORT; return the empty list if it's no #o600 and change it to #o600.
2020-06-16git-authenticate: 'authenticate-commits' takes a #:keyring parameter.Ludovic Courtès
* guix/git-authenticate.scm (authenticate-commits): Add #:keyring parameter.
2020-06-16git-authenticate: Cache takes a key parameter.Ludovic Courtès
* guix/git-authenticate.scm (authenticated-commit-cache-file) (cache-authenticated-commit, previously-authenticated-commits): Add 'key' parameter and honor it. * build-aux/git-authenticate.scm (git-authenticate): Pass "channels/guix" as the key.
2020-06-12git-authenticate: Disallow SHA1 (and MD5) signatures.Ludovic Courtès
* guix/git-authenticate.scm (commit-signing-key): Add #:disallowed-hash-algorithms and honor it. (authenticate-commit)[recent-commit?]: New variable. Pass #:disallowed-hash-algorithms to 'commit-signing-key'. * tests/git-authenticate.scm ("signed commits, SHA1 signature"): New test.
2020-06-09git-authenticate: 'commit-authorized-keys' properly handles orphan commits.Ludovic Courtès
Previously it would trigger a wrong-number-of-arguments error for 'lset-intersection'. * guix/git-authenticate.scm (commit-authorized-keys): Add case for when 'commit-parents' returns the empty list.
2020-06-07git-authenticate: Prevent removal of '.guix-authorizations'.Ludovic Courtès
* guix/git-authenticate.scm (commit-authorized-keys) [parents-have-authorizations-file?, assert-parents-lack-authorizations]: New procedures. Use the latter before returning DEFAULT-AUTHORIZATIONS. * guix/git.scm (false-if-git-not-found): Export. * guix/tests/git.scm (populate-git-repository): Add 'remove' clause. * tests/git-authenticate.scm ("signed commits, .guix-authorizations removed"): New test.
2020-06-05git-authenticate: Raise proper SRFI-35 conditions.Ludovic Courtès
* guix/git-authenticate.scm (&git-authentication-error) (&unsigned-commit-error, &unauthorized-commit-error) (&signature-verification-error, &missing-key-error): New condition types. (commit-signing-key, authenticate-commit): Raise them.
2020-06-05git-authenticate: Don't hard-code "origin/" for keyring reference.Ludovic Courtès
* guix/git-authenticate.scm (load-keyring-from-reference): Remove hard-coded "origin/". Use BRANCH-ALL instead of BRANCH-REMOTE.
2020-06-05Add (guix git-authenticate).Ludovic Courtès
* build-aux/git-authenticate.scm (commit-signing-key) (read-authorizations, commit-authorized-keys, authenticate-commit) (load-keyring-from-blob, load-keyring-from-reference) (authenticate-commits, authenticated-commit-cache-file) (previously-authenticated-commits, cache-authenticated-commit): Remove. * build-aux/git-authenticate.scm (git-authenticate): Pass #:default-authorizations to 'authenticate-commits'. * guix/git-authenticate.scm: New file, with code taken from 'build-aux/git-authenticate.scm'. Remove references to '%historical-authorized-signing-keys' and add #:default-authorizations parameter instead. * Makefile.am (MODULES): Add it. (authenticate): Depend on guix/git-authenticate.go.