kreyren/guix-kreyren
1
0
Fork 0
Code Issues 1 Pull Requests 1 Releases Activity
89,589 Commits 3 Branches 0 Tags 274 MiB
081c07d6a0
Commit Graph

13 Commits

Author SHA1 Message Date
Ludovic Courtès
29009fdb2d
channels: Consider the current channel commit as authentic. 
Fixes <https://bugs.gnu.org/45895>.

When the ~/.cache/guix/authentication is empty, this change allows
authentication to start at the current commit, as shown by 'guix
describe', instead of starting from the introductory commit, which would
take more and more time (there's currently 18K commits per year).

* guix/git-authenticate.scm (authenticate-repository): Add #:authentic-commits.
[authenticated-commits]: Append it.
* guix/channels.scm (authenticate-channel)[authentic-commits]: New
variable.  Pass it to 'authenticate-repository'.
 2021-02-04 09:23:39 +01:00
Ludovic Courtès
d51bfe242f
Use 'formatted-message' instead of '&message' where appropriate. 
* gnu.scm (%try-use-modules): Use 'formatted-message' instead of
'&message'.
* gnu/machine/digital-ocean.scm (maybe-raise-unsupported-configuration-error):
Likewise.
* gnu/machine/ssh.scm (machine-check-file-system-availability): Likewise.
(machine-check-building-for-appropriate-system): Likewise.
(deploy-managed-host): Likewise.
(maybe-raise-unsupported-configuration-error): Likewise.
* gnu/packages.scm (search-patch): Likewise.
* gnu/services.scm (%service-with-default-value): Likewise.
(files->etc-directory): Likewise.
(fold-services): Likewise.
* gnu/system.scm (locale-name->definition*): Likewise.
* gnu/system/mapped-devices.scm (check-device-initrd-modules): Likewise.
(check-luks-device): Likewise.
* guix/channels.scm (latest-channel-instance): Likewise.
* guix/cve.scm (json->cve-items): Likewise.
* guix/git-authenticate.scm (commit-signing-key): Likewise.
(commit-authorized-keys): Likewise.
(authenticate-commit): Likewise.
(verify-introductory-commit): Likewise.
* guix/remote.scm (remote-pipe-for-gexp): Likewise.
* guix/scripts/graph.scm (assert-package): Likewise.
* guix/scripts/offload.scm (private-key-from-file*): Likewise.
* guix/ssh.scm (authenticate-server*): Likewise.
(open-ssh-session): Likewise.
(remote-inferior): Likewise.
* guix/ui.scm (matching-generations): Likewise.
* guix/upstream.scm (package-update): Likewise.
* tests/channels.scm ("latest-channel-instances, missing introduction for 'guix'"):
Catch 'formatted-message?'.
("authenticate-channel, wrong first commit signer"): Likewise.
* tests/lint.scm ("patches: not found"): Adjust message string.
* tests/packages.scm ("patch not found yields a run-time error"): Catch
'formatted-message?'.
* guix/lint.scm (check-patch-file-names): Handle 'formatted-message?'.
(check-derivation): Ditto.
 2020-07-25 19:11:37 +02:00
Ludovic Courtès
b3679394ec
git-authenticate: Show fingerprint in missing-key error message. 
* guix/git-authenticate.scm (commit-signing-key): In the 'missing-key'
case, add call to 'openpgp-format-fingerprint'.
 2020-07-21 18:22:49 +02:00
Ludovic Courtès
838f2bdfa8
git-authenticate: Factorize 'authenticate-repository'. 
* guix/git-authenticate.scm (repository-cache-key)
(verify-introductory-commit, authenticate-repository): New procedures.
* guix/channels.scm (verify-introductory-commit): Remove.
(authenticate-channel): Rewrite in terms of 'authenticate-repository'.
 2020-07-11 11:51:52 +02:00
Ludovic Courtès
41939c374a
git-authenticate: Ignore authenticated commit cache when it's not #o600. 
* guix/git-authenticate.scm (previously-authenticated-commits): Stat
PORT; return the empty list if it's no #o600 and change it to #o600.
 2020-06-21 17:36:39 +02:00
Ludovic Courtès
41946b79f1
git-authenticate: 'authenticate-commits' takes a #:keyring parameter. 
* guix/git-authenticate.scm (authenticate-commits): Add #:keyring
parameter.
 2020-06-16 16:10:46 +02:00
Ludovic Courtès
a450b4343b
git-authenticate: Cache takes a key parameter. 
* guix/git-authenticate.scm (authenticated-commit-cache-file)
(cache-authenticated-commit, previously-authenticated-commits): Add
'key' parameter and honor it.
* build-aux/git-authenticate.scm (git-authenticate): Pass
"channels/guix" as the key.
 2020-06-16 16:10:46 +02:00
Ludovic Courtès
52c529ff20
git-authenticate: Disallow SHA1 (and MD5) signatures. 
* guix/git-authenticate.scm (commit-signing-key): Add
 #:disallowed-hash-algorithms and honor it.
(authenticate-commit)[recent-commit?]: New variable.
Pass #:disallowed-hash-algorithms to 'commit-signing-key'.
* tests/git-authenticate.scm ("signed commits, SHA1 signature"): New test.
 2020-06-12 18:56:11 +02:00
Ludovic Courtès
eef859e853
git-authenticate: 'commit-authorized-keys' properly handles orphan commits. 
Previously it would trigger a wrong-number-of-arguments error for
'lset-intersection'.

* guix/git-authenticate.scm (commit-authorized-keys): Add case for when
'commit-parents' returns the empty list.
 2020-06-09 00:34:52 +02:00
Ludovic Courtès
e782756080
git-authenticate: Prevent removal of '.guix-authorizations'. 
* guix/git-authenticate.scm (commit-authorized-keys)
[parents-have-authorizations-file?, assert-parents-lack-authorizations]:
New procedures.
Use the latter before returning DEFAULT-AUTHORIZATIONS.
* guix/git.scm (false-if-git-not-found): Export.
* guix/tests/git.scm (populate-git-repository): Add 'remove' clause.
* tests/git-authenticate.scm ("signed commits, .guix-authorizations removed"):
New test.
 2020-06-07 23:10:46 +02:00
Ludovic Courtès
f8213f1bca
git-authenticate: Raise proper SRFI-35 conditions. 
* guix/git-authenticate.scm (&git-authentication-error)
(&unsigned-commit-error, &unauthorized-commit-error)
(&signature-verification-error, &missing-key-error): New condition
types.
(commit-signing-key, authenticate-commit): Raise them.
 2020-06-05 22:54:06 +02:00
Ludovic Courtès
512b9e2da2
git-authenticate: Don't hard-code "origin/" for keyring reference. 
* guix/git-authenticate.scm (load-keyring-from-reference): Remove
hard-coded "origin/".  Use BRANCH-ALL instead of BRANCH-REMOTE.
 2020-06-05 22:54:06 +02:00
Ludovic Courtès
41f443c90a
Add (guix git-authenticate). 
* build-aux/git-authenticate.scm (commit-signing-key)
(read-authorizations, commit-authorized-keys, authenticate-commit)
(load-keyring-from-blob, load-keyring-from-reference)
(authenticate-commits, authenticated-commit-cache-file)
(previously-authenticated-commits, cache-authenticated-commit): Remove.
* build-aux/git-authenticate.scm (git-authenticate): Pass
 #:default-authorizations to 'authenticate-commits'.
* guix/git-authenticate.scm: New file, with code taken from
'build-aux/git-authenticate.scm'.  Remove references to
'%historical-authorized-signing-keys' and add #:default-authorizations
parameter instead.
* Makefile.am (MODULES): Add it.
(authenticate): Depend on guix/git-authenticate.go.
 2020-06-05 22:54:06 +02:00