Ludovic Courtès
41939c374a
git-authenticate: Ignore authenticated commit cache when it's not #o600.
...
* guix/git-authenticate.scm (previously-authenticated-commits): Stat
PORT; return the empty list if it's no #o600 and change it to #o600.
2020-06-21 17:36:39 +02:00
Ludovic Courtès
41946b79f1
git-authenticate: 'authenticate-commits' takes a #:keyring parameter.
...
* guix/git-authenticate.scm (authenticate-commits): Add #:keyring
parameter.
2020-06-16 16:10:46 +02:00
Ludovic Courtès
a450b4343b
git-authenticate: Cache takes a key parameter.
...
* guix/git-authenticate.scm (authenticated-commit-cache-file)
(cache-authenticated-commit, previously-authenticated-commits): Add
'key' parameter and honor it.
* build-aux/git-authenticate.scm (git-authenticate): Pass
"channels/guix" as the key.
2020-06-16 16:10:46 +02:00
Ludovic Courtès
52c529ff20
git-authenticate: Disallow SHA1 (and MD5) signatures.
...
* guix/git-authenticate.scm (commit-signing-key): Add
#:disallowed-hash-algorithms and honor it.
(authenticate-commit)[recent-commit?]: New variable.
Pass #:disallowed-hash-algorithms to 'commit-signing-key'.
* tests/git-authenticate.scm ("signed commits, SHA1 signature"): New test.
2020-06-12 18:56:11 +02:00
Ludovic Courtès
eef859e853
git-authenticate: 'commit-authorized-keys' properly handles orphan commits.
...
Previously it would trigger a wrong-number-of-arguments error for
'lset-intersection'.
* guix/git-authenticate.scm (commit-authorized-keys): Add case for when
'commit-parents' returns the empty list.
2020-06-09 00:34:52 +02:00
Ludovic Courtès
e782756080
git-authenticate: Prevent removal of '.guix-authorizations'.
...
* guix/git-authenticate.scm (commit-authorized-keys)
[parents-have-authorizations-file?, assert-parents-lack-authorizations]:
New procedures.
Use the latter before returning DEFAULT-AUTHORIZATIONS.
* guix/git.scm (false-if-git-not-found): Export.
* guix/tests/git.scm (populate-git-repository): Add 'remove' clause.
* tests/git-authenticate.scm ("signed commits, .guix-authorizations removed"):
New test.
2020-06-07 23:10:46 +02:00
Ludovic Courtès
f8213f1bca
git-authenticate: Raise proper SRFI-35 conditions.
...
* guix/git-authenticate.scm (&git-authentication-error)
(&unsigned-commit-error, &unauthorized-commit-error)
(&signature-verification-error, &missing-key-error): New condition
types.
(commit-signing-key, authenticate-commit): Raise them.
2020-06-05 22:54:06 +02:00
Ludovic Courtès
512b9e2da2
git-authenticate: Don't hard-code "origin/" for keyring reference.
...
* guix/git-authenticate.scm (load-keyring-from-reference): Remove
hard-coded "origin/". Use BRANCH-ALL instead of BRANCH-REMOTE.
2020-06-05 22:54:06 +02:00
Ludovic Courtès
41f443c90a
Add (guix git-authenticate).
...
* build-aux/git-authenticate.scm (commit-signing-key)
(read-authorizations, commit-authorized-keys, authenticate-commit)
(load-keyring-from-blob, load-keyring-from-reference)
(authenticate-commits, authenticated-commit-cache-file)
(previously-authenticated-commits, cache-authenticated-commit): Remove.
* build-aux/git-authenticate.scm (git-authenticate): Pass
#:default-authorizations to 'authenticate-commits'.
* guix/git-authenticate.scm: New file, with code taken from
'build-aux/git-authenticate.scm'. Remove references to
'%historical-authorized-signing-keys' and add #:default-authorizations
parameter instead.
* Makefile.am (MODULES): Add it.
(authenticate): Depend on guix/git-authenticate.go.
2020-06-05 22:54:06 +02:00