diff options
author | Ludovic Courtès <ludo@gnu.org> | 2020-06-16 15:52:46 +0200 |
---|---|---|
committer | Ludovic Courtès <ludo@gnu.org> | 2020-06-16 16:10:47 +0200 |
commit | 619972f7b5dc34457ad9c474bf8f9f98786d70e0 (patch) | |
tree | bffb10bffd8b02f16dc93ead4806e7fb13038697 /build-aux | |
parent | 838ac881ec98cb71d4a4e4b20773573f99ecbf25 (diff) |
maint: "make authenticate" behaves like 'guix pull' by default.
* build-aux/git-authenticate.scm (%use-historical-authorizations?)
(%introductory-commit): New variables.
* build-aux/git-authenticate.scm (git-authenticate): Use pass the empty
list as #:default-authorizations when %USE-HISTORICAL-AUTHORIZATIONS? is
false.
Diffstat (limited to 'build-aux')
-rw-r--r-- | build-aux/git-authenticate.scm | 26 |
1 files changed, 24 insertions, 2 deletions
diff --git a/build-aux/git-authenticate.scm b/build-aux/git-authenticate.scm index a3d4b40ccf..e670264f28 100644 --- a/build-aux/git-authenticate.scm +++ b/build-aux/git-authenticate.scm @@ -218,6 +218,17 @@ (string-downcase (string-filter char-set:graphic fingerprint))))) %historical-committers)) +(define %use-historical-authorizations? + ;; Whether to allow authentication of past commits using + ;; %HISTORICAL-AUTHORIZED-SIGNING-KEYS for when '.guix-authorizations' was + ;; missing. + (getenv "GUIX_USE_HISTORICAL_AUTHORIZATIONS")) + +(define %introductory-commit + ;; This is the commit that appears in the official 'guix' channel + ;; introduction. XXX: Keep in sync with (guix channels)! + "9edb3f66fd807b096b48283debdcddccfea34bad") + (define %commits-with-bad-signature ;; Commits with a known-bad signature. '("6a34f4ccc8a5d4a48e25ad3c9c512f8634928b91")) ;2016-12-29 @@ -242,7 +253,10 @@ (match args ((_ start end) (define start-commit - (commit-lookup repository (string->oid start))) + (commit-lookup repository + (string->oid (if %use-historical-authorizations? + start + %introductory-commit)))) (define end-commit (commit-lookup repository (string->oid end))) @@ -263,6 +277,14 @@ (define reporter (progress-reporter/bar (length commits))) + (define historical-authorizations + ;; List of authorizations in effect before '.guix-authorizations' was + ;; introduced. By default, assume there were no authorizations; this + ;; is what 'guix pull' does. + (if %use-historical-authorizations? + %historical-authorized-signing-keys + '())) + (format #t (G_ "Authenticating ~a to ~a (~a commits)...~%") (commit-short-id start-commit) (commit-short-id end-commit) @@ -272,7 +294,7 @@ (lambda (report) (authenticate-commits repository commits #:default-authorizations - %historical-authorized-signing-keys + historical-authorizations #:report-progress report))))) (cache-authenticated-commit "channels/guix" (oid->string (commit-id end-commit))) |