summaryrefslogtreecommitdiff
path: root/guix
diff options
context:
space:
mode:
authorLudovic Courtès <ludo@gnu.org>2024-02-12 11:41:43 +0100
committerLudovic Courtès <ludo@gnu.org>2024-02-12 12:03:52 +0100
commit5bd5bb5f6ca822f76599ca6d1959f4c42d4bc222 (patch)
treef59dfd0ce0040c934b07c74bd7eb89a9c2935b86 /guix
parente0ade40c2b7f39dc109ef03d43241033e14c4d4a (diff)
git authenticate: Gracefully handle invalid fingerprints.
Previously the command would crash when passed an invalid fingerprint on the command line. * guix/scripts/git/authenticate.scm (guix-git-authenticate) [openpgp-fingerprint*]: New procedure. Use it instead of ‘openpgp-fingerprint’. Change-Id: I99e0549781382f36a684a84449b603e00b53778d
Diffstat (limited to 'guix')
-rw-r--r--guix/scripts/git/authenticate.scm15
1 files changed, 13 insertions, 2 deletions
diff --git a/guix/scripts/git/authenticate.scm b/guix/scripts/git/authenticate.scm
index 5f5d423f28..6ff5cee682 100644
--- a/guix/scripts/git/authenticate.scm
+++ b/guix/scripts/git/authenticate.scm
@@ -1,5 +1,5 @@
;;; GNU Guix --- Functional package management for GNU
-;;; Copyright © 2020 Ludovic Courtès <ludo@gnu.org>
+;;; Copyright © 2020, 2024 Ludovic Courtès <ludo@gnu.org>
;;;
;;; This file is part of GNU Guix.
;;;
@@ -27,6 +27,7 @@
#:use-module ((guix git) #:select (with-git-error-handling))
#:use-module (guix progress)
#:use-module (guix base64)
+ #:autoload (rnrs bytevectors) (bytevector-length)
#:use-module (srfi srfi-1)
#:use-module (srfi srfi-26)
#:use-module (srfi srfi-37)
@@ -133,6 +134,16 @@ Authenticate the given Git checkout using COMMIT/SIGNER as its introduction.\n")
(define commit-short-id
(compose (cut string-take <> 7) oid->string commit-id))
+ (define (openpgp-fingerprint* str)
+ (unless (string-every (char-set-union char-set:hex-digit
+ char-set:whitespace)
+ str)
+ (leave (G_ "~a: invalid OpenPGP fingerprint~%") str))
+ (let ((fingerprint (openpgp-fingerprint str)))
+ (unless (= 20 (bytevector-length fingerprint))
+ (leave (G_ "~a: wrong length for OpenPGP fingerprint~%") str))
+ fingerprint))
+
(define (make-reporter start-commit end-commit commits)
(format (current-error-port)
(G_ "Authenticating commits ~a to ~a (~h new \
@@ -165,7 +176,7 @@ commits)...~%")
(repository-cache-key repository))))
(define stats
(authenticate-repository repository (string->oid commit)
- (openpgp-fingerprint signer)
+ (openpgp-fingerprint* signer)
#:end end
#:keyring-reference keyring
#:historical-authorizations history