diff options
author | Ludovic Courtès <ludo@gnu.org> | 2024-02-12 11:41:43 +0100 |
---|---|---|
committer | Ludovic Courtès <ludo@gnu.org> | 2024-02-12 12:03:52 +0100 |
commit | 5bd5bb5f6ca822f76599ca6d1959f4c42d4bc222 (patch) | |
tree | f59dfd0ce0040c934b07c74bd7eb89a9c2935b86 /guix | |
parent | e0ade40c2b7f39dc109ef03d43241033e14c4d4a (diff) |
git authenticate: Gracefully handle invalid fingerprints.
Previously the command would crash when passed an invalid fingerprint on
the command line.
* guix/scripts/git/authenticate.scm (guix-git-authenticate)
[openpgp-fingerprint*]: New procedure.
Use it instead of ‘openpgp-fingerprint’.
Change-Id: I99e0549781382f36a684a84449b603e00b53778d
Diffstat (limited to 'guix')
-rw-r--r-- | guix/scripts/git/authenticate.scm | 15 |
1 files changed, 13 insertions, 2 deletions
diff --git a/guix/scripts/git/authenticate.scm b/guix/scripts/git/authenticate.scm index 5f5d423f28..6ff5cee682 100644 --- a/guix/scripts/git/authenticate.scm +++ b/guix/scripts/git/authenticate.scm @@ -1,5 +1,5 @@ ;;; GNU Guix --- Functional package management for GNU -;;; Copyright © 2020 Ludovic Courtès <ludo@gnu.org> +;;; Copyright © 2020, 2024 Ludovic Courtès <ludo@gnu.org> ;;; ;;; This file is part of GNU Guix. ;;; @@ -27,6 +27,7 @@ #:use-module ((guix git) #:select (with-git-error-handling)) #:use-module (guix progress) #:use-module (guix base64) + #:autoload (rnrs bytevectors) (bytevector-length) #:use-module (srfi srfi-1) #:use-module (srfi srfi-26) #:use-module (srfi srfi-37) @@ -133,6 +134,16 @@ Authenticate the given Git checkout using COMMIT/SIGNER as its introduction.\n") (define commit-short-id (compose (cut string-take <> 7) oid->string commit-id)) + (define (openpgp-fingerprint* str) + (unless (string-every (char-set-union char-set:hex-digit + char-set:whitespace) + str) + (leave (G_ "~a: invalid OpenPGP fingerprint~%") str)) + (let ((fingerprint (openpgp-fingerprint str))) + (unless (= 20 (bytevector-length fingerprint)) + (leave (G_ "~a: wrong length for OpenPGP fingerprint~%") str)) + fingerprint)) + (define (make-reporter start-commit end-commit commits) (format (current-error-port) (G_ "Authenticating commits ~a to ~a (~h new \ @@ -165,7 +176,7 @@ commits)...~%") (repository-cache-key repository)))) (define stats (authenticate-repository repository (string->oid commit) - (openpgp-fingerprint signer) + (openpgp-fingerprint* signer) #:end end #:keyring-reference keyring #:historical-authorizations history |