summaryrefslogtreecommitdiff
path: root/guix/git-authenticate.scm
AgeCommit message (Expand)Author
2023-03-13guix: Strip #:use-module lists....This was obtained by setting up this environment: guix shell -D guix --with-input=guile@3.0.9=guile-next \ --with-commit=guile-next=e2ed33ef0445c867fe56c247054aa67e834861f2 -- make -j5 then adding 'unused-module' to (@@ (guix build compiler) %warnings), building, and checking all the "unused module" warnings and removing those that were definitely unused. Ludovic Courtès
2022-02-14git-authenticate: Ensure the target is a descendant of the introductory commit....Fixes a bug whereby authentication of a commit *not* descending from the introductory commit could succeed, provided the commit verifies the authorization invariant. In the example below, A is a common ancestor of the introductory commit I and of commit X. Authentication of X would succeed, even though it is not a descendant of I, as long as X is authorized according to the '.guix-authorizations' in A: X I \ / A This is because, 'authenticate-repository' would not check whether X descends from I, and the call (commit-difference X I) would return X. In practice that only affects forks because it means that ancestors of the introductory commit already contain a '.guix-authorizations' file. * guix/git-authenticate.scm (authenticate-repository): Add call to 'commit-descendant?'. * tests/channels.scm ("authenticate-channel, not a descendant of introductory commit"): New test. * tests/git-authenticate.scm ("authenticate-repository, target not a descendant of intro"): New test. * tests/guix-git-authenticate.sh: Expect earlier test to fail since 9549f0283a78fe36f2d4ff2a04ef8ad6b0c02604 is not a descendant of $intro_commit. Add new test targeting an ancestor of the introductory commit, and another test targeting the v1.2.0 commit. * doc/guix.texi (Specifying Channel Authorizations): Add a sentence. Ludovic Courtès
2021-02-04channels: Consider the current channel commit as authentic....Fixes <https://bugs.gnu.org/45895>. When the ~/.cache/guix/authentication is empty, this change allows authentication to start at the current commit, as shown by 'guix describe', instead of starting from the introductory commit, which would take more and more time (there's currently 18K commits per year). * guix/git-authenticate.scm (authenticate-repository): Add #:authentic-commits. [authenticated-commits]: Append it. * guix/channels.scm (authenticate-channel)[authentic-commits]: New variable. Pass it to 'authenticate-repository'. Ludovic Courtès
2020-07-25Use 'formatted-message' instead of '&message' where appropriate....* gnu.scm (%try-use-modules): Use 'formatted-message' instead of '&message'. * gnu/machine/digital-ocean.scm (maybe-raise-unsupported-configuration-error): Likewise. * gnu/machine/ssh.scm (machine-check-file-system-availability): Likewise. (machine-check-building-for-appropriate-system): Likewise. (deploy-managed-host): Likewise. (maybe-raise-unsupported-configuration-error): Likewise. * gnu/packages.scm (search-patch): Likewise. * gnu/services.scm (%service-with-default-value): Likewise. (files->etc-directory): Likewise. (fold-services): Likewise. * gnu/system.scm (locale-name->definition*): Likewise. * gnu/system/mapped-devices.scm (check-device-initrd-modules): Likewise. (check-luks-device): Likewise. * guix/channels.scm (latest-channel-instance): Likewise. * guix/cve.scm (json->cve-items): Likewise. * guix/git-authenticate.scm (commit-signing-key): Likewise. (commit-authorized-keys): Likewise. (authenticate-commit): Likewise. (verify-introductory-commit): Likewise. * guix/remote.scm (remote-pipe-for-gexp): Likewise. * guix/scripts/graph.scm (assert-package): Likewise. * guix/scripts/offload.scm (private-key-from-file*): Likewise. * guix/ssh.scm (authenticate-server*): Likewise. (open-ssh-session): Likewise. (remote-inferior): Likewise. * guix/ui.scm (matching-generations): Likewise. * guix/upstream.scm (package-update): Likewise. * tests/channels.scm ("latest-channel-instances, missing introduction for 'guix'"): Catch 'formatted-message?'. ("authenticate-channel, wrong first commit signer"): Likewise. * tests/lint.scm ("patches: not found"): Adjust message string. * tests/packages.scm ("patch not found yields a run-time error"): Catch 'formatted-message?'. * guix/lint.scm (check-patch-file-names): Handle 'formatted-message?'. (check-derivation): Ditto. Ludovic Courtès
2020-07-21git-authenticate: Show fingerprint in missing-key error message....* guix/git-authenticate.scm (commit-signing-key): In the 'missing-key' case, add call to 'openpgp-format-fingerprint'. Ludovic Courtès
2020-07-11git-authenticate: Factorize 'authenticate-repository'....* guix/git-authenticate.scm (repository-cache-key) (verify-introductory-commit, authenticate-repository): New procedures. * guix/channels.scm (verify-introductory-commit): Remove. (authenticate-channel): Rewrite in terms of 'authenticate-repository'. Ludovic Courtès
2020-06-21git-authenticate: Ignore authenticated commit cache when it's not #o600....* guix/git-authenticate.scm (previously-authenticated-commits): Stat PORT; return the empty list if it's no #o600 and change it to #o600. Ludovic Courtès
2020-06-16git-authenticate: 'authenticate-commits' takes a #:keyring parameter....* guix/git-authenticate.scm (authenticate-commits): Add #:keyring parameter. Ludovic Courtès
2020-06-16git-authenticate: Cache takes a key parameter....* guix/git-authenticate.scm (authenticated-commit-cache-file) (cache-authenticated-commit, previously-authenticated-commits): Add 'key' parameter and honor it. * build-aux/git-authenticate.scm (git-authenticate): Pass "channels/guix" as the key. Ludovic Courtès
2020-06-12git-authenticate: Disallow SHA1 (and MD5) signatures....* guix/git-authenticate.scm (commit-signing-key): Add #:disallowed-hash-algorithms and honor it. (authenticate-commit)[recent-commit?]: New variable. Pass #:disallowed-hash-algorithms to 'commit-signing-key'. * tests/git-authenticate.scm ("signed commits, SHA1 signature"): New test. Ludovic Courtès
2020-06-09git-authenticate: 'commit-authorized-keys' properly handles orphan commits....Previously it would trigger a wrong-number-of-arguments error for 'lset-intersection'. * guix/git-authenticate.scm (commit-authorized-keys): Add case for when 'commit-parents' returns the empty list. Ludovic Courtès
2020-06-07git-authenticate: Prevent removal of '.guix-authorizations'....* guix/git-authenticate.scm (commit-authorized-keys) [parents-have-authorizations-file?, assert-parents-lack-authorizations]: New procedures. Use the latter before returning DEFAULT-AUTHORIZATIONS. * guix/git.scm (false-if-git-not-found): Export. * guix/tests/git.scm (populate-git-repository): Add 'remove' clause. * tests/git-authenticate.scm ("signed commits, .guix-authorizations removed"): New test. Ludovic Courtès
2020-06-05git-authenticate: Raise proper SRFI-35 conditions....* guix/git-authenticate.scm (&git-authentication-error) (&unsigned-commit-error, &unauthorized-commit-error) (&signature-verification-error, &missing-key-error): New condition types. (commit-signing-key, authenticate-commit): Raise them. Ludovic Courtès
2020-06-05git-authenticate: Don't hard-code "origin/" for keyring reference....* guix/git-authenticate.scm (load-keyring-from-reference): Remove hard-coded "origin/". Use BRANCH-ALL instead of BRANCH-REMOTE. Ludovic Courtès
2020-06-05Add (guix git-authenticate)....* build-aux/git-authenticate.scm (commit-signing-key) (read-authorizations, commit-authorized-keys, authenticate-commit) (load-keyring-from-blob, load-keyring-from-reference) (authenticate-commits, authenticated-commit-cache-file) (previously-authenticated-commits, cache-authenticated-commit): Remove. * build-aux/git-authenticate.scm (git-authenticate): Pass #:default-authorizations to 'authenticate-commits'. * guix/git-authenticate.scm: New file, with code taken from 'build-aux/git-authenticate.scm'. Remove references to '%historical-authorized-signing-keys' and add #:default-authorizations parameter instead. * Makefile.am (MODULES): Add it. (authenticate): Depend on guix/git-authenticate.go. Ludovic Courtès