diff options
author | Ludovic Courtès <ludo@gnu.org> | 2020-05-01 18:27:21 +0200 |
---|---|---|
committer | Ludovic Courtès <ludo@gnu.org> | 2020-05-04 09:56:13 +0200 |
commit | 041dc3a9c0694ada41b86115b9774a23c9d50f73 (patch) | |
tree | 37daad38dacfebaf0b72ccca3db2ebbf82f86c9b | |
parent | 92db1036b7d3ad12548c81450a31e401b4c4f2b5 (diff) | |
download | guix-041dc3a9c0694ada41b86115b9774a23c9d50f73.tar guix-041dc3a9c0694ada41b86115b9774a23c9d50f73.tar.gz |
git-authenticate: Load the keyring from the repository.
* build-aux/git-authenticate.scm (load-keyring-from-blob)
(load-keyring-from-reference): New procedures.
(authenticate-commits): Add #:keyring-reference and use
'load-keyring-from-reference'.
-rw-r--r-- | build-aux/git-authenticate.scm | 40 |
1 files changed, 33 insertions, 7 deletions
diff --git a/build-aux/git-authenticate.scm b/build-aux/git-authenticate.scm index fc02f9ef66..632471ac74 100644 --- a/build-aux/git-authenticate.scm +++ b/build-aux/git-authenticate.scm @@ -24,7 +24,6 @@ (use-modules (git) (guix git) (guix openpgp) - ((guix utils) #:select (config-directory)) (guix base16) ((guix build utils) #:select (mkdir-p)) (guix i18n) @@ -323,15 +322,42 @@ key: ~a") signing-key) +(define (load-keyring-from-blob repository oid keyring) + "Augment KEYRING with the keyring available in the blob at OID, which may or +may not be ASCII-armored." + (let* ((blob (blob-lookup repository oid)) + (port (open-bytevector-input-port (blob-content blob)))) + (get-openpgp-keyring (if (port-ascii-armored? port) + (open-bytevector-input-port (read-radix-64 port)) + port) + keyring))) + +(define (load-keyring-from-reference repository reference) + "Load the '.key' files from the tree at REFERENCE in REPOSITORY and return +an OpenPGP keyring." + (let* ((reference (reference-lookup repository reference)) + (target (reference-target reference)) + (commit (commit-lookup repository target)) + (tree (commit-tree commit))) + (fold (lambda (name keyring) + (if (string-suffix? ".key" name) + (let ((entry (tree-entry-bypath tree name))) + (load-keyring-from-blob repository + (tree-entry-id entry) + keyring)) + keyring)) + %empty-keyring + (tree-list tree)))) + (define* (authenticate-commits repository commits - #:key (report-progress (const #t))) + #:key + (keyring-reference "refs/heads/keyring") + (report-progress (const #t))) "Authenticate COMMITS, a list of commit objects, calling REPORT-PROGRESS for -each of them. Return an alist showing the number of occurrences of each key." - (define keyring-file - (string-append (config-directory) "/keyrings/channels/guix.kbx")) - +each of them. Return an alist showing the number of occurrences of each key. +The OpenPGP keyring is loaded from KEYRING-REFERENCE in REPOSITORY." (define keyring - (call-with-input-file keyring-file get-openpgp-keyring)) + (load-keyring-from-reference repository keyring-reference)) (fold (lambda (commit stats) (report-progress) |