aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorLudovic Courtès <ludo@gnu.org>2020-05-01 18:27:21 +0200
committerLudovic Courtès <ludo@gnu.org>2020-05-04 09:56:13 +0200
commit041dc3a9c0694ada41b86115b9774a23c9d50f73 (patch)
tree37daad38dacfebaf0b72ccca3db2ebbf82f86c9b
parent92db1036b7d3ad12548c81450a31e401b4c4f2b5 (diff)
downloadguix-041dc3a9c0694ada41b86115b9774a23c9d50f73.tar
guix-041dc3a9c0694ada41b86115b9774a23c9d50f73.tar.gz
git-authenticate: Load the keyring from the repository.
* build-aux/git-authenticate.scm (load-keyring-from-blob) (load-keyring-from-reference): New procedures. (authenticate-commits): Add #:keyring-reference and use 'load-keyring-from-reference'.
-rw-r--r--build-aux/git-authenticate.scm40
1 files changed, 33 insertions, 7 deletions
diff --git a/build-aux/git-authenticate.scm b/build-aux/git-authenticate.scm
index fc02f9ef66..632471ac74 100644
--- a/build-aux/git-authenticate.scm
+++ b/build-aux/git-authenticate.scm
@@ -24,7 +24,6 @@
(use-modules (git)
(guix git)
(guix openpgp)
- ((guix utils) #:select (config-directory))
(guix base16)
((guix build utils) #:select (mkdir-p))
(guix i18n)
@@ -323,15 +322,42 @@ key: ~a")
signing-key)
+(define (load-keyring-from-blob repository oid keyring)
+ "Augment KEYRING with the keyring available in the blob at OID, which may or
+may not be ASCII-armored."
+ (let* ((blob (blob-lookup repository oid))
+ (port (open-bytevector-input-port (blob-content blob))))
+ (get-openpgp-keyring (if (port-ascii-armored? port)
+ (open-bytevector-input-port (read-radix-64 port))
+ port)
+ keyring)))
+
+(define (load-keyring-from-reference repository reference)
+ "Load the '.key' files from the tree at REFERENCE in REPOSITORY and return
+an OpenPGP keyring."
+ (let* ((reference (reference-lookup repository reference))
+ (target (reference-target reference))
+ (commit (commit-lookup repository target))
+ (tree (commit-tree commit)))
+ (fold (lambda (name keyring)
+ (if (string-suffix? ".key" name)
+ (let ((entry (tree-entry-bypath tree name)))
+ (load-keyring-from-blob repository
+ (tree-entry-id entry)
+ keyring))
+ keyring))
+ %empty-keyring
+ (tree-list tree))))
+
(define* (authenticate-commits repository commits
- #:key (report-progress (const #t)))
+ #:key
+ (keyring-reference "refs/heads/keyring")
+ (report-progress (const #t)))
"Authenticate COMMITS, a list of commit objects, calling REPORT-PROGRESS for
-each of them. Return an alist showing the number of occurrences of each key."
- (define keyring-file
- (string-append (config-directory) "/keyrings/channels/guix.kbx"))
-
+each of them. Return an alist showing the number of occurrences of each key.
+The OpenPGP keyring is loaded from KEYRING-REFERENCE in REPOSITORY."
(define keyring
- (call-with-input-file keyring-file get-openpgp-keyring))
+ (load-keyring-from-reference repository keyring-reference))
(fold (lambda (commit stats)
(report-progress)