diff options
| author | Ludovic Courtès <ludo@gnu.org> | 2021-02-02 09:37:33 +0100 |
|---|---|---|
| committer | Ludovic Courtès <ludo@gnu.org> | 2021-02-04 09:23:39 +0100 |
| commit | 29009fdb2d3636eafa77b406da2430b08a22d47e (patch) | |
| tree | ecc24688dab77692813434501162dd7e69dddabe /guix/git-authenticate.scm | |
| parent | 8ecc265c5c6519986758567682726647850d5d03 (diff) | |
| download | guix-29009fdb2d3636eafa77b406da2430b08a22d47e.tar guix-29009fdb2d3636eafa77b406da2430b08a22d47e.tar.gz | |
channels: Consider the current channel commit as authentic.
Fixes <https://bugs.gnu.org/45895>.
When the ~/.cache/guix/authentication is empty, this change allows
authentication to start at the current commit, as shown by 'guix
describe', instead of starting from the introductory commit, which would
take more and more time (there's currently 18K commits per year).
* guix/git-authenticate.scm (authenticate-repository): Add #:authentic-commits.
[authenticated-commits]: Append it.
* guix/channels.scm (authenticate-channel)[authentic-commits]: New
variable. Pass it to 'authenticate-repository'.
Diffstat (limited to 'guix/git-authenticate.scm')
| -rw-r--r-- | guix/git-authenticate.scm | 9 |
1 files changed, 6 insertions, 3 deletions
diff --git a/guix/git-authenticate.scm b/guix/git-authenticate.scm index 4ab5419bd6..ab3fcd8b2f 100644 --- a/guix/git-authenticate.scm +++ b/guix/git-authenticate.scm @@ -1,5 +1,5 @@ ;;; GNU Guix --- Functional package management for GNU -;;; Copyright © 2019, 2020 Ludovic Courtès <ludo@gnu.org> +;;; Copyright © 2019, 2020, 2021 Ludovic Courtès <ludo@gnu.org> ;;; ;;; This file is part of GNU Guix. ;;; @@ -376,12 +376,14 @@ instead of '~a'") (cache-key (repository-cache-key repository)) (end (reference-target (repository-head repository))) + (authentic-commits '()) (historical-authorizations '()) (make-reporter (const progress-reporter/silent))) "Authenticate REPOSITORY up to commit END, an OID. Authentication starts with commit START, an OID, which must be signed by SIGNER; an exception is -raised if that is not the case. Return an alist mapping OpenPGP public keys +raised if that is not the case. Commits listed in AUTHENTIC-COMMITS and their +closure are considered authentic. Return an alist mapping OpenPGP public keys to the number of commits signed by that key that have been traversed. The OpenPGP keyring is loaded from KEYRING-REFERENCE in REPOSITORY, where @@ -404,7 +406,8 @@ denoting the authorized keys for commits whose parent lack the (filter-map (lambda (id) (false-if-git-not-found (commit-lookup repository (string->oid id)))) - (previously-authenticated-commits cache-key))) + (append (previously-authenticated-commits cache-key) + authentic-commits))) (define commits ;; Commits to authenticate, excluding the closure of |