aboutsummaryrefslogtreecommitdiff
path: root/guix/git-authenticate.scm
diff options
context:
space:
mode:
authorLudovic Courtès <ludo@gnu.org>2020-07-25 18:26:18 +0200
committerLudovic Courtès <ludo@gnu.org>2020-07-25 19:11:37 +0200
commitd51bfe242fbe6f3f8f71d723e8fe0c7bbe711ba1 (patch)
tree6d8519ba2ab3e5475ff44dfa3a1c2aa9ec8a50b9 /guix/git-authenticate.scm
parent252a1926bc7d7aa0b39d89a484c0c1b82e945fcd (diff)
downloadguix-d51bfe242fbe6f3f8f71d723e8fe0c7bbe711ba1.tar
guix-d51bfe242fbe6f3f8f71d723e8fe0c7bbe711ba1.tar.gz
Use 'formatted-message' instead of '&message' where appropriate.
* gnu.scm (%try-use-modules): Use 'formatted-message' instead of '&message'. * gnu/machine/digital-ocean.scm (maybe-raise-unsupported-configuration-error): Likewise. * gnu/machine/ssh.scm (machine-check-file-system-availability): Likewise. (machine-check-building-for-appropriate-system): Likewise. (deploy-managed-host): Likewise. (maybe-raise-unsupported-configuration-error): Likewise. * gnu/packages.scm (search-patch): Likewise. * gnu/services.scm (%service-with-default-value): Likewise. (files->etc-directory): Likewise. (fold-services): Likewise. * gnu/system.scm (locale-name->definition*): Likewise. * gnu/system/mapped-devices.scm (check-device-initrd-modules): Likewise. (check-luks-device): Likewise. * guix/channels.scm (latest-channel-instance): Likewise. * guix/cve.scm (json->cve-items): Likewise. * guix/git-authenticate.scm (commit-signing-key): Likewise. (commit-authorized-keys): Likewise. (authenticate-commit): Likewise. (verify-introductory-commit): Likewise. * guix/remote.scm (remote-pipe-for-gexp): Likewise. * guix/scripts/graph.scm (assert-package): Likewise. * guix/scripts/offload.scm (private-key-from-file*): Likewise. * guix/ssh.scm (authenticate-server*): Likewise. (open-ssh-session): Likewise. (remote-inferior): Likewise. * guix/ui.scm (matching-generations): Likewise. * guix/upstream.scm (package-update): Likewise. * tests/channels.scm ("latest-channel-instances, missing introduction for 'guix'"): Catch 'formatted-message?'. ("authenticate-channel, wrong first commit signer"): Likewise. * tests/lint.scm ("patches: not found"): Adjust message string. * tests/packages.scm ("patch not found yields a run-time error"): Catch 'formatted-message?'. * guix/lint.scm (check-patch-file-names): Handle 'formatted-message?'. (check-derivation): Ditto.
Diffstat (limited to 'guix/git-authenticate.scm')
-rw-r--r--guix/git-authenticate.scm86
1 files changed, 41 insertions, 45 deletions
diff --git a/guix/git-authenticate.scm b/guix/git-authenticate.scm
index 6cfc7fabe1..4ab5419bd6 100644
--- a/guix/git-authenticate.scm
+++ b/guix/git-authenticate.scm
@@ -24,6 +24,7 @@
#:use-module ((guix git)
#:select (commit-difference false-if-git-not-found))
#:use-module (guix i18n)
+ #:use-module ((guix diagnostics) #:select (formatted-message))
#:use-module (guix openpgp)
#:use-module ((guix utils)
#:select (cache-directory with-atomic-file-output))
@@ -105,23 +106,21 @@ not in KEYRING."
(lambda _
(values #f #f)))))
(unless signature
- (raise (condition
- (&unsigned-commit-error (commit commit-id))
- (&message
- (message (format #f (G_ "commit ~a lacks a signature")
- (oid->string commit-id)))))))
+ (raise (make-compound-condition
+ (condition (&unsigned-commit-error (commit commit-id)))
+ (formatted-message (G_ "commit ~a lacks a signature")
+ (oid->string commit-id)))))
(let ((signature (string->openpgp-packet signature)))
(when (memq (openpgp-signature-hash-algorithm signature)
`(,@disallowed-hash-algorithms md5))
- (raise (condition
- (&unsigned-commit-error (commit commit-id))
- (&message
- (message (format #f (G_ "commit ~a has a ~a signature, \
+ (raise (make-compound-condition
+ (condition (&unsigned-commit-error (commit commit-id)))
+ (formatted-message (G_ "commit ~a has a ~a signature, \
which is not permitted")
- (oid->string commit-id)
- (openpgp-signature-hash-algorithm
- signature)))))))
+ (oid->string commit-id)
+ (openpgp-signature-hash-algorithm
+ signature)))))
(with-fluids ((%default-port-encoding "UTF-8"))
(let-values (((status data)
@@ -130,23 +129,22 @@ which is not permitted")
(match status
('bad-signature
;; There's a signature but it's invalid.
- (raise (condition
- (&signature-verification-error (commit commit-id)
- (signature signature)
- (keyring keyring))
- (&message
- (message (format #f (G_ "signature verification failed \
+ (raise (make-compound-condition
+ (condition
+ (&signature-verification-error (commit commit-id)
+ (signature signature)
+ (keyring keyring)))
+ (formatted-message (G_ "signature verification failed \
for commit ~a")
- (oid->string commit-id)))))))
+ (oid->string commit-id)))))
('missing-key
- (raise (condition
- (&missing-key-error (commit commit-id)
- (signature signature))
- (&message
- (message (format #f (G_ "could not authenticate \
+ (raise (make-compound-condition
+ (condition (&missing-key-error (commit commit-id)
+ (signature signature)))
+ (formatted-message (G_ "could not authenticate \
commit ~a: key ~a is missing")
- (oid->string commit-id)
- (openpgp-format-fingerprint data)))))))
+ (oid->string commit-id)
+ (openpgp-format-fingerprint data)))))
('good-signature data)))))))
(define (read-authorizations port)
@@ -179,13 +177,13 @@ does not specify anything, fall back to DEFAULT-AUTHORIZATIONS."
;; If COMMIT removes the '.guix-authorizations' file found in one of its
;; parents, raise an error.
(when (parents-have-authorizations-file? commit)
- (raise (condition
- (&unauthorized-commit-error (commit (commit-id commit))
- (signing-key #f))
- (&message
- (message (format #f (G_ "commit ~a attempts \
+ (raise (make-compound-condition
+ (condition
+ (&unauthorized-commit-error (commit (commit-id commit))
+ (signing-key #f)))
+ (formatted-message (G_ "commit ~a attempts \
to remove '.guix-authorizations' file")
- (oid->string (commit-id commit)))))))))
+ (oid->string (commit-id commit)))))))
(define (commit-authorizations commit)
(catch 'git-error
@@ -234,16 +232,16 @@ not specify anything, fall back to DEFAULT-AUTHORIZATIONS."
(unless (member (openpgp-public-key-fingerprint signing-key)
(commit-authorized-keys repository commit
default-authorizations))
- (raise (condition
- (&unauthorized-commit-error (commit id)
- (signing-key signing-key))
- (&message
- (message (format #f (G_ "commit ~a not signed by an authorized \
+ (raise (make-compound-condition
+ (condition
+ (&unauthorized-commit-error (commit id)
+ (signing-key signing-key)))
+ (formatted-message (G_ "commit ~a not signed by an authorized \
key: ~a")
- (oid->string id)
- (openpgp-format-fingerprint
- (openpgp-public-key-fingerprint
- signing-key))))))))
+ (oid->string id)
+ (openpgp-format-fingerprint
+ (openpgp-public-key-fingerprint
+ signing-key))))))
signing-key)
@@ -366,13 +364,11 @@ EXPECTED-SIGNER."
(commit-signing-key repository (commit-id commit) keyring)))
(unless (bytevector=? expected-signer actual-signer)
- (raise (condition
- (&message
- (message (format #f (G_ "initial commit ~a is signed by '~a' \
+ (raise (formatted-message (G_ "initial commit ~a is signed by '~a' \
instead of '~a'")
(oid->string (commit-id commit))
(openpgp-format-fingerprint actual-signer)
- (openpgp-format-fingerprint expected-signer))))))))
+ (openpgp-format-fingerprint expected-signer)))))
(define* (authenticate-repository repository start signer
#:key
generated by cgit v1.2.3 (git 2.25.4) at 2024-05-19 21:02:46 +0000