From 5bd5bb5f6ca822f76599ca6d1959f4c42d4bc222 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Ludovic=20Court=C3=A8s?= <ludo@gnu.org>
Date: Mon, 12 Feb 2024 11:41:43 +0100
Subject: git authenticate: Gracefully handle invalid fingerprints.
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Previously the command would crash when passed an invalid fingerprint on
the command line.

* guix/scripts/git/authenticate.scm (guix-git-authenticate)
[openpgp-fingerprint*]: New procedure.
Use it instead of ‘openpgp-fingerprint’.

Change-Id: I99e0549781382f36a684a84449b603e00b53778d
---
 guix/scripts/git/authenticate.scm | 15 +++++++++++++--
 1 file changed, 13 insertions(+), 2 deletions(-)

(limited to 'guix/scripts')

diff --git a/guix/scripts/git/authenticate.scm b/guix/scripts/git/authenticate.scm
index 5f5d423f28..6ff5cee682 100644
--- a/guix/scripts/git/authenticate.scm
+++ b/guix/scripts/git/authenticate.scm
@@ -1,5 +1,5 @@
 ;;; GNU Guix --- Functional package management for GNU
-;;; Copyright © 2020 Ludovic Courtès <ludo@gnu.org>
+;;; Copyright © 2020, 2024 Ludovic Courtès <ludo@gnu.org>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -27,6 +27,7 @@
   #:use-module ((guix git) #:select (with-git-error-handling))
   #:use-module (guix progress)
   #:use-module (guix base64)
+  #:autoload   (rnrs bytevectors) (bytevector-length)
   #:use-module (srfi srfi-1)
   #:use-module (srfi srfi-26)
   #:use-module (srfi srfi-37)
@@ -133,6 +134,16 @@ Authenticate the given Git checkout using COMMIT/SIGNER as its introduction.\n")
   (define commit-short-id
     (compose (cut string-take <> 7) oid->string commit-id))
 
+  (define (openpgp-fingerprint* str)
+    (unless (string-every (char-set-union char-set:hex-digit
+                                          char-set:whitespace)
+                          str)
+      (leave (G_ "~a: invalid OpenPGP fingerprint~%") str))
+    (let ((fingerprint (openpgp-fingerprint str)))
+      (unless (= 20 (bytevector-length fingerprint))
+        (leave (G_ "~a: wrong length for OpenPGP fingerprint~%") str))
+      fingerprint))
+
   (define (make-reporter start-commit end-commit commits)
     (format (current-error-port)
             (G_ "Authenticating commits ~a to ~a (~h new \
@@ -165,7 +176,7 @@ commits)...~%")
                                 (repository-cache-key repository))))
           (define stats
             (authenticate-repository repository (string->oid commit)
-                                     (openpgp-fingerprint signer)
+                                     (openpgp-fingerprint* signer)
                                      #:end end
                                      #:keyring-reference keyring
                                      #:historical-authorizations history
-- 
cgit v1.2.3