git authenticate: Gracefully handle invalid fingerprints.

Previously the command would crash when passed an invalid fingerprint on the command line. * guix/scripts/git/authenticate.scm (guix-git-authenticate) [openpgp-fingerprint*]: New procedure. Use it instead of ‘openpgp-fingerprint’. Change-Id: I99e0549781382f36a684a84449b603e00b53778d
2024-02-12 11:41:43 +01:00 · 2024-02-12 11:41:43 +01:00 · 5bd5bb5f6c
parent e0ade40c2b
commit 5bd5bb5f6c
1 changed files with 13 additions and 2 deletions
--- a/guix/scripts/git/authenticate.scm
+++ b/guix/scripts/git/authenticate.scm
@ -1,5 +1,5 @@
 ;;; GNU Guix --- Functional package management for GNU
-;;; Copyright © 2020 Ludovic Courtès <ludo@gnu.org>
+;;; Copyright © 2020, 2024 Ludovic Courtès <ludo@gnu.org>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@ -27,6 +27,7 @@
  #:use-module ((guix git) #:select (with-git-error-handling))
  #:use-module (guix progress)
  #:use-module (guix base64)
+  #:autoload   (rnrs bytevectors) (bytevector-length)
  #:use-module (srfi srfi-1)
  #:use-module (srfi srfi-26)
  #:use-module (srfi srfi-37)
@ -133,6 +134,16 @@ Authenticate the given Git checkout using COMMIT/SIGNER as its introduction.\n")
  (define commit-short-id
    (compose (cut string-take <> 7) oid->string commit-id))

+  (define (openpgp-fingerprint* str)
+    (unless (string-every (char-set-union char-set:hex-digit
+                                          char-set:whitespace)
+                          str)
+      (leave (G_ "~a: invalid OpenPGP fingerprint~%") str))
+    (let ((fingerprint (openpgp-fingerprint str)))
+      (unless (= 20 (bytevector-length fingerprint))
+        (leave (G_ "~a: wrong length for OpenPGP fingerprint~%") str))
+      fingerprint))
+
  (define (make-reporter start-commit end-commit commits)
    (format (current-error-port)
            (G_ "Authenticating commits ~a to ~a (~h new \
@ -165,7 +176,7 @@ commits)...~%")
                                (repository-cache-key repository))))
          (define stats
            (authenticate-repository repository (string->oid commit)
-                                     (openpgp-fingerprint signer)
+                                     (openpgp-fingerprint* signer)
                                     #:end end
                                     #:keyring-reference keyring
                                     #:historical-authorizations history