maint: "make authenticate" behaves like 'guix pull' by default.
* build-aux/git-authenticate.scm (%use-historical-authorizations?) (%introductory-commit): New variables. * build-aux/git-authenticate.scm (git-authenticate): Use pass the empty list as #:default-authorizations when %USE-HISTORICAL-AUTHORIZATIONS? is false.master
parent
838ac881ec
commit
619972f7b5
|
@ -218,6 +218,17 @@
|
||||||
(string-downcase (string-filter char-set:graphic fingerprint)))))
|
(string-downcase (string-filter char-set:graphic fingerprint)))))
|
||||||
%historical-committers))
|
%historical-committers))
|
||||||
|
|
||||||
|
(define %use-historical-authorizations?
|
||||||
|
;; Whether to allow authentication of past commits using
|
||||||
|
;; %HISTORICAL-AUTHORIZED-SIGNING-KEYS for when '.guix-authorizations' was
|
||||||
|
;; missing.
|
||||||
|
(getenv "GUIX_USE_HISTORICAL_AUTHORIZATIONS"))
|
||||||
|
|
||||||
|
(define %introductory-commit
|
||||||
|
;; This is the commit that appears in the official 'guix' channel
|
||||||
|
;; introduction. XXX: Keep in sync with (guix channels)!
|
||||||
|
"9edb3f66fd807b096b48283debdcddccfea34bad")
|
||||||
|
|
||||||
(define %commits-with-bad-signature
|
(define %commits-with-bad-signature
|
||||||
;; Commits with a known-bad signature.
|
;; Commits with a known-bad signature.
|
||||||
'("6a34f4ccc8a5d4a48e25ad3c9c512f8634928b91")) ;2016-12-29
|
'("6a34f4ccc8a5d4a48e25ad3c9c512f8634928b91")) ;2016-12-29
|
||||||
|
@ -242,7 +253,10 @@
|
||||||
(match args
|
(match args
|
||||||
((_ start end)
|
((_ start end)
|
||||||
(define start-commit
|
(define start-commit
|
||||||
(commit-lookup repository (string->oid start)))
|
(commit-lookup repository
|
||||||
|
(string->oid (if %use-historical-authorizations?
|
||||||
|
start
|
||||||
|
%introductory-commit))))
|
||||||
(define end-commit
|
(define end-commit
|
||||||
(commit-lookup repository (string->oid end)))
|
(commit-lookup repository (string->oid end)))
|
||||||
|
|
||||||
|
@ -263,6 +277,14 @@
|
||||||
(define reporter
|
(define reporter
|
||||||
(progress-reporter/bar (length commits)))
|
(progress-reporter/bar (length commits)))
|
||||||
|
|
||||||
|
(define historical-authorizations
|
||||||
|
;; List of authorizations in effect before '.guix-authorizations' was
|
||||||
|
;; introduced. By default, assume there were no authorizations; this
|
||||||
|
;; is what 'guix pull' does.
|
||||||
|
(if %use-historical-authorizations?
|
||||||
|
%historical-authorized-signing-keys
|
||||||
|
'()))
|
||||||
|
|
||||||
(format #t (G_ "Authenticating ~a to ~a (~a commits)...~%")
|
(format #t (G_ "Authenticating ~a to ~a (~a commits)...~%")
|
||||||
(commit-short-id start-commit)
|
(commit-short-id start-commit)
|
||||||
(commit-short-id end-commit)
|
(commit-short-id end-commit)
|
||||||
|
@ -272,7 +294,7 @@
|
||||||
(lambda (report)
|
(lambda (report)
|
||||||
(authenticate-commits repository commits
|
(authenticate-commits repository commits
|
||||||
#:default-authorizations
|
#:default-authorizations
|
||||||
%historical-authorized-signing-keys
|
historical-authorizations
|
||||||
#:report-progress report)))))
|
#:report-progress report)))))
|
||||||
(cache-authenticated-commit "channels/guix"
|
(cache-authenticated-commit "channels/guix"
|
||||||
(oid->string (commit-id end-commit)))
|
(oid->string (commit-id end-commit)))
|
||||||
|
|
Reference in New Issue