GNU bug report logs - #38320
Cuirass: Allow to use authenticated Git repositories as inputs

Previous Next

Package: guix;

Reported by: Clément Lassieur <clement <at> lassieur.org>

Date: Fri, 22 Nov 2019 09:52:01 UTC

Severity: wishlist

Full log

Message #52 received at 38320 <at> debbugs.gnu.org (full text, mbox):

From: Ludovic Courtès <ludo <at> gnu.org>
To: Mathieu Othacehe <m.othacehe <at> gmail.com>
Cc: 38320 <at> debbugs.gnu.org, Erik Edrosa <erik.edrosa <at> gmail.com>,
 Clément Lassieur <clement <at> lassieur.org>
Subject: Re: bug#38320: Cuirass: Allow to use authenticated Git repositories
 as inputs
Date: Tue, 04 Feb 2020 13:58:19 +0100

Hello!

Mathieu Othacehe <m.othacehe <at> gmail.com> skribis:

> Here's a small patch to (guix git) so that cloning/fetching from ssh
> authenticated repositories is supported using ssh agent.
>
> I tested:
>
> * guix pull --url=git <at> gitlab.com:mothacehe/private.git
> * guix pull with the following channel configuration
>
> (cons* (channel
>         (name 'gitlab)
>         (url "git <at> gitlab.com:mothacehe/test-channel.git"))
>        %default-channels)

Woohoo!  Really nice.

> This works fine, but we still need to see how it works for Cuirass
> inputs and (guix git-download) module.

Ah yes, ‘git-fetch’.

> From ae380c15f1c37e2c94e0954975f5f712e76340ac Mon Sep 17 00:00:00 2001
> From: Mathieu Othacehe <m.othacehe <at> gmail.com>
> Date: Mon, 3 Feb 2020 18:05:02 +0100
> Subject: [PATCH] git: Add ssh authentication support.
>
> SSH agent authentication method is used.
>
> * guix/git.scm (auth-method): New variable,
> (clone*): pass previous variable in clone options,
> (update-cached-checkout): pass previous variable in fetch options.

[...]

> +;; Default authentication method.
> +(define auth-method (%make-auth-ssh-agent))
> +
>  (define (clone* url directory)
>    "Clone git repository at URL into DIRECTORY.  Upon failure,
>  make sure no empty directory is left behind."
> @@ -119,7 +122,9 @@ make sure no empty directory is left behind."
>        ;; value in Guile-Git: <https://bugs.gnu.org/29238>.
>        (if (module-defined? (resolve-interface '(git))
>                             'clone-init-options)
> -          (clone url directory (clone-init-options))
> +          (clone url directory
> +                 (make-clone-options
> +                  #:fetch-options (make-fetch-options auth-method)))
>            (clone url directory)))
>      (lambda _
>        (false-if-exception (rmdir directory)))))
> @@ -281,7 +286,8 @@ When RECURSIVE? is true, check out submodules as well, if any."
>       ;; Only fetch remote if it has not been cloned just before.
>       (when (and cache-exists?
>                  (not (reference-available? repository ref)))
> -       (remote-fetch (remote-lookup repository "origin")))
> +       (remote-fetch (remote-lookup repository "origin")
> +                     #:fetch-options (make-fetch-options auth-method)))

It LGTM, and I like that it’s actually a small patch.

Until now, we had conditionals like the ‘module-defined?’ thing above to
allow for a smooth transition from older Guile-Git versions.  Do we want
to keep doing that?

If we do, then perhaps you should arrange so that uses of the new
Guile-Git APIs that appeared in 0.3.0 are conditional.

I’d say we should do it if it’s easy to do and not too intrusive.
Otherwise, let’s just require 0.3.0 and be done with it.  (‘guix pull’
gets 0.3.0 anyway.)

Thoughts?

Ludo’.
This bug report was last modified 5 years and 127 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.