GNU bug report logs - #40565
make authenticate fails: commit 77704cb13e5bebf412297dab764a00849a3cfdc0: key A0C5E3522EF8EF5C64CDB7F0FD73CAC719D32566 is missing

Previous Next

Package: guix;

Reported by: elaexuotee <at> wilsonb.com

Date: Sun, 12 Apr 2020 03:00:02 UTC

Severity: important

Done: Ludovic Courtès <ludo <at> gnu.org>

Bug is archived. No further changes may be made.

Full log

Message #32 received at 40565 <at> debbugs.gnu.org (full text, mbox):

From: Ludovic Courtès <ludo <at> gnu.org>
To: Tobias Geerinckx-Rice <me <at> tobias.gr>
Cc: 40565 <at> debbugs.gnu.org
Subject: Re: bug#40565: [PATCH 1/1] git-authenticate: Fetch keyrings from
 Savannah.
Date: Sun, 19 Apr 2020 13:15:12 +0200

Hi Tobias,

Tobias Geerinckx-Rice <me <at> tobias.gr> skribis:

> * build-aux/git-authenticate.scm (%project-keyring-uris)
> (import-keyring-uri, import-project-keys): New variables.
> (authenticate-commits): Import known project keys before authenticating.
> * guix/gnupg.scm (ensure-file): New procedure.
> (gnupg-receive-keys): Use it.
> (gnupg-import): New exported procedure.

The patch LGTM but it doesn’t apply for some reason.  Could you take a
look?

> +;; XXX HTTP here is OK but is there any realistic scenario where TLS won't work?
> +(define %project-keyring-uris

I’m not sure what the XXX comment means.  We’re fetching over HTTPS
anyway, right?

> +(define* (import-keyring-uri uri)
> +  (let* ((port (http-fetch uri))
> +         (keyring (get-bytevector-all port)))
> +    (close-port port)
> +    (gnupg-import keyring)))

IWBN if ‘gnupg-import’ could take an input port instead of a bytevector.

It’d be great if you could add docstrings for top-level procedures.

> +(define* (gnupg-import keys
> +                       #:optional (keyring (current-keyring)))
> +  "Add all KEYS in a bytevector produced by ‘gpg --export’ to KEYRING."
> +  (ensure-file keyring)
> +  (let ((pipe (open-pipe* OPEN_WRITE
> +                          (%gpg-command) "--import" "--batch" "--quiet"
> +                          "--no-default-keyring" "--keyring" keyring)))
> +    (put-bytevector pipe keys)
> +    (close-port pipe)))

So what about changing ‘keys’ to ‘port’, and then you would:

  (dump-port port pipe)

?

Thanks for addressing this!

Ludo’.
This bug report was last modified 5 years and 16 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.