GNU bug report logs -
#41653
[PATCH 0/4] Add (guix git-authenticate) with tests
Previous Next
Reported by: Ludovic Courtès <ludo <at> gnu.org>
Date: Mon, 1 Jun 2020 21:31:01 UTC
Severity: normal
Tags: fixed, patch
Done: Ludovic Courtès <ludo <at> gnu.org>
Bug is archived. No further changes may be made.
Full log
Message #11 received at 41653 <at> debbugs.gnu.org (full text, mbox):
* guix/git-authenticate.scm (&git-authentication-error)
(&unsigned-commit-error, &unauthorized-commit-error)
(&signature-verification-error, &missing-key-error): New condition
types.
(commit-signing-key, authenticate-commit): Raise them.
---
guix/git-authenticate.scm | 44 +++++++++++++++++++++++++++++++++++++--
1 file changed, 42 insertions(+), 2 deletions(-)
diff --git a/guix/git-authenticate.scm b/guix/git-authenticate.scm
index 4217ab6d27..b73f957105 100644
--- a/guix/git-authenticate.scm
+++ b/guix/git-authenticate.scm
@@ -41,7 +41,18 @@
authenticate-commits
load-keyring-from-reference
previously-authenticated-commits
- cache-authenticated-commit))
+ cache-authenticated-commit
+
+ git-authentication-error?
+ git-authentication-error-commit
+ unsigned-commit-error?
+ unauthorized-commit-error?
+ unauthorized-commit-error-signing-key
+ signature-verification-error?
+ signature-verification-error-keyring
+ signature-verification-error-signature
+ missing-key-error?
+ missing-key-error-signature))
;;; Commentary:
;;;
@@ -52,6 +63,27 @@
;;;
;;; Code:
+(define-condition-type &git-authentication-error &error
+ git-authentication-error?
+ (commit git-authentication-error-commit))
+
+(define-condition-type &unsigned-commit-error &git-authentication-error
+ unsigned-commit-error?)
+
+(define-condition-type &unauthorized-commit-error &git-authentication-error
+ unauthorized-commit-error?
+ (signing-key unauthorized-commit-error-signing-key))
+
+(define-condition-type &signature-verification-error &git-authentication-error
+ signature-verification-error?
+ (signature signature-verification-error-signature)
+ (keyring signature-verification-error-keyring))
+
+(define-condition-type &missing-key-error &git-authentication-error
+ missing-key-error?
+ (signature missing-key-error-signature))
+
+
(define (commit-signing-key repo commit-id keyring)
"Return the OpenPGP key that signed COMMIT-ID (an OID). Raise an exception
if the commit is unsigned, has an invalid signature, or if its signing key is
@@ -64,9 +96,10 @@ not in KEYRING."
(values #f #f)))))
(unless signature
(raise (condition
+ (&unsigned-commit-error (commit commit-id))
(&message
(message (format #f (G_ "commit ~a lacks a signature")
- commit-id))))))
+ (oid->string commit-id)))))))
(let ((signature (string->openpgp-packet signature)))
(with-fluids ((%default-port-encoding "UTF-8"))
@@ -77,12 +110,17 @@ not in KEYRING."
('bad-signature
;; There's a signature but it's invalid.
(raise (condition
+ (&signature-verification-error (commit commit-id)
+ (signature signature)
+ (keyring keyring))
(&message
(message (format #f (G_ "signature verification failed \
for commit ~a")
(oid->string commit-id)))))))
('missing-key
(raise (condition
+ (&missing-key-error (commit commit-id)
+ (signature signature))
(&message
(message (format #f (G_ "could not authenticate \
commit ~a: key ~a is missing")
@@ -138,6 +176,8 @@ not specify anything, fall back to DEFAULT-AUTHORIZATIONS."
(commit-authorized-keys repository commit
default-authorizations))
(raise (condition
+ (&unauthorized-commit-error (commit id)
+ (signing-key signing-key))
(&message
(message (format #f (G_ "commit ~a not signed by an authorized \
key: ~a")
--
2.26.2
This bug report was last modified 4 years and 345 days ago.
Previous Next
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.