diff --git a/guix/scripts/git/authenticate.scm b/guix/scripts/git/authenticate.scm index 5f5d423f28..6ff5cee682 100644 --- a/guix/scripts/git/authenticate.scm +++ b/guix/scripts/git/authenticate.scm @@ -1,5 +1,5 @@ ;;; GNU Guix --- Functional package management for GNU -;;; Copyright © 2020 Ludovic Courtès +;;; Copyright © 2020, 2024 Ludovic Courtès ;;; ;;; This file is part of GNU Guix. ;;; @@ -27,6 +27,7 @@ (define-module (guix scripts git authenticate) #:use-module ((guix git) #:select (with-git-error-handling)) #:use-module (guix progress) #:use-module (guix base64) + #:autoload (rnrs bytevectors) (bytevector-length) #:use-module (srfi srfi-1) #:use-module (srfi srfi-26) #:use-module (srfi srfi-37) @@ -133,6 +134,16 @@ (define (command-line-arguments lst) (define commit-short-id (compose (cut string-take <> 7) oid->string commit-id)) + (define (openpgp-fingerprint* str) + (unless (string-every (char-set-union char-set:hex-digit + char-set:whitespace) + str) + (leave (G_ "~a: invalid OpenPGP fingerprint~%") str)) + (let ((fingerprint (openpgp-fingerprint str))) + (unless (= 20 (bytevector-length fingerprint)) + (leave (G_ "~a: wrong length for OpenPGP fingerprint~%") str)) + fingerprint)) + (define (make-reporter start-commit end-commit commits) (format (current-error-port) (G_ "Authenticating commits ~a to ~a (~h new \ @@ -165,7 +176,7 @@ (define (make-reporter start-commit end-commit commits) (repository-cache-key repository)))) (define stats (authenticate-repository repository (string->oid commit) - (openpgp-fingerprint signer) + (openpgp-fingerprint* signer) #:end end #:keyring-reference keyring #:historical-authorizations history