mirror of
https://git.in.rschanz.org/ryan77627/guix.git
synced 2025-01-11 13:49:23 -05:00
maint: "make authenticate" behaves like 'guix pull' by default.
* build-aux/git-authenticate.scm (%use-historical-authorizations?) (%introductory-commit): New variables. * build-aux/git-authenticate.scm (git-authenticate): Use pass the empty list as #:default-authorizations when %USE-HISTORICAL-AUTHORIZATIONS? is false.
This commit is contained in:
parent
838ac881ec
commit
619972f7b5
1 changed files with 24 additions and 2 deletions
|
@ -218,6 +218,17 @@ (define %historical-authorized-signing-keys
|
|||
(string-downcase (string-filter char-set:graphic fingerprint)))))
|
||||
%historical-committers))
|
||||
|
||||
(define %use-historical-authorizations?
|
||||
;; Whether to allow authentication of past commits using
|
||||
;; %HISTORICAL-AUTHORIZED-SIGNING-KEYS for when '.guix-authorizations' was
|
||||
;; missing.
|
||||
(getenv "GUIX_USE_HISTORICAL_AUTHORIZATIONS"))
|
||||
|
||||
(define %introductory-commit
|
||||
;; This is the commit that appears in the official 'guix' channel
|
||||
;; introduction. XXX: Keep in sync with (guix channels)!
|
||||
"9edb3f66fd807b096b48283debdcddccfea34bad")
|
||||
|
||||
(define %commits-with-bad-signature
|
||||
;; Commits with a known-bad signature.
|
||||
'("6a34f4ccc8a5d4a48e25ad3c9c512f8634928b91")) ;2016-12-29
|
||||
|
@ -242,7 +253,10 @@ (define repository
|
|||
(match args
|
||||
((_ start end)
|
||||
(define start-commit
|
||||
(commit-lookup repository (string->oid start)))
|
||||
(commit-lookup repository
|
||||
(string->oid (if %use-historical-authorizations?
|
||||
start
|
||||
%introductory-commit))))
|
||||
(define end-commit
|
||||
(commit-lookup repository (string->oid end)))
|
||||
|
||||
|
@ -263,6 +277,14 @@ (define commits
|
|||
(define reporter
|
||||
(progress-reporter/bar (length commits)))
|
||||
|
||||
(define historical-authorizations
|
||||
;; List of authorizations in effect before '.guix-authorizations' was
|
||||
;; introduced. By default, assume there were no authorizations; this
|
||||
;; is what 'guix pull' does.
|
||||
(if %use-historical-authorizations?
|
||||
%historical-authorized-signing-keys
|
||||
'()))
|
||||
|
||||
(format #t (G_ "Authenticating ~a to ~a (~a commits)...~%")
|
||||
(commit-short-id start-commit)
|
||||
(commit-short-id end-commit)
|
||||
|
@ -272,7 +294,7 @@ (define reporter
|
|||
(lambda (report)
|
||||
(authenticate-commits repository commits
|
||||
#:default-authorizations
|
||||
%historical-authorized-signing-keys
|
||||
historical-authorizations
|
||||
#:report-progress report)))))
|
||||
(cache-authenticated-commit "channels/guix"
|
||||
(oid->string (commit-id end-commit)))
|
||||
|
|
Loading…
Reference in a new issue