mirror of
https://git.in.rschanz.org/ryan77627/guix.git
synced 2025-01-11 21:59:08 -05:00
channels: Dependencies listed in '.guix-channel' can have an introduction.
Suggested by Ricardo Wurmus and Simon Tournier. * guix/channels.scm (sexp->channel-introduction): New procedure. (read-channel-metadata): Use it. (profile-channels)[sexp->channel-introduction]: Remove. * tests/channels.scm ("latest-channel-instances, authenticate dependency"): New test. * doc/guix.texi (Channels)[Declaring Channel Dependencies]: Augment example.
This commit is contained in:
parent
884df77640
commit
d774c7b121
3 changed files with 70 additions and 10 deletions
|
@ -4160,7 +4160,15 @@ The meta-data file should contain a simple S-expression like this:
|
||||||
(dependencies
|
(dependencies
|
||||||
(channel
|
(channel
|
||||||
(name some-collection)
|
(name some-collection)
|
||||||
(url "https://example.org/first-collection.git"))
|
(url "https://example.org/first-collection.git")
|
||||||
|
|
||||||
|
;; The 'introduction' bit below is optional: you would
|
||||||
|
;; provide it for dependencies that can be authenticated.
|
||||||
|
(introduction
|
||||||
|
(channel-introduction
|
||||||
|
(version 0)
|
||||||
|
(commit "a8883b58dc82e167c96506cf05095f37c2c2c6cd")
|
||||||
|
(signer "CABB A931 C0FF EEC6 900D 0CFB 090B 1199 3D9A EBB5"))))
|
||||||
(channel
|
(channel
|
||||||
(name some-other-collection)
|
(name some-other-collection)
|
||||||
(url "https://example.org/second-collection.git")
|
(url "https://example.org/second-collection.git")
|
||||||
|
|
|
@ -223,6 +223,14 @@ (define (channel-reference channel)
|
||||||
(#f `(branch . ,(channel-branch channel)))
|
(#f `(branch . ,(channel-branch channel)))
|
||||||
(commit `(commit . ,(channel-commit channel)))))
|
(commit `(commit . ,(channel-commit channel)))))
|
||||||
|
|
||||||
|
(define sexp->channel-introduction
|
||||||
|
(match-lambda
|
||||||
|
(('channel-introduction ('version 0)
|
||||||
|
('commit commit) ('signer signer)
|
||||||
|
_ ...)
|
||||||
|
(make-channel-introduction commit (openpgp-fingerprint signer)))
|
||||||
|
(x #f)))
|
||||||
|
|
||||||
(define (read-channel-metadata port)
|
(define (read-channel-metadata port)
|
||||||
"Read from PORT channel metadata in the format expected for the
|
"Read from PORT channel metadata in the format expected for the
|
||||||
'.guix-channel' file. Return a <channel-metadata> record, or raise an error
|
'.guix-channel' file. Return a <channel-metadata> record, or raise an error
|
||||||
|
@ -250,7 +258,9 @@ (define (read-channel-metadata port)
|
||||||
(name name)
|
(name name)
|
||||||
(branch branch)
|
(branch branch)
|
||||||
(url url)
|
(url url)
|
||||||
(commit (get 'commit))))))
|
(commit (get 'commit))
|
||||||
|
(introduction (and=> (get 'introduction)
|
||||||
|
sexp->channel-introduction))))))
|
||||||
dependencies)
|
dependencies)
|
||||||
news-file
|
news-file
|
||||||
keyring-reference
|
keyring-reference
|
||||||
|
@ -948,14 +958,6 @@ (define* (latest-channel-derivation #:optional (channels %default-channels)
|
||||||
(define (profile-channels profile)
|
(define (profile-channels profile)
|
||||||
"Return the list of channels corresponding to entries in PROFILE. If
|
"Return the list of channels corresponding to entries in PROFILE. If
|
||||||
PROFILE is not a profile created by 'guix pull', return the empty list."
|
PROFILE is not a profile created by 'guix pull', return the empty list."
|
||||||
(define sexp->channel-introduction
|
|
||||||
(match-lambda
|
|
||||||
(('channel-introduction ('version 0)
|
|
||||||
('commit commit) ('signer signer)
|
|
||||||
_ ...)
|
|
||||||
(make-channel-introduction commit (openpgp-fingerprint signer)))
|
|
||||||
(x #f)))
|
|
||||||
|
|
||||||
(filter-map (lambda (entry)
|
(filter-map (lambda (entry)
|
||||||
(match (assq 'source (manifest-entry-properties entry))
|
(match (assq 'source (manifest-entry-properties entry))
|
||||||
(('source ('repository ('version 0)
|
(('source ('repository ('version 0)
|
||||||
|
|
|
@ -536,4 +536,54 @@ (define (find-commit* message)
|
||||||
#:keyring-reference-prefix "")
|
#:keyring-reference-prefix "")
|
||||||
'failed)))))))
|
'failed)))))))
|
||||||
|
|
||||||
|
(unless (gpg+git-available?) (test-skip 1))
|
||||||
|
(test-equal "latest-channel-instances, authenticate dependency"
|
||||||
|
#t
|
||||||
|
;; Make sure that a channel dependency that has an introduction is
|
||||||
|
;; authenticated. This test checks that an authentication error is raised
|
||||||
|
;; as it should when authenticating the dependency.
|
||||||
|
(with-fresh-gnupg-setup (list %ed25519-public-key-file
|
||||||
|
%ed25519-secret-key-file)
|
||||||
|
(with-temporary-git-repository dependency-directory
|
||||||
|
`((add ".guix-channel"
|
||||||
|
,(object->string
|
||||||
|
'(channel (version 0)
|
||||||
|
(keyring-reference "master"))))
|
||||||
|
(add ".guix-authorizations"
|
||||||
|
,(object->string
|
||||||
|
`(authorizations (version 0) ())))
|
||||||
|
(add "signer.key" ,(call-with-input-file %ed25519-public-key-file
|
||||||
|
get-string-all))
|
||||||
|
(commit "zeroth commit"
|
||||||
|
(signer ,(key-fingerprint %ed25519-public-key-file)))
|
||||||
|
(add "foo.txt" "evil")
|
||||||
|
(commit "unsigned commit"))
|
||||||
|
(with-repository dependency-directory dependency
|
||||||
|
(let* ((commit0 (find-commit dependency "zeroth"))
|
||||||
|
(commit1 (find-commit dependency "unsigned"))
|
||||||
|
(intro `(channel-introduction
|
||||||
|
(version 0)
|
||||||
|
(commit ,(commit-id-string commit0))
|
||||||
|
(signer ,(openpgp-format-fingerprint
|
||||||
|
(openpgp-public-key-fingerprint
|
||||||
|
(read-openpgp-packet
|
||||||
|
%ed25519-public-key-file)))))))
|
||||||
|
(with-temporary-git-repository directory
|
||||||
|
`((add ".guix-channel"
|
||||||
|
,(object->string
|
||||||
|
`(channel (version 0)
|
||||||
|
(dependencies
|
||||||
|
(channel
|
||||||
|
(name test-channel)
|
||||||
|
(url ,dependency-directory)
|
||||||
|
(introduction ,intro))))))
|
||||||
|
(commit "single commit"))
|
||||||
|
(let ((channel (channel (name 'test) (url directory))))
|
||||||
|
(guard (c ((unsigned-commit-error? c)
|
||||||
|
(oid=? (git-authentication-error-commit c)
|
||||||
|
(commit-id commit1))))
|
||||||
|
(with-store store
|
||||||
|
(latest-channel-instances store (list channel))
|
||||||
|
'failed)))))))))
|
||||||
|
|
||||||
(test-end "channels")
|
(test-end "channels")
|
||||||
|
|
Loading…
Reference in a new issue