Commit graph

22 commits

Author SHA1 Message Date
Ludovic Courtès
41f443c90a
Add (guix git-authenticate).
* build-aux/git-authenticate.scm (commit-signing-key)
(read-authorizations, commit-authorized-keys, authenticate-commit)
(load-keyring-from-blob, load-keyring-from-reference)
(authenticate-commits, authenticated-commit-cache-file)
(previously-authenticated-commits, cache-authenticated-commit): Remove.
* build-aux/git-authenticate.scm (git-authenticate): Pass
 #:default-authorizations to 'authenticate-commits'.
* guix/git-authenticate.scm: New file, with code taken from
'build-aux/git-authenticate.scm'.  Remove references to
'%historical-authorized-signing-keys' and add #:default-authorizations
parameter instead.
* Makefile.am (MODULES): Add it.
(authenticate): Depend on guix/git-authenticate.go.
2020-06-05 22:54:06 +02:00
Ludovic Courtès
15534de8b7
git-authenticate: Rename '%committers' to '%historical-committers'.
* build-aux/git-authenticate.scm (%committers): Rename to...
(%historical-committers): ... this.
(%authorized-signing-keys): Rename to...
(%historical-authorized-signing-keys): ... this.
(authenticate-commit): Adjust accordingly.
2020-06-02 18:55:53 +02:00
Ludovic Courtès
8d65a71e5f
git-authenticate: Use the 'origin/keyring' branch by default.
Previously one would need to have a worktree for the local 'keyring'
branch.

Reported by reepca and bricewge on #guix.

* build-aux/git-authenticate.scm (load-keyring-from-reference): Use
'branch-lookup' instead of 'reference-lookup'.  Add "origin/" to
REFERENCE.
(authenticate-commits): Have #:keyring-reference default to "keyring".
2020-05-07 12:55:14 +02:00
Ludovic Courtès
aea6ab2f4c
git-authenticate: Add missing import.
* build-aux/git-authenticate.scm: Import (guix utils), used by the cache
handling code and inadvertently removed in
041dc3a9c0.
2020-05-04 11:08:42 +02:00
Ludovic Courtès
041dc3a9c0
git-authenticate: Load the keyring from the repository.
* build-aux/git-authenticate.scm (load-keyring-from-blob)
(load-keyring-from-reference): New procedures.
(authenticate-commits): Add #:keyring-reference and use
'load-keyring-from-reference'.
2020-05-04 09:56:13 +02:00
Ludovic Courtès
92db1036b7
git-authenticate: Load the list of authorized keys from the tree.
* build-aux/git-authenticate.scm (read-authorizations)
(commit-authorized-keys): New procedures.
(authenticate-commit): Use it instead of %AUTHORIZED-SIGNING-KEYS.
2020-05-04 09:56:13 +02:00
Ludovic Courtès
051a45e642
git-authenticate: Use (guix openpgp).
It can now authenticate 14K+ commits in 23s instead of 4mn20.

* build-aux/git-authenticate.scm (%authorized-signing-keys): Turn
fingerprints into bytevectors.
(with-temporary-files): Remove.
(commit-signing-key): Add 'keyring' parameter.  Use
'string->openpgp-packet' and 'verify-openpgp-signature' instead of (guix
gnupg) procedures.
(authenticate-commit): Add 'keyring' parameter.  Pass it to
'commit-signing-key'.  Adjust to SIGNING-KEY being an <openpgp-public-key>.
(authenticate-commits): Remove 'parameterize'.  Load keyring with
'get-openpgp-keyring'.
(git-authenticate): When printing stats, adjust to SIGNER being an
<openpgp-public-key>.
2020-05-04 09:56:13 +02:00
Tobias Geerinckx-Rice
aa78c596c9
gnupg: Accept revoked keys.
I (nckx) have revoked all RSA subkeys, in favour of my older and
freshly-refreshed ECDSA ones.  This was merely a precaution: to my
knowledge all my RSA private keys have been carefully destroyed and
were never compromised.  This commit keeps ‘make authenticate’ happy.

* guix/gnupg.scm (revkeysig-rx): New variable for revoked keys.
(gnupg-verify): Parse it.
(gnupg-status-good-signature?): Accept it as ‘good’ for our purposes.
* build-aux/git-authenticate.scm (%committers): Clarify nckx's subkeys.

Signed-off-by: Ludovic Courtès <ludo@gnu.org>
2020-04-17 23:36:47 +02:00
Amin Bandali
c2cf286c62
Update email address and Savannah handle for Amin Bandali.
* .mailmap, gnu/local.mk, gnu/packages/emacs-xyz.scm, gnu/packages/emacs.scm,
gnu/packages/fonts.scm, gnu/packages/fpga.scm, gnu/packages/lean.scm,
gnu/packages/maths.scm, gnu/packages/pulseaudio.scm: Update my email address.
* build-aux/git-authenticate.scm: Update my Savannah handle.
2020-03-28 16:30:07 -04:00
Ludovic Courtès
a1363a363e
git-authenticate: Add roelj's new key.
This is a followup to cc51c03ff8.

* build-aux/git-authenticate.scm (%committers): Add roelj's new key.
2020-03-09 23:52:07 +01:00
Ludovic Courtès
2e4011465b
git-authenticate: Remove duplicate entry.
* build-aux/git-authenticate.scm (%committers): Remove duplicate of snape.
2020-02-26 22:11:19 +01:00
Ludovic Courtès
a73a530df2
git-authenticate: Add sub-key for thomasd.
This is a followup to commit 7dc0f1d5a8,
signed with sub-key "3D2C DA58 819C 08C2 A649  D43D 5C3B 064C 724A 5726".

* build-aux/git-authenticate.scm (%committers): Provide fingerprint of
subkey for thomasd.
2020-02-26 22:09:44 +01:00
Ludovic Courtès
447f834263
git-authenticate: Store the sub-key fingerprint of mab.
This is a followup to 76a8dc3ee2, signed
with this sub-key.

* build-aux/git-authenticate.scm (%committers): Store the sub-key
fingerprint of mab.
2020-02-22 00:48:27 +01:00
Ludovic Courtès
56893b9bbf
git-authenticate: Add niedzejkob to the list of committers.
* build-aux/git-authenticate.scm (%committers): Add niedzejkob.
2020-02-13 23:32:19 +01:00
Ludovic Courtès
d5a9641413
git-authenticate: Add mab to the list of committers.
* build-aux/git-authenticate.scm (%committers): Add mab.
2020-02-11 12:33:35 +01:00
Ludovic Courtès
cd903b0443
git-authenticate: Add roptat's new key.
This is a followup to 2cbede5935.

* build-aux/git-authenticate.scm (%committers): Add roptat's new key.
2020-01-27 23:03:07 +01:00
Ludovic Courtès
b2504b1205
git-authenticate: Adjust atheia's key info.
This is a followup to 05f8a143e4.

* build-aux/git-authenticate.scm (%committers): Adjust atheia's key
info.
2020-01-17 14:43:25 +01:00
Ludovic Courtès
05f8a143e4
git-authenticate: Add new key for atheia.
* build-aux/git-authenticate.scm (%committers): Add atheia's 2nd key, as
seen in commit df18ea6f27.
2020-01-17 14:24:48 +01:00
Ludovic Courtès
62b9d3d4d5
git-authenticate: Add daviwil to the list of committers.
This is a followup to a587bb23b7, first
commit signed by daviwil.

* build-aux/git-authenticate.scm (%committers): Add "daviwil".
2020-01-08 23:34:18 +01:00
Ludovic Courtès
1e30d4e0df
git-authenticate: Add glv to the list of committers.
This is a followup to 92fcf9856f, first
commit signed by glv.

* build-aux/git-authenticate.scm (%committers): Add glv.
2019-12-29 18:24:54 +01:00
Ludovic Courtès
787766ed1e
git-authenticate: Keep a local cache of previously-authenticated commits.
A list of already-authenticated commits is kept in
~/.cache/guix/authentication.  This speeds up subsequent "make
authenticate" invocations.

* build-aux/git-authenticate.scm (authenticated-commit-cache-file)
(previously-authenticated-commits, cache-authenticated-commit): New
procedures.
(git-authenticate): Define 'authenticated-commits' and pass it as a
third argument to 'commit-difference'.  Add call to
'cache-authenticated-commit'.  Don't display signing stats when STATS is
null.
2019-12-27 13:52:49 +01:00
Ludovic Courtès
1e43ab2c03
Add 'build-aux/git-authenticate.scm'.
* build-aux/git-authenticate.scm: New file.
* Makefile.am (EXTRA_DIST): Add it.
(commit_v1_0_1): New variable.
(authenticate): New target.
2019-12-27 13:52:49 +01:00