[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
03/09: git authenticate: Gracefully handle invalid fingerprints.
|
From: |
guix-commits |
|
Subject: |
03/09: git authenticate: Gracefully handle invalid fingerprints. |
|
Date: |
Mon, 12 Feb 2024 06:21:29 -0500 (EST) |
civodul pushed a commit to branch master
in repository guix.
commit 5bd5bb5f6ca822f76599ca6d1959f4c42d4bc222
Author: Ludovic Courtès <ludo@gnu.org>
AuthorDate: Mon Feb 12 11:41:43 2024 +0100
git authenticate: Gracefully handle invalid fingerprints.
Previously the command would crash when passed an invalid fingerprint on
the command line.
* guix/scripts/git/authenticate.scm (guix-git-authenticate)
[openpgp-fingerprint*]: New procedure.
Use it instead of ‘openpgp-fingerprint’.
Change-Id: I99e0549781382f36a684a84449b603e00b53778d
---
guix/scripts/git/authenticate.scm | 15 +++++++++++++--
1 file changed, 13 insertions(+), 2 deletions(-)
diff --git a/guix/scripts/git/authenticate.scm
b/guix/scripts/git/authenticate.scm
index 5f5d423f28..6ff5cee682 100644
--- a/guix/scripts/git/authenticate.scm
+++ b/guix/scripts/git/authenticate.scm
@@ -1,5 +1,5 @@
;;; GNU Guix --- Functional package management for GNU
-;;; Copyright © 2020 Ludovic Courtès <ludo@gnu.org>
+;;; Copyright © 2020, 2024 Ludovic Courtès <ludo@gnu.org>
;;;
;;; This file is part of GNU Guix.
;;;
@@ -27,6 +27,7 @@
#:use-module ((guix git) #:select (with-git-error-handling))
#:use-module (guix progress)
#:use-module (guix base64)
+ #:autoload (rnrs bytevectors) (bytevector-length)
#:use-module (srfi srfi-1)
#:use-module (srfi srfi-26)
#:use-module (srfi srfi-37)
@@ -133,6 +134,16 @@ Authenticate the given Git checkout using COMMIT/SIGNER as
its introduction.\n")
(define commit-short-id
(compose (cut string-take <> 7) oid->string commit-id))
+ (define (openpgp-fingerprint* str)
+ (unless (string-every (char-set-union char-set:hex-digit
+ char-set:whitespace)
+ str)
+ (leave (G_ "~a: invalid OpenPGP fingerprint~%") str))
+ (let ((fingerprint (openpgp-fingerprint str)))
+ (unless (= 20 (bytevector-length fingerprint))
+ (leave (G_ "~a: wrong length for OpenPGP fingerprint~%") str))
+ fingerprint))
+
(define (make-reporter start-commit end-commit commits)
(format (current-error-port)
(G_ "Authenticating commits ~a to ~a (~h new \
@@ -165,7 +176,7 @@ commits)...~%")
(repository-cache-key repository))))
(define stats
(authenticate-repository repository (string->oid commit)
- (openpgp-fingerprint signer)
+ (openpgp-fingerprint* signer)
#:end end
#:keyring-reference keyring
#:historical-authorizations history
- branch master updated (faeae5114c -> 5a61ce6bcf), guix-commits, 2024/02/12
- 03/09: git authenticate: Gracefully handle invalid fingerprints.,
guix-commits <=
- 01/09: services: virtual-build-machine: Add base file systems to default OS., guix-commits, 2024/02/12
- 05/09: swh: Add bindings for the “ExtID” API., guix-commits, 2024/02/12
- 06/09: swh: Add ‘swh-download-directory-by-nar-hash’., guix-commits, 2024/02/12
- 04/09: swh: ‘vault-fetch’ follows redirects., guix-commits, 2024/02/12
- 02/09: services: virtual-build-machine: Use a larger partition by default., guix-commits, 2024/02/12
- 07/09: lint: archival: Check with ‘lookup-directory-by-nar-hash’., guix-commits, 2024/02/12
- 08/09: git-download: Download from SWH by nar hash when possible., guix-commits, 2024/02/12
- 09/09: swh: Fix docstring of ‘lookup-directory’., guix-commits, 2024/02/12