05/08: channels: Consider the current channel commit as authentic.

guix-commits

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

05/08: channels: Consider the current channel commit as authentic.

From:	guix-commits
Subject:	05/08: channels: Consider the current channel commit as authentic.
Date:	Thu, 4 Feb 2021 03:44:14 -0500 (EST)

civodul pushed a commit to branch master
in repository guix.

commit 29009fdb2d3636eafa77b406da2430b08a22d47e
Author: Ludovic Courtès <ludo@gnu.org>
AuthorDate: Tue Feb 2 09:37:33 2021 +0100

    channels: Consider the current channel commit as authentic.
    
    Fixes <https://bugs.gnu.org/45895>.
    
    When the ~/.cache/guix/authentication is empty, this change allows
    authentication to start at the current commit, as shown by 'guix
    describe', instead of starting from the introductory commit, which would
    take more and more time (there's currently 18K commits per year).
    
    * guix/git-authenticate.scm (authenticate-repository): Add 
#:authentic-commits.
    [authenticated-commits]: Append it.
    * guix/channels.scm (authenticate-channel)[authentic-commits]: New
    variable.  Pass it to 'authenticate-repository'.
---
 guix/channels.scm         | 14 ++++++++++++++
 guix/git-authenticate.scm |  9 ++++++---
 2 files changed, 20 insertions(+), 3 deletions(-)

diff --git a/guix/channels.scm b/guix/channels.scm
index 3cc3b4c..05226e7 100644
--- a/guix/channels.scm
+++ b/guix/channels.scm
@@ -47,6 +47,7 @@
   #:use-module (srfi srfi-26)
   #:use-module (srfi srfi-34)
   #:use-module (srfi srfi-35)
+  #:autoload   (guix describe) (current-channels) ;XXX: circular dep
   #:autoload   (guix self) (whole-package make-config.scm)
   #:autoload   (guix inferior) (gexp->derivation-in-inferior) ;FIXME: circular 
dep
   #:autoload   (guix quirks) (%quirks %patches applicable-patch? apply-patch)
@@ -344,6 +345,18 @@ commits)...~%")
 
     (progress-reporter/bar (length commits)))
 
+  (define authentic-commits
+    ;; Consider the currently-used commit of CHANNEL as authentic so
+    ;; authentication can skip it and all its closure.
+    (match (find (lambda (candidate)
+                   (eq? (channel-name candidate) (channel-name channel)))
+                 (current-channels))
+      (#f '())
+      (channel
+       (if (channel-commit channel)
+           (list (channel-commit channel))
+           '()))))
+
   ;; XXX: Too bad we need to re-open CHECKOUT.
   (with-repository checkout repository
     (authenticate-repository repository
@@ -354,6 +367,7 @@ commits)...~%")
                              #:keyring-reference
                              (string-append keyring-reference-prefix
                                             keyring-reference)
+                             #:authentic-commits authentic-commits
                              #:make-reporter make-reporter
                              #:cache-key cache-key)))
 
diff --git a/guix/git-authenticate.scm b/guix/git-authenticate.scm
index 4ab5419..ab3fcd8 100644
--- a/guix/git-authenticate.scm
+++ b/guix/git-authenticate.scm
@@ -1,5 +1,5 @@
 ;;; GNU Guix --- Functional package management for GNU
-;;; Copyright © 2019, 2020 Ludovic Courtès <ludo@gnu.org>
+;;; Copyright © 2019, 2020, 2021 Ludovic Courtès <ludo@gnu.org>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -376,12 +376,14 @@ instead of '~a'")
                                   (cache-key (repository-cache-key repository))
                                   (end (reference-target
                                         (repository-head repository)))
+                                  (authentic-commits '())
                                   (historical-authorizations '())
                                   (make-reporter
                                    (const progress-reporter/silent)))
   "Authenticate REPOSITORY up to commit END, an OID.  Authentication starts
 with commit START, an OID, which must be signed by SIGNER; an exception is
-raised if that is not the case.  Return an alist mapping OpenPGP public keys
+raised if that is not the case.  Commits listed in AUTHENTIC-COMMITS and their
+closure are considered authentic.  Return an alist mapping OpenPGP public keys
 to the number of commits signed by that key that have been traversed.
 
 The OpenPGP keyring is loaded from KEYRING-REFERENCE in REPOSITORY, where
@@ -404,7 +406,8 @@ denoting the authorized keys for commits whose parent lack 
the
     (filter-map (lambda (id)
                   (false-if-git-not-found
                    (commit-lookup repository (string->oid id))))
-                (previously-authenticated-commits cache-key)))
+                (append (previously-authenticated-commits cache-key)
+                        authentic-commits)))
 
   (define commits
     ;; Commits to authenticate, excluding the closure of

[Prev in Thread]

Current Thread

[Next in Thread]

branch master updated (8e7e414 -> eae865c), guix-commits, 2021/02/04
- 02/08: channels: Record 'guix' channel metadata in (guix config)., guix-commits, 2021/02/04
- 05/08: channels: Consider the current channel commit as authentic., guix-commits <=
- 04/08: gnu: guix: Pass the '--with-channel-commit' configure flag., guix-commits, 2021/02/04
- 07/08: gnu: guile2.2-picture-language: Use the 2.2 dependencies., guix-commits, 2021/02/04
- 06/08: gnu: iproute2: Update to 5.10.0., guix-commits, 2021/02/04
- 08/08: gnu: guile-cairo: Update to 1.11.2., guix-commits, 2021/02/04
- 03/08: build: Add '--with-channel-commit' and related configure flags., guix-commits, 2021/02/04
- 01/08: store: 'store-path-hash-part' really returns false for invalid file names., guix-commits, 2021/02/04

Prev by Date: 02/08: channels: Record 'guix' channel metadata in (guix config).
Next by Date: branch master updated (8e7e414 -> eae865c)
Previous by thread: 02/08: channels: Record 'guix' channel metadata in (guix config).
Next by thread: 04/08: gnu: guix: Pass the '--with-channel-commit' configure flag.
Index(es):
- Date
- Thread