bug-guix
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

bug#38320: Cuirass: Allow to use authenticated Git repositories as input

From: Ludovic Courtès
Subject: bug#38320: Cuirass: Allow to use authenticated Git repositories as inputs
Date: Tue, 04 Feb 2020 13:58:19 +0100
User-agent: Gnus/5.13 (Gnus v5.13) Emacs/26.3 (gnu/linux) 
Hello!

Mathieu Othacehe <address@hidden> skribis:

> Here's a small patch to (guix git) so that cloning/fetching from ssh
> authenticated repositories is supported using ssh agent.
>
> I tested:
>
> * guix pull --url=address@hidden:mothacehe/private.git
> * guix pull with the following channel configuration
>
> (cons* (channel
>         (name 'gitlab)
>         (url "address@hidden:mothacehe/test-channel.git"))
>        %default-channels)

Woohoo!  Really nice.

> This works fine, but we still need to see how it works for Cuirass
> inputs and (guix git-download) module.

Ah yes, ‘git-fetch’.

> From ae380c15f1c37e2c94e0954975f5f712e76340ac Mon Sep 17 00:00:00 2001
> From: Mathieu Othacehe <address@hidden>
> Date: Mon, 3 Feb 2020 18:05:02 +0100
> Subject: [PATCH] git: Add ssh authentication support.
>
> SSH agent authentication method is used.
>
> * guix/git.scm (auth-method): New variable,
> (clone*): pass previous variable in clone options,
> (update-cached-checkout): pass previous variable in fetch options.

[...]

> +;; Default authentication method.
> +(define auth-method (%make-auth-ssh-agent))
> +
>  (define (clone* url directory)
>    "Clone git repository at URL into DIRECTORY.  Upon failure,
>  make sure no empty directory is left behind."
> @@ -119,7 +122,9 @@ make sure no empty directory is left behind."
>        ;; value in Guile-Git: <https://bugs.gnu.org/29238>.
>        (if (module-defined? (resolve-interface '(git))
>                             'clone-init-options)
> -          (clone url directory (clone-init-options))
> +          (clone url directory
> +                 (make-clone-options
> +                  #:fetch-options (make-fetch-options auth-method)))
>            (clone url directory)))
>      (lambda _
>        (false-if-exception (rmdir directory)))))
> @@ -281,7 +286,8 @@ When RECURSIVE? is true, check out submodules as well, if 
> any."
>       ;; Only fetch remote if it has not been cloned just before.
>       (when (and cache-exists?
>                  (not (reference-available? repository ref)))
> -       (remote-fetch (remote-lookup repository "origin")))
> +       (remote-fetch (remote-lookup repository "origin")
> +                     #:fetch-options (make-fetch-options auth-method)))

It LGTM, and I like that it’s actually a small patch.

Until now, we had conditionals like the ‘module-defined?’ thing above to
allow for a smooth transition from older Guile-Git versions.  Do we want
to keep doing that?

If we do, then perhaps you should arrange so that uses of the new
Guile-Git APIs that appeared in 0.3.0 are conditional.

I’d say we should do it if it’s easy to do and not too intrusive.
Otherwise, let’s just require 0.3.0 and be done with it.  (‘guix pull’
gets 0.3.0 anyway.)

Thoughts?

Ludo’.
reply via email to
[Prev in Thread] Current Thread [Next in Thread]