[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
bug#40565: [PATCH 1/1] git-authenticate: Fetch keyrings from Savannah.
From: |
Ludovic Courtès |
Subject: |
bug#40565: [PATCH 1/1] git-authenticate: Fetch keyrings from Savannah. |
Date: |
Sun, 19 Apr 2020 13:15:12 +0200 |
User-agent: |
Gnus/5.13 (Gnus v5.13) Emacs/26.3 (gnu/linux) |
Hi Tobias,
Tobias Geerinckx-Rice <address@hidden> skribis:
> * build-aux/git-authenticate.scm (%project-keyring-uris)
> (import-keyring-uri, import-project-keys): New variables.
> (authenticate-commits): Import known project keys before authenticating.
> * guix/gnupg.scm (ensure-file): New procedure.
> (gnupg-receive-keys): Use it.
> (gnupg-import): New exported procedure.
The patch LGTM but it doesn’t apply for some reason. Could you take a
look?
> +;; XXX HTTP here is OK but is there any realistic scenario where TLS won't
> work?
> +(define %project-keyring-uris
I’m not sure what the XXX comment means. We’re fetching over HTTPS
anyway, right?
> +(define* (import-keyring-uri uri)
> + (let* ((port (http-fetch uri))
> + (keyring (get-bytevector-all port)))
> + (close-port port)
> + (gnupg-import keyring)))
IWBN if ‘gnupg-import’ could take an input port instead of a bytevector.
It’d be great if you could add docstrings for top-level procedures.
> +(define* (gnupg-import keys
> + #:optional (keyring (current-keyring)))
> + "Add all KEYS in a bytevector produced by ‘gpg --export’ to KEYRING."
> + (ensure-file keyring)
> + (let ((pipe (open-pipe* OPEN_WRITE
> + (%gpg-command) "--import" "--batch" "--quiet"
> + "--no-default-keyring" "--keyring" keyring)))
> + (put-bytevector pipe keys)
> + (close-port pipe)))
So what about changing ‘keys’ to ‘port’, and then you would:
(dump-port port pipe)
?
Thanks for addressing this!
Ludo’.