bug-guix
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

bug#40565: [PATCH 1/1] git-authenticate: Fetch keyrings from Savannah.

From: Ludovic Courtès
Subject: bug#40565: [PATCH 1/1] git-authenticate: Fetch keyrings from Savannah.
Date: Sun, 19 Apr 2020 13:15:12 +0200
User-agent: Gnus/5.13 (Gnus v5.13) Emacs/26.3 (gnu/linux) 
Hi Tobias,

Tobias Geerinckx-Rice <address@hidden> skribis:

> * build-aux/git-authenticate.scm (%project-keyring-uris)
> (import-keyring-uri, import-project-keys): New variables.
> (authenticate-commits): Import known project keys before authenticating.
> * guix/gnupg.scm (ensure-file): New procedure.
> (gnupg-receive-keys): Use it.
> (gnupg-import): New exported procedure.

The patch LGTM but it doesn’t apply for some reason.  Could you take a
look?

> +;; XXX HTTP here is OK but is there any realistic scenario where TLS won't 
> work?
> +(define %project-keyring-uris

I’m not sure what the XXX comment means.  We’re fetching over HTTPS
anyway, right?

> +(define* (import-keyring-uri uri)
> +  (let* ((port (http-fetch uri))
> +         (keyring (get-bytevector-all port)))
> +    (close-port port)
> +    (gnupg-import keyring)))

IWBN if ‘gnupg-import’ could take an input port instead of a bytevector.

It’d be great if you could add docstrings for top-level procedures.

> +(define* (gnupg-import keys
> +                       #:optional (keyring (current-keyring)))
> +  "Add all KEYS in a bytevector produced by ‘gpg --export’ to KEYRING."
> +  (ensure-file keyring)
> +  (let ((pipe (open-pipe* OPEN_WRITE
> +                          (%gpg-command) "--import" "--batch" "--quiet"
> +                          "--no-default-keyring" "--keyring" keyring)))
> +    (put-bytevector pipe keys)
> +    (close-port pipe)))

So what about changing ‘keys’ to ‘port’, and then you would:

  (dump-port port pipe)

?

Thanks for addressing this!

Ludo’.
reply via email to
[Prev in Thread] Current Thread [Next in Thread]