[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[bug#41653] [PATCH 3/4] git-authenticate: Raise proper SRFI-35 condition
|
From: |
Ludovic Courtès |
|
Subject: |
[bug#41653] [PATCH 3/4] git-authenticate: Raise proper SRFI-35 conditions. |
|
Date: |
Mon, 1 Jun 2020 23:41:46 +0200 |
* guix/git-authenticate.scm (&git-authentication-error)
(&unsigned-commit-error, &unauthorized-commit-error)
(&signature-verification-error, &missing-key-error): New condition
types.
(commit-signing-key, authenticate-commit): Raise them.
---
guix/git-authenticate.scm | 44 +++++++++++++++++++++++++++++++++++++--
1 file changed, 42 insertions(+), 2 deletions(-)
diff --git a/guix/git-authenticate.scm b/guix/git-authenticate.scm
index 4217ab6d27..b73f957105 100644
--- a/guix/git-authenticate.scm
+++ b/guix/git-authenticate.scm
@@ -41,7 +41,18 @@
authenticate-commits
load-keyring-from-reference
previously-authenticated-commits
- cache-authenticated-commit))
+ cache-authenticated-commit
+
+ git-authentication-error?
+ git-authentication-error-commit
+ unsigned-commit-error?
+ unauthorized-commit-error?
+ unauthorized-commit-error-signing-key
+ signature-verification-error?
+ signature-verification-error-keyring
+ signature-verification-error-signature
+ missing-key-error?
+ missing-key-error-signature))
;;; Commentary:
;;;
@@ -52,6 +63,27 @@
;;;
;;; Code:
+(define-condition-type &git-authentication-error &error
+ git-authentication-error?
+ (commit git-authentication-error-commit))
+
+(define-condition-type &unsigned-commit-error &git-authentication-error
+ unsigned-commit-error?)
+
+(define-condition-type &unauthorized-commit-error &git-authentication-error
+ unauthorized-commit-error?
+ (signing-key unauthorized-commit-error-signing-key))
+
+(define-condition-type &signature-verification-error &git-authentication-error
+ signature-verification-error?
+ (signature signature-verification-error-signature)
+ (keyring signature-verification-error-keyring))
+
+(define-condition-type &missing-key-error &git-authentication-error
+ missing-key-error?
+ (signature missing-key-error-signature))
+
+
(define (commit-signing-key repo commit-id keyring)
"Return the OpenPGP key that signed COMMIT-ID (an OID). Raise an exception
if the commit is unsigned, has an invalid signature, or if its signing key is
@@ -64,9 +96,10 @@ not in KEYRING."
(values #f #f)))))
(unless signature
(raise (condition
+ (&unsigned-commit-error (commit commit-id))
(&message
(message (format #f (G_ "commit ~a lacks a signature")
- commit-id))))))
+ (oid->string commit-id)))))))
(let ((signature (string->openpgp-packet signature)))
(with-fluids ((%default-port-encoding "UTF-8"))
@@ -77,12 +110,17 @@ not in KEYRING."
('bad-signature
;; There's a signature but it's invalid.
(raise (condition
+ (&signature-verification-error (commit commit-id)
+ (signature signature)
+ (keyring keyring))
(&message
(message (format #f (G_ "signature verification failed \
for commit ~a")
(oid->string commit-id)))))))
('missing-key
(raise (condition
+ (&missing-key-error (commit commit-id)
+ (signature signature))
(&message
(message (format #f (G_ "could not authenticate \
commit ~a: key ~a is missing")
@@ -138,6 +176,8 @@ not specify anything, fall back to DEFAULT-AUTHORIZATIONS."
(commit-authorized-keys repository commit
default-authorizations))
(raise (condition
+ (&unauthorized-commit-error (commit id)
+ (signing-key signing-key))
(&message
(message (format #f (G_ "commit ~a not signed by an authorized \
key: ~a")
--
2.26.2