From: "Ludovic Courtès" <ludo@gnu.org>
To: 41653@debbugs.gnu.org
Cc: "Ludovic Courtès" <ludo@gnu.org>
Subject: [bug#41653] [PATCH 3/4] git-authenticate: Raise proper SRFI-35 conditions.
Date: Mon, 1 Jun 2020 23:41:46 +0200 [thread overview]
Message-ID: <20200601214147.3357-3-ludo@gnu.org> (raw)
In-Reply-To: <20200601214147.3357-1-ludo@gnu.org>
* guix/git-authenticate.scm (&git-authentication-error)
(&unsigned-commit-error, &unauthorized-commit-error)
(&signature-verification-error, &missing-key-error): New condition
types.
(commit-signing-key, authenticate-commit): Raise them.
---
guix/git-authenticate.scm | 44 +++++++++++++++++++++++++++++++++++++--
1 file changed, 42 insertions(+), 2 deletions(-)
diff --git a/guix/git-authenticate.scm b/guix/git-authenticate.scm
index 4217ab6d27..b73f957105 100644
--- a/guix/git-authenticate.scm
+++ b/guix/git-authenticate.scm
@@ -41,7 +41,18 @@
authenticate-commits
load-keyring-from-reference
previously-authenticated-commits
- cache-authenticated-commit))
+ cache-authenticated-commit
+
+ git-authentication-error?
+ git-authentication-error-commit
+ unsigned-commit-error?
+ unauthorized-commit-error?
+ unauthorized-commit-error-signing-key
+ signature-verification-error?
+ signature-verification-error-keyring
+ signature-verification-error-signature
+ missing-key-error?
+ missing-key-error-signature))
;;; Commentary:
;;;
@@ -52,6 +63,27 @@
;;;
;;; Code:
+(define-condition-type &git-authentication-error &error
+ git-authentication-error?
+ (commit git-authentication-error-commit))
+
+(define-condition-type &unsigned-commit-error &git-authentication-error
+ unsigned-commit-error?)
+
+(define-condition-type &unauthorized-commit-error &git-authentication-error
+ unauthorized-commit-error?
+ (signing-key unauthorized-commit-error-signing-key))
+
+(define-condition-type &signature-verification-error &git-authentication-error
+ signature-verification-error?
+ (signature signature-verification-error-signature)
+ (keyring signature-verification-error-keyring))
+
+(define-condition-type &missing-key-error &git-authentication-error
+ missing-key-error?
+ (signature missing-key-error-signature))
+
+
(define (commit-signing-key repo commit-id keyring)
"Return the OpenPGP key that signed COMMIT-ID (an OID). Raise an exception
if the commit is unsigned, has an invalid signature, or if its signing key is
@@ -64,9 +96,10 @@ not in KEYRING."
(values #f #f)))))
(unless signature
(raise (condition
+ (&unsigned-commit-error (commit commit-id))
(&message
(message (format #f (G_ "commit ~a lacks a signature")
- commit-id))))))
+ (oid->string commit-id)))))))
(let ((signature (string->openpgp-packet signature)))
(with-fluids ((%default-port-encoding "UTF-8"))
@@ -77,12 +110,17 @@ not in KEYRING."
('bad-signature
;; There's a signature but it's invalid.
(raise (condition
+ (&signature-verification-error (commit commit-id)
+ (signature signature)
+ (keyring keyring))
(&message
(message (format #f (G_ "signature verification failed \
for commit ~a")
(oid->string commit-id)))))))
('missing-key
(raise (condition
+ (&missing-key-error (commit commit-id)
+ (signature signature))
(&message
(message (format #f (G_ "could not authenticate \
commit ~a: key ~a is missing")
@@ -138,6 +176,8 @@ not specify anything, fall back to DEFAULT-AUTHORIZATIONS."
(commit-authorized-keys repository commit
default-authorizations))
(raise (condition
+ (&unauthorized-commit-error (commit id)
+ (signing-key signing-key))
(&message
(message (format #f (G_ "commit ~a not signed by an authorized \
key: ~a")
--
2.26.2
next prev parent reply other threads:[~2020-06-01 21:43 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-06-01 21:29 [bug#41653] [PATCH 0/4] Add (guix git-authenticate) with tests Ludovic Courtès
2020-06-01 21:41 ` [bug#41653] [PATCH 1/4] Add (guix git-authenticate) Ludovic Courtès
2020-06-01 21:41 ` [bug#41653] [PATCH 2/4] git-authenticate: Don't hard-code "origin/" for keyring reference Ludovic Courtès
2020-06-01 21:41 ` Ludovic Courtès [this message]
2020-06-01 21:41 ` [bug#41653] [PATCH 4/4] git-authenticate: Add tests Ludovic Courtès
2020-06-05 21:13 ` [bug#41653] [PATCH 0/4] Add (guix git-authenticate) with tests Ludovic Courtès
2020-06-07 21:19 ` Ludovic Courtès
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://guix.gnu.org/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200601214147.3357-3-ludo@gnu.org \
--to=ludo@gnu.org \
--cc=41653@debbugs.gnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://git.savannah.gnu.org/cgit/guix.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).