From mboxrd@z Thu Jan 1 00:00:00 1970 From: Ludovic =?UTF-8?Q?Court=C3=A8s?= Subject: bug#40565: [PATCH 1/1] git-authenticate: Fetch keyrings from Savannah. Date: Sun, 19 Apr 2020 13:15:12 +0200 Message-ID: <87v9lv3ewv.fsf@gnu.org> References: <20200417202015.14741-1-me@tobias.gr> <20200417202015.14741-2-me@tobias.gr> Mime-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Return-path: Received: from eggs.gnu.org ([2001:470:142:3::10]:37216) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1jQ7ve-0001XA-Tj for bug-guix@gnu.org; Sun, 19 Apr 2020 07:16:03 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.90_1) (envelope-from ) id 1jQ7ve-0002we-Im for bug-guix@gnu.org; Sun, 19 Apr 2020 07:16:02 -0400 Received: from debbugs.gnu.org ([209.51.188.43]:60836) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1jQ7ve-0002vj-6F for bug-guix@gnu.org; Sun, 19 Apr 2020 07:16:02 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1jQ7ve-00011i-21 for bug-guix@gnu.org; Sun, 19 Apr 2020 07:16:02 -0400 Sender: "Debbugs-submit" Resent-Message-ID: In-Reply-To: <20200417202015.14741-2-me@tobias.gr> (Tobias Geerinckx-Rice's message of "Fri, 17 Apr 2020 22:20:15 +0200") List-Id: Bug reports for GNU Guix List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: bug-guix-bounces+gcggb-bug-guix=m.gmane-mx.org@gnu.org Sender: "bug-Guix" To: Tobias Geerinckx-Rice Cc: 40565@debbugs.gnu.org Hi Tobias, Tobias Geerinckx-Rice skribis: > * build-aux/git-authenticate.scm (%project-keyring-uris) > (import-keyring-uri, import-project-keys): New variables. > (authenticate-commits): Import known project keys before authenticating. > * guix/gnupg.scm (ensure-file): New procedure. > (gnupg-receive-keys): Use it. > (gnupg-import): New exported procedure. The patch LGTM but it doesn=E2=80=99t apply for some reason. Could you tak= e a look? > +;; XXX HTTP here is OK but is there any realistic scenario where TLS won= 't work? > +(define %project-keyring-uris I=E2=80=99m not sure what the XXX comment means. We=E2=80=99re fetching ov= er HTTPS anyway, right? > +(define* (import-keyring-uri uri) > + (let* ((port (http-fetch uri)) > + (keyring (get-bytevector-all port))) > + (close-port port) > + (gnupg-import keyring))) IWBN if =E2=80=98gnupg-import=E2=80=99 could take an input port instead of = a bytevector. It=E2=80=99d be great if you could add docstrings for top-level procedures. > +(define* (gnupg-import keys > + #:optional (keyring (current-keyring))) > + "Add all KEYS in a bytevector produced by =E2=80=98gpg --export=E2=80= =99 to KEYRING." > + (ensure-file keyring) > + (let ((pipe (open-pipe* OPEN_WRITE > + (%gpg-command) "--import" "--batch" "--quiet" > + "--no-default-keyring" "--keyring" keyring))) > + (put-bytevector pipe keys) > + (close-port pipe))) So what about changing =E2=80=98keys=E2=80=99 to =E2=80=98port=E2=80=99, an= d then you would: (dump-port port pipe) ? Thanks for addressing this! Ludo=E2=80=99.