From mboxrd@z Thu Jan  1 00:00:00 1970
From: Ludovic =?UTF-8?Q?Court=C3=A8s?= <ludo@gnu.org>
Subject: bug#38320: Cuirass: Allow to use authenticated Git repositories as
 inputs
Date: Tue, 04 Feb 2020 13:58:19 +0100
Message-ID: <87v9omy0es.fsf@gnu.org>
References: <875zjc8ciz.fsf@lassieur.org> <878so4t6mk.fsf@gmail.com>
 <87r21v9cmi.fsf@gnu.org> <87h829sb73.fsf@gmail.com>
 <877e34z24m.fsf@gnu.org> <87wob3xepy.fsf@gmail.com>
 <87zhfyvppi.fsf@lassieur.org> <8736dp8z2p.fsf@gnu.org>
 <87tv4667b4.fsf@gmail.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
Return-path: <bug-guix-bounces+gcggb-bug-guix=m.gmane-mx.org@gnu.org>
Received: from eggs.gnu.org ([2001:470:142:3::10]:59613)
 by lists.gnu.org with esmtp (Exim 4.90_1)
 (envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1iyxnC-0008FJ-Ri
 for bug-guix@gnu.org; Tue, 04 Feb 2020 07:59:04 -0500
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
 (envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1iyxnB-0004Dx-MS
 for bug-guix@gnu.org; Tue, 04 Feb 2020 07:59:02 -0500
Received: from debbugs.gnu.org ([209.51.188.43]:36791)
 by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16)
 (Exim 4.71) (envelope-from <Debian-debbugs@debbugs.gnu.org>)
 id 1iyxnB-0004D2-IA
 for bug-guix@gnu.org; Tue, 04 Feb 2020 07:59:01 -0500
Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2)
 (envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1iyxnB-0006gP-IH
 for bug-guix@gnu.org; Tue, 04 Feb 2020 07:59:01 -0500
Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
Resent-Message-ID: <handler.38320.B38320.158082110925644@debbugs.gnu.org>
In-Reply-To: <87tv4667b4.fsf@gmail.com> (Mathieu Othacehe's message of "Tue,
 04 Feb 2020 10:16:47 +0100")
List-Id: Bug reports for GNU Guix <bug-guix.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/bug-guix>,
 <mailto:bug-guix-request@gnu.org?subject=unsubscribe>
List-Archive: <https://lists.gnu.org/archive/html/bug-guix>
List-Post: <mailto:bug-guix@gnu.org>
List-Help: <mailto:bug-guix-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/bug-guix>,
 <mailto:bug-guix-request@gnu.org?subject=subscribe>
Errors-To: bug-guix-bounces+gcggb-bug-guix=m.gmane-mx.org@gnu.org
Sender: "bug-Guix" <bug-guix-bounces+gcggb-bug-guix=m.gmane-mx.org@gnu.org>
To: Mathieu Othacehe <m.othacehe@gmail.com>
Cc: 38320@debbugs.gnu.org, Erik Edrosa <erik.edrosa@gmail.com>, =?UTF-8?Q?Cl=C3=A9ment?= Lassieur <clement@lassieur.org>

Hello!

Mathieu Othacehe <m.othacehe@gmail.com> skribis:

> Here's a small patch to (guix git) so that cloning/fetching from ssh
> authenticated repositories is supported using ssh agent.
>
> I tested:
>
> * guix pull --url=3Dgit@gitlab.com:mothacehe/private.git
> * guix pull with the following channel configuration
>
> (cons* (channel
>         (name 'gitlab)
>         (url "git@gitlab.com:mothacehe/test-channel.git"))
>        %default-channels)

Woohoo!  Really nice.

> This works fine, but we still need to see how it works for Cuirass
> inputs and (guix git-download) module.

Ah yes, =E2=80=98git-fetch=E2=80=99.

> From ae380c15f1c37e2c94e0954975f5f712e76340ac Mon Sep 17 00:00:00 2001
> From: Mathieu Othacehe <m.othacehe@gmail.com>
> Date: Mon, 3 Feb 2020 18:05:02 +0100
> Subject: [PATCH] git: Add ssh authentication support.
>
> SSH agent authentication method is used.
>
> * guix/git.scm (auth-method): New variable,
> (clone*): pass previous variable in clone options,
> (update-cached-checkout): pass previous variable in fetch options.

[...]

> +;; Default authentication method.
> +(define auth-method (%make-auth-ssh-agent))
> +
>  (define (clone* url directory)
>    "Clone git repository at URL into DIRECTORY.  Upon failure,
>  make sure no empty directory is left behind."
> @@ -119,7 +122,9 @@ make sure no empty directory is left behind."
>        ;; value in Guile-Git: <https://bugs.gnu.org/29238>.
>        (if (module-defined? (resolve-interface '(git))
>                             'clone-init-options)
> -          (clone url directory (clone-init-options))
> +          (clone url directory
> +                 (make-clone-options
> +                  #:fetch-options (make-fetch-options auth-method)))
>            (clone url directory)))
>      (lambda _
>        (false-if-exception (rmdir directory)))))
> @@ -281,7 +286,8 @@ When RECURSIVE? is true, check out submodules as well=
, if any."
>       ;; Only fetch remote if it has not been cloned just before.
>       (when (and cache-exists?
>                  (not (reference-available? repository ref)))
> -       (remote-fetch (remote-lookup repository "origin")))
> +       (remote-fetch (remote-lookup repository "origin")
> +                     #:fetch-options (make-fetch-options auth-method)))

It LGTM, and I like that it=E2=80=99s actually a small patch.

Until now, we had conditionals like the =E2=80=98module-defined?=E2=80=99 t=
hing above to
allow for a smooth transition from older Guile-Git versions.  Do we want
to keep doing that?

If we do, then perhaps you should arrange so that uses of the new
Guile-Git APIs that appeared in 0.3.0 are conditional.

I=E2=80=99d say we should do it if it=E2=80=99s easy to do and not too intr=
usive.
Otherwise, let=E2=80=99s just require 0.3.0 and be done with it.  (=E2=80=
=98guix pull=E2=80=99
gets 0.3.0 anyway.)

Thoughts?

Ludo=E2=80=99.