Hi Tobias, Tobias Geerinckx-Rice <[email protected]> skribis:
> * build-aux/git-authenticate.scm (%project-keyring-uris) > (import-keyring-uri, import-project-keys): New variables. > (authenticate-commits): Import known project keys before authenticating. > * guix/gnupg.scm (ensure-file): New procedure. > (gnupg-receive-keys): Use it. > (gnupg-import): New exported procedure. The patch LGTM but it doesn’t apply for some reason. Could you take a look? > +;; XXX HTTP here is OK but is there any realistic scenario where TLS won't > work? > +(define %project-keyring-uris I’m not sure what the XXX comment means. We’re fetching over HTTPS anyway, right? > +(define* (import-keyring-uri uri) > + (let* ((port (http-fetch uri)) > + (keyring (get-bytevector-all port))) > + (close-port port) > + (gnupg-import keyring))) IWBN if ‘gnupg-import’ could take an input port instead of a bytevector. It’d be great if you could add docstrings for top-level procedures. > +(define* (gnupg-import keys > + #:optional (keyring (current-keyring))) > + "Add all KEYS in a bytevector produced by ‘gpg --export’ to KEYRING." > + (ensure-file keyring) > + (let ((pipe (open-pipe* OPEN_WRITE > + (%gpg-command) "--import" "--batch" "--quiet" > + "--no-default-keyring" "--keyring" keyring))) > + (put-bytevector pipe keys) > + (close-port pipe))) So what about changing ‘keys’ to ‘port’, and then you would: (dump-port port pipe) ? Thanks for addressing this! Ludo’.
