;;; GNU Guix --- Functional package management for GNU ;;; Copyright © 2021 Ludovic Courtès ;;; ;;; This file is part of GNU Guix. ;;; ;;; GNU Guix is free software; you can redistribute it and/or modify it ;;; under the terms of the GNU General Public License as published by ;;; the Free Software Foundation; either version 3 of the License, or (at ;;; your option) any later version. ;;; ;;; GNU Guix is distributed in the hope that it will be useful, but ;;; WITHOUT ANY WARRANTY; without even the implied warranty of ;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ;;; GNU General Public License for more details. ;;; ;;; You should have received a copy of the GNU General Public License ;;; along with GNU Guix. If not, see . ;;; This file returns a manifest containing origins of all the packages. The ;;; main purpose is to allow continuous integration services to keep upstream ;;; source code around. It can also be passed to 'guix weather -m'. (use-modules (srfi srfi-1) (srfi srfi-26) (ice-9 match) (ice-9 vlist) (guix packages) (guix profiles) (gnu packages)) (define (all-packages) "Return the list of all the packages, public or private, omitting only superseded packages." (fold-packages (lambda (package lst) (match (package-replacement package) (#f (cons package lst)) (replacement (append (list replacement package) lst)))) '() #:select? (negate package-superseded))) (define (upstream-origin source) "Return SOURCE without any patches or snippet." (origin (inherit source) (snippet #f) (patches '()))) (define (all-origins) "Return the list of origins referred to by all the packages." (let loop ((packages (all-packages)) (origins '()) (visited vlist-null)) (match packages ((head . tail) (let ((new (remove (cut vhash-assq <> visited) (package-direct-sources head)))) (loop tail (append new origins) (fold (cut vhash-consq <> #t <>) visited new)))) (() origins)))) ;; Return a manifest containing all the origins. (manifest (map (lambda (origin) (manifest-entry (name (or (origin-actual-file-name origin) "origin")) (version "0") (item (upstream-origin origin)))) (all-origins))) '>Expand)Author 2023-09-26tests: Assume ‘git’ is always available....* tests/channels.scm (gpg+git-available?): Check for ‘gpg-command’ only. Remove all ‘test-skip’ statements. * tests/derivations.scm: Likewise. * tests/git-authenticate.scm: Likewise. * tests/git.scm: Likewise. * tests/import-git.scm: Likewise. Ludovic Courtès 2022-02-14git-authenticate: Ensure the target is a descendant of the introductory commit....Fixes a bug whereby authentication of a commit *not* descending from the introductory commit could succeed, provided the commit verifies the authorization invariant. In the example below, A is a common ancestor of the introductory commit I and of commit X. Authentication of X would succeed, even though it is not a descendant of I, as long as X is authorized according to the '.guix-authorizations' in A: X I \ / A This is because, 'authenticate-repository' would not check whether X descends from I, and the call (commit-difference X I) would return X. In practice that only affects forks because it means that ancestors of the introductory commit already contain a '.guix-authorizations' file. * guix/git-authenticate.scm (authenticate-repository): Add call to 'commit-descendant?'. * tests/channels.scm ("authenticate-channel, not a descendant of introductory commit"): New test. * tests/git-authenticate.scm ("authenticate-repository, target not a descendant of intro"): New test. * tests/guix-git-authenticate.sh: Expect earlier test to fail since 9549f0283a78fe36f2d4ff2a04ef8ad6b0c02604 is not a descendant of $intro_commit. Add new test targeting an ancestor of the introductory commit, and another test targeting the v1.2.0 commit. * doc/guix.texi (Specifying Channel Authorizations): Add a sentence. Ludovic Courtès 2022-02-14git-authenticate: Test introductory commit signature verification....These tests mimic similar tests already in 'tests/channels.scm', but without using the higher-level 'authenticate-channel'. * tests/git-authenticate.scm ("introductory commit, valid signature") ("introductory commit, missing signature") ("introductory commit, wrong signature"): New tests. Ludovic Courtès 2021-12-22tests: Move keys into ./tests/keys/ and add a third ed25519 key....The third key will be used in an upcoming commit. Rename public keys to .pub. * guix/tests/gnupg.scm (%ed25519-3-public-key-file): New variable. (%ed25519-3-secret-key-file): New variable. (%ed25519-2-public-key-file): Renamed from %ed25519bis-public-key-file. (%ed25519-2-secret-key-file): Renamed from %ed25519bis-secret-key-file. * tests/keys/ed25519-3.key: New file. * tests/keys/ed25519-3.sec: New file. Signed-off-by: Mathieu Othacehe <othacehe@gnu.org> Attila Lendvai