# HG changeset patch # User Bernhard M. Wiedemann # Date 1502609999 -7200 # Sun Aug 13 09:39:59 2017 +0200 # Node ID a98e00eed893f62dd8349fc2894abca3aff4b33a # Parent 41ce01b7d413b3654211da0147857e7d6a1495de Facilitate reproducible builds by allowing to externally hold constant the build date and time. See https://reproducible-builds.org/specs/source-date-epoch/ Backport asap. diff -r 41ce01b7d413 -r a98e00eed893 NEWS --- a/NEWS Sun Aug 13 09:39:56 2017 +0200 +++ b/NEWS Sun Aug 13 09:39:59 2017 +0200 @@ -48,6 +48,12 @@ https://github.com/akrzemi1/Optional where only "optional.hpp" is needed. +- The environment variable SOURCE_DATE_EPOCH overrides the build + timestamp as recorded by the signatures. See + https://reproducible-builds.org/specs/source-date-epoch/ + for details. + + * Version 4.2 "Compressor Road" diff -r 41ce01b7d413 -r a98e00eed893 src/DefaultSig.pm --- a/src/DefaultSig.pm Sun Aug 13 09:39:56 2017 +0200 +++ b/src/DefaultSig.pm Sun Aug 13 09:39:59 2017 +0200 @@ -109,9 +109,10 @@ sub update_date_and_time { my $self = shift; + my $now = $ENV{SOURCE_DATE_EPOCH} || time; my ($second, $minute, $hour, $day_of_month, $month, $year, - $day_of_week) = $self->is_using_gmt() ? gmtime : localtime; + $day_of_week) = $self->is_using_gmt() ? gmtime($now) : localtime($now); $self->{DATE} = $self->format_date($day_of_month, $month, $year + 1900, $day_of_week, $self->weekdays->[$day_of_week], 'form'>
path: root/tests/guix-git-authenticate.sh
AgeCommit message (Expand)Author
2022-02-14git-authenticate: Ensure the target is a descendant of the introductory commit....Fixes a bug whereby authentication of a commit *not* descending from the introductory commit could succeed, provided the commit verifies the authorization invariant. In the example below, A is a common ancestor of the introductory commit I and of commit X. Authentication of X would succeed, even though it is not a descendant of I, as long as X is authorized according to the '.guix-authorizations' in A: X I \ / A This is because, 'authenticate-repository' would not check whether X descends from I, and the call (commit-difference X I) would return X. In practice that only affects forks because it means that ancestors of the introductory commit already contain a '.guix-authorizations' file. * guix/git-authenticate.scm (authenticate-repository): Add call to 'commit-descendant?'. * tests/channels.scm ("authenticate-channel, not a descendant of introductory commit"): New test. * tests/git-authenticate.scm ("authenticate-repository, target not a descendant of intro"): New test. * tests/guix-git-authenticate.sh: Expect earlier test to fail since 9549f0283a78fe36f2d4ff2a04ef8ad6b0c02604 is not a descendant of $intro_commit. Add new test targeting an ancestor of the introductory commit, and another test targeting the v1.2.0 commit. * doc/guix.texi (Specifying Channel Authorizations): Add a sentence. Ludovic Courtès
2020-09-28tests: Simplify shell exit status negation;...* tests/guix-archive.sh, tests/guix-build-branch.sh, tests/guix-build.sh, tests/guix-daemon.sh, tests/guix-download.sh, tests/guix-environment.sh, tests/guix-gc.sh, tests/guix-git-authenticate.sh, tests/guix-graph.sh, tests/guix-hash.sh, tests/guix-lint.sh, tests/guix-pack-relocatable.sh, tests/guix-pack.sh, tests/guix-package-aliases.sh, tests/guix-package-net.sh, tests/guix-package.sh: Use the shell '!' keyword to negate command exit status in place of 'if ...; then false; else true; fi' Eric Bavier
2020-07-11Add 'guix git authenticate'....* guix/scripts/git.scm, guix/scripts/git/authenticate.scm, tests/guix-git-authenticate.sh: New files. * Makefile.am (MODULES): Add the *.scm files. (SH_TESTS): Add 'tests/guix-git-authenticate.sh'. * doc/guix.texi (Channels)[Specifying Channel Authorizations]: Mention 'guix git authenticate'. (Invoking guix git authenticate): New node. * po/guix/POTFILES.in: Add 'guix/scripts/git.scm' and 'guix/scripts/git/authenticate.scm'. Ludovic Courtès