This was obtained by setting up this environment:
guix shell -D guix --with-input=guile@3.0.9=guile-next \
--with-commit=guile-next=e2ed33ef0445c867fe56c247054aa67e834861f2
-- make -j5
then adding 'unused-module' to (@@ (guix build compiler) %warnings),
building, and checking all the "unused module" warnings and removing
those that were definitely unused.
Fixes a bug whereby authentication of a commit *not* descending from the
introductory commit could succeed, provided the commit verifies the
authorization invariant.
In the example below, A is a common ancestor of the introductory commit
I and of commit X. Authentication of X would succeed, even though it is
not a descendant of I, as long as X is authorized according to the
'.guix-authorizations' in A:
X I
\ /
A
This is because, 'authenticate-repository' would not check whether X
descends from I, and the call (commit-difference X I) would return X.
In practice that only affects forks because it means that ancestors of
the introductory commit already contain a '.guix-authorizations' file.
* guix/git-authenticate.scm (authenticate-repository): Add call to
'commit-descendant?'.
* tests/channels.scm ("authenticate-channel, not a descendant of introductory commit"):
New test.
* tests/git-authenticate.scm ("authenticate-repository, target not a descendant of intro"):
New test.
* tests/guix-git-authenticate.sh: Expect earlier test to fail since
9549f0283a is not a descendant of
$intro_commit. Add new test targeting an ancestor of the introductory
commit, and another test targeting the v1.2.0 commit.
* doc/guix.texi (Specifying Channel Authorizations): Add a sentence.
Fixes <https://bugs.gnu.org/45895>.
When the ~/.cache/guix/authentication is empty, this change allows
authentication to start at the current commit, as shown by 'guix
describe', instead of starting from the introductory commit, which would
take more and more time (there's currently 18K commits per year).
* guix/git-authenticate.scm (authenticate-repository): Add #:authentic-commits.
[authenticated-commits]: Append it.
* guix/channels.scm (authenticate-channel)[authentic-commits]: New
variable. Pass it to 'authenticate-repository'.
* guix/git-authenticate.scm (authenticated-commit-cache-file)
(cache-authenticated-commit, previously-authenticated-commits): Add
'key' parameter and honor it.
* build-aux/git-authenticate.scm (git-authenticate): Pass
"channels/guix" as the key.
* guix/git-authenticate.scm (commit-signing-key): Add
#:disallowed-hash-algorithms and honor it.
(authenticate-commit)[recent-commit?]: New variable.
Pass #:disallowed-hash-algorithms to 'commit-signing-key'.
* tests/git-authenticate.scm ("signed commits, SHA1 signature"): New test.
Previously it would trigger a wrong-number-of-arguments error for
'lset-intersection'.
* guix/git-authenticate.scm (commit-authorized-keys): Add case for when
'commit-parents' returns the empty list.
Ludovic Courtès