git authenticate: Do nothing when invoked from the keyring branch.

Fixes <https://issues.guix.gnu.org/78283>. * guix/scripts/git/authenticate.scm (guix-git-authenticate): Call ‘current-branch’ and do nothing if it returns the keyring branch. Reported-by: Vagrant Cascadian <vagrant@debian.org> Change-Id: I66c2a3f4babf68ac1df0913db6bc708ac0c7968e
2025-10-02 02:15:12 +00:00 · 2025-06-08 20:02:42 +02:00 · 2025-06-08 20:02:42 +02:00 · 99f85246e1
commit 99f85246e1
parent 0ec5cab132
1 changed files with 29 additions and 20 deletions
--- a/guix/scripts/git/authenticate.scm
+++ b/guix/scripts/git/authenticate.scm
@ -351,26 +351,35 @@ expected COMMIT and SIGNER~%")))
                           (file (call-with-input-file file
                                   read-authorizations))))
            (cache-key   (or (assoc-ref options 'cache-key)
-                             (repository-cache-key repository))))
+                             (repository-cache-key repository)))
-       (define stats
+            (branch      (current-branch repository)))
-         (authenticate-repository repository (string->oid commit)
+       ;; Since the keyring branch is not authenticated, exit successfully
-                                  (openpgp-fingerprint* signer)
+       ;; when invoked on it.  This exit status is what the 'post-merge' hook
-                                  #:end end
+       ;; expects when running 'git pull' on that branch, and what the
-                                  #:keyring-reference keyring
+       ;; 'pre-push' hook expects when running 'git push' on that branch.
-                                  #:historical-authorizations history
+       (if (and branch (string=? branch keyring))
-                                  #:cache-key cache-key
+           (info (G_ "current branch '~a' is the keyring branch; \
-                                  #:make-reporter make-reporter))
+doing nothing~%")
                 branch)
           (let ((stats
                  (authenticate-repository repository (string->oid commit)
                                           (openpgp-fingerprint* signer)
                                           #:end end
                                           #:keyring-reference keyring
                                           #:historical-authorizations history
                                           #:cache-key cache-key
                                           #:make-reporter make-reporter)))
-       (if (configured? repository)
+             (if (configured? repository)
-           (maybe-upgrade-hooks repository)
+                 (maybe-upgrade-hooks repository)
-           (begin
+                 (begin
-             (record-configuration repository
+                   (record-configuration repository
-                                   #:commit commit #:signer signer
+                                         #:commit commit #:signer signer
-                                   #:keyring-reference keyring)
+                                         #:keyring-reference keyring)
-             (install-hooks repository)))
+                   (install-hooks repository)))
-       (when (and show-stats? (not (null? stats)))
+             (when (and show-stats? (not (null? stats)))
-         (show-stats stats))
+               (show-stats stats))
-       (info (G_ "successfully authenticated commit ~a~%")
+             (info (G_ "successfully authenticated commit ~a~%")
-             (oid->string end))))))
+                   (oid->string end))))))))