git-authenticate: Print a clear error message for malformed keys.

Fixes guix/guix#1141. * guix/git-authenticate.scm (load-keyring-from-blob): Change ‘oid’ to ‘entry’ and adjust accordingly. Raise a ‘&formatted-message’ error when ‘read-radix-64’ returns #f or EOF. (load-keyring-from-reference): Adjust accordingly. Change-Id: Ib88c94dac543caf6b1e0855242ba50063c944765
2025-10-02 02:15:12 +00:00 · 2025-07-13 12:43:13 +02:00 · 2025-07-13 12:43:13 +02:00 · df763d6a2d
commit df763d6a2d
parent a138cdb39f
1 changed files with 15 additions and 8 deletions
--- a/guix/git-authenticate.scm
+++ b/guix/git-authenticate.scm
@ -246,13 +246,22 @@ key: ~a")

  signing-key)

-(define (load-keyring-from-blob repository oid keyring)
-  "Augment KEYRING with the keyring available in the blob at OID, which may or
-may not be ASCII-armored."
-  (let* ((blob (blob-lookup repository oid))
+(define (load-keyring-from-blob repository entry keyring)
+  "Augment KEYRING with the keyring available in ENTRY (a tree entry), which
+may or may not be ASCII-armored."
+  (let* ((oid  (tree-entry-id entry))
+         (blob (blob-lookup repository oid))
         (port (open-bytevector-input-port (blob-content blob))))
    (get-openpgp-keyring (if (port-ascii-armored? port)
-                             (open-bytevector-input-port (read-radix-64 port))
+                             (match (read-radix-64 port)
+                               ((? bytevector? radix)
+                                (open-bytevector-input-port radix))
+                               (_
+                                (raise
+                                 (formatted-message (G_ "malformed \
+ASCII-armored key in ~a (blob ~a)")
+                                                    (tree-entry-name entry)
+                                                    (oid->string oid)))))
                             port)
                         keyring)))

@ -266,9 +275,7 @@ an OpenPGP keyring."
    (fold (lambda (name keyring)
            (if (string-suffix? ".key" name)
                (let ((entry (tree-entry-bypath tree name)))
-                  (load-keyring-from-blob repository
-                                          (tree-entry-id entry)
-                                          keyring))
+                  (load-keyring-from-blob repository entry keyring))
                keyring))
          %empty-keyring
          (tree-list tree))))