git-authenticate: Raise proper SRFI-35 conditions.

* guix/git-authenticate.scm (&git-authentication-error) (&unsigned-commit-error, &unauthorized-commit-error) (&signature-verification-error, &missing-key-error): New condition types. (commit-signing-key, authenticate-commit): Raise them.
2020-06-01 22:53:06 +02:00 · 2020-06-01 22:53:06 +02:00 · f8213f1bca
parent 512b9e2da2
commit f8213f1bca
1 changed files with 42 additions and 2 deletions
--- a/guix/git-authenticate.scm
+++ b/guix/git-authenticate.scm
@ -41,7 +41,18 @@
            authenticate-commits
            load-keyring-from-reference
            previously-authenticated-commits
-            cache-authenticated-commit))
+            cache-authenticated-commit
+
+            git-authentication-error?
+            git-authentication-error-commit
+            unsigned-commit-error?
+            unauthorized-commit-error?
+            unauthorized-commit-error-signing-key
+            signature-verification-error?
+            signature-verification-error-keyring
+            signature-verification-error-signature
+            missing-key-error?
+            missing-key-error-signature))

 ;;; Commentary:
 ;;;
@ -52,6 +63,27 @@
 ;;;
 ;;; Code:

+(define-condition-type &git-authentication-error &error
+  git-authentication-error?
+  (commit  git-authentication-error-commit))
+
+(define-condition-type &unsigned-commit-error &git-authentication-error
+  unsigned-commit-error?)
+
+(define-condition-type &unauthorized-commit-error &git-authentication-error
+  unauthorized-commit-error?
+  (signing-key unauthorized-commit-error-signing-key))
+
+(define-condition-type &signature-verification-error &git-authentication-error
+  signature-verification-error?
+  (signature signature-verification-error-signature)
+  (keyring   signature-verification-error-keyring))
+
+(define-condition-type &missing-key-error &git-authentication-error
+  missing-key-error?
+  (signature missing-key-error-signature))
+
+
 (define (commit-signing-key repo commit-id keyring)
  "Return the OpenPGP key that signed COMMIT-ID (an OID).  Raise an exception
 if the commit is unsigned, has an invalid signature, or if its signing key is
@ -64,9 +96,10 @@ not in KEYRING."
                    (values #f #f)))))
    (unless signature
      (raise (condition
+              (&unsigned-commit-error (commit commit-id))
              (&message
               (message (format #f (G_ "commit ~a lacks a signature")
-                                commit-id))))))
+                                (oid->string commit-id)))))))

    (let ((signature (string->openpgp-packet signature)))
      (with-fluids ((%default-port-encoding "UTF-8"))
@ -77,12 +110,17 @@ not in KEYRING."
            ('bad-signature
             ;; There's a signature but it's invalid.
             (raise (condition
+                     (&signature-verification-error (commit commit-id)
+                                                    (signature signature)
+                                                    (keyring keyring))
                     (&message
                      (message (format #f (G_ "signature verification failed \
 for commit ~a")
                                       (oid->string commit-id)))))))
            ('missing-key
             (raise (condition
+                     (&missing-key-error (commit commit-id)
+                                         (signature signature))
                     (&message
                      (message (format #f (G_ "could not authenticate \
 commit ~a: key ~a is missing")
@ -138,6 +176,8 @@ not specify anything, fall back to DEFAULT-AUTHORIZATIONS."
                  (commit-authorized-keys repository commit
                                          default-authorizations))
    (raise (condition
+            (&unauthorized-commit-error (commit id)
+                                        (signing-key signing-key))
            (&message
             (message (format #f (G_ "commit ~a not signed by an authorized \
 key: ~a")