summary refs log tree commit diff
diff options
context:
space:
mode:
-rw-r--r--guix/git-authenticate.scm44
1 files changed, 42 insertions, 2 deletions
diff --git a/guix/git-authenticate.scm b/guix/git-authenticate.scm
index 4217ab6d27..b73f957105 100644
--- a/guix/git-authenticate.scm
+++ b/guix/git-authenticate.scm
@@ -41,7 +41,18 @@
             authenticate-commits
             load-keyring-from-reference
             previously-authenticated-commits
-            cache-authenticated-commit))
+            cache-authenticated-commit
+
+            git-authentication-error?
+            git-authentication-error-commit
+            unsigned-commit-error?
+            unauthorized-commit-error?
+            unauthorized-commit-error-signing-key
+            signature-verification-error?
+            signature-verification-error-keyring
+            signature-verification-error-signature
+            missing-key-error?
+            missing-key-error-signature))
 
 ;;; Commentary:
 ;;;
@@ -52,6 +63,27 @@
 ;;;
 ;;; Code:
 
+(define-condition-type &git-authentication-error &error
+  git-authentication-error?
+  (commit  git-authentication-error-commit))
+
+(define-condition-type &unsigned-commit-error &git-authentication-error
+  unsigned-commit-error?)
+
+(define-condition-type &unauthorized-commit-error &git-authentication-error
+  unauthorized-commit-error?
+  (signing-key unauthorized-commit-error-signing-key))
+
+(define-condition-type &signature-verification-error &git-authentication-error
+  signature-verification-error?
+  (signature signature-verification-error-signature)
+  (keyring   signature-verification-error-keyring))
+
+(define-condition-type &missing-key-error &git-authentication-error
+  missing-key-error?
+  (signature missing-key-error-signature))
+
+
 (define (commit-signing-key repo commit-id keyring)
   "Return the OpenPGP key that signed COMMIT-ID (an OID).  Raise an exception
 if the commit is unsigned, has an invalid signature, or if its signing key is
@@ -64,9 +96,10 @@ not in KEYRING."
                     (values #f #f)))))
     (unless signature
       (raise (condition
+              (&unsigned-commit-error (commit commit-id))
               (&message
                (message (format #f (G_ "commit ~a lacks a signature")
-                                commit-id))))))
+                                (oid->string commit-id)))))))
 
     (let ((signature (string->openpgp-packet signature)))
       (with-fluids ((%default-port-encoding "UTF-8"))
@@ -77,12 +110,17 @@ not in KEYRING."
             ('bad-signature
              ;; There's a signature but it's invalid.
              (raise (condition
+                     (&signature-verification-error (commit commit-id)
+                                                    (signature signature)
+                                                    (keyring keyring))
                      (&message
                       (message (format #f (G_ "signature verification failed \
 for commit ~a")
                                        (oid->string commit-id)))))))
             ('missing-key
              (raise (condition
+                     (&missing-key-error (commit commit-id)
+                                         (signature signature))
                      (&message
                       (message (format #f (G_ "could not authenticate \
 commit ~a: key ~a is missing")
@@ -138,6 +176,8 @@ not specify anything, fall back to DEFAULT-AUTHORIZATIONS."
                   (commit-authorized-keys repository commit
                                           default-authorizations))
     (raise (condition
+            (&unauthorized-commit-error (commit id)
+                                        (signing-key signing-key))
             (&message
              (message (format #f (G_ "commit ~a not signed by an authorized \
 key: ~a")