From 619972f7b5dc34457ad9c474bf8f9f98786d70e0 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Ludovic=20Court=C3=A8s?= <ludo@gnu.org>
Date: Tue, 16 Jun 2020 15:52:46 +0200
Subject: [PATCH] maint: "make authenticate" behaves like 'guix pull' by
 default.

* build-aux/git-authenticate.scm (%use-historical-authorizations?)
(%introductory-commit): New variables.
* build-aux/git-authenticate.scm (git-authenticate): Use pass the empty
list as #:default-authorizations when %USE-HISTORICAL-AUTHORIZATIONS? is
false.
---
 build-aux/git-authenticate.scm | 26 ++++++++++++++++++++++++--
 1 file changed, 24 insertions(+), 2 deletions(-)

diff --git a/build-aux/git-authenticate.scm b/build-aux/git-authenticate.scm
index a3d4b40ccf..e670264f28 100644
--- a/build-aux/git-authenticate.scm
+++ b/build-aux/git-authenticate.scm
@@ -218,6 +218,17 @@
            (string-downcase (string-filter char-set:graphic fingerprint)))))
        %historical-committers))
 
+(define %use-historical-authorizations?
+  ;; Whether to allow authentication of past commits using
+  ;; %HISTORICAL-AUTHORIZED-SIGNING-KEYS for when '.guix-authorizations' was
+  ;; missing.
+  (getenv "GUIX_USE_HISTORICAL_AUTHORIZATIONS"))
+
+(define %introductory-commit
+  ;; This is the commit that appears in the official 'guix' channel
+  ;; introduction.  XXX: Keep in sync with (guix channels)!
+  "9edb3f66fd807b096b48283debdcddccfea34bad")
+
 (define %commits-with-bad-signature
   ;; Commits with a known-bad signature.
   '("6a34f4ccc8a5d4a48e25ad3c9c512f8634928b91"))  ;2016-12-29
@@ -242,7 +253,10 @@
     (match args
       ((_ start end)
        (define start-commit
-         (commit-lookup repository (string->oid start)))
+         (commit-lookup repository
+                        (string->oid (if %use-historical-authorizations?
+                                         start
+                                         %introductory-commit))))
        (define end-commit
          (commit-lookup repository (string->oid end)))
 
@@ -263,6 +277,14 @@
        (define reporter
          (progress-reporter/bar (length commits)))
 
+       (define historical-authorizations
+         ;; List of authorizations in effect before '.guix-authorizations' was
+         ;; introduced.  By default, assume there were no authorizations; this
+         ;; is what 'guix pull' does.
+         (if %use-historical-authorizations?
+             %historical-authorized-signing-keys
+             '()))
+
        (format #t (G_ "Authenticating ~a to ~a (~a commits)...~%")
                (commit-short-id start-commit)
                (commit-short-id end-commit)
@@ -272,7 +294,7 @@
                       (lambda (report)
                         (authenticate-commits repository commits
                                               #:default-authorizations
-                                              %historical-authorized-signing-keys
+                                              historical-authorizations
                                               #:report-progress report)))))
          (cache-authenticated-commit "channels/guix"
                                      (oid->string (commit-id end-commit)))