aboutsummaryrefslogtreecommitdiff
path: root/tests/guix-authenticate.sh
Commit message (Collapse)AuthorAge
* tests: Move keys into ./tests/keys/ and add a third ed25519 key.Attila Lendvai2021-12-22
| | | | | | | | | | | | | | | The third key will be used in an upcoming commit. Rename public keys to .pub. * guix/tests/gnupg.scm (%ed25519-3-public-key-file): New variable. (%ed25519-3-secret-key-file): New variable. (%ed25519-2-public-key-file): Renamed from %ed25519bis-public-key-file. (%ed25519-2-secret-key-file): Renamed from %ed25519bis-secret-key-file. * tests/keys/ed25519-3.key: New file. * tests/keys/ed25519-3.sec: New file. Signed-off-by: Mathieu Othacehe <othacehe@gnu.org>
* authenticate: Encode strings as ISO-8859-1.Ludovic Courtès2020-09-15
| | | | | | | | | | Fixes <https://bugs.gnu.org/43421>. * guix/scripts/authenticate.scm (read-command): Decode strings as ISO-8859-1, not UTF-8. (guix-authenticate)[send-reply]: Encode strings as ISO-8859-1, not UTF-8. * tests/guix-authenticate.sh: Add test.
* daemon: Spawn 'guix authenticate' once for all.Ludovic Courtès2020-09-14
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | Previously, we'd spawn 'guix authenticate' once for each item that has to be signed (when exporting) or authenticated (when importing). Now, we spawn it once for all and then follow a request/reply protocol. This reduces the wall-clock time of: guix archive --export -r $(guix build coreutils -d) from 30s to 2s. * guix/scripts/authenticate.scm (sign-with-key): Return the signature instead of displaying it. Raise a &formatted-message instead of calling 'leave'. (validate-signature): Likewise. (read-command): New procedure. (define-enumerate-type, reply-code): New macros. (guix-authenticate)[send-reply]: New procedure. Change to read commands from current-input-port. * nix/libstore/local-store.cc (runAuthenticationProgram): Remove. (authenticationAgent, readInteger, readAuthenticateReply): New functions. (signHash, verifySignature): Rewrite in terms of the agent. * tests/store.scm ("import not signed"): Remove 'pk' call. ("import signed by unauthorized key"): Check the error message of C. * tests/guix-authenticate.sh: Rewrite using the new protocol. fixlet
* daemon: Simplify interface with 'guix authenticate'.Ludovic Courtès2020-09-11
| | | | | | | | | | | | | | | There's no reason at this point to mimic the calling convention of the 'openssl' command. * nix/libstore/local-store.cc (LocalStore::exportPath): Add only "sign" and HASH to ARGS. Remove 'tmpDir' and 'hashFile'. (LocalStore::importPath): Add only "verify" and SIGNATURE to * guix/scripts/authenticate.scm (guix-authenticate): Adjust accordingly; remove the OpenSSL-style clauses. (read-hash-data): Remove. (sign-with-key): Replace 'port' with 'sha256' and adjust accordingly. (validate-signature): Export SIGNATURE to be a canonical sexp. * tests/guix-authenticate.sh: Adjust tests accordingly.
* authenticate: Allow signatures with binary data to be written to stdout.Ludovic Courtès2014-04-22
| | | | | | | | | | | | Fixes <http://bugs.gnu.org/17312>. * guix/scripts/authenticate.scm (guix-authenticate): Add calls to 'set-port-encoding!' and 'set-port-conversion-strategy!'. Wrap body in 'with-fluids' form that sets '%default-port-encoding' and '%default-port-conversion-strategy'. * tests/guix-authenticate.sh: Add test. * tests/pk-crypto.scm ("hash corrupt due to restrictive locale encoding"): Add reference to bug.
* authenticate: Support reading the hash or key from stdin.Ludovic Courtès2014-03-22
| | | | | | | | * guix/scripts/authenticate.scm (guix-authenticate): Add clauses for ("rsautl" "-sign" "-inkey" key) and ("rsautl" "-verify" "-inkey" _ "-pubin"). * tests/guix-authenticate.sh (hash): Add test using -sign and -verify in a pipeline.
* authenticate: Add test.Ludovic Courtès2013-12-21
* tests/guix-authenticate.sh: New file. * Makefile.am (SH_TESTS): Add it.