diff options
| author | Ludovic Courtès <ludo@gnu.org> | 2014-03-31 23:47:02 +0200 |
|---|---|---|
| committer | Ludovic Courtès <ludo@gnu.org> | 2014-03-31 23:47:02 +0200 |
| commit | e4687a5e68fce458685dd33bfa240758c816b3a2 (patch) | |
| tree | a104d2d3cdbf73f9bc740e21b442cfedcd99d5f3 /guix/nar.scm | |
| parent | 81deef270ded7dabcc623d9522ae593ed02160af (diff) | |
| download | gnu-guix-e4687a5e68fce458685dd33bfa240758c816b3a2.tar gnu-guix-e4687a5e68fce458685dd33bfa240758c816b3a2.tar.gz | |
Use 'signature-case' in (guix nar) and 'substitute-binary'.
* guix/nar.scm (restore-file-set)[assert-valid-signature]: Rewrite in
terms of 'signature-case'.
* guix/scripts/substitute-binary.scm (narinfo-signature->canonical-sexp):
Call 'leave' instead of 'raise' when SIGNATURE is invalid.
(&nar-signature-error, &nar-invalid-hash-error): Remove.
(assert-valid-signature): Add 'narinfo' parameter; remove 'port'.
Rewrite in terms of 'signature-case' and 'leave'. Mention NARINFO's
URI in error messages. Adjust caller.
(narinfo-sha256): New procedure.
(assert-valid-narinfo): Use it.
(valid-narinfo?): Rewrite using 'narinfo-sha256' and
'signature-case'.
* tests/substitute-binary.scm (assert-valid-signature,
test-error-condition): Remove.
("corrupt signature data", "unauthorized public key", "invalid
signature"): Remove.
Diffstat (limited to 'guix/nar.scm')
| -rw-r--r-- | guix/nar.scm | 67 |
1 files changed, 34 insertions, 33 deletions
diff --git a/guix/nar.scm b/guix/nar.scm index dfee309d04..b6421434e9 100644 --- a/guix/nar.scm +++ b/guix/nar.scm @@ -372,40 +372,41 @@ while the locks are held." ;; Bail out if SIGNATURE, which must be a string as produced by ;; 'canonical-sexp->string', doesn't match HASH, a bytevector containing ;; the expected hash for FILE. - (let* ((signature (catch 'gcry-error - (lambda () - (string->canonical-sexp signature)) - (lambda (err . _) - (raise (condition - (&message - (message "signature is not a valid \ + (let ((signature (catch 'gcry-error + (lambda () + (string->canonical-sexp signature)) + (lambda (err . _) + (raise (condition + (&message + (message "signature is not a valid \ s-expression")) - (&nar-signature-error - (file file) - (signature signature) (port port))))))) - (subject (signature-subject signature)) - (data (signature-signed-data signature))) - (if (and data subject) - (if (authorized-key? subject) - (if (equal? (hash-data->bytevector data) hash) - (unless (valid-signature? signature) - (raise (condition - (&message (message "invalid signature")) - (&nar-signature-error - (file file) (signature signature) (port port))))) - (raise (condition (&message (message "invalid hash")) - (&nar-invalid-hash-error - (port port) (file file) - (signature signature) - (expected (hash-data->bytevector data)) - (actual hash))))) - (raise (condition (&message (message "unauthorized public key")) - (&nar-signature-error - (signature signature) (file file) (port port))))) - (raise (condition - (&message (message "corrupt signature data")) - (&nar-signature-error - (signature signature) (file file) (port port))))))) + (&nar-signature-error + (file file) + (signature signature) (port port)))))))) + (signature-case (signature hash (current-acl)) + (valid-signature #t) + (invalid-signature + (raise (condition + (&message (message "invalid signature")) + (&nar-signature-error + (file file) (signature signature) (port port))))) + (hash-mismatch + (raise (condition (&message (message "invalid hash")) + (&nar-invalid-hash-error + (port port) (file file) + (signature signature) + (expected (hash-data->bytevector + (signature-signed-data signature))) + (actual hash))))) + (unauthorized-key + (raise (condition (&message (message "unauthorized public key")) + (&nar-signature-error + (signature signature) (file file) (port port))))) + (corrupt-signature + (raise (condition + (&message (message "corrupt signature data")) + (&nar-signature-error + (signature signature) (file file) (port port)))))))) (let loop ((n (read-long-long port)) (files '())) |