aboutsummaryrefslogtreecommitdiff
path: root/guix
diff options
context:
space:
mode:
authorLudovic Courtès <ludo@gnu.org>2014-04-22 11:30:51 +0200
committerLudovic Courtès <ludo@gnu.org>2014-04-22 11:30:58 +0200
commit6f69588529f9898dc4f2defd21603cc4abbaca17 (patch)
treed272d8bd84f0653e0d5b7d409df3211c29fec784 /guix
parent6030d8493e13af81be63c3cee530d44b4dff1ad6 (diff)
downloadgnu-guix-6f69588529f9898dc4f2defd21603cc4abbaca17.tar
gnu-guix-6f69588529f9898dc4f2defd21603cc4abbaca17.tar.gz
authenticate: Allow signatures with binary data to be written to stdout.
Fixes <http://bugs.gnu.org/17312>. * guix/scripts/authenticate.scm (guix-authenticate): Add calls to 'set-port-encoding!' and 'set-port-conversion-strategy!'. Wrap body in 'with-fluids' form that sets '%default-port-encoding' and '%default-port-conversion-strategy'. * tests/guix-authenticate.sh: Add test. * tests/pk-crypto.scm ("hash corrupt due to restrictive locale encoding"): Add reference to bug.
Diffstat (limited to 'guix')
-rw-r--r--guix/scripts/authenticate.scm55
1 files changed, 32 insertions, 23 deletions
diff --git a/guix/scripts/authenticate.scm b/guix/scripts/authenticate.scm
index 62717bb09c..1b1e0b08ca 100644
--- a/guix/scripts/authenticate.scm
+++ b/guix/scripts/authenticate.scm
@@ -89,30 +89,39 @@ to stdout upon success."
;;;
(define (guix-authenticate . args)
- (match args
- ;; As invoked by guix-daemon.
- (("rsautl" "-sign" "-inkey" key "-in" hash-file)
- (call-with-input-file hash-file
- (lambda (port)
- (sign-with-key key port))))
- ;; As invoked by Nix/Crypto.pm (used by Hydra.)
- (("rsautl" "-sign" "-inkey" key)
- (sign-with-key key (current-input-port)))
- ;; As invoked by guix-daemon.
- (("rsautl" "-verify" "-inkey" _ "-pubin" "-in" signature-file)
- (call-with-input-file signature-file
- (lambda (port)
- (validate-signature port))))
- ;; As invoked by Nix/Crypto.pm (used by Hydra.)
- (("rsautl" "-verify" "-inkey" _ "-pubin")
- (validate-signature (current-input-port)))
- (("--help")
- (display (_ "Usage: guix authenticate OPTION...
+ ;; Signature sexps written to stdout may contain binary data, so force
+ ;; ISO-8859-1 encoding so that things are not mangled. See
+ ;; <http://bugs.gnu.org/17312> for details.
+ (set-port-encoding! (current-output-port) "ISO-8859-1")
+ (set-port-conversion-strategy! (current-output-port) 'error)
+
+ ;; Same goes for input ports.
+ (with-fluids ((%default-port-encoding "ISO-8859-1")
+ (%default-port-conversion-strategy 'error))
+ (match args
+ ;; As invoked by guix-daemon.
+ (("rsautl" "-sign" "-inkey" key "-in" hash-file)
+ (call-with-input-file hash-file
+ (lambda (port)
+ (sign-with-key key port))))
+ ;; As invoked by Nix/Crypto.pm (used by Hydra.)
+ (("rsautl" "-sign" "-inkey" key)
+ (sign-with-key key (current-input-port)))
+ ;; As invoked by guix-daemon.
+ (("rsautl" "-verify" "-inkey" _ "-pubin" "-in" signature-file)
+ (call-with-input-file signature-file
+ (lambda (port)
+ (validate-signature port))))
+ ;; As invoked by Nix/Crypto.pm (used by Hydra.)
+ (("rsautl" "-verify" "-inkey" _ "-pubin")
+ (validate-signature (current-input-port)))
+ (("--help")
+ (display (_ "Usage: guix authenticate OPTION...
Sign or verify the signature on the given file. This tool is meant to
be used internally by 'guix-daemon'.\n")))
- (("--version")
- (show-version-and-exit "guix authenticate"))
- (else
- (leave (_ "wrong arguments")))))
+ (("--version")
+ (show-version-and-exit "guix authenticate"))
+ (else
+ (leave (_ "wrong arguments"))))))
;;; authenticate.scm ends here