From e4687a5e68fce458685dd33bfa240758c816b3a2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ludovic=20Court=C3=A8s?= Date: Mon, 31 Mar 2014 23:47:02 +0200 Subject: Use 'signature-case' in (guix nar) and 'substitute-binary'. * guix/nar.scm (restore-file-set)[assert-valid-signature]: Rewrite in terms of 'signature-case'. * guix/scripts/substitute-binary.scm (narinfo-signature->canonical-sexp): Call 'leave' instead of 'raise' when SIGNATURE is invalid. (&nar-signature-error, &nar-invalid-hash-error): Remove. (assert-valid-signature): Add 'narinfo' parameter; remove 'port'. Rewrite in terms of 'signature-case' and 'leave'. Mention NARINFO's URI in error messages. Adjust caller. (narinfo-sha256): New procedure. (assert-valid-narinfo): Use it. (valid-narinfo?): Rewrite using 'narinfo-sha256' and 'signature-case'. * tests/substitute-binary.scm (assert-valid-signature, test-error-condition): Remove. ("corrupt signature data", "unauthorized public key", "invalid signature"): Remove. --- guix/nar.scm | 67 ++++++++++++++++++++++++++++++------------------------------ 1 file changed, 34 insertions(+), 33 deletions(-) (limited to 'guix/nar.scm') diff --git a/guix/nar.scm b/guix/nar.scm index dfee309d04..b6421434e9 100644 --- a/guix/nar.scm +++ b/guix/nar.scm @@ -372,40 +372,41 @@ while the locks are held." ;; Bail out if SIGNATURE, which must be a string as produced by ;; 'canonical-sexp->string', doesn't match HASH, a bytevector containing ;; the expected hash for FILE. - (let* ((signature (catch 'gcry-error - (lambda () - (string->canonical-sexp signature)) - (lambda (err . _) - (raise (condition - (&message - (message "signature is not a valid \ + (let ((signature (catch 'gcry-error + (lambda () + (string->canonical-sexp signature)) + (lambda (err . _) + (raise (condition + (&message + (message "signature is not a valid \ s-expression")) - (&nar-signature-error - (file file) - (signature signature) (port port))))))) - (subject (signature-subject signature)) - (data (signature-signed-data signature))) - (if (and data subject) - (if (authorized-key? subject) - (if (equal? (hash-data->bytevector data) hash) - (unless (valid-signature? signature) - (raise (condition - (&message (message "invalid signature")) - (&nar-signature-error - (file file) (signature signature) (port port))))) - (raise (condition (&message (message "invalid hash")) - (&nar-invalid-hash-error - (port port) (file file) - (signature signature) - (expected (hash-data->bytevector data)) - (actual hash))))) - (raise (condition (&message (message "unauthorized public key")) - (&nar-signature-error - (signature signature) (file file) (port port))))) - (raise (condition - (&message (message "corrupt signature data")) - (&nar-signature-error - (signature signature) (file file) (port port))))))) + (&nar-signature-error + (file file) + (signature signature) (port port)))))))) + (signature-case (signature hash (current-acl)) + (valid-signature #t) + (invalid-signature + (raise (condition + (&message (message "invalid signature")) + (&nar-signature-error + (file file) (signature signature) (port port))))) + (hash-mismatch + (raise (condition (&message (message "invalid hash")) + (&nar-invalid-hash-error + (port port) (file file) + (signature signature) + (expected (hash-data->bytevector + (signature-signed-data signature))) + (actual hash))))) + (unauthorized-key + (raise (condition (&message (message "unauthorized public key")) + (&nar-signature-error + (signature signature) (file file) (port port))))) + (corrupt-signature + (raise (condition + (&message (message "corrupt signature data")) + (&nar-signature-error + (signature signature) (file file) (port port)))))))) (let loop ((n (read-long-long port)) (files '())) -- cgit v1.2.3