diff options
author | Ludovic Courtès <ludo@gnu.org> | 2014-03-22 22:46:11 +0100 |
---|---|---|
committer | Ludovic Courtès <ludo@gnu.org> | 2014-03-22 22:57:10 +0100 |
commit | 9b0a2233dbe8746015b97e97cef890d38fb44b0f (patch) | |
tree | 0c488f9d4eee8b85210e5976844b9bc38f3191fd | |
parent | 9dbe6e43ea9f7d2afccc3c9febcd7f399e819f01 (diff) | |
download | guix-9b0a2233dbe8746015b97e97cef890d38fb44b0f.tar guix-9b0a2233dbe8746015b97e97cef890d38fb44b0f.tar.gz |
authenticate: Support reading the hash or key from stdin.
* guix/scripts/authenticate.scm (guix-authenticate): Add clauses
for ("rsautl" "-sign" "-inkey" key) and ("rsautl" "-verify" "-inkey" _
"-pubin").
* tests/guix-authenticate.sh (hash): Add test using -sign and -verify in
a pipeline.
-rw-r--r-- | guix/scripts/authenticate.scm | 8 | ||||
-rw-r--r-- | tests/guix-authenticate.sh | 13 |
2 files changed, 20 insertions, 1 deletions
diff --git a/guix/scripts/authenticate.scm b/guix/scripts/authenticate.scm index 8bc148d730..62717bb09c 100644 --- a/guix/scripts/authenticate.scm +++ b/guix/scripts/authenticate.scm @@ -90,14 +90,22 @@ to stdout upon success." (define (guix-authenticate . args) (match args + ;; As invoked by guix-daemon. (("rsautl" "-sign" "-inkey" key "-in" hash-file) (call-with-input-file hash-file (lambda (port) (sign-with-key key port)))) + ;; As invoked by Nix/Crypto.pm (used by Hydra.) + (("rsautl" "-sign" "-inkey" key) + (sign-with-key key (current-input-port))) + ;; As invoked by guix-daemon. (("rsautl" "-verify" "-inkey" _ "-pubin" "-in" signature-file) (call-with-input-file signature-file (lambda (port) (validate-signature port)))) + ;; As invoked by Nix/Crypto.pm (used by Hydra.) + (("rsautl" "-verify" "-inkey" _ "-pubin") + (validate-signature (current-input-port))) (("--help") (display (_ "Usage: guix authenticate OPTION... Sign or verify the signature on the given file. This tool is meant to diff --git a/tests/guix-authenticate.sh b/tests/guix-authenticate.sh index aa6f9e9f01..35ec7ffd6a 100644 --- a/tests/guix-authenticate.sh +++ b/tests/guix-authenticate.sh @@ -1,5 +1,5 @@ # GNU Guix --- Functional package management for GNU -# Copyright © 2013 Ludovic Courtès <ludo@gnu.org> +# Copyright © 2013, 2014 Ludovic Courtès <ludo@gnu.org> # # This file is part of GNU Guix. # @@ -42,6 +42,17 @@ hash2="`guix authenticate rsautl -verify \ -pubin -in $sig`" test "$hash2" = `cat "$hash"` +# Same thing in a pipeline, using the command line syntax that Nix/Crypto.pm +# uses. +hash2="` \ + cat "$hash" \ + | guix authenticate rsautl -sign \ + -inkey "$abs_top_srcdir/tests/signing-key.sec" \ + | guix authenticate rsautl -verify \ + -inkey $abs_top_srcdir/tests/signing-key.pub \ + -pubin`" +test "$hash2" = `cat "$hash"` + # Detect corrupt signatures. if guix authenticate rsautl -verify \ -inkey "$abs_top_srcdir/tests/signing-key.pub" \ |