diff options
author | Ludovic Courtès <ludo@gnu.org> | 2013-12-21 21:47:17 +0100 |
---|---|---|
committer | Ludovic Courtès <ludo@gnu.org> | 2013-12-21 21:47:17 +0100 |
commit | 0820098d1ccf63e3e8b44df67dcb4236b78975c6 (patch) | |
tree | bf31bbd4779ee10926928b286cb5617343698710 | |
parent | 0a66781eee68efe71437ac0116172c873351eede (diff) | |
download | patches-0820098d1ccf63e3e8b44df67dcb4236b78975c6.tar patches-0820098d1ccf63e3e8b44df67dcb4236b78975c6.tar.gz |
authenticate: Add test.
* tests/guix-authenticate.sh: New file.
* Makefile.am (SH_TESTS): Add it.
-rw-r--r-- | Makefile.am | 3 | ||||
-rw-r--r-- | tests/guix-authenticate.sh | 63 |
2 files changed, 65 insertions, 1 deletions
diff --git a/Makefile.am b/Makefile.am index 34846c3e29..4815c55fba 100644 --- a/Makefile.am +++ b/Makefile.am @@ -129,7 +129,8 @@ SH_TESTS = \ tests/guix-download.sh \ tests/guix-gc.sh \ tests/guix-hash.sh \ - tests/guix-package.sh + tests/guix-package.sh \ + tests/guix-authenticate.sh if BUILD_DAEMON diff --git a/tests/guix-authenticate.sh b/tests/guix-authenticate.sh new file mode 100644 index 0000000000..aa6f9e9f01 --- /dev/null +++ b/tests/guix-authenticate.sh @@ -0,0 +1,63 @@ +# GNU Guix --- Functional package management for GNU +# Copyright © 2013 Ludovic Courtès <ludo@gnu.org> +# +# This file is part of GNU Guix. +# +# GNU Guix is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 3 of the License, or (at +# your option) any later version. +# +# GNU Guix is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with GNU Guix. If not, see <http://www.gnu.org/licenses/>. + +# +# Test the 'guix authenticate' command-line utility. +# + +guix authenticate --version + +sig="t-signature-$$" +hash="t-hash-$$" +rm -f "$sig" "$hash" + +trap 'rm -f "$sig" "$hash"' EXIT + +# A hexadecimal string as long as a sha256 hash. +echo "2749f0ea9f26c6c7be746a9cff8fa4c2f2a02b000070dba78429e9a11f87c6eb" \ + > "$hash" + +guix authenticate rsautl -sign \ + -inkey "$abs_top_srcdir/tests/signing-key.sec" \ + -in "$hash" > "$sig" +test -f "$sig" + +hash2="`guix authenticate rsautl -verify \ + -inkey $abs_top_srcdir/tests/signing-key.pub \ + -pubin -in $sig`" +test "$hash2" = `cat "$hash"` + +# Detect corrupt signatures. +if guix authenticate rsautl -verify \ + -inkey "$abs_top_srcdir/tests/signing-key.pub" \ + -pubin -in /dev/null +then false +else true +fi + +# Detect invalid signatures. +# The signature has (payload (data ... (hash sha256 #...#))). We proceed by +# modifying this hash. +sed -i "$sig" \ + -e's|#[A-Z0-9]\{64\}#|#0000000000000000000000000000000000000000000000000000000000000000#|g' +if guix authenticate rsautl -verify \ + -inkey "$abs_top_srcdir/tests/signing-key.pub" \ + -pubin -in "$sig" +then false +else true +fi |