| Commit message (Collapse) | Author | Age |
|
|
|
|
|
|
|
|
| |
* guix/pki.scm (%signature-status): New procedure.
(signature-case): New macro.
* tests/pki.scm (%secret-key, %alternate-secret-key): New variables.
("signature-case valid-signature", "signature-case invalid-signature",
"signature-case hash-mismatch", "signature-case unauthorized-key",
"signature-case corrupt-signature"): New tests.
|
|
|
|
|
|
|
|
| |
* tests/substitute-binary.scm (test-error*): Rename to...
(test-quit): ... this. Add 'error-rx' parameter and honor it.
("not a number", "wrong version number", "substitute, no signature",
"substitute, invalid hash", "substitute, unauthorized key"): Adjust
accordingly.
|
|
|
|
|
|
|
|
| |
* tests/substitute-binary.scm (%narinfo): Set 'URL', 'Compression', and
'NarHash'.
(call-with-narinfo): Create 'example.out' and 'example.nar'.
("query narinfo without signature", "substitute, no signature",
"substitute, authorized key"): New tests.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* tests/substitute-binary.scm (signature-body): Change 'str' parameter
to 'bv', and expect it to be a bytevector.
(%signature-body, %wrong-signature, %acl): Remove.
(signature): Rename to...
(signature-field): ... this. Add 'bv-or-str' parameter. Change 'str'
parameter to #:version. Add #:public-key parameter. Call
'signature-body' directly. Change domain part of the signature to
'example.gnu.org'.
("not a number", "wrong version number", "valid
narinfo-signature->canonical-sexp"): Use 'signature-field' instead of
'signature' or %SIGNATURE.
(test-error-condition): Add 'message-rx' parameter and honor it.
("corrupt signature data", "unauthorized public key", "invalid
signature"): Adjust accordingly.
(narinfo, %signed-narinfo): Remove.
("query narinfo with invalid hash"): Use '%narinfo' and
'signature-field' instead of 'narinfo' and '%signature'.
("query narinfo signed with authorized key", "query narinfo signed
with unauthorized key", "substitute, invalid hash", "substitute,
unauthorized key"): Likewise.
|
|
|
|
| |
* tests/store.scm ("substitute, corrupt output hash"): New test.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* guix/scripts/substitute-binary.scm (narinfo-signature->canonical-sexp):
Catch 'gcry-error' around 'string->canonical-sexp' call, and re-raise
as a SRFI-35 &message and &nar-signature-error.
(narinfo-maker): Handle when SIGNATURE is #f or an invalid canonical
sexp.
(&nar-signature-error, &nar-invalid-hash-error): New variables.
(assert-valid-signature): Use them. Expect 'signature' to be a
canonical sexp.
(read-narinfo): Remove authentication and authorization checks.
(%signature-line-rx): New variable.
(assert-valid-narinfo, valid-narinfo?): New procedures.
(guix-substitute-binary): Wrap body in 'with-error-handling'.
[valid?]: New procedure.
<--query>: Show only store items of narinfos that match
'valid-narinfo?'.
<--substitute>: Call 'assert-valid-narinfo'.
* tests/substitute-binary.scm (test-error*): Use 'test-equal'.
(%keypair): Remove.
(%public-key, %private-key): Load from signing-key.{pub,sec}.
(signature-body): Add #:public-key parameter.
(call-with-narinfo): New procedure.
(with-narinfo): New macro.
("corrupt signature data", "unauthorized public key", "invalid
signature"): Make the first argument to 'assert-valid-signature' a
canonical sexp.
("invalid hash", "valid read-narinfo", "valid write-narinfo"):
Remove.
("query narinfo with invalid hash", "query narinfo signed with
authorized key", "query narinfo signed with unauthorized key",
"substitute, invalid hash", "substitute, unauthorized key"): New
tests.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* guix/scripts/substitute-binary.scm (<narinfo>): Add the 'signature'
and 'contents' fields.
(narinfo-signature->canonical-sexp): New function.
(narinfo-maker): Add the 'signature' argument and use it.
(assert-valid-signature): New function.
(read-narinfo): Support the Signature field.
(write-narinfo): Use 'narinfo-contents'.
(%allow-unauthenticated-substitutes?): New variable.
* guix/base64.scm, tests/base64.scm, tests/substitute-binary.scm: New files.
* Makefile.am (SCM_TESTS): Add tests/base64.scm and
tests/substitute-binary.scm.
(MODULES): Add guix/base64.scm.
* test-env.in: Set 'GUIX_ALLOW_UNAUTHENTICATED_SUBSTITUTES'.
|
|
|
|
|
| |
* tests/guix-archive.sh: Check the exit value of 'guix archive
--import'.
|
|
|
|
| |
* tests/guix-daemon.sh: Add substituter tests.
|
|\ |
|
| |\ |
|
| |\ \ |
|
| |\ \ \ |
|
| |\ \ \ \
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
Conflicts:
gnu-system.am
|
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
* tests/guix-package.sh: Refer to 'glibc:debug' instead of
'binutils:lib' since the latter no longer exists.
|
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
* guix/utils.scm (call-with-decompressed-port,
call-with-compressed-output-port): New procedures.
* tests/utils.scm ("compressed-output-port + decompressed-port"):
Rewrite to use them.
|
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
* guix/utils.scm (filtered-output-port, compressed-output-port): New
procedures.
* tests/utils.scm ("compressed-output-port + decompressed-port"): New
test.
|
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
* tests/derivations.scm ("derivation-prerequisites-to-build and
substitutes"): Add call to 'set-build-options'.
|
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
* guix/scripts/authenticate.scm (guix-authenticate): Add clauses
for ("rsautl" "-sign" "-inkey" key) and ("rsautl" "-verify" "-inkey" _
"-pubin").
* tests/guix-authenticate.sh (hash): Add test using -sign and -verify in
a pipeline.
|
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
* guix/utils.scm (decompressed-port, compressed-port): New procedures.
* guix/scripts/substitute-binary.scm (decompressed-port): Remove.
(guix-substitute-binary): Pass a symbol or #f as the first argument to
'decompress-port'.
* tests/utils.scm ("compressed-port, decompressed-port, non-file"): New
test.
|
| |_|_|_|/
|/| | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
* guix/utils.scm (filtered-port): Make sure the 'execl' child process
always exits, and does (primitive-_exit 1) upon execution failure.
Use 'primitive-_exit' in the 'dump-port' child process.
* tests/utils.scm ("filtered-port, does not exist"): New test.
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
* guix/pk-crypto.scm (gcrypt-version): New procedure.
* guix/scripts/archive.scm (%key-generation-parameters): New variable.
(%options) <generate-key>: Use it.
* tests/pk-crypto.scm ("sign + verify, Ed25519"): Skip if using gcrypt < 1.6.0.
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
* guix/pk-crypto.scm (bytevector->hash-data): Add #:key-type parameter.
Use the 'pkcs1' flag when KEY-TYPE is 'rsa', and 'rfc6979' when
KEY-TYPE is 'ecc' or 'dsa'.
(key-type): New procedure.
* guix/scripts/authenticate.scm (read-hash-data): Add 'key-type'
parameter. Pass it to 'bytevector->hash-data'. Adjust caller
accordingly.
* tests/pk-crypto.scm (%ecc-key-pair): New variable.
("key-type"): New test.
("sign + verify"): Pass #:key-type to 'bytevector->hash-data'.
("sign + verify, Ed25519"): New test.
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
* tests/store.scm ("valid-path? live", "valid-path? false", "valid-path?
error", "valid-path? recovery"): New tests.
|
| |_|_|/
|/| | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Reported by Nikita Karetnikov <nikita@karetnikov.org>
and Pierre-Antoine Rault <par@rigelk.eu>.
* test-env.in: Change 'NIX_LOG_DIR' in accordance with f5768af.
* tests/guix-register.sh: Likewise for 'NIX_LOG_DIR' and 'NIX_DB_DIR'.
|
| |_|/
|/| |
| | |
| | |
| | | |
* guix/store.scm (hash-part->path): New procedure.
* tests/store.scm ("hash-part->path"): New test.
|
| | |
| | |
| | |
| | |
| | | |
* tests/store.scm ("topologically-sorted, more difficult"): Arrange to
handle a different ordering of (references %store y).
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
* guix/serialization.scm (write-string-pairs): New procedure.
* guix/store.scm (write-arg): Add 'string-pairs' case.
(set-build-options): Add 'timeout' keyword parameter. Honor it.
* tests/derivations.scm ("build-expression->derivation and timeout"):
New test.
|
| | |
| | |
| | |
| | |
| | |
| | | |
* guix/utils.scm (F_SETLK): New variable.
(fcntl-flock): Add 'wait?' keyword parameter; honor it.
* tests/utils.scm ("fcntl-flock non-blocking"): New test.
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
This fixes a regression introduced in
99fbddf9a623757e39d88bfb431f8f7d6f24b75b ("store: Change 'export-paths'
to always export in topological order.")
* guix/store.scm (export-paths): Define 'ordered' variable. Iterate
over it.
* tests/store.scm ("export/import paths, ensure topological order"): Add
'file0'. Adjust accordingly.
|
| |/
|/|
| |
| |
| |
| |
| |
| |
| | |
* tests/utils.scm (temp-file): New variable.
("fcntl-flock"): Rewrite to actually test whether the child process
waits for the lock to be released. The previous test was wrong
because (1) it expected F_SETLK semantics, not F_SETLKW, and (2) it
got EBADF because of a mismatch between the open mode and the lock
style.
|
| |
| |
| |
| |
| |
| |
| | |
* guix/nar.scm (write-file) <directory>: Pass 'string<?' as the second
argument to 'scandir'.
* tests/nar.scm ("write-file puts file in C locale collation order"):
New test.
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* guix/derivations.scm (<derivation-output>): Add 'recursive?' field.
Adjust 'make-derivation-output' callers.
(%read-derivation) <fixed-output>: When HASH-ALGO starts with 'r:',
set the 'recursive?' field and drop 'r:' from the hash algo name.
(write-derivation)[write-output]: Write the algo as 'r:HASH-ALGO' when
the RECURSIVE? field is set.
(derivation-hash) <fixed-output>: Prepend "r:" when RECURSIVE? is set.
(fixed-output-path): New procedure.
(derivation): Add #:recursive? parameter. Use 'fixed-output-path' to
compute the output file name of a fixed output derivation.
(build-expression->derivation): Add #:recursive? parameter. Pass it
to 'derivation'.
* tests/derivations.scm ("fixed-output derivation, recursive",
"build-expression->derivation produces recursive fixed-output",
"build-expression->derivation uses recursive fixed-output"): New
tests.
* doc/guix.texi (Derivations): Document #:recursive? for 'derivation'.
Add #:recursive? for 'build-expression->derivation'.
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* guix/scripts/hash.scm (show-help): Add --recursive.
(%options): Likewise.
(guix-hash)[file-hash]: New procedure. Honor --recursive.
Use it.
* guix/nar.scm (write-file): Add missing field to the &nar-error
condition raised upon unsupported file type; change its message to be
more descriptive.
* tests/guix-hash.sh: Add tests with -r.
* doc/guix.texi (Invoking guix hash): Document --recursive.
|
| |
| |
| |
| |
| |
| | |
* guix/nar.scm (write-contents): Use 'sendfile' only when P is a file
port.
* tests/nar.scm ("write-file supports non-file output ports"): New test.
|
| |
| |
| |
| |
| |
| |
| | |
* guix/store.scm (export-paths): Pass PATHS through
'topologically-sorted' before iterating.
* tests/store.scm ("export/import paths, ensure topological order"): New
test.
|
|/
|
|
|
|
|
|
| |
* guix/monads.scm (text-file*): New procedure.
* tests/monads.scm ("text-file*"): New test.
* doc/guix.texi (The Store Monad): Change example since the previous one
would erroneously fail to retain a reference to Coreutils. Document
'text-file*'.
|
|
|
|
|
|
|
| |
* guix/store.scm (topologically-sorted): New procedure.
* tests/store.scm ("topologically-sorted, one item",
"topologically-sorted, several items", "topologically-sorted, more
difficult"): New tests.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* guix/nar.scm (&nar-invalid-hash-error, &nar-signature-error): New
condition types.
(&nar-error): Add 'file' and 'port' fields.
(&nar-read-error): Remove 'port' and 'file' fields.
(lock-store-file, unlock-store-file, finalize-store-file,
temporary-store-directory, restore-file-set): New procedures.
* tests/nar.scm (%seed): New variable.
(random-text): New procedure.
("restore-file-set (signed, valid)", "restore-file-set (missing
signature)", "restore-file-set (corrupt)"): New tests.
* po/Makevars (XGETTEXT_OPTIONS): Add '--keyword=message'.nar fixes
* po/POTFILES.in: Add guix/nar.scm.
|
|
|
|
|
|
|
|
| |
* guix/hash.scm (open-sha256-input-port): New procedure.
* tests/hash.scm (supports-unbuffered-cbip?): New procedure.
("open-sha256-input-port, empty", "open-sha256-input-port, hello",
"open-sha256-input-port, hello, one two",
"open-sha256-input-port, hello, read from wrapped port"): New tests.
|
|
|
|
|
|
| |
* guix/utils.scm (%struct-flock, F_SETLKW, F_xxLCK): New variables.
(fcntl-flock): New procedure.
* tests/utils.scm ("fcntl-flock"): New test.
|
|
|
|
|
|
|
|
|
| |
* guix/store.scm (register-path): New procedure.
* tests/store.scm ("register-path"): New test.
* guix/config.scm.in (%guix-register-program): New variable.
* configure.ac: Compute and substitute 'guix_sbindir'. Compute
'guix_prefix'.
* pre-inst-env.in: Define 'GUIX_REGISTER'.
|
|
|
|
|
|
|
| |
* nix/guix-register/guix-register.cc (register_validity): Leave
'info.path' unmodified when PREFIX is empty.
(main): Call 'settings.processEnvironment' early on.
Leave 'settings.nixStore' unmodified when PREFIX is empty.
|
|
|
|
|
|
|
|
| |
* guix/scripts/archive.scm (show-help, %options): Add '--missing'.
(guix-archive)[lines]: New procedure.
Use it to honor '--missing'.
* tests/guix-archive.sh: Add tests.
* doc/guix.texi (Invoking guix archive): Document '--missing'.
|
|
|
|
|
|
|
| |
* guix/scripts/package.scm (leave-on-EPIPE): New macro.
(guix-package): Use it for 'list-installed', 'list-available', and
'--list-generations'.
* tests/guix-package.sh: Add test.
|
|
|
|
|
|
|
|
|
| |
* guix/scripts/archive.scm (authorize-key): New procedure.
(guix-archive): Call it when OPTS contains 'authorize-key'.
* tests/guix-archive.sh: Add test with invalid public key.
* guix/pki.scm: Export '%acl-file'.
* doc/guix.texi (Invoking guix archive): Make it clear that '--import'
works only with authorized keys. Document '--authorize'.
|
|
|
|
|
|
| |
* guix/pk-crypto.scm (canonical-sexp->sexp): Add hack to extract an
atom's buffer.
* tests/pk-crypto.scm ("sexp->canonical-sexp->sexp"): Add sample.
|
|
|
|
|
|
|
| |
* guix/pk-crypto.scm (canonical-sexp-fold): Call 'nth-data' before
'nth' to work around <https://bugs.g10code.com/gnupg/issue1594>.
* tests/pk-crypto.scm ("https://bugs.g10code.com/gnupg/issue1594"): New
test.
|
|
|
|
|
|
| |
* guix/pki.scm, tests/pki.scm: New files.
* Makefile.am (MODULES): Add 'guix/pki.scm'.
(SCM_TESTS): Add 'tests/pki.scm'.
|
|
|
|
|
|
|
| |
* guix/pk-crypto.scm (canonical-sexp-fold, canonical-sexp->sexp,
sexp->canonical-sexp): New procedures.
* tests/pk-crypto.scm ("canonical-sexp->sexp",
"sexp->canonical-sexp->sexp"): New tests.
|