nixo
/
guix-devel
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

authenticate: Allow signatures with binary data to be written to stdout. 

Fixes <http://bugs.gnu.org/17312>.

* guix/scripts/authenticate.scm (guix-authenticate): Add calls to
  'set-port-encoding!' and 'set-port-conversion-strategy!'.  Wrap body
  in 'with-fluids' form that sets '%default-port-encoding' and
  '%default-port-conversion-strategy'.
* tests/guix-authenticate.sh: Add test.
* tests/pk-crypto.scm ("hash corrupt due to restrictive locale
  encoding"): Add reference to bug.
This commit is contained in:
Ludovic Courtès 2014-04-22 11:30:51 +02:00
parent 6030d8493e
commit 6f69588529
3 changed files with 54 additions and 24 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
guix/scripts/authenticate.scm
View File

@ -89,6 +89,15 @@ to stdout upon success."
;;; ;;;
(define (guix-authenticate . args) (define (guix-authenticate . args)
;; Signature sexps written to stdout may contain binary data, so force
;; ISO-8859-1 encoding so that things are not mangled. See
;; <http://bugs.gnu.org/17312> for details.
(set-port-encoding! (current-output-port) "ISO-8859-1")
(set-port-conversion-strategy! (current-output-port) 'error)
;; Same goes for input ports.
(with-fluids ((%default-port-encoding "ISO-8859-1")
(%default-port-conversion-strategy 'error))
(match args (match args
;; As invoked by guix-daemon. ;; As invoked by guix-daemon.
(("rsautl" "-sign" "-inkey" key "-in" hash-file) (("rsautl" "-sign" "-inkey" key "-in" hash-file)
@ -113,6 +122,6 @@ be used internally by 'guix-daemon'.\n")))
(("--version") (("--version")
(show-version-and-exit "guix authenticate")) (show-version-and-exit "guix authenticate"))
(else (else
(leave (_ "wrong arguments"))))) (leave (_ "wrong arguments"))))))
;;; authenticate.scm ends here ;;; authenticate.scm ends here

21
tests/guix-authenticate.sh
View File

@ -72,3 +72,24 @@ if guix authenticate rsautl -verify \
then false then false
else true else true
fi fi
# Test for <http://bugs.gnu.org/17312>: make sure 'guix authenticate' produces
# valid signatures when run in the C locale.
echo "5eff0b55c9c5f5e87b4e34cd60a2d5654ca1eb78c7b3c67c3179fed1cff07b4c" \
> "$hash"
LC_ALL=C
export LC_ALL
guix authenticate rsautl -sign \
-inkey "$abs_top_srcdir/tests/signing-key.sec" \
-in "$hash" > "$sig"
guix authenticate rsautl -verify \
-inkey "$abs_top_srcdir/tests/signing-key.pub" \
-pubin -in "$sig"
hash2="`guix authenticate rsautl -verify \
-inkey $abs_top_srcdir/tests/signing-key.pub \
-pubin -in $sig`"
test "$hash2" = `cat "$hash"`

2
tests/pk-crypto.scm
View File

@ -153,7 +153,7 @@
;; In Guix up to 0.6 included this test would fail because at some point ;; In Guix up to 0.6 included this test would fail because at some point
;; the hash value would be cropped to ASCII. In practice 'guix ;; the hash value would be cropped to ASCII. In practice 'guix
;; authenticate' would produce invalid signatures that would fail ;; authenticate' would produce invalid signatures that would fail
;; signature verification. ;; signature verification. See <http://bugs.gnu.org/17312>.
(let ((locale (setlocale LC_ALL))) (let ((locale (setlocale LC_ALL)))
(dynamic-wind (dynamic-wind
(lambda () (lambda ()