authenticate: Support reading the hash or key from stdin.

* guix/scripts/authenticate.scm (guix-authenticate): Add clauses for ("rsautl" "-sign" "-inkey" key) and ("rsautl" "-verify" "-inkey" _ "-pubin"). * tests/guix-authenticate.sh (hash): Add test using -sign and -verify in a pipeline.
2014-03-22 22:46:11 +01:00 · 2014-03-22 22:46:11 +01:00 · 9b0a2233db
parent 9dbe6e43ea
commit 9b0a2233db
2 changed files with 20 additions and 1 deletions
--- a/guix/scripts/authenticate.scm
+++ b/guix/scripts/authenticate.scm
@ -90,14 +90,22 @@ to stdout upon success."

 (define (guix-authenticate . args)
  (match args
+    ;; As invoked by guix-daemon.
    (("rsautl" "-sign" "-inkey" key "-in" hash-file)
     (call-with-input-file hash-file
       (lambda (port)
         (sign-with-key key port))))
+    ;; As invoked by Nix/Crypto.pm (used by Hydra.)
+    (("rsautl" "-sign" "-inkey" key)
+     (sign-with-key key (current-input-port)))
+    ;; As invoked by guix-daemon.
    (("rsautl" "-verify" "-inkey" _ "-pubin" "-in" signature-file)
     (call-with-input-file signature-file
       (lambda (port)
         (validate-signature port))))
+    ;; As invoked by Nix/Crypto.pm (used by Hydra.)
+    (("rsautl" "-verify" "-inkey" _ "-pubin")
+     (validate-signature (current-input-port)))
    (("--help")
     (display (_ "Usage: guix authenticate OPTION...
 Sign or verify the signature on the given file.  This tool is meant to
--- a/tests/guix-authenticate.sh
+++ b/tests/guix-authenticate.sh
@ -1,5 +1,5 @@
 # GNU Guix --- Functional package management for GNU
-# Copyright © 2013 Ludovic Courtès <ludo@gnu.org>
+# Copyright © 2013, 2014 Ludovic Courtès <ludo@gnu.org>
 #
 # This file is part of GNU Guix.
 #
@ -42,6 +42,17 @@ hash2="`guix authenticate rsautl -verify		\
          -pubin -in $sig`"
 test "$hash2" = `cat "$hash"`

+# Same thing in a pipeline, using the command line syntax that Nix/Crypto.pm
+# uses.
+hash2="`						\
+  cat "$hash"						\
+  | guix authenticate rsautl -sign			\
+    -inkey "$abs_top_srcdir/tests/signing-key.sec"	\
+  | guix authenticate rsautl -verify			\
+          -inkey $abs_top_srcdir/tests/signing-key.pub	\
+          -pubin`"
+test "$hash2" = `cat "$hash"`
+
 # Detect corrupt signatures.
 if guix authenticate rsautl -verify				\
          -inkey "$abs_top_srcdir/tests/signing-key.pub"	\