Commit Graph

11 Commits

Author SHA1 Message Date
Ludovic Courtès 4cca91832b authenticate: Add compatibility hack for Guile 2.0.5.
* guix/scripts/authenticate.scm (%default-port-conversion-strategy): New
  variable.  Reported by Andreas Enge <andreas@enge.fr>.
2014-05-16 10:22:19 +02:00
Ludovic Courtès 6f69588529 authenticate: Allow signatures with binary data to be written to stdout.
Fixes <http://bugs.gnu.org/17312>.

* guix/scripts/authenticate.scm (guix-authenticate): Add calls to
  'set-port-encoding!' and 'set-port-conversion-strategy!'.  Wrap body
  in 'with-fluids' form that sets '%default-port-encoding' and
  '%default-port-conversion-strategy'.
* tests/guix-authenticate.sh: Add test.
* tests/pk-crypto.scm ("hash corrupt due to restrictive locale
  encoding"): Add reference to bug.
2014-04-22 11:30:58 +02:00
Ludovic Courtès 9b0a2233db authenticate: Support reading the hash or key from stdin.
* guix/scripts/authenticate.scm (guix-authenticate): Add clauses
  for ("rsautl" "-sign" "-inkey" key) and ("rsautl" "-verify" "-inkey" _
  "-pubin").
* tests/guix-authenticate.sh (hash): Add test using -sign and -verify in
  a pipeline.
2014-03-22 22:57:10 +01:00
Ludovic Courtès 9dbe6e43ea authenticate: Move actual work to separate procedures.
* guix/scripts/authenticate.scm (read-canonical-sexp): Change to expect
  a port instead of a file name.
  (read-hash-data): Likewise.
  (sign-with-key, validate-signature): New procedures.
  (guix-authenticate): Rewrite in terms of these two procedures.
2014-03-22 22:57:10 +01:00
Ludovic Courtès 32a1eb8025 pk-crypto: Use RFC6979 when signing with an ECC or DSA key.
* guix/pk-crypto.scm (bytevector->hash-data): Add #:key-type parameter.
  Use the 'pkcs1' flag when KEY-TYPE is 'rsa', and 'rfc6979' when
  KEY-TYPE is 'ecc' or 'dsa'.
  (key-type): New procedure.
* guix/scripts/authenticate.scm (read-hash-data): Add 'key-type'
  parameter.  Pass it to 'bytevector->hash-data'.  Adjust caller
  accordingly.
* tests/pk-crypto.scm (%ecc-key-pair): New variable.
  ("key-type"): New test.
  ("sign + verify"): Pass #:key-type to 'bytevector->hash-data'.
  ("sign + verify, Ed25519"): New test.
2014-03-19 21:40:10 +01:00
Ludovic Courtès d28684b5a5 pki: Factorize signature manipulation procedures.
* guix/pki.scm (signature-subject, signature-signed-data,
  valid-signature?): New procedures.
* guix/scripts/authenticate.scm (guix-authenticate): Adjust to use
  them.
2014-01-24 00:01:49 +01:00
Ludovic Courtès c909dab269 authenticate: Consistently use 'leave' for fatal error reporting.
* guix/scripts/authenticate.scm (guix-authenticate): Replace all uses of
  'format' + 'exit' with 'leave'.
2013-12-30 18:23:44 +01:00
Ludovic Courtès 96e5085c81 authenticate: Disallow imports signed with unauthorized keys.
* guix/scripts/authenticate.scm (signature-sexp): Remove.
  (guix-authenticate): Upon '-verify', check whether the signature's
  public key passes 'authorized-key?'.
2013-12-29 15:57:24 +01:00
Ludovic Courtès 6df1fb8991 authenticate: Store the public key as part of the signature.
* guix/scripts/authenticate.scm (signature-sexp): New procedure.
  (guix-authenticate): Use it to produce the signature.  Adjust
  verification code accordingly.
* tests/store.scm ("import corrupt path"): Adjust test accordingly.
2013-12-29 15:57:23 +01:00
Ludovic Courtès b0a33ac157 pk-crypto: Rename 'gcry-sexp' to 'canonical-sexp'.
* guix/pk-crypto.scm: Rename procedures, variables, etc. from
  'gcry-sexp' to 'canonical-sexp'.  Add comment with references.
* guix/scripts/authenticate.scm, tests/pk-crypto.scm: Adjust
  accordingly.
2013-12-29 15:57:23 +01:00
Ludovic Courtès 526382ff92 daemon: Implement signed archive import/export.
* guix/scripts/authenticate.scm, nix/scripts/guix-authenticate.in,
  tests/signing-key.pub, tests/signing-key.sec: New files.
* po/POTFILES.in: Add 'guix/scripts/authenticate.scm'.
* guix/store.scm (dump-port): New procedure.
  (process-stderr): Add 'user-port' optional parameter.  Handle
  the %STDERR-WRITE and %STDERR-READ cases as expected.
  (import-paths, export-path, export-paths): New procedures.
* tests/store.scm ("export/import several paths", "import corrupt
  path"): New tests.
* Makefile.am (MODULES): Add 'guix/scripts/authenticate.scm'.
  (EXTRA_DIST): Add 'tests/signing-key.{pub,sec}'.
* daemon.am (libstore_a_CPPFLAGS)[-DNIX_CONF_DIR]: Change 'NIX_CONF_DIR'
  to .../guix.  Change 'OPENSSL_PATH' to 'guix-authenticate'.
* config-daemon.ac: Instantiate 'nix/scripts/guix-authenticate'.
* nix/nix-daemon/guix-daemon.cc (main): Augment $PATH to include
  'settings.nixLibexecDir'.
* test-env.in: Export 'NIX_CONF_DIR' and 'NIX_LIBEXEC_DIR'.  Populate
  $NIX_CONF_DIR.
2013-12-20 17:17:42 +01:00