nixo
/
guix-devel
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
guix-devel/guix
History
Ludovic Courtès cdea30e061 substitute-binary: Defer narinfo authentication and authorization checks. 
* guix/scripts/substitute-binary.scm (narinfo-signature->canonical-sexp):
  Catch 'gcry-error' around 'string->canonical-sexp' call, and re-raise
  as a SRFI-35 &message and &nar-signature-error.
  (narinfo-maker): Handle when SIGNATURE is #f or an invalid canonical
  sexp.
  (&nar-signature-error, &nar-invalid-hash-error): New variables.
  (assert-valid-signature): Use them.  Expect 'signature' to be a
  canonical sexp.
  (read-narinfo): Remove authentication and authorization checks.
  (%signature-line-rx): New variable.
  (assert-valid-narinfo, valid-narinfo?): New procedures.
  (guix-substitute-binary): Wrap body in 'with-error-handling'.
  [valid?]: New procedure.
  <--query>: Show only store items of narinfos that match
  'valid-narinfo?'.
  <--substitute>: Call 'assert-valid-narinfo'.
* tests/substitute-binary.scm (test-error*): Use 'test-equal'.
  (%keypair): Remove.
  (%public-key, %private-key): Load from signing-key.{pub,sec}.
  (signature-body): Add #:public-key parameter.
  (call-with-narinfo): New procedure.
  (with-narinfo): New macro.
  ("corrupt signature data", "unauthorized public key", "invalid
  signature"): Make the first argument to 'assert-valid-signature' a
  canonical sexp.
  ("invalid hash", "valid read-narinfo", "valid write-narinfo"):
  Remove.
  ("query narinfo with invalid hash", "query narinfo signed with
  authorized key", "query narinfo signed with unauthorized key",
  "substitute, invalid hash", "substitute, unauthorized key"): New
  tests.
 		2014-03-30 22:32:11 +02:00
..
build Add (guix svn-download). 2014-03-27 00:21:44 +01:00
build-system build-system/perl: Honour phases argument in perl build system. 2013-12-09 13:50:58 +01:00
scripts substitute-binary: Defer narinfo authentication and authorization checks. 2014-03-30 22:32:11 +02:00
base32.scm Update license headers. 2013-01-06 00:47:50 +01:00
base64.scm substitute-binary: Support the Signature field of a narinfo file. 2014-03-30 12:02:10 +02:00
build-system.scm Move record utilities to (guix records). 2013-05-12 15:46:16 +02:00
config.scm.in build: Change state and log directories to $localstatedir/.../guix. 2014-03-09 22:10:01 +01:00
derivations.scm Merge branch 'master' into core-updates 2014-03-17 18:26:46 +01:00
download.scm download: 'download-to-store' accepts plain file names. 2014-03-11 22:09:42 +01:00
ftp-client.scm ftp-client: Let callers handle `ftp-open' exceptions. 2013-05-14 23:51:36 +02:00
git-download.scm download: Perform derivations locally. 2014-03-06 21:42:24 +01:00
gnu-maintenance.scm gnu-maintenance: Adjust 'latest-release' to filter Bash's patch directories. 2014-02-28 00:01:53 +01:00
gnupg.scm guix refresh: Add '--key-download'. 2013-06-10 08:15:17 +00:00
hash.scm hash: Add 'open-sha256-input-port', for Guile > 2.0.9. 2014-01-24 00:01:49 +01:00
http-client.scm substitute-binary: Gracefully handle HTTP GET errors. 2014-03-01 15:38:11 +01:00
licenses.scm licenses: Fix Nixpkgs license URL. 2014-03-22 22:57:09 +01:00
monads.scm monads: Add 'text-file*'. 2014-02-03 23:20:49 +01:00
nar.scm nar: Clarify that 'assert-valid-signature' accepts a string. 2014-03-30 12:02:10 +02:00
packages.scm Change default store values from /nix/store to /gnu/store. 2014-03-10 23:54:27 +01:00
pk-crypto.scm pk-crypto: Don't use Ed25519 when libgcrypt is older than 1.6.0. 2014-03-20 23:06:47 +01:00
pki.scm pki: Factorize signature manipulation procedures. 2014-01-24 00:01:49 +01:00
profiles.scm Prefer local builds for "small" derivations. 2014-01-25 17:22:53 +01:00
records.scm records: define-record-type*: Field bindings are bound with 'let*'. 2013-10-15 23:31:22 +02:00
serialization.scm store: Add #:timeout build option. 2014-03-09 23:01:18 +01:00
snix.scm snix: Prefer descriptions from the Womb rather than from Nixpkgs. 2013-10-09 16:18:23 +02:00
store.scm store: Add 'hash-part->path'. 2014-03-14 17:16:10 +01:00
svn-download.scm Add (guix svn-download). 2014-03-27 00:21:44 +01:00
ui.scm ui: Handle SRFI-35 '&message' conditions. 2014-02-21 23:49:52 +01:00
utils.scm utils: Add 'call-with-decompressed-port' and 'call-with-compressed-output-port'. 2014-03-24 22:15:29 +01:00