summaryrefslogtreecommitdiff
path: root/guix/scripts
diff options
context:
space:
mode:
authorLudovic Courtès <ludo@gnu.org>2014-03-20 22:33:52 +0100
committerLudovic Courtès <ludo@gnu.org>2014-03-20 23:06:47 +0100
commit1fda6840a892e55b579dfeb8f4590b5cd2874662 (patch)
treee4abf299e7bfa8df30ec6ca743a761e09d744923 /guix/scripts
parent2f66e64c53ccae423a791b51cd635ad892f0feab (diff)
pk-crypto: Don't use Ed25519 when libgcrypt is older than 1.6.0.
* guix/pk-crypto.scm (gcrypt-version): New procedure. * guix/scripts/archive.scm (%key-generation-parameters): New variable. (%options) <generate-key>: Use it. * tests/pk-crypto.scm ("sign + verify, Ed25519"): Skip if using gcrypt < 1.6.0.
Diffstat (limited to 'guix/scripts')
-rw-r--r--guix/scripts/archive.scm10
1 files changed, 8 insertions, 2 deletions
diff --git a/guix/scripts/archive.scm b/guix/scripts/archive.scm
index 0e67321026..c900fcecb9 100644
--- a/guix/scripts/archive.scm
+++ b/guix/scripts/archive.scm
@@ -87,6 +87,13 @@ Export/import one or more packages from/to the store.\n"))
(newline)
(show-bug-report-information))
+(define %key-generation-parameters
+ ;; Default key generation parameters. We prefer Ed25519, but it was
+ ;; introduced in libgcrypt 1.6.0.
+ (if (version>? (gcrypt-version) "1.6.0")
+ "(genkey (ecdsa (curve Ed25519) (flags rfc6979)))"
+ "(genkey (rsa (nbits 4:4096)))"))
+
(define %options
;; Specifications of the command-line options.
(cons* (option '(#\h "help") #f #f
@@ -114,8 +121,7 @@ Export/import one or more packages from/to the store.\n"))
;; libgcrypt 1.6.0.
(let ((params
(string->canonical-sexp
- (or arg "\
- (genkey (ecdsa (curve Ed25519) (flags rfc6979)))"))))
+ (or arg %key-generation-parameters))))
(alist-cons 'generate-key params result)))
(lambda (key err)
(leave (_ "invalid key generation parameters: ~a: ~a~%")