summaryrefslogtreecommitdiff
path: root/tests/guix-authenticate.sh
diff options
context:
space:
mode:
authorLudovic Courtès <ludo@gnu.org>2020-09-08 15:00:29 +0200
committerLudovic Courtès <ludo@gnu.org>2020-09-11 17:53:58 +0200
commit6dd8ffc57420ee2f6f19e79e41028e78fe9e6a7e (patch)
treee416113b3ef643a6b34ed8b7fe4d317792ff66a1 /tests/guix-authenticate.sh
parent7a68d3ccadc7391b97e94582301f3dfaf51a3179 (diff)
daemon: Simplify interface with 'guix authenticate'.
There's no reason at this point to mimic the calling convention of the 'openssl' command. * nix/libstore/local-store.cc (LocalStore::exportPath): Add only "sign" and HASH to ARGS. Remove 'tmpDir' and 'hashFile'. (LocalStore::importPath): Add only "verify" and SIGNATURE to * guix/scripts/authenticate.scm (guix-authenticate): Adjust accordingly; remove the OpenSSL-style clauses. (read-hash-data): Remove. (sign-with-key): Replace 'port' with 'sha256' and adjust accordingly. (validate-signature): Export SIGNATURE to be a canonical sexp. * tests/guix-authenticate.sh: Adjust tests accordingly.
Diffstat (limited to 'tests/guix-authenticate.sh')
-rw-r--r--tests/guix-authenticate.sh54
1 files changed, 15 insertions, 39 deletions
diff --git a/tests/guix-authenticate.sh b/tests/guix-authenticate.sh
index 72c3d161d7..773443453d 100644
--- a/tests/guix-authenticate.sh
+++ b/tests/guix-authenticate.sh
@@ -1,5 +1,5 @@
# GNU Guix --- Functional package management for GNU
-# Copyright © 2013, 2014 Ludovic Courtès <ludo@gnu.org>
+# Copyright © 2013, 2014, 2020 Ludovic Courtès <ludo@gnu.org>
#
# This file is part of GNU Guix.
#
@@ -29,34 +29,18 @@ rm -f "$sig" "$hash"
trap 'rm -f "$sig" "$hash"' EXIT
# A hexadecimal string as long as a sha256 hash.
-echo "2749f0ea9f26c6c7be746a9cff8fa4c2f2a02b000070dba78429e9a11f87c6eb" \
- > "$hash"
+hash="2749f0ea9f26c6c7be746a9cff8fa4c2f2a02b000070dba78429e9a11f87c6eb"
-guix authenticate rsautl -sign \
- -inkey "$abs_top_srcdir/tests/signing-key.sec" \
- -in "$hash" > "$sig"
+guix authenticate sign \
+ "$abs_top_srcdir/tests/signing-key.sec" \
+ "$hash" > "$sig"
test -f "$sig"
-hash2="`guix authenticate rsautl -verify \
- -inkey $abs_top_srcdir/tests/signing-key.pub \
- -pubin -in $sig`"
-test "$hash2" = `cat "$hash"`
-
-# Same thing in a pipeline, using the command line syntax that Nix/Crypto.pm
-# uses.
-hash2="` \
- cat "$hash" \
- | guix authenticate rsautl -sign \
- -inkey "$abs_top_srcdir/tests/signing-key.sec" \
- | guix authenticate rsautl -verify \
- -inkey $abs_top_srcdir/tests/signing-key.pub \
- -pubin`"
-test "$hash2" = `cat "$hash"`
+hash2="`guix authenticate verify "$sig"`"
+test "$hash2" = "$hash"
# Detect corrupt signatures.
-if guix authenticate rsautl -verify \
- -inkey "$abs_top_srcdir/tests/signing-key.pub" \
- -pubin -in /dev/null
+if guix authenticate verify /dev/null
then false
else true
fi
@@ -66,9 +50,7 @@ fi
# modifying this hash.
sed -i "$sig" \
-e's|#[A-Z0-9]\{64\}#|#0000000000000000000000000000000000000000000000000000000000000000#|g'
-if guix authenticate rsautl -verify \
- -inkey "$abs_top_srcdir/tests/signing-key.pub" \
- -pubin -in "$sig"
+if guix authenticate verify "$sig"
then false
else true
fi
@@ -76,20 +58,14 @@ fi
# Test for <http://bugs.gnu.org/17312>: make sure 'guix authenticate' produces
# valid signatures when run in the C locale.
-echo "5eff0b55c9c5f5e87b4e34cd60a2d5654ca1eb78c7b3c67c3179fed1cff07b4c" \
- > "$hash"
+hash="5eff0b55c9c5f5e87b4e34cd60a2d5654ca1eb78c7b3c67c3179fed1cff07b4c"
LC_ALL=C
export LC_ALL
-guix authenticate rsautl -sign \
- -inkey "$abs_top_srcdir/tests/signing-key.sec" \
- -in "$hash" > "$sig"
+guix authenticate sign "$abs_top_srcdir/tests/signing-key.sec" "$hash" \
+ > "$sig"
-guix authenticate rsautl -verify \
- -inkey "$abs_top_srcdir/tests/signing-key.pub" \
- -pubin -in "$sig"
-hash2="`guix authenticate rsautl -verify \
- -inkey $abs_top_srcdir/tests/signing-key.pub \
- -pubin -in $sig`"
-test "$hash2" = `cat "$hash"`
+guix authenticate verify "$sig"
+hash2="`guix authenticate verify "$sig"`"
+test "$hash2" = "$hash"