guix.git - Mirror of the official guix repository

Age	Commit message (Collapse)	Author
2021-12-22	tests: Move keys into ./tests/keys/ and add a third ed25519 key.	Attila Lendvai
	The third key will be used in an upcoming commit. Rename public keys to .pub. * guix/tests/gnupg.scm (%ed25519-3-public-key-file): New variable. (%ed25519-3-secret-key-file): New variable. (%ed25519-2-public-key-file): Renamed from %ed25519bis-public-key-file. (%ed25519-2-secret-key-file): Renamed from %ed25519bis-secret-key-file. * tests/keys/ed25519-3.key: New file. * tests/keys/ed25519-3.sec: New file. Signed-off-by: Mathieu Othacehe <othacehe@gnu.org>
2020-09-15	authenticate: Encode strings as ISO-8859-1.	Ludovic Courtès
	Fixes <https://bugs.gnu.org/43421>. * guix/scripts/authenticate.scm (read-command): Decode strings as ISO-8859-1, not UTF-8. (guix-authenticate)[send-reply]: Encode strings as ISO-8859-1, not UTF-8. * tests/guix-authenticate.sh: Add test.
2020-09-14	daemon: Spawn 'guix authenticate' once for all.	Ludovic Courtès
	Previously, we'd spawn 'guix authenticate' once for each item that has to be signed (when exporting) or authenticated (when importing). Now, we spawn it once for all and then follow a request/reply protocol. This reduces the wall-clock time of: guix archive --export -r $(guix build coreutils -d) from 30s to 2s. * guix/scripts/authenticate.scm (sign-with-key): Return the signature instead of displaying it. Raise a &formatted-message instead of calling 'leave'. (validate-signature): Likewise. (read-command): New procedure. (define-enumerate-type, reply-code): New macros. (guix-authenticate)[send-reply]: New procedure. Change to read commands from current-input-port. * nix/libstore/local-store.cc (runAuthenticationProgram): Remove. (authenticationAgent, readInteger, readAuthenticateReply): New functions. (signHash, verifySignature): Rewrite in terms of the agent. * tests/store.scm ("import not signed"): Remove 'pk' call. ("import signed by unauthorized key"): Check the error message of C. * tests/guix-authenticate.sh: Rewrite using the new protocol. fixlet
2020-09-11	daemon: Simplify interface with 'guix authenticate'.	Ludovic Courtès
	There's no reason at this point to mimic the calling convention of the 'openssl' command. * nix/libstore/local-store.cc (LocalStore::exportPath): Add only "sign" and HASH to ARGS. Remove 'tmpDir' and 'hashFile'. (LocalStore::importPath): Add only "verify" and SIGNATURE to * guix/scripts/authenticate.scm (guix-authenticate): Adjust accordingly; remove the OpenSSL-style clauses. (read-hash-data): Remove. (sign-with-key): Replace 'port' with 'sha256' and adjust accordingly. (validate-signature): Export SIGNATURE to be a canonical sexp. * tests/guix-authenticate.sh: Adjust tests accordingly.
2014-04-22	authenticate: Allow signatures with binary data to be written to stdout.	Ludovic Courtès
	Fixes <http://bugs.gnu.org/17312>. * guix/scripts/authenticate.scm (guix-authenticate): Add calls to 'set-port-encoding!' and 'set-port-conversion-strategy!'. Wrap body in 'with-fluids' form that sets '%default-port-encoding' and '%default-port-conversion-strategy'. * tests/guix-authenticate.sh: Add test. * tests/pk-crypto.scm ("hash corrupt due to restrictive locale encoding"): Add reference to bug.
2014-03-22	authenticate: Support reading the hash or key from stdin.	Ludovic Courtès
	* guix/scripts/authenticate.scm (guix-authenticate): Add clauses for ("rsautl" "-sign" "-inkey" key) and ("rsautl" "-verify" "-inkey" _ "-pubin"). * tests/guix-authenticate.sh (hash): Add test using -sign and -verify in a pipeline.
2013-12-21	authenticate: Add test.	Ludovic Courtès
	* tests/guix-authenticate.sh: New file. * Makefile.am (SH_TESTS): Add it.