From 526382ff92b20f6c651f03711c160c0c88264b88 Mon Sep 17 00:00:00 2001
From: Ludovic Courtès <ludo@gnu.org>
Date: Fri, 20 Dec 2013 17:17:42 +0100
Subject: daemon: Implement signed archive import/export.

* guix/scripts/authenticate.scm, nix/scripts/guix-authenticate.in,
  tests/signing-key.pub, tests/signing-key.sec: New files.
* po/POTFILES.in: Add 'guix/scripts/authenticate.scm'.
* guix/store.scm (dump-port): New procedure.
  (process-stderr): Add 'user-port' optional parameter.  Handle
  the %STDERR-WRITE and %STDERR-READ cases as expected.
  (import-paths, export-path, export-paths): New procedures.
* tests/store.scm ("export/import several paths", "import corrupt
  path"): New tests.
* Makefile.am (MODULES): Add 'guix/scripts/authenticate.scm'.
  (EXTRA_DIST): Add 'tests/signing-key.{pub,sec}'.
* daemon.am (libstore_a_CPPFLAGS)[-DNIX_CONF_DIR]: Change 'NIX_CONF_DIR'
  to .../guix.  Change 'OPENSSL_PATH' to 'guix-authenticate'.
* config-daemon.ac: Instantiate 'nix/scripts/guix-authenticate'.
* nix/nix-daemon/guix-daemon.cc (main): Augment $PATH to include
  'settings.nixLibexecDir'.
* test-env.in: Export 'NIX_CONF_DIR' and 'NIX_LIBEXEC_DIR'.  Populate
  $NIX_CONF_DIR.
---
 guix/scripts/authenticate.scm | 98 +++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 98 insertions(+)
 create mode 100644 guix/scripts/authenticate.scm

(limited to 'guix/scripts')

diff --git a/guix/scripts/authenticate.scm b/guix/scripts/authenticate.scm
new file mode 100644
index 0000000000..cbafed79d0
--- /dev/null
+++ b/guix/scripts/authenticate.scm
@@ -0,0 +1,98 @@
+;;; GNU Guix --- Functional package management for GNU
+;;; Copyright © 2013 Ludovic Courtès <ludo@gnu.org>
+;;;
+;;; This file is part of GNU Guix.
+;;;
+;;; GNU Guix is free software; you can redistribute it and/or modify it
+;;; under the terms of the GNU General Public License as published by
+;;; the Free Software Foundation; either version 3 of the License, or (at
+;;; your option) any later version.
+;;;
+;;; GNU Guix is distributed in the hope that it will be useful, but
+;;; WITHOUT ANY WARRANTY; without even the implied warranty of
+;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+;;; GNU General Public License for more details.
+;;;
+;;; You should have received a copy of the GNU General Public License
+;;; along with GNU Guix.  If not, see <http://www.gnu.org/licenses/>.
+
+(define-module (guix scripts authenticate)
+  #:use-module (guix config)
+  #:use-module (guix utils)
+  #:use-module (guix pk-crypto)
+  #:use-module (guix ui)
+  #:use-module (rnrs io ports)
+  #:use-module (ice-9 match)
+  #:export (guix-authenticate))
+
+;;; Commentary:
+;;;
+;;; This program is used internally by the daemon to sign exported archive
+;;; (the 'export-paths' RPC), and to authenticate imported archives (the
+;;; 'import-paths' RPC.)
+;;;
+;;; Code:
+
+(define (read-gcry-sexp file)
+  "Read a gcrypt sexp from FILE and return it."
+  (call-with-input-file file
+    (compose string->gcry-sexp get-string-all)))
+
+(define (read-hash-data file)
+  "Read sha256 hash data from FILE and return it as a gcrypt sexp."
+  (let* ((hex (call-with-input-file file get-string-all))
+         (bv  (base16-string->bytevector (string-trim-both hex))))
+    (bytevector->hash-data bv)))
+
+
+;;;
+;;; Entry point with 'openssl'-compatible interface.  We support this
+;;; interface because that's what the daemon expects, and we want to leave it
+;;; unmodified currently.
+;;;
+
+(define (guix-authenticate . args)
+  (match args
+    (("rsautl" "-sign" "-inkey" key "-in" hash-file)
+     ;; Sign the hash in HASH-FILE with KEY, and return an sexp that includes
+     ;; both the hash and the actual signature.
+     (let* ((secret-key (read-gcry-sexp key))
+            (data       (read-hash-data hash-file)))
+       (format #t
+               "(guix-signature ~a (payload ~a))"
+               (gcry-sexp->string (sign data secret-key))
+               (gcry-sexp->string data))
+       #t))
+    (("rsautl" "-verify" "-inkey" key "-pubin" "-in" signature-file)
+     ;; Read the signature as produced above, check it against KEY, and print
+     ;; the signed data to stdout upon success.
+     (let* ((public-key (read-gcry-sexp key))
+            (sig+data   (read-gcry-sexp signature-file))
+            (data       (find-sexp-token sig+data 'payload))
+            (signature  (find-sexp-token sig+data 'sig-val)))
+       (if (and data signature)
+           (if (verify signature data public-key)
+               (begin
+                 (display (bytevector->base16-string
+                           (hash-data->bytevector data)))
+                 #t)                              ; success
+               (begin
+                 (format (current-error-port)
+                         "error: invalid signature: ~a~%"
+                         (gcry-sexp->string signature))
+                 (exit 1)))
+           (begin
+             (format (current-error-port)
+                     "error: corrupt signature data: ~a~%"
+                     (gcry-sexp->string sig+data))
+             (exit 1)))))
+    (("--help")
+     (display (_ "Usage: guix authenticate OPTION...
+Sign or verify the signature on the given file.  This tool is meant to
+be used internally by 'guix-daemon'.\n")))
+    (("--version")
+     (show-version-and-exit "guix authenticate"))
+    (else
+     (leave (_ "wrong arguments")))))
+
+;;; authenticate.scm ends here
-- 
cgit v1.2.3