summaryrefslogtreecommitdiff
path: root/nix
diff options
context:
space:
mode:
authorLudovic Courtès <ludo@gnu.org>2020-09-08 15:00:29 +0200
committerLudovic Courtès <ludo@gnu.org>2020-09-11 17:53:58 +0200
commit6dd8ffc57420ee2f6f19e79e41028e78fe9e6a7e (patch)
treee416113b3ef643a6b34ed8b7fe4d317792ff66a1 /nix
parent7a68d3ccadc7391b97e94582301f3dfaf51a3179 (diff)
daemon: Simplify interface with 'guix authenticate'.
There's no reason at this point to mimic the calling convention of the 'openssl' command. * nix/libstore/local-store.cc (LocalStore::exportPath): Add only "sign" and HASH to ARGS. Remove 'tmpDir' and 'hashFile'. (LocalStore::importPath): Add only "verify" and SIGNATURE to * guix/scripts/authenticate.scm (guix-authenticate): Adjust accordingly; remove the OpenSSL-style clauses. (read-hash-data): Remove. (sign-with-key): Replace 'port' with 'sha256' and adjust accordingly. (validate-signature): Export SIGNATURE to be a canonical sexp. * tests/guix-authenticate.sh: Adjust tests accordingly.
Diffstat (limited to 'nix')
-rw-r--r--nix/libstore/local-store.cc19
1 files changed, 3 insertions, 16 deletions
diff --git a/nix/libstore/local-store.cc b/nix/libstore/local-store.cc
index 7a520925e5..e6badd3721 100644
--- a/nix/libstore/local-store.cc
+++ b/nix/libstore/local-store.cc
@@ -1277,21 +1277,13 @@ void LocalStore::exportPath(const Path & path, bool sign,
writeInt(1, hashAndWriteSink);
- Path tmpDir = createTempDir();
- AutoDelete delTmp(tmpDir);
- Path hashFile = tmpDir + "/hash";
- writeFile(hashFile, printHash(hash));
-
Path secretKey = settings.nixConfDir + "/signing-key.sec";
checkSecrecy(secretKey);
Strings args;
- args.push_back("rsautl");
- args.push_back("-sign");
- args.push_back("-inkey");
+ args.push_back("sign");
args.push_back(secretKey);
- args.push_back("-in");
- args.push_back(hashFile);
+ args.push_back(printHash(hash));
string signature = runAuthenticationProgram(args);
@@ -1376,12 +1368,7 @@ Path LocalStore::importPath(bool requireSignature, Source & source)
writeFile(sigFile, signature);
Strings args;
- args.push_back("rsautl");
- args.push_back("-verify");
- args.push_back("-inkey");
- args.push_back(settings.nixConfDir + "/signing-key.pub");
- args.push_back("-pubin");
- args.push_back("-in");
+ args.push_back("verify");
args.push_back(sigFile);
string hash2 = runAuthenticationProgram(args);