Merge branch 'wip-lisp' into staging

2 files changed, 87 insertions, 39 deletions

diff --git a/tests/guix-authenticate.sh b/tests/guix-authenticate.sh
index 72c3d161d7..773443453d 100644
--- a/tests/guix-authenticate.sh
+++ b/tests/guix-authenticate.sh
@@ -1,5 +1,5 @@
 # GNU Guix --- Functional package management for GNU
-# Copyright © 2013, 2014 Ludovic Courtès <ludo@gnu.org>
+# Copyright © 2013, 2014, 2020 Ludovic Courtès <ludo@gnu.org>
 #
 # This file is part of GNU Guix.
 #
@@ -29,34 +29,18 @@ rm -f "$sig" "$hash"
 trap 'rm -f "$sig" "$hash"' EXIT
 
 # A hexadecimal string as long as a sha256 hash.
-echo "2749f0ea9f26c6c7be746a9cff8fa4c2f2a02b000070dba78429e9a11f87c6eb" \
-    > "$hash"
+hash="2749f0ea9f26c6c7be746a9cff8fa4c2f2a02b000070dba78429e9a11f87c6eb"
 
-guix authenticate rsautl -sign				\
-    -inkey "$abs_top_srcdir/tests/signing-key.sec"	\
-    -in "$hash" > "$sig"
+guix authenticate sign				\
+    "$abs_top_srcdir/tests/signing-key.sec"	\
+    "$hash" > "$sig"
 test -f "$sig"
 
-hash2="`guix authenticate rsautl -verify		\
-          -inkey $abs_top_srcdir/tests/signing-key.pub	\
-          -pubin -in $sig`"
-test "$hash2" = `cat "$hash"`
-
-# Same thing in a pipeline, using the command line syntax that Nix/Crypto.pm
-# uses.
-hash2="`						\
-  cat "$hash"						\
-  | guix authenticate rsautl -sign			\
-    -inkey "$abs_top_srcdir/tests/signing-key.sec"	\
-  | guix authenticate rsautl -verify			\
-          -inkey $abs_top_srcdir/tests/signing-key.pub	\
-          -pubin`"
-test "$hash2" = `cat "$hash"`
+hash2="`guix authenticate verify "$sig"`"
+test "$hash2" = "$hash"
 
 # Detect corrupt signatures.
-if guix authenticate rsautl -verify				\
-          -inkey "$abs_top_srcdir/tests/signing-key.pub"	\
-          -pubin -in /dev/null
+if guix authenticate verify /dev/null
 then false
 else true
 fi
@@ -66,9 +50,7 @@ fi
 # modifying this hash.
 sed -i "$sig"											\
     -e's|#[A-Z0-9]\{64\}#|#0000000000000000000000000000000000000000000000000000000000000000#|g'
-if guix authenticate rsautl -verify				\
-          -inkey "$abs_top_srcdir/tests/signing-key.pub"	\
-          -pubin -in "$sig"
+if guix authenticate verify "$sig"
 then false
 else true
 fi
@@ -76,20 +58,14 @@ fi
 
 # Test for <http://bugs.gnu.org/17312>: make sure 'guix authenticate' produces
 # valid signatures when run in the C locale.
-echo "5eff0b55c9c5f5e87b4e34cd60a2d5654ca1eb78c7b3c67c3179fed1cff07b4c" \
-    > "$hash"
+hash="5eff0b55c9c5f5e87b4e34cd60a2d5654ca1eb78c7b3c67c3179fed1cff07b4c"
 
 LC_ALL=C
 export LC_ALL
 
-guix authenticate rsautl -sign				\
-    -inkey "$abs_top_srcdir/tests/signing-key.sec"	\
-    -in "$hash" > "$sig"
+guix authenticate sign "$abs_top_srcdir/tests/signing-key.sec" "$hash" \
+     > "$sig"
 
-guix authenticate rsautl -verify			\
-        -inkey "$abs_top_srcdir/tests/signing-key.pub"	\
-        -pubin -in "$sig"
-hash2="`guix authenticate rsautl -verify		\
-          -inkey $abs_top_srcdir/tests/signing-key.pub	\
-          -pubin -in $sig`"
-test "$hash2" = `cat "$hash"`
+guix authenticate verify "$sig"
+hash2="`guix authenticate verify "$sig"`"
+test "$hash2" = "$hash"
diff --git a/tests/store.scm b/tests/store.scm
index e168d3dcf6..8ff76e8f98 100644
--- a/tests/store.scm
+++ b/tests/store.scm
@@ -23,6 +23,8 @@
   #:use-module (guix utils)
   #:use-module (guix monads)
   #:use-module ((gcrypt hash) #:prefix gcrypt:)
+  #:use-module ((gcrypt pk-crypto) #:prefix gcrypt:)
+  #:use-module (guix pki)
   #:use-module (guix base32)
   #:use-module (guix packages)
   #:use-module (guix derivations)
@@ -966,6 +968,76 @@
                (list out1 out2))))
     #:guile-for-build (%guile-for-build)))
 
+
+(test-assert "import not signed"
+  (let* ((text (random-text))
+         (file (add-file-tree-to-store %store
+                                       `("tree" directory
+                                         ("text" regular (data ,text))
+                                         ("link" symlink "text"))))
+         (dump (call-with-bytevector-output-port
+                (lambda (port)
+                  (write-int 1 port)              ;start
+
+                  (write-file file port)          ;contents
+                  (write-int #x4558494e port)     ;%export-magic
+                  (write-string file port)        ;store item
+                  (write-string-list '() port)    ;references
+                  (write-string "" port)          ;deriver
+                  (write-int 0 port)              ;not signed
+
+                  (write-int 0 port)))))          ;done
+
+    ;; Ensure 'import-paths' raises an exception.
+    (guard (c ((store-protocol-error? c)
+               (and (not (zero? (store-protocol-error-status (pk 'C c))))
+                    (string-contains (store-protocol-error-message c)
+                                     "lacks a signature"))))
+      (let* ((source   (open-bytevector-input-port dump))
+             (imported (import-paths %store source)))
+        (pk 'unsigned-imported imported)
+        #f))))
+
+(test-assert "import signed by unauthorized key"
+  (let* ((text (random-text))
+         (file (add-file-tree-to-store %store
+                                       `("tree" directory
+                                         ("text" regular (data ,text))
+                                         ("link" symlink "text"))))
+         (key  (gcrypt:generate-key
+                (gcrypt:string->canonical-sexp
+                 "(genkey (ecdsa (curve Ed25519) (flags rfc6979)))")))
+         (dump (call-with-bytevector-output-port
+                (lambda (port)
+                  (write-int 1 port)              ;start
+
+                  (write-file file port)          ;contents
+                  (write-int #x4558494e port)     ;%export-magic
+                  (write-string file port)        ;store item
+                  (write-string-list '() port)    ;references
+                  (write-string "" port)          ;deriver
+                  (write-int 1 port)              ;signed
+                  (write-string (gcrypt:canonical-sexp->string
+                                 (signature-sexp
+                                  (gcrypt:bytevector->hash-data
+                                   (gcrypt:sha256 #vu8(0 1 2))
+                                   #:key-type 'ecc)
+                                  (gcrypt:find-sexp-token key 'private-key)
+                                  (gcrypt:find-sexp-token key 'public-key)))
+                                port)
+
+                  (write-int 0 port)))))          ;done
+
+    ;; Ensure 'import-paths' raises an exception.
+    (guard (c ((store-protocol-error? c)
+               ;; XXX: The daemon-provided error message currently doesn't
+               ;; mention the reason of the failure.
+               (not (zero? (store-protocol-error-status c)))))
+      (let* ((source   (open-bytevector-input-port dump))
+             (imported (import-paths %store source)))
+        (pk 'unauthorized-imported imported)
+        #f))))
+
 (test-assert "import corrupt path"
   (let* ((text (random-text))
          (file (add-text-to-store %store "text" text))