summaryrefslogtreecommitdiff
path: root/guix/scripts/authenticate.scm
AgeCommit message (Collapse)Author
2015-05-10Remove assorted Guile 2.0.5 workarounds.Ludovic Courtès
* guix/scripts/authenticate.scm (%default-port-conversion-strategy): Remove. * guix/scripts/substitute.scm (fetch): Remove 2.0.5 special cases. * guix/serialization.scm (write-file): Remove 'scandir' workaround. * guix/ui.scm (command-files): Likewise.
2014-05-16authenticate: Add compatibility hack for Guile 2.0.5.Ludovic Courtès
* guix/scripts/authenticate.scm (%default-port-conversion-strategy): New variable. Reported by Andreas Enge <andreas@enge.fr>.
2014-04-22authenticate: Allow signatures with binary data to be written to stdout.Ludovic Courtès
Fixes <http://bugs.gnu.org/17312>. * guix/scripts/authenticate.scm (guix-authenticate): Add calls to 'set-port-encoding!' and 'set-port-conversion-strategy!'. Wrap body in 'with-fluids' form that sets '%default-port-encoding' and '%default-port-conversion-strategy'. * tests/guix-authenticate.sh: Add test. * tests/pk-crypto.scm ("hash corrupt due to restrictive locale encoding"): Add reference to bug.
2014-03-22authenticate: Support reading the hash or key from stdin.Ludovic Courtès
* guix/scripts/authenticate.scm (guix-authenticate): Add clauses for ("rsautl" "-sign" "-inkey" key) and ("rsautl" "-verify" "-inkey" _ "-pubin"). * tests/guix-authenticate.sh (hash): Add test using -sign and -verify in a pipeline.
2014-03-22authenticate: Move actual work to separate procedures.Ludovic Courtès
* guix/scripts/authenticate.scm (read-canonical-sexp): Change to expect a port instead of a file name. (read-hash-data): Likewise. (sign-with-key, validate-signature): New procedures. (guix-authenticate): Rewrite in terms of these two procedures.
2014-03-19pk-crypto: Use RFC6979 when signing with an ECC or DSA key.Ludovic Courtès
* guix/pk-crypto.scm (bytevector->hash-data): Add #:key-type parameter. Use the 'pkcs1' flag when KEY-TYPE is 'rsa', and 'rfc6979' when KEY-TYPE is 'ecc' or 'dsa'. (key-type): New procedure. * guix/scripts/authenticate.scm (read-hash-data): Add 'key-type' parameter. Pass it to 'bytevector->hash-data'. Adjust caller accordingly. * tests/pk-crypto.scm (%ecc-key-pair): New variable. ("key-type"): New test. ("sign + verify"): Pass #:key-type to 'bytevector->hash-data'. ("sign + verify, Ed25519"): New test.
2014-01-24pki: Factorize signature manipulation procedures.Ludovic Courtès
* guix/pki.scm (signature-subject, signature-signed-data, valid-signature?): New procedures. * guix/scripts/authenticate.scm (guix-authenticate): Adjust to use them.
2013-12-30authenticate: Consistently use 'leave' for fatal error reporting.Ludovic Courtès
* guix/scripts/authenticate.scm (guix-authenticate): Replace all uses of 'format' + 'exit' with 'leave'.
2013-12-29authenticate: Disallow imports signed with unauthorized keys.Ludovic Courtès
* guix/scripts/authenticate.scm (signature-sexp): Remove. (guix-authenticate): Upon '-verify', check whether the signature's public key passes 'authorized-key?'.
2013-12-29authenticate: Store the public key as part of the signature.Ludovic Courtès
* guix/scripts/authenticate.scm (signature-sexp): New procedure. (guix-authenticate): Use it to produce the signature. Adjust verification code accordingly. * tests/store.scm ("import corrupt path"): Adjust test accordingly.
2013-12-29pk-crypto: Rename 'gcry-sexp' to 'canonical-sexp'.Ludovic Courtès
* guix/pk-crypto.scm: Rename procedures, variables, etc. from 'gcry-sexp' to 'canonical-sexp'. Add comment with references. * guix/scripts/authenticate.scm, tests/pk-crypto.scm: Adjust accordingly.
2013-12-20daemon: Implement signed archive import/export.Ludovic Courtès
* guix/scripts/authenticate.scm, nix/scripts/guix-authenticate.in, tests/signing-key.pub, tests/signing-key.sec: New files. * po/POTFILES.in: Add 'guix/scripts/authenticate.scm'. * guix/store.scm (dump-port): New procedure. (process-stderr): Add 'user-port' optional parameter. Handle the %STDERR-WRITE and %STDERR-READ cases as expected. (import-paths, export-path, export-paths): New procedures. * tests/store.scm ("export/import several paths", "import corrupt path"): New tests. * Makefile.am (MODULES): Add 'guix/scripts/authenticate.scm'. (EXTRA_DIST): Add 'tests/signing-key.{pub,sec}'. * daemon.am (libstore_a_CPPFLAGS)[-DNIX_CONF_DIR]: Change 'NIX_CONF_DIR' to .../guix. Change 'OPENSSL_PATH' to 'guix-authenticate'. * config-daemon.ac: Instantiate 'nix/scripts/guix-authenticate'. * nix/nix-daemon/guix-daemon.cc (main): Augment $PATH to include 'settings.nixLibexecDir'. * test-env.in: Export 'NIX_CONF_DIR' and 'NIX_LIBEXEC_DIR'. Populate $NIX_CONF_DIR.