Age | Commit message (Expand) | Author |
2016-10-19 | Use (ice-9 binary-ports) instead of (rnrs io ports)....This reduces the closure of (guix ui) from 123 to 106 modules.
* guix/derivations.scm: Use (ice-9 binary-ports) instead of (rnrs io
ports).
(map-derivation)[substitute-file]: Use 'read-string' instead of
'get-string-all'.
* guix/ftp-client.scm: Likewise.
* guix/hash.scm: Likewise.
* guix/http-client.scm: Likewise.
* guix/pki.scm (ensure-acl, current-acl): Likewise.
* guix/scripts/archive.scm (authorize-key)[read-key]: Likewise.
* guix/scripts/authenticate.scm (read-canonical-sexp)
(read-hash-data): Likewise.
* guix/scripts/download.scm: Likewise.
* guix/scripts/offload.scm (register-gc-root, remove-gc-roots)
(send-files): Likewise.
* guix/scripts/publish.scm (lazy-read-file-sexp): Likewise.
* guix/scripts/refresh.scm: Likewise.
* guix/scripts/substitute.scm (check-acl-initialized): Likewise.
* guix/serialization.scm (read-maybe-utf8-string): Likewise.
* guix/scripts/hash.scm (guix-hash): Use 'force-output' instead of
'flush-output-port'.
* guix/store.scm (process-stderr): Likewise.
* guix/tests.scm: Likewise.
* guix/utils.scm: Use (ice-9 binary-ports) and autoload (rnrs io ports)
for 'make-custom-binary-input-port'.
| Ludovic Courtès |
2015-05-10 | Remove assorted Guile 2.0.5 workarounds....* guix/scripts/authenticate.scm (%default-port-conversion-strategy):
Remove.
* guix/scripts/substitute.scm (fetch): Remove 2.0.5 special cases.
* guix/serialization.scm (write-file): Remove 'scandir' workaround.
* guix/ui.scm (command-files): Likewise.
| Ludovic Courtès |
2014-05-16 | authenticate: Add compatibility hack for Guile 2.0.5....* guix/scripts/authenticate.scm (%default-port-conversion-strategy): New
variable. Reported by Andreas Enge <andreas@enge.fr>.
| Ludovic Courtès |
2014-04-22 | authenticate: Allow signatures with binary data to be written to stdout....Fixes <http://bugs.gnu.org/17312>.
* guix/scripts/authenticate.scm (guix-authenticate): Add calls to
'set-port-encoding!' and 'set-port-conversion-strategy!'. Wrap body
in 'with-fluids' form that sets '%default-port-encoding' and
'%default-port-conversion-strategy'.
* tests/guix-authenticate.sh: Add test.
* tests/pk-crypto.scm ("hash corrupt due to restrictive locale
encoding"): Add reference to bug.
| Ludovic Courtès |
2014-03-22 | authenticate: Support reading the hash or key from stdin....* guix/scripts/authenticate.scm (guix-authenticate): Add clauses
for ("rsautl" "-sign" "-inkey" key) and ("rsautl" "-verify" "-inkey" _
"-pubin").
* tests/guix-authenticate.sh (hash): Add test using -sign and -verify in
a pipeline.
| Ludovic Courtès |
2014-03-22 | authenticate: Move actual work to separate procedures....* guix/scripts/authenticate.scm (read-canonical-sexp): Change to expect
a port instead of a file name.
(read-hash-data): Likewise.
(sign-with-key, validate-signature): New procedures.
(guix-authenticate): Rewrite in terms of these two procedures.
| Ludovic Courtès |
2014-03-19 | pk-crypto: Use RFC6979 when signing with an ECC or DSA key....* guix/pk-crypto.scm (bytevector->hash-data): Add #:key-type parameter.
Use the 'pkcs1' flag when KEY-TYPE is 'rsa', and 'rfc6979' when
KEY-TYPE is 'ecc' or 'dsa'.
(key-type): New procedure.
* guix/scripts/authenticate.scm (read-hash-data): Add 'key-type'
parameter. Pass it to 'bytevector->hash-data'. Adjust caller
accordingly.
* tests/pk-crypto.scm (%ecc-key-pair): New variable.
("key-type"): New test.
("sign + verify"): Pass #:key-type to 'bytevector->hash-data'.
("sign + verify, Ed25519"): New test.
| Ludovic Courtès |
2014-01-24 | pki: Factorize signature manipulation procedures....* guix/pki.scm (signature-subject, signature-signed-data,
valid-signature?): New procedures.
* guix/scripts/authenticate.scm (guix-authenticate): Adjust to use
them.
| Ludovic Courtès |
2013-12-30 | authenticate: Consistently use 'leave' for fatal error reporting....* guix/scripts/authenticate.scm (guix-authenticate): Replace all uses of
'format' + 'exit' with 'leave'.
| Ludovic Courtès |
2013-12-29 | authenticate: Disallow imports signed with unauthorized keys....* guix/scripts/authenticate.scm (signature-sexp): Remove.
(guix-authenticate): Upon '-verify', check whether the signature's
public key passes 'authorized-key?'.
| Ludovic Courtès |
2013-12-29 | authenticate: Store the public key as part of the signature....* guix/scripts/authenticate.scm (signature-sexp): New procedure.
(guix-authenticate): Use it to produce the signature. Adjust
verification code accordingly.
* tests/store.scm ("import corrupt path"): Adjust test accordingly.
| Ludovic Courtès |
2013-12-29 | pk-crypto: Rename 'gcry-sexp' to 'canonical-sexp'....* guix/pk-crypto.scm: Rename procedures, variables, etc. from
'gcry-sexp' to 'canonical-sexp'. Add comment with references.
* guix/scripts/authenticate.scm, tests/pk-crypto.scm: Adjust
accordingly.
| Ludovic Courtès |
2013-12-20 | daemon: Implement signed archive import/export....* guix/scripts/authenticate.scm, nix/scripts/guix-authenticate.in,
tests/signing-key.pub, tests/signing-key.sec: New files.
* po/POTFILES.in: Add 'guix/scripts/authenticate.scm'.
* guix/store.scm (dump-port): New procedure.
(process-stderr): Add 'user-port' optional parameter. Handle
the %STDERR-WRITE and %STDERR-READ cases as expected.
(import-paths, export-path, export-paths): New procedures.
* tests/store.scm ("export/import several paths", "import corrupt
path"): New tests.
* Makefile.am (MODULES): Add 'guix/scripts/authenticate.scm'.
(EXTRA_DIST): Add 'tests/signing-key.{pub,sec}'.
* daemon.am (libstore_a_CPPFLAGS)[-DNIX_CONF_DIR]: Change 'NIX_CONF_DIR'
to .../guix. Change 'OPENSSL_PATH' to 'guix-authenticate'.
* config-daemon.ac: Instantiate 'nix/scripts/guix-authenticate'.
* nix/nix-daemon/guix-daemon.cc (main): Augment $PATH to include
'settings.nixLibexecDir'.
* test-env.in: Export 'NIX_CONF_DIR' and 'NIX_LIBEXEC_DIR'. Populate
$NIX_CONF_DIR.
| Ludovic Courtès |