From 7e1d229019c1924a2748e5daec2a619e7efbd7d7 Mon Sep 17 00:00:00 2001 From: Ludovic Courtès Date: Tue, 4 Sep 2018 17:22:55 +0200 Subject: inferior: Add home-page and location package accessors. * guix/inferior.scm (inferior-package-home-page) (inferior-package-location): New procedures. * tests/inferior.scm ("inferior-packages"): Test them. --- tests/inferior.scm | 26 ++++++++++++++++---------- 1 file changed, 16 insertions(+), 10 deletions(-) (limited to 'tests') diff --git a/tests/inferior.scm b/tests/inferior.scm index 5e0f8ae66e..ff5cad4210 100644 --- a/tests/inferior.scm +++ b/tests/inferior.scm @@ -45,9 +45,11 @@ (test-equal "inferior-packages" (take (sort (fold-packages (lambda (package lst) - (alist-cons (package-name package) + (cons (list (package-name package) (package-version package) - lst)) + (package-home-page package) + (package-location package)) + lst)) '()) (lambda (x y) (string Date: Fri, 31 Aug 2018 17:07:07 +0200 Subject: Switch to Guile-Gcrypt. This removes (guix hash) and (guix pk-crypto), which now live as part of Guile-Gcrypt (version 0.1.0.) * guix/gcrypt.scm, guix/hash.scm, guix/pk-crypto.scm, tests/hash.scm, tests/pk-crypto.scm: Remove. * configure.ac: Test for Guile-Gcrypt. Remove LIBGCRYPT and LIBGCRYPT_LIBDIR assignments. * m4/guix.m4 (GUIX_ASSERT_LIBGCRYPT_USABLE): Remove. * README: Add Guile-Gcrypt to the dependencies; move libgcrypt as "required unless --disable-daemon". * doc/guix.texi (Requirements): Likewise. * gnu/packages/bash.scm, guix/derivations.scm, guix/docker.scm, guix/git.scm, guix/http-client.scm, guix/import/cpan.scm, guix/import/cran.scm, guix/import/crate.scm, guix/import/elpa.scm, guix/import/gnu.scm, guix/import/hackage.scm, guix/import/texlive.scm, guix/import/utils.scm, guix/nar.scm, guix/pki.scm, guix/scripts/archive.scm, guix/scripts/authenticate.scm, guix/scripts/download.scm, guix/scripts/hash.scm, guix/scripts/pack.scm, guix/scripts/publish.scm, guix/scripts/refresh.scm, guix/scripts/substitute.scm, guix/store.scm, guix/store/deduplication.scm, guix/tests.scm, tests/base32.scm, tests/builders.scm, tests/challenge.scm, tests/cpan.scm, tests/crate.scm, tests/derivations.scm, tests/gem.scm, tests/nar.scm, tests/opam.scm, tests/pki.scm, tests/publish.scm, tests/pypi.scm, tests/store-deduplication.scm, tests/store.scm, tests/substitute.scm: Adjust imports. * gnu/system/vm.scm: Likewise. (guile-sqlite3&co): Rename to... (gcrypt-sqlite3&co): ... this. Add GUILE-GCRYPT. (expression->derivation-in-linux-vm)[config]: Remove. (iso9660-image)[config]: Remove. (qemu-image)[config]: Remove. (system-docker-image)[config]: Remove. * guix/scripts/pack.scm: Adjust imports. (guile-sqlite3&co): Rename to... (gcrypt-sqlite3&co): ... this. Add GUILE-GCRYPT. (self-contained-tarball)[build]: Call 'make-config.scm' without #:libgcrypt argument. (squashfs-image)[libgcrypt]: Remove. [build]: Call 'make-config.scm' without #:libgcrypt. (docker-image)[config, json]: Remove. [build]: Add GUILE-GCRYPT to the extensions Remove (guix config) from the imported modules. * guix/self.scm (specification->package): Remove "libgcrypt", add "guile-gcrypt". (compiled-guix): Remove #:libgcrypt. [guile-gcrypt]: New variable. [dependencies]: Add it. [*core-modules*]: Remove #:libgcrypt from 'make-config.scm' call. Add #:extensions. [*config*]: Remove #:libgcrypt from 'make-config.scm' call. (%dependency-variables): Remove %libgcrypt. (make-config.scm): Remove #:libgcrypt. * build-aux/build-self.scm (guile-gcrypt): New variable. (make-config.scm): Remove #:libgcrypt. (build-program)[fake-gcrypt-hash]: New variable. Add (gcrypt hash) to the imported modules. Adjust load path assignments. * gnu/packages/package-management.scm (guix)[propagated-inputs]: Add GUILE-GCRYPT. [arguments]: In 'wrap-program' phase, add GUILE-GCRYPT to the search path. --- Makefile.am | 5 - README | 3 +- build-aux/build-self.scm | 83 ++++++-- configure.ac | 13 +- doc/guix.texi | 4 +- gnu/packages/bash.scm | 2 +- gnu/packages/package-management.scm | 5 +- gnu/system/vm.scm | 48 ++--- guix/derivations.scm | 2 +- guix/docker.scm | 2 +- guix/gcrypt.scm | 49 ----- guix/git.scm | 2 +- guix/hash.scm | 184 ---------------- guix/http-client.scm | 2 +- guix/import/cpan.scm | 2 +- guix/import/cran.scm | 2 +- guix/import/crate.scm | 2 +- guix/import/elpa.scm | 2 +- guix/import/gnu.scm | 2 +- guix/import/hackage.scm | 2 +- guix/import/texlive.scm | 2 +- guix/import/utils.scm | 2 +- guix/nar.scm | 4 +- guix/pk-crypto.scm | 407 ------------------------------------ guix/pki.scm | 2 +- guix/scripts/archive.scm | 2 +- guix/scripts/authenticate.scm | 2 +- guix/scripts/download.scm | 2 +- guix/scripts/hash.scm | 6 +- guix/scripts/pack.scm | 60 ++---- guix/scripts/publish.scm | 4 +- guix/scripts/refresh.scm | 2 +- guix/scripts/substitute.scm | 4 +- guix/self.scm | 26 +-- guix/store.scm | 2 +- guix/store/deduplication.scm | 2 +- guix/tests.scm | 2 +- m4/guix.m4 | 18 -- tests/base32.scm | 2 +- tests/builders.scm | 2 +- tests/challenge.scm | 2 +- tests/cpan.scm | 2 +- tests/crate.scm | 2 +- tests/derivations.scm | 2 +- tests/gem.scm | 2 +- tests/hash.scm | 128 ------------ tests/nar.scm | 2 +- tests/opam.scm | 2 +- tests/packages.scm | 2 +- tests/pk-crypto.scm | 290 ------------------------- tests/pki.scm | 4 +- tests/publish.scm | 4 +- tests/pypi.scm | 2 +- tests/store-deduplication.scm | 2 +- tests/store.scm | 2 +- tests/substitute.scm | 4 +- 56 files changed, 180 insertions(+), 1241 deletions(-) delete mode 100644 guix/gcrypt.scm delete mode 100644 guix/hash.scm delete mode 100644 guix/pk-crypto.scm delete mode 100644 tests/hash.scm delete mode 100644 tests/pk-crypto.scm (limited to 'tests') diff --git a/Makefile.am b/Makefile.am index af6870cf67..a3498460e0 100644 --- a/Makefile.am +++ b/Makefile.am @@ -63,9 +63,6 @@ MODULES = \ guix/base64.scm \ guix/cpio.scm \ guix/records.scm \ - guix/gcrypt.scm \ - guix/hash.scm \ - guix/pk-crypto.scm \ guix/pki.scm \ guix/progress.scm \ guix/combinators.scm \ @@ -331,8 +328,6 @@ SCM_TESTS = \ tests/base32.scm \ tests/base64.scm \ tests/cpio.scm \ - tests/hash.scm \ - tests/pk-crypto.scm \ tests/pki.scm \ tests/print.scm \ tests/sets.scm \ diff --git a/README b/README index 348a7ada5f..4c76c4bc43 100644 --- a/README +++ b/README @@ -21,7 +21,7 @@ Guix is based on the [[https://nixos.org/nix/][Nix]] package manager. GNU Guix currently depends on the following packages: - [[https://gnu.org/software/guile/][GNU Guile 2.2.x or 2.0.x]], version 2.0.13 or later - - [[https://gnupg.org/][GNU libgcrypt]] + - [[https://notabug.org/cwebber/guile-gcrypt][Guile-Gcrypt]] 0.1.0 or later - [[https://www.gnu.org/software/make/][GNU Make]] - [[https://www.gnutls.org][GnuTLS]] compiled with guile support enabled - [[https://notabug.org/civodul/guile-sqlite3][Guile-SQLite3]], version 0.1.0 or later @@ -31,6 +31,7 @@ GNU Guix currently depends on the following packages: Unless `--disable-daemon' was passed, the following packages are needed: + - [[https://gnupg.org/][GNU libgcrypt]] - [[https://sqlite.org/][SQLite 3]] - [[https://gcc.gnu.org][GCC's g++]] - optionally [[http://www.bzip.org][libbz2]] diff --git a/build-aux/build-self.scm b/build-aux/build-self.scm index 3ecdc931a5..f472724f18 100644 --- a/build-aux/build-self.scm +++ b/build-aux/build-self.scm @@ -22,6 +22,7 @@ #:use-module (guix ui) #:use-module (guix config) #:use-module (guix modules) + #:use-module (guix build-system gnu) #:use-module (srfi srfi-1) #:use-module (srfi srfi-19) #:use-module (rnrs io ports) @@ -72,7 +73,7 @@ (variables rest ...)))))) (variables %localstatedir %storedir %sysconfdir %system))) -(define* (make-config.scm #:key libgcrypt zlib gzip xz bzip2 +(define* (make-config.scm #:key zlib gzip xz bzip2 (package-name "GNU Guix") (package-version "0") (bug-report-address "bug-guix@gnu.org") @@ -92,7 +93,6 @@ %state-directory %store-database-directory %config-directory - %libgcrypt %libz %gzip %bzip2 @@ -137,9 +137,6 @@ (define %xz #+(and xz (file-append xz "/bin/xz"))) - (define %libgcrypt - #+(and libgcrypt - (file-append libgcrypt "/lib/libgcrypt"))) (define %libz #+(and zlib (file-append zlib "/lib/libz"))))))) @@ -200,6 +197,44 @@ person's version identifier." ;; XXX: Replace with a Git commit id. (date->string (current-date 0) "~Y~m~d.~H")) +(define guile-gcrypt + ;; The host Guix may or may not have 'guile-gcrypt', which was introduced in + ;; August 2018. If it has it, it's at least version 0.1.0, which is good + ;; enough. If it doesn't, specify our own package because the target Guix + ;; requires it. + (match (find-best-packages-by-name "guile-gcrypt" #f) + (() + (package + (name "guile-gcrypt") + (version "0.1.0") + (home-page "https://notabug.org/cwebber/guile-gcrypt") + (source (origin + (method url-fetch) + (uri (string-append home-page "/archive/v" version ".tar.gz")) + (sha256 + (base32 + "1gir7ifknbmbvjlql5j6wzk7bkb5lnmq80q59ngz43hhpclrk5k3")) + (file-name (string-append name "-" version ".tar.gz")))) + (build-system gnu-build-system) + (native-inputs + `(("pkg-config" ,(specification->package "pkg-config")) + ("autoconf" ,(specification->package "autoconf")) + ("automake" ,(specification->package "automake")) + ("texinfo" ,(specification->package "texinfo")))) + (inputs + `(("guile" ,(specification->package "guile")) + ("libgcrypt" ,(specification->package "libgcrypt")))) + (synopsis "Cryptography library for Guile using Libgcrypt") + (description + "Guile-Gcrypt provides a Guile 2.x interface to a subset of the +GNU Libgcrypt crytographic library. It provides modules for cryptographic +hash functions, message authentication codes (MAC), public-key cryptography, +strong randomness, and more. It is implemented using the foreign function +interface (FFI) of Guile.") + (license #f))) ;license:gpl3+ + ((package . _) + package))) + (define* (build-program source version #:optional (guile-version (effective-version)) #:key (pull-version 0)) @@ -212,10 +247,21 @@ person's version identifier." (('gnu _ ...) #t) (_ #f))) + (define fake-gcrypt-hash + ;; Fake (gcrypt hash) module; see below. + (scheme-file "hash.scm" + #~(define-module (gcrypt hash) + #:export (sha1 sha256)))) + (with-imported-modules `(((guix config) - => ,(make-config.scm - #:libgcrypt - (specification->package "libgcrypt"))) + => ,(make-config.scm)) + + ;; To avoid relying on 'with-extensions', which was + ;; introduced in 0.15.0, provide a fake (gcrypt + ;; hash) just so that we can build modules, and + ;; adjust %LOAD-PATH later on. + ((gcrypt hash) => ,fake-gcrypt-hash) + ,@(source-module-closure `((guix store) (guix self) (guix derivations) @@ -237,13 +283,24 @@ person's version identifier." (match %load-path ((front _ ...) (unless (string=? front source) ;already done? - (set! %load-path (list source front))))))) - - ;; Only load our own modules or those of Guile. + (set! %load-path + (list source + (string-append #$guile-gcrypt + "/share/guile/site/" + (effective-version)) + front))))))) + + ;; Only load Guile-Gcrypt, our own modules, or those + ;; of Guile. (match %load-compiled-path ((front _ ... sys1 sys2) - (set! %load-compiled-path - (list front sys1 sys2))))) + (unless (string-prefix? #$guile-gcrypt front) + (set! %load-compiled-path + (list (string-append #$guile-gcrypt + "/lib/guile/" + (effective-version) + "/site-ccache") + front sys1 sys2)))))) (use-modules (guix store) (guix self) diff --git a/configure.ac b/configure.ac index b34f15a77b..c83d4d8a28 100644 --- a/configure.ac +++ b/configure.ac @@ -130,6 +130,11 @@ if test "x$guix_cv_have_recent_guile_sqlite3" != "xyes"; then AC_MSG_ERROR([A recent Guile-SQLite3 could not be found; please install it.]) fi +GUILE_MODULE_AVAILABLE([have_guile_gcrypt], [(gcrypt hash)]) +if test "x$have_guile_gcrypt" != "xyes"; then + AC_MSG_ERROR([Guile-Gcrypt could not be found; please install it.]) +fi + dnl Make sure we have a full-fledged Guile. GUIX_ASSERT_GUILE_FEATURES([regex posix socket net-db threads]) @@ -213,16 +218,10 @@ AC_ARG_WITH([libgcrypt-libdir], esac]) dnl If none of the --with-libgcrypt-* options was used, try to determine the -dnl absolute file name of libgcrypt.so. +dnl the library directory. case "x$LIBGCRYPT_PREFIX$LIBGCRYPT_LIBDIR" in xnono) GUIX_LIBGCRYPT_LIBDIR([LIBGCRYPT_LIBDIR]) - if test "x$LIBGCRYPT_LIBDIR" != x; then - LIBGCRYPT="$LIBGCRYPT_LIBDIR/libgcrypt" - else - dnl 'config-daemon.ac' expects "no" in this case. - LIBGCRYPT_LIBDIR="no" - fi ;; esac diff --git a/doc/guix.texi b/doc/guix.texi index 307f915dbb..9375aac30c 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -620,7 +620,8 @@ GNU Guix depends on the following packages: @itemize @item @url{http://gnu.org/software/guile/, GNU Guile}, version 2.0.13 or later, including 2.2.x; -@item @url{http://gnupg.org/, GNU libgcrypt}; +@item @url{https://notabug.org/cwebber/guile-gcrypt, Guile-Gcrypt}, version +0.1.0 or later; @item @uref{http://gnutls.org/, GnuTLS}, specifically its Guile bindings (@pxref{Guile Preparations, how to install the GnuTLS bindings for @@ -662,6 +663,7 @@ Unless @code{--disable-daemon} was passed to @command{configure}, the following packages are also needed: @itemize +@item @url{http://gnupg.org/, GNU libgcrypt}; @item @url{http://sqlite.org, SQLite 3}; @item @url{http://gcc.gnu.org, GCC's g++}, with support for the C++11 standard. diff --git a/gnu/packages/bash.scm b/gnu/packages/bash.scm index 64f7782f58..121a459fa6 100644 --- a/gnu/packages/bash.scm +++ b/gnu/packages/bash.scm @@ -36,7 +36,7 @@ #:use-module (guix store) #:use-module (guix build-system gnu) #:autoload (guix gnupg) (gnupg-verify*) - #:autoload (guix hash) (port-sha256) + #:autoload (gcrypt hash) (port-sha256) #:autoload (guix base32) (bytevector->nix-base32-string) #:use-module (srfi srfi-1) #:use-module (srfi srfi-26) diff --git a/gnu/packages/package-management.scm b/gnu/packages/package-management.scm index 78db0abfa8..e40a94a844 100644 --- a/gnu/packages/package-management.scm +++ b/gnu/packages/package-management.scm @@ -213,6 +213,7 @@ ;; Guile-JSON, and Guile-Git automatically. (let* ((out (assoc-ref outputs "out")) (guile (assoc-ref inputs "guile")) + (gcrypt (assoc-ref inputs "guile-gcrypt")) (json (assoc-ref inputs "guile-json")) (sqlite (assoc-ref inputs "guile-sqlite3")) (git (assoc-ref inputs "guile-git")) @@ -220,7 +221,8 @@ "guile-bytestructures")) (ssh (assoc-ref inputs "guile-ssh")) (gnutls (assoc-ref inputs "gnutls")) - (deps (list json sqlite gnutls git bs ssh)) + (deps (list gcrypt json sqlite gnutls + git bs ssh)) (effective (read-line (open-pipe* OPEN_READ @@ -279,6 +281,7 @@ '()))) (propagated-inputs `(("gnutls" ,gnutls) + ("guile-gcrypt" ,guile-gcrypt) ("guile-json" ,guile-json) ("guile-sqlite3" ,guile-sqlite3) ("guile-ssh" ,guile-ssh) diff --git a/gnu/system/vm.scm b/gnu/system/vm.scm index b505b0cf6b..3898872a46 100644 --- a/gnu/system/vm.scm +++ b/gnu/system/vm.scm @@ -32,7 +32,7 @@ #:use-module (guix modules) #:use-module (guix scripts pack) #:use-module (guix utils) - #:use-module (guix hash) + #:use-module (gcrypt hash) #:use-module (guix base32) #:use-module ((guix self) #:select (make-config.scm)) @@ -43,7 +43,7 @@ #:use-module (gnu packages cdrom) #:use-module (gnu packages compression) #:use-module (gnu packages guile) - #:autoload (gnu packages gnupg) (libgcrypt) + #:autoload (gnu packages gnupg) (guile-gcrypt) #:use-module (gnu packages gawk) #:use-module (gnu packages bash) #:use-module (gnu packages less) @@ -124,10 +124,12 @@ (('gnu rest ...) #t) (rest #f))) -(define guile-sqlite3&co - ;; Guile-SQLite3 and its propagated inputs. - (cons guile-sqlite3 - (package-transitive-propagated-inputs guile-sqlite3))) +(define gcrypt-sqlite3&co + ;; Guile-Gcrypt, Guile-SQLite3, and their propagated inputs. + (append-map (lambda (package) + (cons package + (package-transitive-propagated-inputs package))) + (list guile-gcrypt guile-sqlite3))) (define* (expression->derivation-in-linux-vm name exp #:key @@ -164,10 +166,6 @@ based on the size of the closure of REFERENCES-GRAPHS. When REFERENCES-GRAPHS is true, it must be a list of file name/store path pairs, as for `derivation'. The files containing the reference graphs are made available under the /xchg CIFS share." - (define config - ;; (guix config) module for consumption by (guix gcrypt). - (make-config.scm #:libgcrypt libgcrypt)) - (define user-builder (program-file "builder-in-linux-vm" exp)) @@ -195,12 +193,14 @@ made available under the /xchg CIFS share." (define builder ;; Code that launches the VM that evaluates EXP. - (with-extensions guile-sqlite3&co + (with-extensions gcrypt-sqlite3&co (with-imported-modules `(,@(source-module-closure '((guix build utils) (gnu build vm)) #:select? not-config?) - ((guix config) => ,config)) + + ;; For consumption by (gnu store database). + ((guix config) => ,(make-config.scm))) #~(begin (use-modules (guix build utils) (gnu build vm)) @@ -255,9 +255,6 @@ made available under the /xchg CIFS share." "Return a bootable, stand-alone iso9660 image. INPUTS is a list of inputs (as for packages)." - (define config - (make-config.scm #:libgcrypt libgcrypt)) - (define schema (and register-closures? (local-file (search-path %load-path @@ -265,12 +262,12 @@ INPUTS is a list of inputs (as for packages)." (expression->derivation-in-linux-vm name - (with-extensions guile-sqlite3&co + (with-extensions gcrypt-sqlite3&co (with-imported-modules `(,@(source-module-closure '((gnu build vm) (guix store database) (guix build utils)) #:select? not-config?) - ((guix config) => ,config)) + ((guix config) => ,(make-config.scm))) #~(begin (use-modules (gnu build vm) (guix store database) @@ -347,9 +344,6 @@ INPUTS is a list of inputs (as for packages). When COPY-INPUTS? is true, copy all of INPUTS into the image being built. When REGISTER-CLOSURES? is true, register INPUTS in the store database of the image so that Guix can be used in the image." - (define config - (make-config.scm #:libgcrypt libgcrypt)) - (define schema (and register-closures? (local-file (search-path %load-path @@ -357,13 +351,13 @@ the image." (expression->derivation-in-linux-vm name - (with-extensions guile-sqlite3&co + (with-extensions gcrypt-sqlite3&co (with-imported-modules `(,@(source-module-closure '((gnu build vm) (gnu build bootloader) (guix store database) (guix build utils)) #:select? not-config?) - ((guix config) => ,config)) + ((guix config) => ,(make-config.scm))) #~(begin (use-modules (gnu build bootloader) (gnu build vm) @@ -462,10 +456,6 @@ makes sense when you want to build a GuixSD Docker image that has Guix installed inside of it. If you don't need Guix (e.g., your GuixSD Docker image just contains a web server that is started by the Shepherd), then you should set REGISTER-CLOSURES? to #f." - (define config - ;; (guix config) module for consumption by (guix gcrypt). - (make-config.scm #:libgcrypt libgcrypt)) - (define schema (and register-closures? (local-file (search-path %load-path @@ -475,8 +465,8 @@ should set REGISTER-CLOSURES? to #f." (name -> (string-append name ".tar.gz")) (graph -> "system-graph")) (define build - (with-extensions (cons guile-json ;for (guix docker) - guile-sqlite3&co) ;for (guix store database) + (with-extensions (cons guile-json ;for (guix docker) + gcrypt-sqlite3&co) ;for (guix store database) (with-imported-modules `(,@(source-module-closure '((guix docker) (guix store database) @@ -484,7 +474,7 @@ should set REGISTER-CLOSURES? to #f." (guix build store-copy) (gnu build vm)) #:select? not-config?) - ((guix config) => ,config)) + ((guix config) => ,(make-config.scm))) #~(begin (use-modules (guix docker) (guix build utils) diff --git a/guix/derivations.scm b/guix/derivations.scm index da686e89e2..7afecb10cc 100644 --- a/guix/derivations.scm +++ b/guix/derivations.scm @@ -35,7 +35,7 @@ #:use-module (guix memoization) #:use-module (guix combinators) #:use-module (guix monads) - #:use-module (guix hash) + #:use-module (gcrypt hash) #:use-module (guix base32) #:use-module (guix records) #:use-module (guix sets) diff --git a/guix/docker.scm b/guix/docker.scm index b869901599..0757d3356f 100644 --- a/guix/docker.scm +++ b/guix/docker.scm @@ -19,7 +19,7 @@ ;;; along with GNU Guix. If not, see . (define-module (guix docker) - #:use-module (guix hash) + #:use-module (gcrypt hash) #:use-module (guix base16) #:use-module ((guix build utils) #:select (mkdir-p diff --git a/guix/gcrypt.scm b/guix/gcrypt.scm deleted file mode 100644 index 1517501751..0000000000 --- a/guix/gcrypt.scm +++ /dev/null @@ -1,49 +0,0 @@ -;;; GNU Guix --- Functional package management for GNU -;;; Copyright © 2013, 2014, 2015 Ludovic Courtès -;;; -;;; This file is part of GNU Guix. -;;; -;;; GNU Guix is free software; you can redistribute it and/or modify it -;;; under the terms of the GNU General Public License as published by -;;; the Free Software Foundation; either version 3 of the License, or (at -;;; your option) any later version. -;;; -;;; GNU Guix is distributed in the hope that it will be useful, but -;;; WITHOUT ANY WARRANTY; without even the implied warranty of -;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -;;; GNU General Public License for more details. -;;; -;;; You should have received a copy of the GNU General Public License -;;; along with GNU Guix. If not, see . - -(define-module (guix gcrypt) - #:use-module (guix config) - #:use-module (system foreign) - #:export (gcrypt-version - libgcrypt-func)) - -;;; Commentary: -;;; -;;; Common code for the GNU Libgcrypt bindings. Loading this module -;;; initializes Libgcrypt as a side effect. -;;; -;;; Code: - -(define libgcrypt-func - (let ((lib (dynamic-link %libgcrypt))) - (lambda (func) - "Return a pointer to symbol FUNC in libgcrypt." - (dynamic-func func lib)))) - -(define gcrypt-version - ;; According to the manual, this function must be called before any other, - ;; and it's not clear whether it can be called more than once. So call it - ;; right here from the top level. - (let* ((ptr (libgcrypt-func "gcry_check_version")) - (proc (pointer->procedure '* ptr '(*))) - (version (pointer->string (proc %null-pointer)))) - (lambda () - "Return the version number of libgcrypt as a string." - version))) - -;;; gcrypt.scm ends here diff --git a/guix/git.scm b/guix/git.scm index 193e2df111..c577eba5ee 100644 --- a/guix/git.scm +++ b/guix/git.scm @@ -21,7 +21,7 @@ #:use-module (git) #:use-module (git object) #:use-module (guix base32) - #:use-module (guix hash) + #:use-module (gcrypt hash) #:use-module ((guix build utils) #:select (mkdir-p)) #:use-module (guix store) #:use-module (guix utils) diff --git a/guix/hash.scm b/guix/hash.scm deleted file mode 100644 index 8d7ba21425..0000000000 --- a/guix/hash.scm +++ /dev/null @@ -1,184 +0,0 @@ -;;; GNU Guix --- Functional package management for GNU -;;; Copyright © 2012, 2013, 2014, 2015, 2016, 2018 Ludovic Courtès -;;; -;;; This file is part of GNU Guix. -;;; -;;; GNU Guix is free software; you can redistribute it and/or modify it -;;; under the terms of the GNU General Public License as published by -;;; the Free Software Foundation; either version 3 of the License, or (at -;;; your option) any later version. -;;; -;;; GNU Guix is distributed in the hope that it will be useful, but -;;; WITHOUT ANY WARRANTY; without even the implied warranty of -;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -;;; GNU General Public License for more details. -;;; -;;; You should have received a copy of the GNU General Public License -;;; along with GNU Guix. If not, see . - -(define-module (guix hash) - #:use-module (guix gcrypt) - #:use-module (rnrs bytevectors) - #:use-module (ice-9 binary-ports) - #:use-module (system foreign) - #:use-module ((guix build utils) #:select (dump-port)) - #:use-module (srfi srfi-11) - #:use-module (srfi srfi-26) - #:export (sha1 - sha256 - open-sha256-port - port-sha256 - file-sha256 - open-sha256-input-port)) - -;;; Commentary: -;;; -;;; Cryptographic hashes. -;;; -;;; Code: - - -;;; -;;; Hash. -;;; - -(define-syntax GCRY_MD_SHA256 - ;; Value as of Libgcrypt 1.5.2. - (identifier-syntax 8)) - -(define-syntax GCRY_MD_SHA1 - (identifier-syntax 2)) - -(define bytevector-hash - (let ((hash (pointer->procedure void - (libgcrypt-func "gcry_md_hash_buffer") - `(,int * * ,size_t)))) - (lambda (bv type size) - "Return the hash TYPE, of SIZE bytes, of BV as a bytevector." - (let ((digest (make-bytevector size))) - (hash type (bytevector->pointer digest) - (bytevector->pointer bv) (bytevector-length bv)) - digest)))) - -(define sha1 - (cut bytevector-hash <> GCRY_MD_SHA1 20)) - -(define sha256 - (cut bytevector-hash <> GCRY_MD_SHA256 (/ 256 8))) - -(define open-sha256-md - (let ((open (pointer->procedure int - (libgcrypt-func "gcry_md_open") - `(* ,int ,unsigned-int)))) - (lambda () - (let* ((md (bytevector->pointer (make-bytevector (sizeof '*)))) - (err (open md GCRY_MD_SHA256 0))) - (if (zero? err) - (dereference-pointer md) - (throw 'gcrypt-error err)))))) - -(define md-write - (pointer->procedure void - (libgcrypt-func "gcry_md_write") - `(* * ,size_t))) - -(define md-read - (pointer->procedure '* - (libgcrypt-func "gcry_md_read") - `(* ,int))) - -(define md-close - (pointer->procedure void - (libgcrypt-func "gcry_md_close") - '(*))) - - -(define (open-sha256-port) - "Return two values: an output port, and a thunk. When the thunk is called, -it returns the SHA256 hash (a bytevector) of all the data written to the -output port." - (define sha256-md - (open-sha256-md)) - - (define digest #f) - (define position 0) - - (define (finalize!) - (let ((ptr (md-read sha256-md 0))) - (set! digest (bytevector-copy (pointer->bytevector ptr 32))) - (md-close sha256-md))) - - (define (write! bv offset len) - (if (zero? len) - (begin - (finalize!) - 0) - (let ((ptr (bytevector->pointer bv offset))) - (md-write sha256-md ptr len) - (set! position (+ position len)) - len))) - - (define (get-position) - position) - - (define (close) - (unless digest - (finalize!))) - - (values (make-custom-binary-output-port "sha256" - write! get-position #f - close) - (lambda () - (unless digest - (finalize!)) - digest))) - -(define (port-sha256 port) - "Return the SHA256 hash (a bytevector) of all the data drained from PORT." - (let-values (((out get) - (open-sha256-port))) - (dump-port port out) - (close-port out) - (get))) - -(define (file-sha256 file) - "Return the SHA256 hash (a bytevector) of FILE." - (call-with-input-file file port-sha256)) - -(define (open-sha256-input-port port) - "Return an input port that wraps PORT and a thunk to get the hash of all the -data read from PORT. The thunk always returns the same value." - (define md - (open-sha256-md)) - - (define (read! bv start count) - (let ((n (get-bytevector-n! port bv start count))) - (if (eof-object? n) - 0 - (begin - (unless digest - (let ((ptr (bytevector->pointer bv start))) - (md-write md ptr n))) - n)))) - - (define digest #f) - - (define (finalize!) - (let ((ptr (md-read md 0))) - (set! digest (bytevector-copy (pointer->bytevector ptr 32))) - (md-close md))) - - (define (get-hash) - (unless digest - (finalize!)) - digest) - - (define (unbuffered port) - ;; Guile <= 2.0.9 does not support 'setvbuf' on custom binary input ports. - (setvbuf port _IONBF) - port) - - (values (unbuffered (make-custom-binary-input-port "sha256" read! #f #f #f)) - get-hash)) - -;;; hash.scm ends here diff --git a/guix/http-client.scm b/guix/http-client.scm index 3b34d4ffba..07360e6108 100644 --- a/guix/http-client.scm +++ b/guix/http-client.scm @@ -34,7 +34,7 @@ #:use-module (guix ui) #:use-module (guix utils) #:use-module (guix base64) - #:autoload (guix hash) (sha256) + #:autoload (gcrypt hash) (sha256) #:use-module ((guix build utils) #:select (mkdir-p dump-port)) #:use-module ((guix build download) diff --git a/guix/import/cpan.scm b/guix/import/cpan.scm index d0ff64ed05..d4bea84353 100644 --- a/guix/import/cpan.scm +++ b/guix/import/cpan.scm @@ -27,7 +27,7 @@ #:use-module (srfi srfi-1) #:use-module (srfi srfi-26) #:use-module (json) - #:use-module (guix hash) + #:use-module (gcrypt hash) #:use-module (guix store) #:use-module (guix utils) #:use-module (guix base32) diff --git a/guix/import/cran.scm b/guix/import/cran.scm index a5203fe78d..89c84f7037 100644 --- a/guix/import/cran.scm +++ b/guix/import/cran.scm @@ -29,7 +29,7 @@ #:use-module (web uri) #:use-module (guix memoization) #:use-module (guix http-client) - #:use-module (guix hash) + #:use-module (gcrypt hash) #:use-module (guix store) #:use-module (guix base32) #:use-module ((guix download) #:select (download-to-store)) diff --git a/guix/import/crate.scm b/guix/import/crate.scm index 3724a457a4..e0b400d054 100644 --- a/guix/import/crate.scm +++ b/guix/import/crate.scm @@ -20,7 +20,7 @@ #:use-module (guix base32) #:use-module (guix build-system cargo) #:use-module ((guix download) #:prefix download:) - #:use-module (guix hash) + #:use-module (gcrypt hash) #:use-module (guix http-client) #:use-module (guix import json) #:use-module (guix import utils) diff --git a/guix/import/elpa.scm b/guix/import/elpa.scm index c37afaf8e6..83354d3f04 100644 --- a/guix/import/elpa.scm +++ b/guix/import/elpa.scm @@ -32,7 +32,7 @@ #:use-module (guix http-client) #:use-module (guix store) #:use-module (guix ui) - #:use-module (guix hash) + #:use-module (gcrypt hash) #:use-module (guix base32) #:use-module (guix upstream) #:use-module (guix packages) diff --git a/guix/import/gnu.scm b/guix/import/gnu.scm index bbb17047f0..29324d7554 100644 --- a/guix/import/gnu.scm +++ b/guix/import/gnu.scm @@ -21,7 +21,7 @@ #:use-module (guix import utils) #:use-module (guix utils) #:use-module (guix store) - #:use-module (guix hash) + #:use-module (gcrypt hash) #:use-module (guix base32) #:use-module (guix upstream) #:use-module (srfi srfi-1) diff --git a/guix/import/hackage.scm b/guix/import/hackage.scm index 54301de2e8..766a0b53f1 100644 --- a/guix/import/hackage.scm +++ b/guix/import/hackage.scm @@ -33,7 +33,7 @@ #:use-module ((guix import utils) #:select (factorize-uri recursive-import)) #:use-module (guix import cabal) #:use-module (guix store) - #:use-module (guix hash) + #:use-module (gcrypt hash) #:use-module (guix base32) #:use-module (guix memoization) #:use-module (guix upstream) diff --git a/guix/import/texlive.scm b/guix/import/texlive.scm index d4c3714364..791b514485 100644 --- a/guix/import/texlive.scm +++ b/guix/import/texlive.scm @@ -26,7 +26,7 @@ #:use-module (srfi srfi-34) #:use-module (web uri) #:use-module (guix http-client) - #:use-module (guix hash) + #:use-module (gcrypt hash) #:use-module (guix memoization) #:use-module (guix store) #:use-module (guix base32) diff --git a/guix/import/utils.scm b/guix/import/utils.scm index 0dc8fd5857..516c0cfaa2 100644 --- a/guix/import/utils.scm +++ b/guix/import/utils.scm @@ -23,7 +23,7 @@ (define-module (guix import utils) #:use-module (guix base32) #:use-module ((guix build download) #:prefix build:) - #:use-module (guix hash) + #:use-module (gcrypt hash) #:use-module (guix http-client) #:use-module ((guix licenses) #:prefix license:) #:use-module (guix utils) diff --git a/guix/nar.scm b/guix/nar.scm index 3556de1379..0495b4a40c 100644 --- a/guix/nar.scm +++ b/guix/nar.scm @@ -25,9 +25,9 @@ #:use-module (guix store) #:use-module (guix store database) #:use-module (guix ui) ; for '_' - #:use-module (guix hash) + #:use-module (gcrypt hash) #:use-module (guix pki) - #:use-module (guix pk-crypto) + #:use-module (gcrypt pk-crypto) #:use-module (srfi srfi-1) #:use-module (srfi srfi-11) #:use-module (srfi srfi-26) diff --git a/guix/pk-crypto.scm b/guix/pk-crypto.scm deleted file mode 100644 index 55ba7b1bb8..0000000000 --- a/guix/pk-crypto.scm +++ /dev/null @@ -1,407 +0,0 @@ -;;; GNU Guix --- Functional package management for GNU -;;; Copyright © 2013, 2014, 2015, 2017 Ludovic Courtès -;;; -;;; This file is part of GNU Guix. -;;; -;;; GNU Guix is free software; you can redistribute it and/or modify it -;;; under the terms of the GNU General Public License as published by -;;; the Free Software Foundation; either version 3 of the License, or (at -;;; your option) any later version. -;;; -;;; GNU Guix is distributed in the hope that it will be useful, but -;;; WITHOUT ANY WARRANTY; without even the implied warranty of -;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -;;; GNU General Public License for more details. -;;; -;;; You should have received a copy of the GNU General Public License -;;; along with GNU Guix. If not, see . - -(define-module (guix pk-crypto) - #:use-module (guix base16) - #:use-module (guix gcrypt) - - #:use-module (system foreign) - #:use-module (rnrs bytevectors) - #:use-module (ice-9 match) - #:use-module (ice-9 rdelim) - #:export (canonical-sexp? - error-source - error-string - string->canonical-sexp - canonical-sexp->string - read-file-sexp - number->canonical-sexp - canonical-sexp-car - canonical-sexp-cdr - canonical-sexp-nth - canonical-sexp-nth-data - canonical-sexp-length - canonical-sexp-null? - canonical-sexp-list? - bytevector->hash-data - hash-data->bytevector - key-type - sign - verify - generate-key - find-sexp-token - canonical-sexp->sexp - sexp->canonical-sexp) - #:re-export (gcrypt-version)) - - -;;; Commentary: -;;; -;;; Public key cryptographic routines from GNU Libgcrypt. -;;;; -;;; Libgcrypt uses "canonical s-expressions" to represent key material, -;;; parameters, and data. We keep it as an opaque object to map them to -;;; Scheme s-expressions because (1) Libgcrypt sexps may be stored in secure -;;; memory, and (2) the read syntax is different. -;;; -;;; A 'canonical-sexp->sexp' procedure is provided nevertheless, for use in -;;; cases where it is safe to move data out of Libgcrypt---e.g., when -;;; processing ACL entries, public keys, etc. -;;; -;;; Canonical sexps were defined by Rivest et al. in the IETF draft at -;;; for the purposes of SPKI -;;; (see .) -;;; -;;; Code: - -;; Libgcrypt "s-expressions". -(define-wrapped-pointer-type - canonical-sexp? - naked-pointer->canonical-sexp - canonical-sexp->pointer - (lambda (obj port) - ;; Don't print OBJ's external representation: we don't want key material - ;; to leak in backtraces and such. - (format port "#" - (number->string (object-address obj) 16) - (number->string (pointer-address (canonical-sexp->pointer obj)) - 16)))) - -(define finalize-canonical-sexp! - (libgcrypt-func "gcry_sexp_release")) - -(define-inlinable (pointer->canonical-sexp ptr) - "Return a that wraps PTR." - (let* ((sexp (naked-pointer->canonical-sexp ptr)) - (ptr* (canonical-sexp->pointer sexp))) - ;; Did we already have a object for PTR? - (when (equal? ptr ptr*) - ;; No, so we can safely add a finalizer (in Guile 2.0.9 - ;; 'set-pointer-finalizer!' *adds* a finalizer rather than replacing the - ;; existing one.) - (set-pointer-finalizer! ptr finalize-canonical-sexp!)) - sexp)) - -(define error-source - (let* ((ptr (libgcrypt-func "gcry_strsource")) - (proc (pointer->procedure '* ptr (list int)))) - (lambda (err) - "Return the error source (a string) for ERR, an error code as thrown -along with 'gcry-error'." - (pointer->string (proc err))))) - -(define error-string - (let* ((ptr (libgcrypt-func "gcry_strerror")) - (proc (pointer->procedure '* ptr (list int)))) - (lambda (err) - "Return the error description (a string) for ERR, an error code as -thrown along with 'gcry-error'." - (pointer->string (proc err))))) - -(define string->canonical-sexp - (let* ((ptr (libgcrypt-func "gcry_sexp_new")) - (proc (pointer->procedure int ptr `(* * ,size_t ,int)))) - (lambda (str) - "Parse STR and return the corresponding gcrypt s-expression." - - ;; When STR comes from 'canonical-sexp->string', it may contain - ;; characters that are really meant to be interpreted as bytes as in a C - ;; 'char *'. Thus, convert STR to ISO-8859-1 so the byte values of the - ;; characters are preserved. - (let* ((sexp (bytevector->pointer (make-bytevector (sizeof '*)))) - (err (proc sexp (string->pointer str "ISO-8859-1") 0 1))) - (if (= 0 err) - (pointer->canonical-sexp (dereference-pointer sexp)) - (throw 'gcry-error 'string->canonical-sexp err)))))) - -(define-syntax GCRYSEXP_FMT_ADVANCED - (identifier-syntax 3)) - -(define canonical-sexp->string - (let* ((ptr (libgcrypt-func "gcry_sexp_sprint")) - (proc (pointer->procedure size_t ptr `(* ,int * ,size_t)))) - (lambda (sexp) - "Return a textual representation of SEXP." - (let loop ((len 1024)) - (let* ((buf (bytevector->pointer (make-bytevector len))) - (size (proc (canonical-sexp->pointer sexp) - GCRYSEXP_FMT_ADVANCED buf len))) - (if (zero? size) - (loop (* len 2)) - (pointer->string buf size "ISO-8859-1"))))))) - -(define (read-file-sexp file) - "Return the canonical sexp read from FILE." - (call-with-input-file file - (compose string->canonical-sexp - read-string))) - -(define canonical-sexp-car - (let* ((ptr (libgcrypt-func "gcry_sexp_car")) - (proc (pointer->procedure '* ptr '(*)))) - (lambda (lst) - "Return the first element of LST, an sexp, if that element is a list; -return #f if LST or its first element is not a list (this is different from -the usual Lisp 'car'.)" - (let ((result (proc (canonical-sexp->pointer lst)))) - (if (null-pointer? result) - #f - (pointer->canonical-sexp result)))))) - -(define canonical-sexp-cdr - (let* ((ptr (libgcrypt-func "gcry_sexp_cdr")) - (proc (pointer->procedure '* ptr '(*)))) - (lambda (lst) - "Return the tail of LST, an sexp, or #f if LST is not a list." - (let ((result (proc (canonical-sexp->pointer lst)))) - (if (null-pointer? result) - #f - (pointer->canonical-sexp result)))))) - -(define canonical-sexp-nth - (let* ((ptr (libgcrypt-func "gcry_sexp_nth")) - (proc (pointer->procedure '* ptr `(* ,int)))) - (lambda (lst index) - "Return the INDEXth nested element of LST, an s-expression. Return #f -if that element does not exist, or if it's an atom. (Note: this is obviously -different from Scheme's 'list-ref'.)" - (let ((result (proc (canonical-sexp->pointer lst) index))) - (if (null-pointer? result) - #f - (pointer->canonical-sexp result)))))) - -(define (dereference-size_t p) - "Return the size_t value pointed to by P." - (bytevector-uint-ref (pointer->bytevector p (sizeof size_t)) - 0 (native-endianness) - (sizeof size_t))) - -(define canonical-sexp-length - (let* ((ptr (libgcrypt-func "gcry_sexp_length")) - (proc (pointer->procedure int ptr '(*)))) - (lambda (sexp) - "Return the length of SEXP if it's a list (including the empty list); -return zero if SEXP is an atom." - (proc (canonical-sexp->pointer sexp))))) - -(define token-string? - (let ((token-cs (char-set-union char-set:digit - char-set:letter - (char-set #\- #\. #\/ #\_ - #\: #\* #\+ #\=)))) - (lambda (str) - "Return #t if STR is a token as per Section 4.3 of -." - (and (not (string-null? str)) - (string-every token-cs str) - (not (char-set-contains? char-set:digit (string-ref str 0))))))) - -(define canonical-sexp-nth-data - (let* ((ptr (libgcrypt-func "gcry_sexp_nth_data")) - (proc (pointer->procedure '* ptr `(* ,int *)))) - (lambda (lst index) - "Return as a symbol (for \"sexp tokens\") or a bytevector (for any other -\"octet string\") the INDEXth data element (atom) of LST, an s-expression. -Return #f if that element does not exist, or if it's a list." - (let* ((size* (bytevector->pointer (make-bytevector (sizeof '*)))) - (result (proc (canonical-sexp->pointer lst) index size*))) - (if (null-pointer? result) - #f - (let* ((len (dereference-size_t size*)) - (str (pointer->string result len "ISO-8859-1"))) - ;; The sexp spec speaks of "tokens" and "octet strings". - ;; Sometimes these octet strings are actual strings (text), - ;; sometimes they're bytevectors, and sometimes they're - ;; multi-precision integers (MPIs). Only the application knows. - ;; However, for convenience, we return a symbol when a token is - ;; encountered since tokens are frequent (at least in the 'car' - ;; of each sexp.) - (if (token-string? str) - (string->symbol str) ; an sexp "token" - (bytevector-copy ; application data, textual or binary - (pointer->bytevector result len))))))))) - -(define (number->canonical-sexp number) - "Return an s-expression representing NUMBER." - (string->canonical-sexp (string-append "#" (number->string number 16) "#"))) - -(define* (bytevector->hash-data bv - #:optional - (hash-algo "sha256") - #:key (key-type 'ecc)) - "Given BV, a bytevector containing a hash of type HASH-ALGO, return an -s-expression suitable for use as the 'data' argument for 'sign'. KEY-TYPE -must be a symbol: 'dsa, 'ecc, or 'rsa." - (string->canonical-sexp - (format #f "(data (flags ~a) (hash \"~a\" #~a#))" - (case key-type - ((ecc dsa) "rfc6979") - ((rsa) "pkcs1") - (else (error "unknown key type" key-type))) - hash-algo - (bytevector->base16-string bv)))) - -(define (key-type sexp) - "Return a symbol denoting the type of public or private key represented by -SEXP--e.g., 'rsa', 'ecc'--or #f if SEXP does not denote a valid key." - (case (canonical-sexp-nth-data sexp 0) - ((public-key private-key) - (canonical-sexp-nth-data (canonical-sexp-nth sexp 1) 0)) - (else #f))) - -(define* (hash-data->bytevector data) - "Return two values: the hash value (a bytevector), and the hash algorithm (a -string) extracted from DATA, an sexp as returned by 'bytevector->hash-data'. -Return #f if DATA does not conform." - (let ((hash (find-sexp-token data 'hash))) - (if hash - (let ((algo (canonical-sexp-nth-data hash 1)) - (value (canonical-sexp-nth-data hash 2))) - (values value (symbol->string algo))) - (values #f #f)))) - -(define sign - (let* ((ptr (libgcrypt-func "gcry_pk_sign")) - (proc (pointer->procedure int ptr '(* * *)))) - (lambda (data secret-key) - "Sign DATA, a canonical s-expression representing a suitable hash, with -SECRET-KEY (a canonical s-expression whose car is 'private-key'.) Note that -DATA must be a 'data' s-expression, as returned by -'bytevector->hash-data' (info \"(gcrypt) Cryptographic Functions\")." - (let* ((sig (bytevector->pointer (make-bytevector (sizeof '*)))) - (err (proc sig (canonical-sexp->pointer data) - (canonical-sexp->pointer secret-key)))) - (if (= 0 err) - (pointer->canonical-sexp (dereference-pointer sig)) - (throw 'gcry-error 'sign err)))))) - -(define verify - (let* ((ptr (libgcrypt-func "gcry_pk_verify")) - (proc (pointer->procedure int ptr '(* * *)))) - (lambda (signature data public-key) - "Verify that SIGNATURE is a signature of DATA with PUBLIC-KEY, all of -which are gcrypt s-expressions." - (zero? (proc (canonical-sexp->pointer signature) - (canonical-sexp->pointer data) - (canonical-sexp->pointer public-key)))))) - -(define generate-key - (let* ((ptr (libgcrypt-func "gcry_pk_genkey")) - (proc (pointer->procedure int ptr '(* *)))) - (lambda (params) - "Return as an s-expression a new key pair for PARAMS. PARAMS must be an -s-expression like: (genkey (rsa (nbits 4:2048)))." - (let* ((key (bytevector->pointer (make-bytevector (sizeof '*)))) - (err (proc key (canonical-sexp->pointer params)))) - (if (zero? err) - (pointer->canonical-sexp (dereference-pointer key)) - (throw 'gcry-error 'generate-key err)))))) - -(define find-sexp-token - (let* ((ptr (libgcrypt-func "gcry_sexp_find_token")) - (proc (pointer->procedure '* ptr `(* * ,size_t)))) - (lambda (sexp token) - "Find in SEXP the first element whose 'car' is TOKEN and return it; -return #f if not found." - (let* ((token (string->pointer (symbol->string token))) - (res (proc (canonical-sexp->pointer sexp) token 0))) - (if (null-pointer? res) - #f - (pointer->canonical-sexp res)))))) - -(define-inlinable (canonical-sexp-null? sexp) - "Return #t if SEXP is the empty-list sexp." - (null-pointer? (canonical-sexp->pointer sexp))) - -(define (canonical-sexp-list? sexp) - "Return #t if SEXP is a list." - (or (canonical-sexp-null? sexp) - (> (canonical-sexp-length sexp) 0))) - -(define (canonical-sexp-fold proc seed sexp) - "Fold PROC (as per SRFI-1) over SEXP, a canonical sexp." - (if (canonical-sexp-list? sexp) - (let ((len (canonical-sexp-length sexp))) - (let loop ((index 0) - (result seed)) - (if (= index len) - result - (loop (+ 1 index) - ;; XXX: Call 'nth-data' *before* 'nth' to work around - ;; , which - ;; affects 1.6.0 and earlier versions. - (proc (or (canonical-sexp-nth-data sexp index) - (canonical-sexp-nth sexp index)) - result))))) - (error "sexp is not a list" sexp))) - -(define (canonical-sexp->sexp sexp) - "Return a Scheme sexp corresponding to SEXP. This is particularly useful to -compare sexps (since Libgcrypt does not provide an 'equal?' procedure), or to -use pattern matching." - (if (canonical-sexp-list? sexp) - (reverse - (canonical-sexp-fold (lambda (item result) - (cons (if (canonical-sexp? item) - (canonical-sexp->sexp item) - item) - result)) - '() - sexp)) - - ;; As of Libgcrypt 1.6.0, there's no function to extract the buffer of a - ;; non-list sexp (!), so we first enlist SEXP, then get at its buffer. - (let ((sexp (string->canonical-sexp - (string-append "(" (canonical-sexp->string sexp) - ")")))) - (or (canonical-sexp-nth-data sexp 0) - (canonical-sexp-nth sexp 0))))) - -(define (sexp->canonical-sexp sexp) - "Return a canonical sexp equivalent to SEXP, a Scheme sexp as returned by -'canonical-sexp->sexp'." - ;; XXX: This is inefficient, but the Libgcrypt API doesn't allow us to do - ;; much better. - (string->canonical-sexp - (call-with-output-string - (lambda (port) - (define (write item) - (cond ((list? item) - (display "(" port) - (for-each write item) - (display ")" port)) - ((symbol? item) - (format port " ~a" item)) - ((bytevector? item) - (format port " #~a#" - (bytevector->base16-string item))) - (else - (error "unsupported sexp item type" item)))) - - (write sexp))))) - -(define (gcrypt-error-printer port key args default-printer) - "Print the gcrypt error specified by ARGS." - (match args - ((proc err) - (format port "In procedure ~a: ~a: ~a" - proc (error-source err) (error-string err))))) - -(set-exception-printer! 'gcry-error gcrypt-error-printer) - -;;; pk-crypto.scm ends here diff --git a/guix/pki.scm b/guix/pki.scm index 1551425c33..6326e065e9 100644 --- a/guix/pki.scm +++ b/guix/pki.scm @@ -18,7 +18,7 @@ (define-module (guix pki) #:use-module (guix config) - #:use-module (guix pk-crypto) + #:use-module (gcrypt pk-crypto) #:use-module ((guix utils) #:select (with-atomic-file-output)) #:use-module ((guix build utils) #:select (mkdir-p)) #:use-module (ice-9 match) diff --git a/guix/scripts/archive.scm b/guix/scripts/archive.scm index a359f405fe..fb2f61ce30 100644 --- a/guix/scripts/archive.scm +++ b/guix/scripts/archive.scm @@ -29,7 +29,7 @@ #:use-module (guix monads) #:use-module (guix ui) #:use-module (guix pki) - #:use-module (guix pk-crypto) + #:use-module (gcrypt pk-crypto) #:use-module (guix scripts) #:use-module (guix scripts build) #:use-module (gnu packages) diff --git a/guix/scripts/authenticate.scm b/guix/scripts/authenticate.scm index 8b19dc871b..f1fd8ee895 100644 --- a/guix/scripts/authenticate.scm +++ b/guix/scripts/authenticate.scm @@ -19,7 +19,7 @@ (define-module (guix scripts authenticate) #:use-module (guix config) #:use-module (guix base16) - #:use-module (guix pk-crypto) + #:use-module (gcrypt pk-crypto) #:use-module (guix pki) #:use-module (guix ui) #:use-module (ice-9 binary-ports) diff --git a/guix/scripts/download.scm b/guix/scripts/download.scm index 1b99bc62cf..b9162d3449 100644 --- a/guix/scripts/download.scm +++ b/guix/scripts/download.scm @@ -20,7 +20,7 @@ #:use-module (guix ui) #:use-module (guix scripts) #:use-module (guix store) - #:use-module (guix hash) + #:use-module (gcrypt hash) #:use-module (guix base16) #:use-module (guix base32) #:use-module ((guix download) #:hide (url-fetch)) diff --git a/guix/scripts/hash.scm b/guix/scripts/hash.scm index cae5d6bcdf..2bd2ac4a06 100644 --- a/guix/scripts/hash.scm +++ b/guix/scripts/hash.scm @@ -20,7 +20,7 @@ (define-module (guix scripts hash) #:use-module (guix base32) - #:use-module (guix hash) + #:use-module (gcrypt hash) #:use-module (guix serialization) #:use-module (guix ui) #:use-module (guix scripts) @@ -44,7 +44,7 @@ `((format . ,bytevector->nix-base32-string))) (define (show-help) - (display (G_ "Usage: guix hash [OPTION] FILE + (display (G_ "Usage: gcrypt hash [OPTION] FILE Return the cryptographic hash of FILE. Supported formats: 'nix-base32' (default), 'base32', and 'base16' ('hex' @@ -93,7 +93,7 @@ and 'hexadecimal' can be used as well).\n")) (exit 0))) (option '(#\V "version") #f #f (lambda args - (show-version-and-exit "guix hash"))))) + (show-version-and-exit "gcrypt hash"))))) diff --git a/guix/scripts/pack.scm b/guix/scripts/pack.scm index fb0677de28..1916f3b9d7 100644 --- a/guix/scripts/pack.scm +++ b/guix/scripts/pack.scm @@ -41,7 +41,7 @@ #:use-module (gnu packages guile) #:use-module (gnu packages base) #:autoload (gnu packages package-management) (guix) - #:autoload (gnu packages gnupg) (libgcrypt) + #:autoload (gnu packages gnupg) (guile-gcrypt) #:autoload (gnu packages guile) (guile2.0-json guile-json) #:use-module (srfi srfi-1) #:use-module (srfi srfi-9) @@ -95,10 +95,12 @@ found." (('gnu _ ...) #t) (_ #f))) -(define guile-sqlite3&co - ;; Guile-SQLite3 and its propagated inputs. - (cons guile-sqlite3 - (package-transitive-propagated-inputs guile-sqlite3))) +(define gcrypt-sqlite3&co + ;; Guile-Gcrypt, Guile-SQLite3, and their propagated inputs. + (append-map (lambda (package) + (cons package + (package-transitive-propagated-inputs package))) + (list guile-gcrypt guile-sqlite3))) (define* (self-contained-tarball name profile #:key target @@ -124,16 +126,14 @@ added to the pack." "guix/store/schema.sql")))) (define build - (with-imported-modules `(((guix config) - => ,(make-config.scm - #:libgcrypt libgcrypt)) + (with-imported-modules `(((guix config) => ,(make-config.scm)) ,@(source-module-closure `((guix build utils) (guix build union) (guix build store-copy) (gnu build install)) #:select? not-config?)) - (with-extensions guile-sqlite3&co + (with-extensions gcrypt-sqlite3&co #~(begin (use-modules (guix build utils) ((guix build union) #:select (relative-file-name)) @@ -251,22 +251,14 @@ points for virtual file systems (like procfs), and optional symlinks. SYMLINKS must be a list of (SOURCE -> TARGET) tuples denoting symlinks to be added to the pack." - (define libgcrypt - ;; XXX: Not strictly needed, but pulled by (guix store database). - (module-ref (resolve-interface '(gnu packages gnupg)) - 'libgcrypt)) - - (define build - (with-imported-modules `(((guix config) - => ,(make-config.scm - #:libgcrypt libgcrypt)) + (with-imported-modules `(((guix config) => ,(make-config.scm)) ,@(source-module-closure '((guix build utils) (guix build store-copy) (gnu build install)) #:select? not-config?)) - (with-extensions guile-sqlite3&co + (with-extensions gcrypt-sqlite3&co #~(begin (use-modules (guix build utils) (gnu build install) @@ -349,32 +341,12 @@ must a be a GNU triplet and it is used to derive the architecture metadata in the image." (define defmod 'define-module) ;trick Geiser - (define config - ;; (guix config) module for consumption by (guix gcrypt). - (scheme-file "gcrypt-config.scm" - #~(begin - (#$defmod (guix config) - #:export (%libgcrypt)) - - ;; XXX: Work around . - (eval-when (expand load eval) - (define %libgcrypt - #+(file-append libgcrypt "/lib/libgcrypt")))))) - - (define json - ;; Pick the guile-json package that corresponds to the Guile used to build - ;; derivations. - (if (string-prefix? "2.0" (package-version (default-guile))) - guile2.0-json - guile-json)) - (define build - ;; Guile-JSON is required by (guix docker). - (with-extensions (list json) - (with-imported-modules `(,@(source-module-closure '((guix docker) - (guix build store-copy)) - #:select? not-config?) - ((guix config) => ,config)) + ;; Guile-JSON and Guile-Gcrypt are required by (guix docker). + (with-extensions (list guile-json guile-gcrypt) + (with-imported-modules (source-module-closure '((guix docker) + (guix build store-copy)) + #:select? not-config?) #~(begin (use-modules (guix docker) (srfi srfi-19) (guix build store-copy)) diff --git a/guix/scripts/publish.scm b/guix/scripts/publish.scm index b5dfdab32f..c5326b33da 100644 --- a/guix/scripts/publish.scm +++ b/guix/scripts/publish.scm @@ -44,9 +44,9 @@ #:use-module (guix base64) #:use-module (guix config) #:use-module (guix derivations) - #:use-module (guix hash) + #:use-module (gcrypt hash) #:use-module (guix pki) - #:use-module (guix pk-crypto) + #:use-module (gcrypt pk-crypto) #:use-module (guix workers) #:use-module (guix store) #:use-module ((guix serialization) #:select (write-file)) diff --git a/guix/scripts/refresh.scm b/guix/scripts/refresh.scm index a8fe993e33..bcc23bd39c 100644 --- a/guix/scripts/refresh.scm +++ b/guix/scripts/refresh.scm @@ -23,7 +23,7 @@ (define-module (guix scripts refresh) #:use-module (guix ui) - #:use-module (guix hash) + #:use-module (gcrypt hash) #:use-module (guix scripts) #:use-module (guix store) #:use-module (guix utils) diff --git a/guix/scripts/substitute.scm b/guix/scripts/substitute.scm index 7634bb37f6..cd300195d8 100755 --- a/guix/scripts/substitute.scm +++ b/guix/scripts/substitute.scm @@ -26,11 +26,11 @@ #:use-module (guix config) #:use-module (guix records) #:use-module ((guix serialization) #:select (restore-file)) - #:use-module (guix hash) + #:use-module (gcrypt hash) #:use-module (guix base32) #:use-module (guix base64) #:use-module (guix cache) - #:use-module (guix pk-crypto) + #:use-module (gcrypt pk-crypto) #:use-module (guix pki) #:use-module ((guix build utils) #:select (mkdir-p dump-port)) #:use-module ((guix build download) diff --git a/guix/self.scm b/guix/self.scm index 81f9b0cfd5..126116e08a 100644 --- a/guix/self.scm +++ b/guix/self.scm @@ -83,8 +83,8 @@ GUILE-VERSION (\"2.0\" or \"2.2\"), or #f if none of the packages matches." ("guile-ssh" (ref '(gnu packages ssh) 'guile-ssh)) ("guile-git" (ref '(gnu packages guile) 'guile-git)) ("guile-sqlite3" (ref '(gnu packages guile) 'guile-sqlite3)) + ("guile-gcrypt" (ref '(gnu packages gnupg) 'guile-gcrypt)) ("gnutls" (ref '(gnu packages tls) 'gnutls)) - ("libgcrypt" (ref '(gnu packages gnupg) 'libgcrypt)) ("zlib" (ref '(gnu packages compression) 'zlib)) ("gzip" (ref '(gnu packages compression) 'gzip)) ("bzip2" (ref '(gnu packages compression) 'bzip2)) @@ -454,7 +454,6 @@ assumed to be part of MODULES." (name (string-append "guix-" version)) (guile-version (effective-version)) (guile-for-build (guile-for-build guile-version)) - (libgcrypt (specification->package "libgcrypt")) (zlib (specification->package "zlib")) (gzip (specification->package "gzip")) (bzip2 (specification->package "bzip2")) @@ -481,6 +480,10 @@ assumed to be part of MODULES." "guile-sqlite3" "guile2.0-sqlite3")) + (define guile-gcrypt + (package-for-guile guile-version + "guile-gcrypt")) + (define gnutls (package-for-guile guile-version "gnutls" "guile2.0-gnutls")) @@ -489,7 +492,7 @@ assumed to be part of MODULES." (match (append-map (lambda (package) (cons (list "x" package) (package-transitive-propagated-inputs package))) - (list gnutls guile-git guile-json + (list guile-gcrypt gnutls guile-git guile-json guile-ssh guile-sqlite3)) (((labels packages _ ...) ...) packages))) @@ -513,10 +516,7 @@ assumed to be part of MODULES." ;; rebuilt when the version changes, which in turn means we ;; can have substitutes for it. #:extra-modules - `(((guix config) - => ,(make-config.scm #:libgcrypt - (specification->package - "libgcrypt")))) + `(((guix config) => ,(make-config.scm))) ;; (guix man-db) is needed at build-time by (guix profiles) ;; but we don't need to compile it; not compiling it allows @@ -526,6 +526,7 @@ assumed to be part of MODULES." ("guix/store/schema.sql" ,(local-file "../guix/store/schema.sql"))) + #:extensions (list guile-gcrypt) #:guile-for-build guile-for-build)) (define *extra-modules* @@ -600,8 +601,7 @@ assumed to be part of MODULES." '() #:extra-modules `(((guix config) - => ,(make-config.scm #:libgcrypt libgcrypt - #:zlib zlib + => ,(make-config.scm #:zlib zlib #:gzip gzip #:bzip2 bzip2 #:xz xz @@ -684,7 +684,7 @@ assumed to be part of MODULES." (define %dependency-variables ;; (guix config) variables corresponding to dependencies. - '(%libgcrypt %libz %xz %gzip %bzip2)) + '(%libz %xz %gzip %bzip2)) (define %persona-variables ;; (guix config) variables that define Guix's persona. @@ -703,7 +703,7 @@ assumed to be part of MODULES." (variables rest ...)))))) (variables %localstatedir %storedir %sysconfdir %system))) -(define* (make-config.scm #:key libgcrypt zlib gzip xz bzip2 +(define* (make-config.scm #:key zlib gzip xz bzip2 (package-name "GNU Guix") (package-version "0") (bug-report-address "bug-guix@gnu.org") @@ -723,7 +723,6 @@ assumed to be part of MODULES." %state-directory %store-database-directory %config-directory - %libgcrypt %libz %gzip %bzip2 @@ -766,9 +765,6 @@ assumed to be part of MODULES." (define %xz #+(and xz (file-append xz "/bin/xz"))) - (define %libgcrypt - #+(and libgcrypt - (file-append libgcrypt "/lib/libgcrypt"))) (define %libz #+(and zlib (file-append zlib "/lib/libz")))) diff --git a/guix/store.scm b/guix/store.scm index f41a1e2690..af7f6980cf 100644 --- a/guix/store.scm +++ b/guix/store.scm @@ -25,7 +25,7 @@ #:use-module (guix monads) #:use-module (guix base16) #:use-module (guix base32) - #:use-module (guix hash) + #:use-module (gcrypt hash) #:use-module (guix profiling) #:autoload (guix build syscalls) (terminal-columns) #:use-module (rnrs bytevectors) diff --git a/guix/store/deduplication.scm b/guix/store/deduplication.scm index 8c19d7309e..53810c680f 100644 --- a/guix/store/deduplication.scm +++ b/guix/store/deduplication.scm @@ -21,7 +21,7 @@ ;;; timestamps, deduplicating, etc. (define-module (guix store deduplication) - #:use-module (guix hash) + #:use-module (gcrypt hash) #:use-module (guix build utils) #:use-module (guix base16) #:use-module (srfi srfi-11) diff --git a/guix/tests.scm b/guix/tests.scm index 34e3e0fc2a..06e9f8da0b 100644 --- a/guix/tests.scm +++ b/guix/tests.scm @@ -22,7 +22,7 @@ #:use-module (guix packages) #:use-module (guix base32) #:use-module (guix serialization) - #:use-module (guix hash) + #:use-module (gcrypt hash) #:use-module (guix build-system gnu) #:use-module (gnu packages bootstrap) #:use-module (srfi srfi-34) diff --git a/m4/guix.m4 b/m4/guix.m4 index a6897be961..da3c65f8f7 100644 --- a/m4/guix.m4 +++ b/m4/guix.m4 @@ -18,24 +18,6 @@ dnl dnl You should have received a copy of the GNU General Public License dnl along with GNU Guix. If not, see . -dnl GUIX_ASSERT_LIBGCRYPT_USABLE -dnl -dnl Assert that GNU libgcrypt is usable from Guile. -AC_DEFUN([GUIX_ASSERT_LIBGCRYPT_USABLE], - [AC_CACHE_CHECK([whether $LIBGCRYPT can be dynamically loaded], - [guix_cv_libgcrypt_usable_p], - [GUILE_CHECK([retval], - [(dynamic-func \"gcry_md_hash_buffer\" (dynamic-link \"$LIBGCRYPT\"))]) - if test "$retval" = 0; then - guix_cv_libgcrypt_usable_p="yes" - else - guix_cv_libgcrypt_usable_p="no" - fi]) - - if test "x$guix_cv_libgcrypt_usable_p" != "xyes"; then - AC_MSG_ERROR([GNU libgcrypt does not appear to be usable; see `--with-libgcrypt-prefix' and `README'.]) - fi]) - dnl GUIX_SYSTEM_TYPE dnl dnl Determine the Guix host system type, and store it in the diff --git a/tests/base32.scm b/tests/base32.scm index 194f8da96b..134e578633 100644 --- a/tests/base32.scm +++ b/tests/base32.scm @@ -17,7 +17,7 @@ ;;; along with GNU Guix. If not, see . (define-module (test-base32) - #:use-module (guix hash) + #:use-module (gcrypt hash) #:use-module (guix base32) #:use-module (guix utils) #:use-module (srfi srfi-1) diff --git a/tests/builders.scm b/tests/builders.scm index bb9e0fa85b..8b8ef013e7 100644 --- a/tests/builders.scm +++ b/tests/builders.scm @@ -25,7 +25,7 @@ #:use-module (guix utils) #:use-module (guix base32) #:use-module (guix derivations) - #:use-module (guix hash) + #:use-module (gcrypt hash) #:use-module (guix tests) #:use-module ((guix packages) #:select (package-derivation package-native-search-paths)) diff --git a/tests/challenge.scm b/tests/challenge.scm index 387d205a64..4b13ec278e 100644 --- a/tests/challenge.scm +++ b/tests/challenge.scm @@ -18,7 +18,7 @@ (define-module (test-challenge) #:use-module (guix tests) - #:use-module (guix hash) + #:use-module (gcrypt hash) #:use-module (guix store) #:use-module (guix monads) #:use-module (guix derivations) diff --git a/tests/cpan.scm b/tests/cpan.scm index 396744e529..189dd027e6 100644 --- a/tests/cpan.scm +++ b/tests/cpan.scm @@ -20,7 +20,7 @@ (define-module (test-cpan) #:use-module (guix import cpan) #:use-module (guix base32) - #:use-module (guix hash) + #:use-module (gcrypt hash) #:use-module (guix tests) #:use-module (guix grafts) #:use-module (srfi srfi-64) diff --git a/tests/crate.scm b/tests/crate.scm index eb93822bbb..a1dcfd5e52 100644 --- a/tests/crate.scm +++ b/tests/crate.scm @@ -21,7 +21,7 @@ #:use-module (guix import crate) #:use-module (guix base32) #:use-module (guix build-system cargo) - #:use-module (guix hash) + #:use-module (gcrypt hash) #:use-module (guix tests) #:use-module (ice-9 iconv) #:use-module (ice-9 match) diff --git a/tests/derivations.scm b/tests/derivations.scm index 5d83529183..159a6971b3 100644 --- a/tests/derivations.scm +++ b/tests/derivations.scm @@ -23,7 +23,7 @@ #:use-module (guix grafts) #:use-module (guix store) #:use-module (guix utils) - #:use-module (guix hash) + #:use-module (gcrypt hash) #:use-module (guix base32) #:use-module (guix tests) #:use-module (guix tests http) diff --git a/tests/gem.scm b/tests/gem.scm index 4220170ff0..a12edb294c 100644 --- a/tests/gem.scm +++ b/tests/gem.scm @@ -21,7 +21,7 @@ (define-module (test-gem) #:use-module (guix import gem) #:use-module (guix base32) - #:use-module (guix hash) + #:use-module (gcrypt hash) #:use-module (guix tests) #:use-module ((guix build utils) #:select (delete-file-recursively)) #:use-module (srfi srfi-41) diff --git a/tests/hash.scm b/tests/hash.scm deleted file mode 100644 index 47dff3915b..0000000000 --- a/tests/hash.scm +++ /dev/null @@ -1,128 +0,0 @@ -;;; GNU Guix --- Functional package management for GNU -;;; Copyright © 2013, 2014, 2017, 2018 Ludovic Courtès -;;; -;;; This file is part of GNU Guix. -;;; -;;; GNU Guix is free software; you can redistribute it and/or modify it -;;; under the terms of the GNU General Public License as published by -;;; the Free Software Foundation; either version 3 of the License, or (at -;;; your option) any later version. -;;; -;;; GNU Guix is distributed in the hope that it will be useful, but -;;; WITHOUT ANY WARRANTY; without even the implied warranty of -;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -;;; GNU General Public License for more details. -;;; -;;; You should have received a copy of the GNU General Public License -;;; along with GNU Guix. If not, see . - -(define-module (test-hash) - #:use-module (guix hash) - #:use-module (guix base16) - #:use-module (srfi srfi-1) - #:use-module (srfi srfi-11) - #:use-module (srfi srfi-64) - #:use-module (rnrs bytevectors) - #:use-module (rnrs io ports)) - -;; Test the (guix hash) module. - -(define %empty-sha256 - ;; SHA256 hash of the empty string. - (base16-string->bytevector - "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855")) - -(define %hello-sha256 - ;; SHA256 hash of "hello world" - (base16-string->bytevector - "b94d27b9934d3e08a52e52d7da7dabfac484efe37a5380ee9088f7ace2efcde9")) - - -(test-begin "hash") - -(test-equal "sha1, empty" - (base16-string->bytevector "da39a3ee5e6b4b0d3255bfef95601890afd80709") - (sha1 #vu8())) - -(test-equal "sha1, hello" - (base16-string->bytevector "2aae6c35c94fcfb415dbe95f408b9ce91ee846ed") - (sha1 (string->utf8 "hello world"))) - -(test-equal "sha256, empty" - %empty-sha256 - (sha256 #vu8())) - -(test-equal "sha256, hello" - %hello-sha256 - (sha256 (string->utf8 "hello world"))) - -(test-equal "open-sha256-port, empty" - %empty-sha256 - (let-values (((port get) - (open-sha256-port))) - (close-port port) - (get))) - -(test-equal "open-sha256-port, hello" - (list %hello-sha256 (string-length "hello world")) - (let-values (((port get) - (open-sha256-port))) - (put-bytevector port (string->utf8 "hello world")) - (force-output port) - (list (get) (port-position port)))) - -(test-assert "port-sha256" - (let* ((file (search-path %load-path "ice-9/psyntax.scm")) - (size (stat:size (stat file))) - (contents (call-with-input-file file get-bytevector-all))) - (equal? (sha256 contents) - (call-with-input-file file port-sha256)))) - -(test-equal "open-sha256-input-port, empty" - `("" ,%empty-sha256) - (let-values (((port get) - (open-sha256-input-port (open-string-input-port "")))) - (let ((str (get-string-all port))) - (list str (get))))) - -(test-equal "open-sha256-input-port, hello" - `("hello world" ,%hello-sha256) - (let-values (((port get) - (open-sha256-input-port - (open-bytevector-input-port - (string->utf8 "hello world"))))) - (let ((str (get-string-all port))) - (list str (get))))) - -(test-equal "open-sha256-input-port, hello, one two" - (list (string->utf8 "hel") (string->utf8 "lo") - (base16-string->bytevector ; echo -n hello | sha256sum - "2cf24dba5fb0a30e26e83b2ac5b9e29e1b161e5c1fa7425e73043362938b9824") - " world") - (let-values (((port get) - (open-sha256-input-port - (open-bytevector-input-port (string->utf8 "hello world"))))) - (let* ((one (get-bytevector-n port 3)) - (two (get-bytevector-n port 2)) - (hash (get)) - (three (get-string-all port))) - (list one two hash three)))) - -(test-equal "open-sha256-input-port, hello, read from wrapped port" - (list (string->utf8 "hello") - (base16-string->bytevector ; echo -n hello | sha256sum - "2cf24dba5fb0a30e26e83b2ac5b9e29e1b161e5c1fa7425e73043362938b9824") - " world") - (let*-values (((wrapped) - (open-bytevector-input-port (string->utf8 "hello world"))) - ((port get) - (open-sha256-input-port wrapped))) - (let* ((hello (get-bytevector-n port 5)) - (hash (get)) - - ;; Now read from WRAPPED to make sure its current position is - ;; correct. - (world (get-string-all wrapped))) - (list hello hash world)))) - -(test-end) diff --git a/tests/nar.scm b/tests/nar.scm index 9b5fb984b4..d610ea53f7 100644 --- a/tests/nar.scm +++ b/tests/nar.scm @@ -21,7 +21,7 @@ #:use-module (guix nar) #:use-module (guix serialization) #:use-module (guix store) - #:use-module ((guix hash) + #:use-module ((gcrypt hash) #:select (open-sha256-port open-sha256-input-port)) #:use-module ((guix packages) #:select (base32)) diff --git a/tests/opam.scm b/tests/opam.scm index 26832174a8..a1320abfdc 100644 --- a/tests/opam.scm +++ b/tests/opam.scm @@ -19,7 +19,7 @@ (define-module (test-opam) #:use-module (guix import opam) #:use-module (guix base32) - #:use-module (guix hash) + #:use-module (gcrypt hash) #:use-module (guix tests) #:use-module ((guix build utils) #:select (delete-file-recursively mkdir-p which)) #:use-module (srfi srfi-64) diff --git a/tests/packages.scm b/tests/packages.scm index 65ccb14889..237feb7aba 100644 --- a/tests/packages.scm +++ b/tests/packages.scm @@ -28,7 +28,7 @@ #:renamer (lambda (name) (cond ((eq? name 'location) 'make-location) (else name)))) - #:use-module (guix hash) + #:use-module (gcrypt hash) #:use-module (guix derivations) #:use-module (guix packages) #:use-module (guix grafts) diff --git a/tests/pk-crypto.scm b/tests/pk-crypto.scm deleted file mode 100644 index fe33a6f7b5..0000000000 --- a/tests/pk-crypto.scm +++ /dev/null @@ -1,290 +0,0 @@ -;;; GNU Guix --- Functional package management for GNU -;;; Copyright © 2013, 2014, 2017 Ludovic Courtès -;;; -;;; This file is part of GNU Guix. -;;; -;;; GNU Guix is free software; you can redistribute it and/or modify it -;;; under the terms of the GNU General Public License as published by -;;; the Free Software Foundation; either version 3 of the License, or (at -;;; your option) any later version. -;;; -;;; GNU Guix is distributed in the hope that it will be useful, but -;;; WITHOUT ANY WARRANTY; without even the implied warranty of -;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -;;; GNU General Public License for more details. -;;; -;;; You should have received a copy of the GNU General Public License -;;; along with GNU Guix. If not, see . - -(define-module (test-pk-crypto) - #:use-module (guix pk-crypto) - #:use-module (guix utils) - #:use-module (guix base16) - #:use-module (guix hash) - #:use-module (srfi srfi-1) - #:use-module (srfi srfi-11) - #:use-module (srfi srfi-26) - #:use-module (srfi srfi-64) - #:use-module (rnrs bytevectors) - #:use-module (rnrs io ports) - #:use-module (ice-9 match)) - -;; Test the (guix pk-crypto) module. - -(define %key-pair - ;; RSA key pair that was generated with: - ;; (generate-key (string->canonical-sexp "(genkey (rsa (nbits 4:1024)))")) - ;; which takes a bit of time. - "(key-data - (public-key - (rsa - (n #00C1F764069F54FFE93A126B02328903E984E4AE3AF6DF402B5B6B3907911B88C385F1BA76A002EC9DEA109A5228EF0E62EE31A06D1A5861CAB474F6C857AC66EB65A1905F25BBA1869579E73A3B7FED13AF5A1667326F88CDFC2FF24B03C14FD1384AA7E73CA89572880B606E3A974E15347963FC7B6378574936A47580DBCB45#) - (e #010001#))) - (private-key - (rsa - (n #00C1F764069F54FFE93A126B02328903E984E4AE3AF6DF402B5B6B3907911B88C385F1BA76A002EC9DEA109A5228EF0E62EE31A06D1A5861CAB474F6C857AC66EB65A1905F25BBA1869579E73A3B7FED13AF5A1667326F88CDFC2FF24B03C14FD1384AA7E73CA89572880B606E3A974E15347963FC7B6378574936A47580DBCB45#) - (e #010001#) - (d #58CAD84653D0046A8EC3F9AA82D9C829B145422109FC3F12DA01A694B92FA296E70D366FB166454D30E632CEE3A033B4C41781BA10325F69FCDC0250CA19C8EEB352FA085992494098DB133E682ED38A931701F0DED1A1E508F4341A4FB446A04F019427C7CB3C44F251EEA9D386100DA80F125E0FD5CE1B0DFEC6D21516EACD#) - (p #00D47F185147EC39393CCDA4E7323FFC20FC8B8073E2A54DD63BA392A66975E4204CA48572496A9DFD7522436B852C07472A5AB25B7706F7C14E6F33FBC420FF3B#) - (q #00E9AD22F158060BC9AE3601DA623AFC60FFF3058795802CA92371C00097335CF9A23D7782DE353C9DBA93D7BB99E6A24A411107605E722481C5C191F80D7EB77F#) - (u #59B45B95AE01A7A7370FAFDB08FE73A4793CE37F228961B09B1B1E7DDAD9F8D3E28F5C5E8B4B067E6B8E0BBF3F690B42991A79E46108DDCDA2514323A66964DE#))))") - -(define %ecc-key-pair - ;; Ed25519 key pair generated with: - ;; (generate-key (string->canonical-sexp "(genkey (ecdsa (curve Ed25519) (flags rfc6979 transient)))")) - "(key-data - (public-key - (ecc - (curve Ed25519) - (q #94869C1B9E69DB8DD910B7F7F4D6E56A63A964A59AE8F90F6703ACDDF6F50C81#))) - (private-key - (ecc - (curve Ed25519) - (q #94869C1B9E69DB8DD910B7F7F4D6E56A63A964A59AE8F90F6703ACDDF6F50C81#) - (d #6EFB32D0B4EC6B3237B523539F1979379B82726AAA605EB2FBA6775B2B777B78#))))") - -(test-begin "pk-crypto") - -(test-assert "version" - (gcrypt-version)) - -(let ((sexps '("(foo bar)" - - ;; In Libgcrypt 1.5.3 the following integer is rendered as - ;; binary, whereas in 1.6.0 it's rendered as is (hexadecimal.) - ;;"#C0FFEE#" - - "(genkey \n (rsa \n (nbits \"1024\")\n )\n )"))) - (test-equal "string->canonical-sexp->string" - sexps - (let ((sexps (map string->canonical-sexp sexps))) - (and (every canonical-sexp? sexps) - (map (compose string-trim-both canonical-sexp->string) sexps))))) - -(gc) ; stress test! - -(let ((sexps `(("(foo bar)" foo -> "(foo bar)") - ("(foo (bar (baz 3:123)))" baz -> "(baz \"123\")") - ("(foo (bar 3:123))" baz -> #f)))) - (test-equal "find-sexp-token" - (map (match-lambda - ((_ _ '-> expected) - expected)) - sexps) - (map (match-lambda - ((input token '-> _) - (let ((sexp (find-sexp-token (string->canonical-sexp input) token))) - (and sexp - (string-trim-both (canonical-sexp->string sexp)))))) - sexps))) - -(gc) - -(test-equal "canonical-sexp-length" - '(0 1 2 4 0 0) - (map (compose canonical-sexp-length string->canonical-sexp) - '("()" "(a)" "(a b)" "(a #616263# b #C001#)" "a" "#123456#"))) - -(test-equal "canonical-sexp-list?" - '(#t #f #t #f) - (map (compose canonical-sexp-list? string->canonical-sexp) - '("()" "\"abc\"" "(a b c)" "#123456#"))) - -(gc) - -(test-equal "canonical-sexp-car + cdr" - '("(b \n (c xyz)\n )") - (let ((lst (string->canonical-sexp "(a (b (c xyz)))"))) - (map (lambda (sexp) - (and sexp (string-trim-both (canonical-sexp->string sexp)))) - ;; Note: 'car' returns #f when the first element is an atom. - (list (canonical-sexp-car (canonical-sexp-cdr lst)))))) - -(gc) - -(test-equal "canonical-sexp-nth" - '("(b pqr)" "(c \"456\")" "(d xyz)" #f #f) - - (let ((lst (string->canonical-sexp "(a (b 3:pqr) (c 3:456) (d 3:xyz))"))) - ;; XXX: In Libgcrypt 1.5.3, (canonical-sexp-nth lst 0) returns LST, whereas in - ;; 1.6.0 it returns #f. - (map (lambda (sexp) - (and sexp (string-trim-both (canonical-sexp->string sexp)))) - (unfold (cut > <> 5) - (cut canonical-sexp-nth lst <>) - 1+ - 1)))) - -(gc) - -(test-equal "canonical-sexp-nth-data" - `(Name Otto Meier #f ,(base16-string->bytevector "123456") #f) - (let ((lst (string->canonical-sexp - "(Name Otto Meier (address Burgplatz) #123456#)"))) - (unfold (cut > <> 5) - (cut canonical-sexp-nth-data lst <>) - 1+ - 0))) - -(let ((bv (base16-string->bytevector - "5eff0b55c9c5f5e87b4e34cd60a2d5654ca1eb78c7b3c67c3179fed1cff07b4c"))) - (test-equal "hash corrupt due to restrictive locale encoding" - bv - - ;; In Guix up to 0.6 included this test would fail because at some point - ;; the hash value would be cropped to ASCII. In practice 'guix - ;; authenticate' would produce invalid signatures that would fail - ;; signature verification. See . - (let ((locale (setlocale LC_ALL))) - (dynamic-wind - (lambda () - (setlocale LC_ALL "C")) - (lambda () - (hash-data->bytevector - (string->canonical-sexp - (canonical-sexp->string - (bytevector->hash-data bv "sha256"))))) - (lambda () - (setlocale LC_ALL locale)))))) - -(gc) - -;; XXX: The test below is typically too long as it needs to gather enough entropy. - -;; (test-assert "generate-key" -;; (let ((key (generate-key (string->canonical-sexp -;; "(genkey (rsa (nbits 3:128)))")))) -;; (and (canonical-sexp? key) -;; (find-sexp-token key 'key-data) -;; (find-sexp-token key 'public-key) -;; (find-sexp-token key 'private-key)))) - -(test-assert "bytevector->hash-data->bytevector" - (let* ((bv (sha256 (string->utf8 "Hello, world."))) - (data (bytevector->hash-data bv "sha256"))) - (and (canonical-sexp? data) - (let-values (((value algo) (hash-data->bytevector data))) - (and (string=? algo "sha256") - (bytevector=? value bv)))))) - -(test-equal "key-type" - '(rsa ecc) - (map (compose key-type - (cut find-sexp-token <> 'public-key) - string->canonical-sexp) - (list %key-pair %ecc-key-pair))) - -(test-assert "sign + verify" - (let* ((pair (string->canonical-sexp %key-pair)) - (secret (find-sexp-token pair 'private-key)) - (public (find-sexp-token pair 'public-key)) - (data (bytevector->hash-data - (sha256 (string->utf8 "Hello, world.")) - #:key-type (key-type public))) - (sig (sign data secret))) - (and (verify sig data public) - (not (verify sig - (bytevector->hash-data - (sha256 (string->utf8 "Hi!")) - #:key-type (key-type public)) - public))))) - -;; Ed25519 appeared in libgcrypt 1.6.0. -(test-skip (if (version>? (gcrypt-version) "1.6.0") 0 1)) -(test-assert "sign + verify, Ed25519" - (let* ((pair (string->canonical-sexp %ecc-key-pair)) - (secret (find-sexp-token pair 'private-key)) - (public (find-sexp-token pair 'public-key)) - (data (bytevector->hash-data - (sha256 (string->utf8 "Hello, world.")))) - (sig (sign data secret))) - (and (verify sig data public) - (not (verify sig - (bytevector->hash-data - (sha256 (string->utf8 "Hi!"))) - public))))) - -(gc) - -(test-equal "canonical-sexp->sexp" - `((data - (flags pkcs1) - (hash sha256 - ,(base16-string->bytevector - "2749f0ea9f26c6c7be746a9cff8fa4c2f2a02b000070dba78429e9a11f87c6eb"))) - - (public-key - (rsa - (n ,(base16-string->bytevector - (string-downcase - "00C1F764069F54FFE93A126B02328903E984E4AE3AF6DF402B5B6B3907911B88C385F1BA76A002EC9DEA109A5228EF0E62EE31A06D1A5861CAB474F6C857AC66EB65A1905F25BBA1869579E73A3B7FED13AF5A1667326F88CDFC2FF24B03C14FD1384AA7E73CA89572880B606E3A974E15347963FC7B6378574936A47580DBCB45"))) - (e ,(base16-string->bytevector - "010001"))))) - - (list (canonical-sexp->sexp - (string->canonical-sexp - "(data - (flags pkcs1) - (hash \"sha256\" - #2749f0ea9f26c6c7be746a9cff8fa4c2f2a02b000070dba78429e9a11f87c6eb#))")) - - (canonical-sexp->sexp - (find-sexp-token (string->canonical-sexp %key-pair) - 'public-key)))) - - -(let ((lst - `((data - (flags pkcs1) - (hash sha256 - ,(base16-string->bytevector - "2749f0ea9f26c6c7be746a9cff8fa4c2f2a02b000070dba78429e9a11f87c6eb"))) - - (public-key - (rsa - (n ,(base16-string->bytevector - (string-downcase - "00C1F764069F54FFE93A126B02328903E984E4AE3AF6DF402B5B6B3907911B88C385F1BA76A002EC9DEA109A5228EF0E62EE31A06D1A5861CAB474F6C857AC66EB65A1905F25BBA1869579E73A3B7FED13AF5A1667326F88CDFC2FF24B03C14FD1384AA7E73CA89572880B606E3A974E15347963FC7B6378574936A47580DBCB45"))) - (e ,(base16-string->bytevector - "010001")))) - - ,(base16-string->bytevector - "2749f0ea9f26c6c7be746a9cff8fa4c2f2a02b000070dba78429e9a11f87c6eb")))) - (test-equal "sexp->canonical-sexp->sexp" - lst - (map (compose canonical-sexp->sexp sexp->canonical-sexp) - lst))) - -(let ((sexp `(signature - (public-key - (rsa - (n ,(make-bytevector 1024 1)) - (e ,(base16-string->bytevector "010001"))))))) - (test-equal "https://bugs.g10code.com/gnupg/issue1594" - ;; The gcrypt bug above was primarily affecting our uses in - ;; 'canonical-sexp->sexp', typically when applied to a signature sexp (in - ;; 'guix authenticate -verify') with a "big" RSA key, such as 4096 bits. - sexp - (canonical-sexp->sexp (sexp->canonical-sexp sexp)))) - -(test-end) diff --git a/tests/pki.scm b/tests/pki.scm index 876ad98d73..d6a6b476c7 100644 --- a/tests/pki.scm +++ b/tests/pki.scm @@ -18,8 +18,8 @@ (define-module (test-pki) #:use-module (guix pki) - #:use-module (guix pk-crypto) - #:use-module (guix hash) + #:use-module (gcrypt pk-crypto) + #:use-module (gcrypt hash) #:use-module (rnrs io ports) #:use-module (srfi srfi-64)) diff --git a/tests/publish.scm b/tests/publish.scm index 1ed8308076..0e793c1ee5 100644 --- a/tests/publish.scm +++ b/tests/publish.scm @@ -25,7 +25,7 @@ #:use-module (guix tests) #:use-module (guix config) #:use-module (guix utils) - #:use-module (guix hash) + #:use-module (gcrypt hash) #:use-module (guix store) #:use-module (guix derivations) #:use-module (guix gexp) @@ -33,7 +33,7 @@ #:use-module (guix base64) #:use-module ((guix records) #:select (recutils->alist)) #:use-module ((guix serialization) #:select (restore-file)) - #:use-module (guix pk-crypto) + #:use-module (gcrypt pk-crypto) #:use-module ((guix pki) #:select (%public-key-file %private-key-file)) #:use-module (guix zlib) #:use-module (web uri) diff --git a/tests/pypi.scm b/tests/pypi.scm index 310c6c8f29..616ec191f5 100644 --- a/tests/pypi.scm +++ b/tests/pypi.scm @@ -20,7 +20,7 @@ (define-module (test-pypi) #:use-module (guix import pypi) #:use-module (guix base32) - #:use-module (guix hash) + #:use-module (gcrypt hash) #:use-module (guix tests) #:use-module (guix build-system python) #:use-module ((guix build utils) #:select (delete-file-recursively which)) diff --git a/tests/store-deduplication.scm b/tests/store-deduplication.scm index 4ca2ec0f61..e438aa84c6 100644 --- a/tests/store-deduplication.scm +++ b/tests/store-deduplication.scm @@ -19,7 +19,7 @@ (define-module (test-store-deduplication) #:use-module (guix tests) #:use-module (guix store deduplication) - #:use-module (guix hash) + #:use-module (gcrypt hash) #:use-module ((guix utils) #:select (call-with-temporary-directory)) #:use-module (guix build utils) #:use-module (rnrs bytevectors) diff --git a/tests/store.scm b/tests/store.scm index 47fab0df18..71ac57580e 100644 --- a/tests/store.scm +++ b/tests/store.scm @@ -21,7 +21,7 @@ #:use-module (guix store) #:use-module (guix utils) #:use-module (guix monads) - #:use-module (guix hash) + #:use-module (gcrypt hash) #:use-module (guix base32) #:use-module (guix packages) #:use-module (guix derivations) diff --git a/tests/substitute.scm b/tests/substitute.scm index 0ad6247954..964a57f30b 100644 --- a/tests/substitute.scm +++ b/tests/substitute.scm @@ -20,9 +20,9 @@ (define-module (test-substitute) #:use-module (guix scripts substitute) #:use-module (guix base64) - #:use-module (guix hash) + #:use-module (gcrypt hash) #:use-module (guix serialization) - #:use-module (guix pk-crypto) + #:use-module (gcrypt pk-crypto) #:use-module (guix pki) #:use-module (guix config) #:use-module (guix base32) -- cgit v1.2.3 From 3d43017026f9995ad128915db8ca5eafe061bf75 Mon Sep 17 00:00:00 2001 From: Ludovic Courtès Date: Wed, 5 Sep 2018 13:58:07 +0200 Subject: tests: Adjust 'add-file-tree-to-store' test for lack of /bin/sh. * tests/store.scm (%shell): New variable. ("add-file-tree-to-store"): Use it instead of "/bin/sh". This fixes builds in the chroot build environment. --- tests/store.scm | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) (limited to 'tests') diff --git a/tests/store.scm b/tests/store.scm index 71ac57580e..2858369706 100644 --- a/tests/store.scm +++ b/tests/store.scm @@ -45,6 +45,9 @@ (define %store (open-connection-for-tests)) +(define %shell + (or (getenv "SHELL") (getenv "CONFIG_SHELL"))) + (test-begin "store") @@ -220,7 +223,8 @@ ("./foo/c" directory #t) ("./foo/c/p" regular "file p") ("./foo/c/q" directory #t) - ("./foo/c/q/x" regular "#!/bin/sh\nexit 42") + ("./foo/c/q/x" regular + ,(string-append "#!" %shell "\nexit 42")) ("./foo/c/q/y" symlink "..") ("./foo/c/q/z" directory #t)) (let* ((tree `("file-tree" directory @@ -231,7 +235,7 @@ ("p" regular (data ,(string->utf8 "file p"))) ("q" directory ("x" executable - (data "#!/bin/sh\nexit 42")) + (data ,(string-append "#!" %shell "\nexit 42"))) ("y" symlink "..") ("z" directory)))) ("bar" directory))) -- cgit v1.2.3 From 1540075c790dfaeff52c93392f2fc63b9e23b77e Mon Sep 17 00:00:00 2001 From: Ludovic Courtès Date: Fri, 7 Sep 2018 09:50:26 +0200 Subject: vm: Make UUID computation really deterministic. Fixes . * gnu/system/vm.scm (operating-system-uuid)[service-name, file-system-digest]: New procedures. Map these over services and file systems and hash the result. * tests/guix-system.sh: Add test. --- gnu/system/vm.scm | 33 +++++++++++++++++++++++++++++---- tests/guix-system.sh | 8 ++++++++ 2 files changed, 37 insertions(+), 4 deletions(-) (limited to 'tests') diff --git a/gnu/system/vm.scm b/gnu/system/vm.scm index 3898872a46..91e117b9f3 100644 --- a/gnu/system/vm.scm +++ b/gnu/system/vm.scm @@ -529,17 +529,42 @@ should set REGISTER-CLOSURES? to #f." (define* (operating-system-uuid os #:optional (type 'dce)) "Compute UUID object with a deterministic \"UUID\" for OS, of the given TYPE (one of 'iso9660 or 'dce). Return a UUID object." + ;; Note: For this to be deterministic, we must not hash things that contains + ;; (directly or indirectly) procedures, for example. That rules out + ;; anything that contains gexps, thunk or delayed record fields, etc. + + (define service-name + (compose service-type-name service-kind)) + + (define (file-system-digest fs) + ;; Return a hashable digest that does not contain 'dependencies' since + ;; this field can contain procedures. + (let ((device (file-system-device fs))) + (list (file-system-mount-point fs) + (file-system-type fs) + (cond ((file-system-label? device) + (file-system-label->string device)) + ((uuid? device) + (uuid->string device)) + ((string? device) + device) + (else #f)) + (file-system-options fs)))) + (if (eq? type 'iso9660) (let ((pad (compose (cut string-pad <> 2 #\0) number->string)) - (h (hash (operating-system-services os) 3600))) + (h (hash (map service-name (operating-system-services os)) + 3600))) (bytevector->uuid (string->iso9660-uuid (string-append "1970-01-01-" (pad (hash (operating-system-host-name os) 24)) "-" (pad (quotient h 60)) "-" (pad (modulo h 60)) "-" - (pad (hash (operating-system-file-systems os) 100)))) + (pad (hash (map file-system-digest + (operating-system-file-systems os)) + 100)))) 'iso9660)) (bytevector->uuid (uint-list->bytevector @@ -547,9 +572,9 @@ TYPE (one of 'iso9660 or 'dce). Return a UUID object." (- (expt 2 32) 1)) (hash (operating-system-host-name os) (- (expt 2 32) 1)) - (hash (operating-system-services os) + (hash (map service-name (operating-system-services os)) (- (expt 2 32) 1)) - (hash (operating-system-file-systems os) + (hash (map file-system-digest (operating-system-file-systems os)) (- (expt 2 32) 1))) (endianness little) 4) diff --git a/tests/guix-system.sh b/tests/guix-system.sh index 36ba5fbd5f..a129efdfcb 100644 --- a/tests/guix-system.sh +++ b/tests/guix-system.sh @@ -232,6 +232,14 @@ guix system build "$tmpfile" -d | grep '\.drv$' guix system vm "$tmpfile" -d # succeeds guix system vm "$tmpfile" -d | grep '\.drv$' +# Make sure the behavior is deterministic (). +drv1="`guix system vm "$tmpfile" -d`" +drv2="`guix system vm "$tmpfile" -d`" +test "$drv1" = "$drv2" +drv1="`guix system disk-image --file-system-type=iso9660 "$tmpfile" -d`" +drv2="`guix system disk-image --file-system-type=iso9660 "$tmpfile" -d`" +test "$drv1" = "$drv2" + make_user_config "group-that-does-not-exist" "users" if guix system build "$tmpfile" -n 2> "$errorfile" then false -- cgit v1.2.3 From bd7470185bae15e686c2b2a83d3f61807e6fa527 Mon Sep 17 00:00:00 2001 From: Ludovic Courtès Date: Mon, 3 Sep 2018 15:03:33 +0200 Subject: Add 'guix describe'. * guix/scripts/describe.scm: New file. * Makefile.am (MODULES): Add it. (SH_TESTS): Add tests/guix-describe.sh. * po/guix/POTFILES.in: Add it. * guix/scripts/pull.scm (display-profile-content): Export. * guix/describe.scm (current-profile, current-profile-entries): Export. * tests/guix-describe.sh: New file. * doc/guix.texi (Features): Mention 'guix pull' and provenance tracking. (Invoking guix pull): Link to 'guix describe'. (Channels): Likewise. (Invoking guix describe): New node. --- Makefile.am | 2 + doc/guix.texi | 94 ++++++++++++++++++++++++++- guix/describe.scm | 4 +- guix/scripts/describe.scm | 160 ++++++++++++++++++++++++++++++++++++++++++++++ guix/scripts/pull.scm | 3 +- po/guix/POTFILES.in | 1 + tests/guix-describe.sh | 47 ++++++++++++++ 7 files changed, 308 insertions(+), 3 deletions(-) create mode 100644 guix/scripts/describe.scm create mode 100644 tests/guix-describe.sh (limited to 'tests') diff --git a/Makefile.am b/Makefile.am index a3498460e0..5c8639d665 100644 --- a/Makefile.am +++ b/Makefile.am @@ -204,6 +204,7 @@ MODULES = \ guix/scripts/authenticate.scm \ guix/scripts/refresh.scm \ guix/scripts/repl.scm \ + guix/scripts/describe.scm \ guix/scripts/system.scm \ guix/scripts/system/search.scm \ guix/scripts/lint.scm \ @@ -409,6 +410,7 @@ SH_TESTS = \ tests/guix-environment.sh \ tests/guix-environment-container.sh \ tests/guix-graph.sh \ + tests/guix-describe.sh \ tests/guix-lint.sh TESTS = $(SCM_TESTS) $(SH_TESTS) diff --git a/doc/guix.texi b/doc/guix.texi index 30f1be2ab8..19a497c746 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -147,6 +147,7 @@ Package Management * Invoking guix gc:: Running the garbage collector. * Invoking guix pull:: Fetching the latest Guix and distribution. * Channels:: Customizing the package collection. +* Invoking guix describe:: Display information about your Guix revision. * Invoking guix pack:: Creating software bundles. * Invoking guix archive:: Exporting and importing store files. @@ -1698,6 +1699,7 @@ guix package -i emacs-guix * Invoking guix gc:: Running the garbage collector. * Invoking guix pull:: Fetching the latest Guix and distribution. * Channels:: Customizing the package collection. +* Invoking guix describe:: Display information about your Guix revision. * Invoking guix pack:: Creating software bundles. * Invoking guix archive:: Exporting and importing store files. @end menu @@ -1751,7 +1753,7 @@ collected. @cindex reproducibility @cindex reproducible builds -Finally, Guix takes a @dfn{purely functional} approach to package +Guix takes a @dfn{purely functional} approach to package management, as described in the introduction (@pxref{Introduction}). Each @file{/gnu/store} package directory name contains a hash of all the inputs that were used to build that package---compiler, libraries, build @@ -1779,6 +1781,15 @@ a package to quickly set up the right development environment for their package, without having to manually install the dependencies of the package into their profile (@pxref{Invoking guix environment}). +@cindex replication, of software environments +@cindex provenance tracking, of software artifacts +All of Guix and its package definitions is version-controlled, and +@command{guix pull} allows you to ``travel in time'' on the history of Guix +itself (@pxref{Invoking guix pull}). This makes it possible to replicate a +Guix instance on a different machine or at a later point in time, which in +turn allows you to @emph{replicate complete software environments}, while +retaining precise @dfn{provenance tracking} of the software. + @node Invoking guix package @section Invoking @command{guix package} @@ -2806,6 +2817,9 @@ Generation 3 Jun 13 2018 23:31:07 (current) 69 packages upgraded: borg@@1.1.6, cheese@@3.28.0, @dots{} @end example +@ref{Invoking guix describe, @command{guix describe}}, for other ways to +describe the current status of Guix. + This @code{~/.config/guix/current} profile works like any other profile created by @command{guix package} (@pxref{Invoking guix package}). That is, you can list generations, roll back to the previous @@ -2851,6 +2865,9 @@ is provided, the subset of generations that match @var{pattern}. The syntax of @var{pattern} is the same as with @code{guix package --list-generations} (@pxref{Invoking guix package}). +@ref{Invoking guix describe}, for a way to display information about the +current generation only. + @item --profile=@var{profile} @itemx -p @var{profile} Use @var{profile} instead of @file{~/.config/guix/current}. @@ -3023,6 +3040,9 @@ say, on another machine, by providing a channel specification in (branch "dd3df5e2c8818760a8fc0bd699e55d3b69fef2bb"))) @end lisp +The @command{guix describe --format=channels} command can even generate this +list of channels directly (@pxref{Invoking guix describe}). + At this point the two machines run the @emph{exact same Guix}, with access to the @emph{exact same packages}. The output of @command{guix build gimp} on one machine will be exactly the same, bit for bit, as the output of the same @@ -3034,6 +3054,78 @@ This gives you super powers, allowing you to track the provenance of binary artifacts with very fine grain, and to reproduce software environments at will---some sort of ``meta reproducibility'' capabilities, if you will. +@node Invoking guix describe +@section Invoking @command{guix describe} + +@cindex reproducibility +@cindex replicating Guix +Often you may want to answer questions like: ``Which revision of Guix am I +using?'' or ``Which channels am I using?'' This is useful information in many +situations: if you want to @emph{replicate} an environment on a different +machine or user account, if you want to report a bug or to determine what +change in the channels you are using caused it, or if you want to record your +system state for reproducibility purposes. The @command{guix describe} +command answers these questions. + +When run from a @command{guix pull}ed @command{guix}, @command{guix describe} +displays the channel(s) that it was built from, including their repository URL +and commit IDs (@pxref{Channels}): + +@example +$ guix describe +Generation 10 Sep 03 2018 17:32:44 (current) + guix e0fa68c + repository URL: https://git.savannah.gnu.org/git/guix.git + branch: master + commit: e0fa68c7718fffd33d81af415279d6ddb518f727 +@end example + +If you're familiar with the Git version control system, this is similar in +spirit to @command{git describe}; the output is also similar to that of +@command{guix pull --list-generations}, but limited to the current generation +(@pxref{Invoking guix pull, the @option{--list-generations} option}). Because +the Git commit ID shown above unambiguously refers to a snapshot of Guix, this +information is all it takes to describe the revision of Guix you're using, and +also to replicate it. + +To make it easier to replicate Guix, @command{guix describe} can also be asked +to return a list of channels instead of the human-readable description above: + +@example +$ guix describe -f channels +(list (channel + (name 'guix) + (url "https://git.savannah.gnu.org/git/guix.git") + (commit + "e0fa68c7718fffd33d81af415279d6ddb518f727"))) +@end example + +@noindent +You can save this to a file and feed it to @command{guix pull -C} on some +other machine or at a later point in time, which will instantiate @emph{this +exact Guix revision} (@pxref{Invoking guix pull, the @option{-C} option}). +From there on, since you're able to deploy the same revision of Guix, you can +just as well @emph{replicate a complete software environment}. We humbly +think that this is @emph{awesome}, and we hope you'll like it too! + +The details of the options supported by @command{guix describe} are as +follows: + +@table @code +@item --format=@var{format} +@itemx -f @var{format} +Produce output in the specified @var{format}, one of: + +@table @code +@item human +produce human-readable output; +@item channels +produce a list of channel specifications that can be passed to @command{guix +pull -C} or installed as @file{~/.config/guix/channels.scm} (@pxref{Invoking +guix pull}). +@end table +@end table + @node Invoking guix pack @section Invoking @command{guix pack} diff --git a/guix/describe.scm b/guix/describe.scm index 3122a762fe..670db63ce7 100644 --- a/guix/describe.scm +++ b/guix/describe.scm @@ -21,7 +21,9 @@ #:use-module (guix profiles) #:use-module (srfi srfi-1) #:use-module (ice-9 match) - #:export (package-path-entries)) + #:export (current-profile + current-profile-entries + package-path-entries)) ;;; Commentary: ;;; diff --git a/guix/scripts/describe.scm b/guix/scripts/describe.scm new file mode 100644 index 0000000000..46feea2940 --- /dev/null +++ b/guix/scripts/describe.scm @@ -0,0 +1,160 @@ +;;; GNU Guix --- Functional package management for GNU +;;; Copyright © 2018 Ludovic Courtès +;;; +;;; This file is part of GNU Guix. +;;; +;;; GNU Guix is free software; you can redistribute it and/or modify it +;;; under the terms of the GNU General Public License as published by +;;; the Free Software Foundation; either version 3 of the License, or (at +;;; your option) any later version. +;;; +;;; GNU Guix is distributed in the hope that it will be useful, but +;;; WITHOUT ANY WARRANTY; without even the implied warranty of +;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +;;; GNU General Public License for more details. +;;; +;;; You should have received a copy of the GNU General Public License +;;; along with GNU Guix. If not, see . + +(define-module (guix scripts describe) + #:use-module ((guix ui) #:hide (display-profile-content)) + #:use-module (guix scripts) + #:use-module (guix describe) + #:use-module (guix profiles) + #:use-module ((guix scripts pull) #:select (display-profile-content)) + #:use-module (git) + #:use-module (srfi srfi-1) + #:use-module (srfi srfi-37) + #:use-module (ice-9 match) + #:autoload (ice-9 pretty-print) (pretty-print) + #:export (guix-describe)) + + +;;; +;;; Command-line options. +;;; + +(define %options + ;; Specifications of the command-line options. + (list (option '(#\f "format") #t #f + (lambda (opt name arg result) + (unless (member arg '("human" "channels")) + (leave (G_ "~a: unsupported output format~%") arg)) + (alist-cons 'format 'channels result))) + (option '(#\h "help") #f #f + (lambda args + (show-help) + (exit 0))) + (option '(#\V "version") #f #f + (lambda args + (show-version-and-exit "guix describe"))))) + +(define %default-options + ;; Alist of default option values. + '((format . human))) + +(define (show-help) + (display (G_ "Usage: guix describe [OPTION]... +Display information about the channels currently in use.\n")) + (display (G_ " + -f, --format=FORMAT display information in the given FORMAT")) + (newline) + (display (G_ " + -h, --help display this help and exit")) + (display (G_ " + -V, --version display version information and exit")) + (newline) + (show-bug-report-information)) + +(define (display-package-search-path fmt) + "Display GUIX_PACKAGE_PATH, if it is set, according to FMT." + (match (getenv "GUIX_PACKAGE_PATH") + (#f #t) + (string + (match fmt + ('human + (format #t "~%GUIX_PACKAGE_PATH=\"~a\"~%" string)) + ('channels + (format #t (G_ "~%;; warning: GUIX_PACKAGE_PATH=\"~a\"~%") + string)))))) + +(define (display-checkout-info fmt) + "Display information about the current checkout according to FMT, a symbol +denoting the requested format. Exit if the current directory does not lie +within a Git checkout." + (let* ((program (car (command-line))) + (directory (catch 'git-error + (lambda () + (repository-discover (dirname program))) + (lambda (key err) + (leave (G_ "failed to determine origin~%"))))) + (repository (repository-open directory)) + (head (repository-head repository)) + (commit (oid->string (reference-target head)))) + (match fmt + ('human + (format #t (G_ "Git checkout:~%")) + (format #t (G_ " repository: ~a~%") (dirname directory)) + (format #t (G_ " branch: ~a~%") (reference-shorthand head)) + (format #t (G_ " commit: ~a~%") commit)) + ('channels + (pretty-print `(list (channel + (name 'guix) + (url ,(dirname directory)) + (commit ,commit)))))) + (display-package-search-path fmt))) + +(define (display-profile-info profile fmt) + "Display information about PROFILE, a profile as created by (guix channels), +in the format specified by FMT." + (define number + (match (profile-generations profile) + ((_ ... last) last))) + + (match fmt + ('human + (display-profile-content profile number)) + ('channels + (pretty-print + `(list ,@(map (lambda (entry) + (match (assq 'source (manifest-entry-properties entry)) + (('source ('repository ('version 0) + ('url url) + ('branch branch) + ('commit commit) + _ ...)) + `(channel (name ',(string->symbol + (manifest-entry-name entry))) + (url ,url) + (commit ,commit))) + + ;; Pre-0.15.0 Guix does not provide that information, + ;; so there's not much we can do in that case. + (_ '???))) + + ;; Show most recently installed packages last. + (reverse + (manifest-entries + (profile-manifest (generation-file-name profile + number))))))))) + (display-package-search-path fmt)) + + +;;; +;;; Entry point. +;;; + +(define (guix-describe . args) + (let* ((opts (args-fold* args %options + (lambda (opt name arg result) + (leave (G_ "~A: unrecognized option~%") + name)) + cons + %default-options)) + (format (assq-ref opts 'format))) + (with-error-handling + (match (current-profile) + (#f + (display-checkout-info format)) + (profile + (display-profile-info profile format)))))) diff --git a/guix/scripts/pull.scm b/guix/scripts/pull.scm index ebc5dc9b13..976e054a84 100644 --- a/guix/scripts/pull.scm +++ b/guix/scripts/pull.scm @@ -48,7 +48,8 @@ #:use-module (srfi srfi-37) #:use-module (ice-9 match) #:use-module (ice-9 vlist) - #:export (guix-pull)) + #:export (display-profile-content + guix-pull)) ;;; diff --git a/po/guix/POTFILES.in b/po/guix/POTFILES.in index 7f881355e7..2762ea078a 100644 --- a/po/guix/POTFILES.in +++ b/po/guix/POTFILES.in @@ -31,6 +31,7 @@ guix/scripts/challenge.scm guix/scripts/copy.scm guix/scripts/pack.scm guix/scripts/weather.scm +guix/scripts/describe.scm guix/gnu-maintenance.scm guix/scripts/container.scm guix/scripts/container/exec.scm diff --git a/tests/guix-describe.sh b/tests/guix-describe.sh new file mode 100644 index 0000000000..af523f0a0b --- /dev/null +++ b/tests/guix-describe.sh @@ -0,0 +1,47 @@ +# GNU Guix --- Functional package management for GNU +# Copyright © 2018 Ludovic Courtès +# +# This file is part of GNU Guix. +# +# GNU Guix is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 3 of the License, or (at +# your option) any later version. +# +# GNU Guix is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with GNU Guix. If not, see . + +# +# Test 'guix describe'. +# + +guix describe --version + +tmpfile="t-guix-describe-$$" +trap "rm -f $tmpfile" EXIT +rm -f "$tmpfile" + +if [ -d "$abs_top_srcdir/.git" ] +then + # Since we're in a Git checkout, we can at least check that these things + # work. + guix describe | grep -i "checkout" + if git --version > /dev/null 2>&1 + then + result="`guix describe | grep commit: | cut -d : -f 2-`" + commit="`git log | head -1 | cut -c 7-`" + test "x$result" = "x$commit" + fi + guix describe -f channels + case "`guix describe -f channels | grep url`" in + *"(url \"$abs_top_srcdir\")") true;; + *) false;; + esac +else + exit 77 +fi -- cgit v1.2.3 From 9b6c4355645534d1ae799bfef6761b75ed8b3a41 Mon Sep 17 00:00:00 2001 From: Ludovic Courtès Date: Fri, 7 Sep 2018 23:00:39 +0200 Subject: services: 'instantiate-missing-services' reaches fixed point. Fixes a bug whereby services indirectly depended on would not be automatically instantiated. * gnu/services.scm (instantiate-missing-services): Loop back when the length of ADJUSTED is greater than that of INSTANCES. * tests/services.scm ("instantiate-missing-services, indirect"): New test. --- gnu/services.scm | 24 +++++++++++++++++------- tests/services.scm | 25 +++++++++++++++++++++++++ 2 files changed, 42 insertions(+), 7 deletions(-) (limited to 'tests') diff --git a/gnu/services.scm b/gnu/services.scm index 49cf01a4f8..f151bbaa9d 100644 --- a/gnu/services.scm +++ b/gnu/services.scm @@ -732,13 +732,23 @@ instantiated; other missing services lead to a instances (service-type-extensions (service-kind svc)))) - (let ((instances (fold (lambda (service result) - (vhash-consq (service-kind service) service - result)) - vlist-null services))) - (fold2 adjust-service-list - services instances - services))) + (let loop ((services services)) + (define instances + (fold (lambda (service result) + (vhash-consq (service-kind service) service + result)) + vlist-null services)) + + (define adjusted + (fold2 adjust-service-list + services instances + services)) + + ;; If we instantiated services, they might in turn depend on missing + ;; services. Loop until we've reached fixed point. + (if (= (length adjusted) (vlist-length instances)) + adjusted + (loop adjusted)))) (define* (fold-services services #:key (target-type system-service-type)) diff --git a/tests/services.scm b/tests/services.scm index b146a0dec2..1ad577e601 100644 --- a/tests/services.scm +++ b/tests/services.scm @@ -138,6 +138,31 @@ (equal? (list s1 s2) (instantiate-missing-services (list s1 s2)))))) +(test-assert "instantiate-missing-services, indirect" + (let* ((t1 (service-type (name 't1) (extensions '()) + (default-value 'dflt) + (compose concatenate) + (extend cons))) + (t2 (service-type (name 't2) (extensions '()) + (default-value 'dflt2) + (compose concatenate) + (extend cons) + (extensions + (list (service-extension t1 list))))) + (t3 (service-type (name 't3) + (extensions + (list (service-extension t2 list))))) + (s1 (service t1)) + (s2 (service t2)) + (s3 (service t3 42)) + (== (cut lset= equal? <...>))) + (and (== (list s1 s2 s3) + (instantiate-missing-services (list s3))) + (== (list s1 s2 s3) + (instantiate-missing-services (list s1 s3))) + (== (list s1 s2 s3) + (instantiate-missing-services (list s2 s3)))))) + (test-assert "instantiate-missing-services, no default value" (let* ((t1 (service-type (name 't1) (extensions '()))) (t2 (service-type (name 't2) -- cgit v1.2.3 From 5dec93bb8ba89605bce2f9a5ee9c4dbadeee3b58 Mon Sep 17 00:00:00 2001 From: Ludovic Courtès Date: Sat, 8 Sep 2018 22:56:40 +0200 Subject: gexp: 'file-union' accepts directory names. * guix/gexp.scm (file-union): Import (guix build utils). Make the parent directories of TARGET. * tests/gexp.scm ("file-union"): New test. --- guix/gexp.scm | 39 ++++++++++++++++++++++----------------- tests/gexp.scm | 18 ++++++++++++++++++ 2 files changed, 40 insertions(+), 17 deletions(-) (limited to 'tests') diff --git a/guix/gexp.scm b/guix/gexp.scm index ffc976d61b..f7a23db872 100644 --- a/guix/gexp.scm +++ b/guix/gexp.scm @@ -1479,26 +1479,31 @@ denoting the target file. Here's an example: `((\"hosts\" ,(plain-file \"hosts\" \"127.0.0.1 localhost\")) (\"bashrc\" ,(plain-file \"bashrc\" - \"alias ls='ls --color'\")))) + \"alias ls='ls --color'\")) + (\"libvirt/qemu.conf\" ,(plain-file \"qemu.conf\" \"\")))) This yields an 'etc' directory containing these two files." (computed-file name - (gexp - (begin - (mkdir (ungexp output)) - (chdir (ungexp output)) - (ungexp-splicing - (map (match-lambda - ((target source) - (gexp - (begin - ;; Stat the source to abort early if it does - ;; not exist. - (stat (ungexp source)) - - (symlink (ungexp source) - (ungexp target)))))) - files)))))) + (with-imported-modules '((guix build utils)) + (gexp + (begin + (use-modules (guix build utils)) + + (mkdir (ungexp output)) + (chdir (ungexp output)) + (ungexp-splicing + (map (match-lambda + ((target source) + (gexp + (begin + ;; Stat the source to abort early if it does + ;; not exist. + (stat (ungexp source)) + + (mkdir-p (dirname (ungexp target))) + (symlink (ungexp source) + (ungexp target)))))) + files))))))) (define* (directory-union name things #:key (copy? #f) (quiet? #f) diff --git a/tests/gexp.scm b/tests/gexp.scm index b22e635805..5d049cd5fc 100644 --- a/tests/gexp.scm +++ b/tests/gexp.scm @@ -1093,6 +1093,24 @@ (call-with-input-file out get-string-all)) (equal? refs (list guile)))))))) +(test-assertm "file-union" + (mlet* %store-monad ((union -> (file-union "union" + `(("a" ,(plain-file "a" "1")) + ("b/c/d" ,(plain-file "d" "2")) + ("e" ,(plain-file "e" "3"))))) + (drv (lower-object union)) + (out -> (derivation->output-path drv))) + (define (contents=? file str) + (string=? (call-with-input-file (string-append out "/" file) + get-string-all) + str)) + + (mbegin %store-monad + (built-derivations (list drv)) + (return (and (contents=? "a" "1") + (contents=? "b/c/d" "2") + (contents=? "e" "3")))))) + (test-assert "gexp->derivation vs. %current-target-system" (let ((mval (gexp->derivation "foo" #~(begin -- cgit v1.2.3