aboutsummaryrefslogtreecommitdiff
# GNU Guix --- Functional package management for GNU
# Copyright © 2013, 2014, 2020 Ludovic Courtès <ludo@gnu.org>
#
# This file is part of GNU Guix.
#
# GNU Guix is free software; you can redistribute it and/or modify it
# under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 3 of the License, or (at
# your option) any later version.
#
# GNU Guix is distributed in the hope that it will be useful, but
# WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with GNU Guix.  If not, see <http://www.gnu.org/licenses/>.

#
# Test the 'guix authenticate' command-line utility.
#

guix authenticate --version

sig="t-signature-$$"
hash="t-hash-$$"
rm -f "$sig" "$hash"

trap 'rm -f "$sig" "$hash"' EXIT

key="$abs_top_srcdir/tests/keys/signing-key.sec"
key_len="`echo -n $key | wc -c`"

# A hexadecimal string as long as a sha256 hash.
hash="2749f0ea9f26c6c7be746a9cff8fa4c2f2a02b000070dba78429e9a11f87c6eb"
hash_len="`echo -n $hash | wc -c`"

echo "sign $key_len:$key $hash_len:$hash" | guix authenticate > "$sig"
test -f "$sig"
case "$(cat $sig)" in
    "0 "*) ;;
    *)     echo "broken signature: $(cat $sig)"
	   exit 42;;
esac

# Remove the leading "0".
sed -i "$sig" -e's/^0 //g'

hash2="$(echo verify $(cat "$sig") | guix authenticate)"
test "$(echo $hash2 | cut -d : -f 2)" = "$hash"

# Detect corrupt signatures.
code="$(echo "verify 5:wrong" | guix authenticate | cut -f1 -d ' ')"
test "$code" -ne 0

# Detect invalid signatures.
# The signature has (payload (data ... (hash sha256 #...#))).  We proceed by
# modifying this hash.
sed -i "$sig"											\
    -e's|#[A-Z0-9]\{64\}#|#0000000000000000000000000000000000000000000000000000000000000000#|g'
code="$(echo "verify $(cat $sig)" | guix authenticate | cut -f1 -d ' ')"
test "$code" -ne 0

# Make sure byte strings are correctly encoded.  The hash string below is
# "café" repeated 8 times.  Libgcrypt would normally choose to write it as a
# string rather than a hex sequence.  We want that string to be Latin-1
# encoded independently of the current locale: <https://bugs.gnu.org/43421>.
hash="636166e9636166e9636166e9636166e9636166e9636166e9636166e9636166e9"
latin1_cafe="caf$(printf '\351')"
echo "sign 26:tests/keys/signing-key.sec 64:$hash" | guix authenticate \
    | LC_ALL=C grep "hash sha256 \"$latin1_cafe"

# Test for <http://bugs.gnu.org/17312>: make sure 'guix authenticate' produces
# valid signatures when run in the C locale.
hash="5eff0b55c9c5f5e87b4e34cd60a2d5654ca1eb78c7b3c67c3179fed1cff07b4c"

LC_ALL=C
export LC_ALL

echo "sign $key_len:$key $hash_len:$hash" | guix authenticate > "$sig"

# Remove the leading "0".
sed -i "$sig" -e's/^0 //g'

echo "verify $(cat $sig)" | guix authenticate
hash2="$(echo "verify $(cat $sig)" | guix authenticate | cut -f2 -d ' ')"
test "$(echo $hash2 | cut -d : -f 2)" = "$hash"
generated by cgit
ions'. * tests/guix-build.sh: Add test. Ludovic Courtès 2019-11-17tests: Test "guix build /gnu/store/….drv"....* tests/guix-build.sh: Add test for passing "guix build" a .drv. Ludovic Courtès 2019-11-07gnu: commencement: Ensure 'gnu-make-final' refers to the native 'pkg-config'....Fixes <https://bugs.gnu.org/38093>. When running: guix build --target=arm-linux-gnueabihf -e '(@ (gnu packages base) coreutils)' the '%current-target-system' parameter is set by the time the top-level of (gnu packages commencement) is evaluated. Consequently, we need to ensure that the 'pkg-config' macro evaluates in a context where '%current-target-system' is unset. * gnu/packages/commencement.scm (gnu-make-final): Refer to '%pkg-config' instead of 'pkg-config'. * tests/guix-build.sh: Add test. Ludovic Courtès 2019-07-20ui: 'warn-about-load-error' provides hints for unbound variables....* guix/ui.scm (warn-about-load-error): Add 'unbound-variable' clause. * tests/guix-build.sh: Add test. Ludovic Courtès 2019-07-20ui: 'warn-about-load-error' warns about file/module name mismatches....* guix/discovery.scm (scheme-modules): Rename the inner 'file' to 'relative'. Pass FILE as an addition argument to WARN. * guix/ui.scm (warn-about-load-error): Add 'module' argument (actually, what was called 'file' really contained a module name.) Call 'check-module-matches-file' in the catch-all error case. (check-module-matches-file): New procedure. * tests/guix-build.sh: Test it. Ludovic Courtès 2019-04-19guix build: Accept multiple '-s' options....* guix/scripts/build.scm (%default-options): Remove 'system'. (%options) <--system>: Keep previous occurrences of 'system in RESULT. (options->derivations)[system]: Remove. [systems, things-to-build]: New variables. [compute-derivation]: New procedure. Iterate on all of SYSTEMS to compute the derivations of THINGS-TO-BUILD. * tests/guix-build.sh: Add test for one and multiple '-s' flags. * doc/guix.texi (Additional Build Options): Document this behavior. Ludovic Courtès 2019-04-15guix build: Fix relative file name canonicalization for '--root'....Fixes <https://bugs.gnu.org/35271>. Reported by rendaw <7e9wc56emjakcm@s.rendaw.me>. * guix/scripts/build.scm (register-root): When ROOT is a relative file name, append the basename of ROOT, not ROOT itself. * tests/guix-build.sh: Add test. Ludovic Courtès 2019-02-04daemon: Rename 'NIX_STATE_DIR' and 'NIX_DB_DIR' environment variables....Fixes <https://bugs.gnu.org/22459>. Reported by Jeff Mickey <j@codemac.net>. * guix/config.scm.in (%state-directory): Change NIX_STATE_DIR to GUIX_STATE_DIRECTORY. (%store-database-directory): Change NIX_DB_DIR to GUIX_DATABASE_DIRECTORY. * nix/libstore/globals.cc (Settings::processEnvironment): Likewise. * guix/self.scm (make-config.scm): Likewise. * build-aux/build-self.scm (make-config.scm): Likewise. * build-aux/test-env.in: Likewise. * tests/derivations.scm ("derivation #:leaked-env-vars"): Likewise. * tests/guix-build.sh (GUIX_DAEMON_SOCKET): Likewise. * tests/guix-daemon.sh (socket): Likewise. Ludovic Courtès 2018-10-09guix build: '-f' accepts file-like objects....* guix/scripts/build.scm (options->things-to-build)[validate-type]: Check for 'file-like?'. (options->derivations): Accept 'file-like?'. * tests/guix-build.sh: Add a test with 'computed-file'. * doc/guix.texi (Additional Build Options): Mention file-like objects. Ludovic Courtès 2018-05-04guix build: Nicely report unbound variables with hints....* guix/ui.scm (print-unbound-variable-error): Add "error:" to the message. (report-unbound-variable-error): New procedure, with code formerly in 'report-load-error'. (report-load-error): Use it. (call-with-unbound-variable-handling): New procedure. (with-unbound-variable-handling): New macro. * guix/scripts/build.scm (options->derivations): Wrap body in 'with-unbound-variable-handling'. * tests/guix-build.sh (GUIX_PACKAGE_PATH): Add test. Ludovic Courtès 2018-03-13gnu: time: Update to 1.9....* gnu/packages/time.scm (time): Update to 1.9. * tests/guix-build.sh: Update time package to 1.9. Efraim Flashner 2017-11-11tests: Refer to "time@1.8"....This is a followup to dd00e0919fcecd895ff4e5a646cf068f46ff8d12. * tests/guix-build.sh: Refer to "time@1.8". Ludovic Courtès