aboutsummaryrefslogtreecommitdiff
;;; GNU Guix --- Functional package management for GNU
;;; Copyright © 2013, 2014, 2022 Ludovic Courtès <ludo@gnu.org>
;;;
;;; This file is part of GNU Guix.
;;;
;;; GNU Guix is free software; you can redistribute it and/or modify it
;;; under the terms of the GNU General Public License as published by
;;; the Free Software Foundation; either version 3 of the License, or (at
;;; your option) any later version.
;;;
;;; GNU Guix is distributed in the hope that it will be useful, but
;;; WITHOUT ANY WARRANTY; without even the implied warranty of
;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
;;; GNU General Public License for more details.
;;;
;;; You should have received a copy of the GNU General Public License
;;; along with GNU Guix.  If not, see <http://www.gnu.org/licenses/>.

(define-module (test-pki)
  #:use-module (guix pki)
  #:use-module (gcrypt pk-crypto)
  #:use-module (gcrypt hash)
  #:use-module (rnrs io ports)
  #:use-module (srfi srfi-64))

;; Test the (guix pki) module.

(define %public-key
  (call-with-input-file %public-key-file
    (compose string->canonical-sexp get-string-all)))

(define %secret-key
  (call-with-input-file %private-key-file
    (compose string->canonical-sexp get-string-all)))

(define %alternate-secret-key
  (string->canonical-sexp
   "
  (key-data
   (public-key
    (rsa
     (n #00FDBF170366AC43B7D95CF9085565C566FB1F21B17C0A36E68F35ABB500E7851E00B40D7B04C8CD25903371F38E4C298FACEFFC4C97E913B536A0672BAF99D04515AE98A1A56627CD7EB02502FCFBEEA21AF13CC1A853192AD6409B9EFBD9F549BDE32BD890AE01F9A221E81FEE1C407090550647790E0D60775B855E181C2FB5#)
     (e #010001#)))
   (private-key
    (rsa
     (n #00FDBF170366AC43B7D95CF9085565C566FB1F21B17C0A36E68F35ABB500E7851E00B40D7B04C8CD25903371F38E4C298FACEFFC4C97E913B536A0672BAF99D04515AE98A1A56627CD7EB02502FCFBEEA21AF13CC1A853192AD6409B9EFBD9F549BDE32BD890AE01F9A221E81FEE1C407090550647790E0D60775B855E181C2FB5#)
     (e #010001#)
     (d #2790250C2E74C2FD361A99288BBA19B878048F5A0F333F829CC71B3DD64582DB9DF3F4DB1EB0994DD7493225EDA4A1E1492F44D903617FA5643E47BFC7BA157EF48B492AB51229916B02DDBDA0E7DBC7B35A6B8332AB463DC61951CA694551A9760F5A836A375D39E3EA8F2C502A3B5D89CB8777A809B75D603BE7511CEB74E9#)
     (p #00FE15B1751E1C31125B724FF37462F9476239A2AFF4192FAB1550F76928C8D02407F4F5EFC83F7A0AF51BD93399DDC06A4B54DFA60A7079F160A9F618C0148AD9#)
     (q #00FFA8BE7005AAB7401B0926CD9D6AC30BC9BE7D12C8737C9438498A999F56BE9F5EA98B4D7F5364BEB6D550A5AEDDE34C1EC152C9DAF61A97FDE71740C73BAA3D#)
     (u #00FD4050EF4F31B41EC81C28E18D205DFFB3C188F15D8BBA300E30AD8B5C4D3E392EFE10269FC115A538B19F4025973AB09B6650A7FF97DA833FB726F3D8819319#))))"))

(test-begin "pki")

(test-assert "current-acl"
  (not (not (member (canonical-sexp->sexp %public-key)
                    (map canonical-sexp->sexp
                         (acl->public-keys (current-acl)))))))

(test-assert "authorized-key? public-key current-acl"
  (authorized-key? %public-key))

(test-assert "authorized-key? public-key empty-acl"
  (not (authorized-key? %public-key (public-keys->acl '()))))

(test-assert "authorized-key? public-key singleton"
  (authorized-key? %public-key (public-keys->acl (list %public-key))))

(test-equal "public-keys->acl deduplication"
  (public-keys->acl (list %public-key))
  (public-keys->acl (make-list 10 %public-key)))

(test-assert "signature-case valid-signature"
  (let* ((hash (sha256 #vu8(1 2 3)))
         (data (bytevector->hash-data hash #:key-type (key-type %public-key)))
         (sig  (signature-sexp data %secret-key %public-key)))
   (signature-case (sig hash (public-keys->acl (list %public-key)))
     (valid-signature #t)
     (else #f))))

(test-eq "signature-case invalid-signature" 'i
  (let* ((hash (sha256 #vu8(1 2 3)))
         (data (bytevector->hash-data hash #:key-type (key-type %public-key)))
         (sig  (signature-sexp data %alternate-secret-key %public-key)))
    (signature-case (sig hash (public-keys->acl (list %public-key)))
      (valid-signature 'v)
      (invalid-signature 'i)
      (hash-mismatch 'm)
      (unauthorized-key 'u)
      (corrupt-signature 'c))))

(test-eq "signature-case hash-mismatch" 'm
  (let* ((hash (sha256 #vu8(1 2 3)))
         (data (bytevector->hash-data hash #:key-type (key-type %public-key)))
         (sig  (signature-sexp data %secret-key %public-key)))
    (signature-case (sig (sha256 #vu8())
                         (public-keys->acl (list %public-key)))
      (valid-signature 'v)
      (invalid-signature 'i)
      (hash-mismatch 'm)
      (unauthorized-key 'u)
      (corrupt-signature 'c))))

(test-eq "signature-case unauthorized-key" 'u
  (let* ((hash (sha256 #vu8(1 2 3)))
         (data (bytevector->hash-data hash #:key-type (key-type %public-key)))
         (sig  (signature-sexp data %secret-key %public-key)))
    (signature-case (sig hash (public-keys->acl '()))
      (valid-signature 'v)
      (invalid-signature 'i)
      (hash-mismatch 'm)
      (unauthorized-key 'u)
      (corrupt-signature 'c))))

(test-eq "signature-case corrupt-signature" 'c
  (let* ((hash (sha256 #vu8(1 2 3)))
         (sig  (string->canonical-sexp "(w tf)")))
    (signature-case (sig hash (public-keys->acl (list %public-key)))
      (valid-signature 'v)
      (invalid-signature 'i)
      (hash-mismatch 'm)
      (unauthorized-key 'u)
      (corrupt-signature 'c))))

(test-end)
annels and items from $GUIX_PACKAGE_PATH to Guile's ;; search path. For historical reasons, $GUIX_PACKAGE_PATH goes to the ;; front; channels go to the back so that they don't override Guix' own ;; modules. (set! %load-path (append environment %load-path channels-scm)) (set! %load-compiled-path (append environment %load-compiled-path channels-go)) (make-parameter (append environment %default-package-module-path channels-scm)))) (define %patch-path ;; Define it after '%package-module-path' so that '%load-path' contains user ;; directories, allowing patches in $GUIX_PACKAGE_PATH to be found. (make-parameter (map (lambda (directory) (if (string=? directory %distro-root-directory) (string-append directory "/gnu/packages/patches") directory)) %load-path))) ;; This procedure is used by Emacs-Guix up to 0.5.1.1, so keep it for now. ;; See <https://github.com/alezost/guix.el/issues/30>. (define-deprecated find-newest-available-packages find-packages-by-name (mlambda () "Return a vhash keyed by package names, and with associated values of the form (newest-version newest-package ...) where the preferred package is listed first." (fold-packages (lambda (p r) (let ((name (package-name p)) (version (package-version p))) (match (vhash-assoc name r) ((_ newest-so-far . pkgs) (case (version-compare version newest-so-far) ((>) (vhash-cons name `(,version ,p) r)) ((=) (vhash-cons name `(,version ,p ,@pkgs) r)) ((<) r))) (#f (vhash-cons name `(,version ,p) r))))) vlist-null))) (define (fold-available-packages proc init) "Fold PROC over the list of available packages. For each available package, PROC is called along these lines: (PROC NAME VERSION RESULT #:outputs OUTPUTS #:location LOCATION …) PROC can use #:allow-other-keys to ignore the bits it's not interested in. When a package cache is available, this procedure does not actually load any package module." (define cache (load-package-cache (current-profile))) (if (and cache (cache-is-authoritative?)) (vhash-fold (lambda (name vector result) (match vector (#(name version module symbol outputs supported? deprecated? file line column) (proc name version result #:outputs outputs #:location (and file (location file line column)) #:supported? supported? #:deprecated? deprecated?)))) init cache) (fold-packages (lambda (package result) (proc (package-name package) (package-version package) result #:outputs (package-outputs package) #:location (package-location package) #:supported? (->bool (supported-package? package)) #:deprecated? (->bool (package-superseded package)))) init))) (define* (fold-packages proc init #:optional (modules (all-modules (%package-module-path) #:warn warn-about-load-error)) #:key (select? (negate hidden-package?))) "Call (PROC PACKAGE RESULT) for each available package defined in one of MODULES that matches SELECT?, using INIT as the initial value of RESULT. It is guaranteed to never traverse the same package twice." (fold-module-public-variables (lambda (object result) (if (and (package? object) (select? object)) (proc object result) result)) init modules)) (define %package-cache-file ;; Location of the package cache. "/lib/guix/package.cache") (define load-package-cache (mlambda (profile) "Attempt to load the package cache. On success return a vhash keyed by package names. Return #f on failure." (match profile (#f #f) (profile (catch 'system-error (lambda () (define lst (load-compiled (string-append profile %package-cache-file))) (fold (lambda (item vhash) (match item (#(name version module symbol outputs supported? deprecated? file line column) (vhash-cons name item vhash)))) vlist-null lst)) (lambda args (if (= ENOENT (system-error-errno args)) #f (apply throw args)))))))) (define find-packages-by-name/direct ;bypass the cache (let ((packages (delay (fold-packages (lambda (p r) (vhash-cons (package-name p) p r)) vlist-null))) (version>? (lambda (p1 p2) (version>? (package-version p1) (package-version p2))))) (lambda* (name #:optional version) "Return the list of packages with the given NAME. If VERSION is not #f, then only return packages whose version is prefixed by VERSION, sorted in decreasing version order." (let ((matching (sort (vhash-fold* cons '() name (force packages)) version>?))) (if version (filter (lambda (package) (version-prefix? version (package-version package))) matching) matching))))) (define (cache-lookup cache name) "Lookup package NAME in CACHE. Return a list sorted in increasing version order." (define (package-version<? v1 v2) (version>? (vector-ref v2 1) (vector-ref v1 1))) (sort (vhash-fold* cons '() name cache) package-version<?)) (define* (find-packages-by-name name #:optional version) "Return the list of packages with the given NAME. If VERSION is not #f, then only return packages whose version is prefixed by VERSION, sorted in decreasing version order." (define cache (load-package-cache (current-profile))) (if (and (cache-is-authoritative?) cache) (match (cache-lookup cache name) (#f #f) ((#(_ versions modules symbols _ _ _ _ _ _) ...) (fold (lambda (version* module symbol result) (if (or (not version) (version-prefix? version version*)) (cons (module-ref (resolve-interface module) symbol) result) result)) '() versions modules symbols))) (find-packages-by-name/direct name version))) (define* (find-package-locations name #:optional version) "Return a list of version/location pairs corresponding to each package matching NAME and VERSION." (define cache (load-package-cache (current-profile))) (if (and cache (cache-is-authoritative?)) (match (cache-lookup cache name) (#f '()) ((#(name versions modules symbols outputs supported? deprecated? files lines columns) ...) (fold (lambda (version* file line column result) (if (and file (or (not version) (version-prefix? version version*))) (alist-cons version* (location file line column) result) result)) '() versions files lines columns))) (map (lambda (package) (cons (package-version package) (package-location package))) (find-packages-by-name/direct name version)))) (define (find-best-packages-by-name name version) "If version is #f, return the list of packages named NAME with the highest version numbers; otherwise, return the list of packages named NAME and at VERSION." (if version (find-packages-by-name name version) (match (find-packages-by-name name) (() '()) ((matches ...) ;; Return the subset of MATCHES with the higher version number. (let ((highest (package-version (first matches)))) (take-while (lambda (p) (string=? (package-version p) highest)) matches)))))) ;; Prevent Guile 3 from inlining this procedure so we can mock it in tests. (set! find-best-packages-by-name find-best-packages-by-name) (define (generate-package-cache directory) "Generate under DIRECTORY a cache of all the available packages. The primary purpose of the cache is to speed up package lookup by name such that we don't have to traverse and load all the package modules, thereby also reducing the memory footprint." (define cache-file (string-append directory %package-cache-file)) (define expand-cache (match-lambda* (((module symbol variable) (result . seen)) (let ((package (variable-ref variable))) (if (or (vhash-assq package seen) (hidden-package? package)) (cons result seen) (cons (cons `#(,(package-name package) ,(package-version package) ,(module-name module) ,symbol ,(package-outputs package) ,(->bool (supported-package? package)) ,(->bool (package-superseded package)) ,@(let ((loc (package-location package))) (if loc `(,(location-file loc) ,(location-line loc) ,(location-column loc)) '(#f #f #f)))) result) (vhash-consq package #t seen))))))) (define entry-key (match-lambda ((module symbol variable) (let ((value (variable-ref variable))) (string-append (package-name value) (package-version value) (object->string module) (symbol->string symbol)))))) (define (entry<? a b) (string<? (entry-key a) (entry-key b))) (define variables ;; First sort variables so that 'expand-cache' later dismisses ;; already-seen package objects in a deterministic fashion. (sort (fold-module-public-variables* (lambda (module symbol variable lst) (let ((value (false-if-exception (variable-ref variable)))) (if (package? value) (cons (list module symbol variable) lst) lst))) '() (all-modules (%package-module-path) #:warn warn-about-load-error)) entry<?)) (define exp (first (fold expand-cache (cons '() vlist-null) variables))) (mkdir-p (dirname cache-file)) (call-with-output-file cache-file (lambda (port) ;; Store the cache as a '.go' file. This makes loading fast and reduces ;; heap usage since some of the static data is directly mmapped. (match (compile `'(,@exp) #:to 'bytecode #:opts '(#:to-file? #t)) ((? bytevector? bv) (put-bytevector port bv)) (proc ;; In Guile 3.0.9, the linker can return a procedure instead of a ;; bytevector. Adjust to that. (proc port))))) cache-file) (define %sigint-prompt ;; The prompt to jump to upon SIGINT. (make-prompt-tag "interruptible")) (define (call-with-sigint-handler thunk handler) "Call THUNK and return its value. Upon SIGINT, call HANDLER with the signal number in the context of the continuation of the call to this function, and return its return value." (call-with-prompt %sigint-prompt (lambda () (sigaction SIGINT (lambda (signum) (sigaction SIGINT SIG_DFL) (abort-to-prompt %sigint-prompt signum))) (dynamic-wind (const #t) thunk (cut sigaction SIGINT SIG_DFL))) (lambda (k signum) (handler signum)))) ;;; ;;; Package specification. ;;; (define* (%find-package spec name version) (match (find-best-packages-by-name name version) ((pkg . pkg*) (unless (null? pkg*) (warning (G_ "ambiguous package specification `~a'~%") spec) (warning (G_ "choosing ~a@~a from ~a~%") (package-name pkg) (package-version pkg) (location->string (package-location pkg)))) (match (package-superseded pkg) ((? package? new) (info (G_ "package '~a' has been superseded by '~a'~%") (package-name pkg) (package-name new)) new) (#f pkg))) (x (if version (leave (G_ "~A: package not found for version ~a~%") name version) (leave (G_ "~A: unknown package~%") name))))) (define (specification->package spec) "Return a package matching SPEC. SPEC may be a package name, or a package name followed by an at-sign and a version number. If the version number is not present, return the preferred newest version." (let ((name version (package-name->name+version spec))) (%find-package spec name version))) (define (specification->location spec) "Return the location of the highest-numbered package matching SPEC, a specification such as \"guile@2\" or \"emacs\"." (let ((name version (package-name->name+version spec))) (match (find-package-locations name version) (() (if version (leave (G_ "~A: package not found for version ~a~%") name version) (leave (G_ "~A: unknown package~%") name))) (lst (let* ((highest (match lst (((version . _) _ ...) version))) (locations (take-while (match-lambda ((version . location) (string=? version highest))) lst))) (match locations (((version . location) . rest) (unless (null? rest) (warning (G_ "ambiguous package specification `~a'~%") spec) (warning (G_ "choosing ~a@~a from ~a~%") name version (location->string location))) location))))))) (define* (specification->package+output spec #:optional (output "out")) "Return the package and output specified by SPEC, or #f and #f; SPEC may optionally contain a version number and an output name, as in these examples: guile guile@2.0.9 guile:debug guile@2.0.9:debug If SPEC does not specify a version number, return the preferred newest version; if SPEC does not specify an output, return OUTPUT. When OUTPUT is false and SPEC does not specify any output, return #f as the output." (let ((name version sub-drv (package-specification->name+version+output spec output))) (match (%find-package spec name version) (#f (values #f #f)) (package (if (or (and (not output) (not sub-drv)) (member sub-drv (package-outputs package))) (values package sub-drv) (leave (G_ "package `~a' lacks output `~a'~%") (package-full-name package) sub-drv)))))) (define (specifications->packages specs) "Given SPECS, a list of specifications such as \"emacs@25.2\" or \"guile:debug\", return a list of package/output tuples." ;; This procedure exists so users of 'guix home' don't have to write out the ;; (map (compose list specification->package+output)... boilerplate. (map (compose list specification->package+output) specs)) (define (specifications->manifest specs) "Given SPECS, a list of specifications such as \"emacs@25.2\" or \"guile:debug\", return a profile manifest." ;; This procedure exists mostly so users of 'guix package -m' don't have to ;; fiddle with multiple-value returns. (packages->manifest (specifications->packages specs))) (define (package-unique-version-prefix name version) "Search among all the versions of package NAME that are available, and return the shortest unambiguous version prefix to designate VERSION. If only one version of the package is available, return the empty string." (match (map package-version (find-packages-by-name name)) ((_) ;; A single version of NAME is available, so do not specify the version ;; number, even if the available version doesn't match VERSION. "") (versions ;; If VERSION is the latest version, don't specify any version. ;; Otherwise return the shortest unique version prefix. Note that this ;; is based on the currently available packages so the result may vary ;; over time. (if (every (cut version>? version <>) (delete version versions)) "" (version-unique-prefix version versions)))))