;;; GNU Guix --- Functional package management for GNU ;;; Copyright © 2017 Ludovic Courtès ;;; ;;; This file is part of GNU Guix. ;;; ;;; GNU Guix is free software; you can redistribute it and/or modify it ;;; under the terms of the GNU General Public License as published by ;;; the Free Software Foundation; either version 3 of the License, or (at ;;; your option) any later version. ;;; ;;; GNU Guix is distributed in the hope that it will be useful, but ;;; WITHOUT ANY WARRANTY; without even the implied warranty of ;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ;;; GNU General Public License for more details. ;;; ;;; You should have received a copy of the GNU General Public License ;;; along with GNU Guix. If not, see . (define-module (test-cache) #:use-module (guix cache) #:use-module (srfi srfi-1) #:use-module (srfi srfi-19) #:use-module (srfi srfi-64) #:use-module ((guix utils) #:select (call-with-temporary-directory)) #:use-module (ice-9 match)) (cond-expand (guile-2.2 ;; Guile 2.2.2 has a bug whereby 'time-monotonic' objects have seconds and ;; nanoseconds swapped (fixed in Guile commit 886ac3e). Work around it. (define time-monotonic time-tai)) (else #t)) (test-begin "cache") (test-equal "remove-expired-cache-entries" '("o" "l" "d") (let* ((removed '()) (now (time-second (current-time time-monotonic))) (ttl 100) (stamp (match-lambda ((or "n" "e" "w") (+ now 100)) ((or "o" "l" "d") (- now 100)))) (delete (lambda (entry) (set! removed (cons entry removed))))) (remove-expired-cache-entries (reverse '("n" "e" "w" "o" "l" "d")) #:entry-expiration stamp #:delete-entry delete) removed)) (define-syntax-rule (test-cache-cleanup cache exp ...) (call-with-temporary-directory (lambda (cache) (let* ((deleted '()) (delete! (lambda (entry) (set! deleted (cons entry deleted))))) exp ... (maybe-remove-expired-cache-entries cache (const '("a" "b" "c")) #:entry-expiration (const 0) #:delete-entry delete!) (reverse deleted))))) (test-equal "maybe-remove-expired-cache-entries, first cleanup" '("a" "b" "c") (test-cache-cleanup cache)) (test-equal "maybe-remove-expired-cache-entries, no cleanup needed" '() (test-cache-cleanup cache (call-with-output-file (string-append cache "/last-expiry-cleanup") (lambda (port) (display (+ (time-second (current-time time-monotonic)) 100) port))))) (test-equal "maybe-remove-expired-cache-entries, cleanup needed" '("a" "b" "c") (test-cache-cleanup cache (call-with-output-file (string-append cache "/last-expiry-cleanup") (lambda (port) (display 0 port))))) (test-end "cache") ;;; Local Variables: ;;; eval: (put 'test-cache-cleanup 'scheme-indent-function 1) ;;; End: (%ed25519-2-secret-key-file): Renamed from %ed25519bis-secret-key-file. * tests/keys/ed25519-3.key: New file. * tests/keys/ed25519-3.sec: New file. Signed-off-by: Mathieu Othacehe <othacehe@gnu.org> Attila Lendvai 2020-09-15authenticate: Encode strings as ISO-8859-1....Fixes <https://bugs.gnu.org/43421>. * guix/scripts/authenticate.scm (read-command): Decode strings as ISO-8859-1, not UTF-8. (guix-authenticate)[send-reply]: Encode strings as ISO-8859-1, not UTF-8. * tests/guix-authenticate.sh: Add test. Ludovic Courtès 2020-09-14daemon: Spawn 'guix authenticate' once for all....Previously, we'd spawn 'guix authenticate' once for each item that has to be signed (when exporting) or authenticated (when importing). Now, we spawn it once for all and then follow a request/reply protocol. This reduces the wall-clock time of: guix archive --export -r $(guix build coreutils -d) from 30s to 2s. * guix/scripts/authenticate.scm (sign-with-key): Return the signature instead of displaying it. Raise a &formatted-message instead of calling 'leave'. (validate-signature): Likewise. (read-command): New procedure. (define-enumerate-type, reply-code): New macros. (guix-authenticate)[send-reply]: New procedure. Change to read commands from current-input-port. * nix/libstore/local-store.cc (runAuthenticationProgram): Remove. (authenticationAgent, readInteger, readAuthenticateReply): New functions. (signHash, verifySignature): Rewrite in terms of the agent. * tests/store.scm ("import not signed"): Remove 'pk' call. ("import signed by unauthorized key"): Check the error message of C. * tests/guix-authenticate.sh: Rewrite using the new protocol. fixlet Ludovic Courtès 2020-09-11daemon: Simplify interface with 'guix authenticate'....There's no reason at this point to mimic the calling convention of the 'openssl' command. * nix/libstore/local-store.cc (LocalStore::exportPath): Add only "sign" and HASH to ARGS. Remove 'tmpDir' and 'hashFile'. (LocalStore::importPath): Add only "verify" and SIGNATURE to * guix/scripts/authenticate.scm (guix-authenticate): Adjust accordingly; remove the OpenSSL-style clauses. (read-hash-data): Remove. (sign-with-key): Replace 'port' with 'sha256' and adjust accordingly. (validate-signature): Export SIGNATURE to be a canonical sexp. * tests/guix-authenticate.sh: Adjust tests accordingly. Ludovic Courtès