;;; GNU Guix --- Functional package management for GNU ;;; Copyright © 2013, 2014 Ludovic Courtès ;;; ;;; This file is part of GNU Guix. ;;; ;;; GNU Guix is free software; you can redistribute it and/or modify it ;;; under the terms of the GNU General Public License as published by ;;; the Free Software Foundation; either version 3 of the License, or (at ;;; your option) any later version. ;;; ;;; GNU Guix is distributed in the hope that it will be useful, but ;;; WITHOUT ANY WARRANTY; without even the implied warranty of ;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ;;; GNU General Public License for more details. ;;; ;;; You should have received a copy of the GNU General Public License ;;; along with GNU Guix. If not, see . (define-module (test-pk-crypto) #:use-module (guix pk-crypto) #:use-module (guix utils) #:use-module (guix hash) #:use-module (srfi srfi-1) #:use-module (srfi srfi-11) #:use-module (srfi srfi-26) #:use-module (srfi srfi-64) #:use-mo
aboutsummaryrefslogtreecommitdiff
path: root/gnu/installer/user.scm
blob: 4e701e64ce3efa25d018c827b4a6203149186b3b (about) (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61

;;; GNU Guix --- Functional package management for GNU
;;; Copyright © 2018 Mathieu Othacehe <m.othacehe@gmail.com>
;;;
;;; This file is part of GNU Guix.
;;;
;;; GNU Guix is free software; you can redistribute it and/or modify it
;;; under the terms of the GNU General Public License as published by
;;; the Free Software Foundation; either version 3 of the License, or (at
;;; your option) any later version.
;;;
;;; GNU Guix is distributed in the hope that it will be useful, but
;;; WITHOUT ANY WARRANTY; without even the implied warranty of
;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
;;; GNU General Public License for more details.
;;;
;;; You should have received a copy of the GNU General Public License
;;; along with GNU Guix.  If not, see <http://www.gnu.org/licenses/>.

(define-module (gnu installer user)
  #:use-module (guix records)
  #:use-module (srfi srfi-1)
  #:export (<user>
            user
            make-user
            user-name
            user-real-name
            user-group
            user-home-directory
            user-password

            users->configuration))

(define-record-type* <user>
  user make-user
  user?
  (name            user-name)
  (real-name       user-real-name
                   (default ""))
  (group           user-group
                   (default "users"))
  (password        user-password)
  (home-directory  user-home-directory))

(define (users->configuration users)
  "Return the configuration field for USERS."
  (define (user->sexp user)
    `(user-account
      (name ,(user-name user))
      (comment ,(user-real-name user))
      (group ,(user-group user))
      (home-directory ,(user-home-directory user))
      (supplementary-groups '("wheel" "netdev"
                              "audio" "video"))))

  `((users (cons*
            ,@(filter-map (lambda (user)
                            ;; Do not emit a 'user-account' form for "root".
                            (and (not (string=? (user-name user) "root"))
                                 (user->sexp user)))
                          users)
            %base-user-accounts))))
generated by cgit
ring->utf8 "Hello, world."))) (data (bytevector->hash-data bv "sha256"))) (and (canonical-sexp? data) (let-values (((value algo) (hash-data->bytevector data))) (and (string=? algo "sha256") (bytevector=? value bv)))))) (test-equal "key-type" '(rsa ecc) (map (compose key-type (cut find-sexp-token <> 'public-key) string->canonical-sexp) (list %key-pair %ecc-key-pair))) (test-assert "sign + verify" (let* ((pair (string->canonical-sexp %key-pair)) (secret (find-sexp-token pair 'private-key)) (public (find-sexp-token pair 'public-key)) (data (bytevector->hash-data (sha256 (string->utf8 "Hello, world.")) #:key-type (key-type public))) (sig (sign data secret))) (and (verify sig data public) (not (verify sig (bytevector->hash-data (sha256 (string->utf8 "Hi!")) #:key-type (key-type public)) public))))) ;; Ed25519 appeared in libgcrypt 1.6.0. (test-skip (if (version>? (gcrypt-version) "1.6.0") 0 1)) (test-assert "sign + verify, Ed25519" (let* ((pair (string->canonical-sexp %ecc-key-pair)) (secret (find-sexp-token pair 'private-key)) (public (find-sexp-token pair 'public-key)) (data (bytevector->hash-data (sha256 (string->utf8 "Hello, world.")))) (sig (sign data secret))) (and (verify sig data public) (not (verify sig (bytevector->hash-data (sha256 (string->utf8 "Hi!"))) public))))) (gc) (test-equal "canonical-sexp->sexp" `((data (flags pkcs1) (hash sha256 ,(base16-string->bytevector "2749f0ea9f26c6c7be746a9cff8fa4c2f2a02b000070dba78429e9a11f87c6eb"))) (public-key (rsa (n ,(base16-string->bytevector (string-downcase "00C1F764069F54FFE93A126B02328903E984E4AE3AF6DF402B5B6B3907911B88C385F1BA76A002EC9DEA109A5228EF0E62EE31A06D1A5861CAB474F6C857AC66EB65A1905F25BBA1869579E73A3B7FED13AF5A1667326F88CDFC2FF24B03C14FD1384AA7E73CA89572880B606E3A974E15347963FC7B6378574936A47580DBCB45"))) (e ,(base16-string->bytevector "010001"))))) (list (canonical-sexp->sexp (string->canonical-sexp "(data (flags pkcs1) (hash \"sha256\" #2749f0ea9f26c6c7be746a9cff8fa4c2f2a02b000070dba78429e9a11f87c6eb#))")) (canonical-sexp->sexp (find-sexp-token (string->canonical-sexp %key-pair) 'public-key)))) (let ((lst `((data (flags pkcs1) (hash sha256 ,(base16-string->bytevector "2749f0ea9f26c6c7be746a9cff8fa4c2f2a02b000070dba78429e9a11f87c6eb"))) (public-key (rsa (n ,(base16-string->bytevector (string-downcase "00C1F764069F54FFE93A126B02328903E984E4AE3AF6DF402B5B6B3907911B88C385F1BA76A002EC9DEA109A5228EF0E62EE31A06D1A5861CAB474F6C857AC66EB65A1905F25BBA1869579E73A3B7FED13AF5A1667326F88CDFC2FF24B03C14FD1384AA7E73CA89572880B606E3A974E15347963FC7B6378574936A47580DBCB45"))) (e ,(base16-string->bytevector "010001")))) ,(base16-string->bytevector "2749f0ea9f26c6c7be746a9cff8fa4c2f2a02b000070dba78429e9a11f87c6eb")))) (test-equal "sexp->canonical-sexp->sexp" lst (map (compose canonical-sexp->sexp sexp->canonical-sexp) lst))) (let ((sexp `(signature (public-key (rsa (n ,(make-bytevector 1024 1)) (e ,(base16-string->bytevector "010001"))))))) (test-equal "https://bugs.g10code.com/gnupg/issue1594" ;; The gcrypt bug above was primarily affecting our uses in ;; 'canonical-sexp->sexp', typically when applied to a signature sexp (in ;; 'guix authenticate -verify') with a "big" RSA key, such as 4096 bits. sexp (canonical-sexp->sexp (sexp->canonical-sexp sexp)))) (test-end)