aboutsummaryrefslogtreecommitdiff
path: root/tests/guix-authenticate.sh
blob: 72c3d161d7dc381ca8b3f38202afc64ed061bfbf (about) (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95

# GNU Guix --- Functional package management for GNU
# Copyright © 2013, 2014 Ludovic Courtès <ludo@gnu.org>
#
# This file is part of GNU Guix.
#
# GNU Guix is free software; you can redistribute it and/or modify it
# under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 3 of the License, or (at
# your option) any later version.
#
# GNU Guix is distributed in the hope that it will be useful, but
# WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with GNU Guix.  If not, see <http://www.gnu.org/licenses/>.

#
# Test the 'guix authenticate' command-line utility.
#

guix authenticate --version

sig="t-signature-$$"
hash="t-hash-$$"
rm -f "$sig" "$hash"

trap 'rm -f "$sig" "$hash"' EXIT

# A hexadecimal string as long as a sha256 hash.
echo "2749f0ea9f26c6c7be746a9cff8fa4c2f2a02b000070dba78429e9a11f87c6eb" \
    > "$hash"

guix authenticate rsautl -sign				\
    -inkey "$abs_top_srcdir/tests/signing-key.sec"	\
    -in "$hash" > "$sig"
test -f "$sig"

hash2="`guix authenticate rsautl -verify		\
          -inkey $abs_top_srcdir/tests/signing-key.pub	\
          -pubin -in $sig`"
test "$hash2" = `cat "$hash"`

# Same thing in a pipeline, using the command line syntax that Nix/Crypto.pm
# uses.
hash2="`						\
  cat "$hash"						\
  | guix authenticate rsautl -sign			\
    -inkey "$abs_top_srcdir/tests/signing-key.sec"	\
  | guix authenticate rsautl -verify			\
          -inkey $abs_top_srcdir/tests/signing-key.pub	\
          -pubin`"
test "$hash2" = `cat "$hash"`

# Detect corrupt signatures.
if guix authenticate rsautl -verify				\
          -inkey "$abs_top_srcdir/tests/signing-key.pub"	\
          -pubin -in /dev/null
then false
else true
fi

# Detect invalid signatures.
# The signature has (payload (data ... (hash sha256 #...#))).  We proceed by
# modifying this hash.
sed -i "$sig"											\
    -e's|#[A-Z0-9]\{64\}#|#0000000000000000000000000000000000000000000000000000000000000000#|g'
if guix authenticate rsautl -verify				\
          -inkey "$abs_top_srcdir/tests/signing-key.pub"	\
          -pubin -in "$sig"
then false
else true
fi


# Test for <http://bugs.gnu.org/17312>: make sure 'guix authenticate' produces
# valid signatures when run in the C locale.
echo "5eff0b55c9c5f5e87b4e34cd60a2d5654ca1eb78c7b3c67c3179fed1cff07b4c" \
    > "$hash"

LC_ALL=C
export LC_ALL

guix authenticate rsautl -sign				\
    -inkey "$abs_top_srcdir/tests/signing-key.sec"	\
    -in "$hash" > "$sig"

guix authenticate rsautl -verify			\
        -inkey "$abs_top_srcdir/tests/signing-key.pub"	\
        -pubin -in "$sig"
hash2="`guix authenticate rsautl -verify		\
          -inkey $abs_top_srcdir/tests/signing-key.pub	\
          -pubin -in $sig`"
test "$hash2" = `cat "$hash"`
generated by cgit
s): Adjust for 'runningSubstituters' being a singleton instead of a list. (LocalStore::querySubstitutablePathInfos): Likewise, and remove 'substituter' parameter. * nix/libstore/local-store.hh (RunningSubstituter)[program]: Remove. (LocalStore)[runningSubstituters]: Remove. [runningSubstituter]: New field. [querySubstitutablePathInfos]: Remove 'substituter' parameter. [startSubstituter]: Remove 'substituter' parameter. * nix/nix-daemon/guix-daemon.cc (main): Remove references to 'settings.substituters'. * nix/nix-daemon/nix-daemon.cc (performOp): Ignore the user's "build-use-substitutes" value when 'settings.useSubstitutes' is false. Ludovic Courtès 2019-09-08daemon: Run 'guix offload' directly....* nix/scripts/offload.in: Remove. * nix/local.mk (nodist_pkglibexec_SCRIPTS) [BUILD_DAEMON_OFFLOAD]: Remove 'scripts/offload'. * config-daemon.ac: Don't output 'nix/scripts/offload'. * build-aux/pre-inst-env.in: Don't set 'NIX_BUILD_HOOK'. * nix/libstore/build.cc (HookInstance::HookInstance): Run 'guix offload'. (DerivationGoal::tryBuildHook): Remove reference to 'NIX_BUILD_HOOK'. * nix/nix-daemon/guix-daemon.cc (main) [HAVE_DAEMON_OFFLOAD_HOOK]: Don't set 'NIX_BUILD_HOOK'. * nix/nix-daemon/nix-daemon.cc (performOp) [!HAVE_DAEMON_OFFLOAD_HOOK]: Leave 'settings.useBuildHook' unchanged. Ludovic Courtès 2019-09-08daemon: Run 'guix perform-download' directly....* nix/scripts/download.in: Remove. * nix/local.mk (nodist_pkglibexec_SCRIPTS): Remove 'scripts/download'. * config-daemon.ac: Don't output 'nix/scripts/download'. * nix/libstore/builtins.cc (builtinDownload): Invoke 'guix perform-download' directly. Ludovic Courtès 2019-09-08daemon: Run 'guix authenticate' directly....* nix/scripts/authenticate.in: Remove. * nix/local.mk (nodist_pkglibexec_SCRIPTS): Remove scripts/authenticate. * config-daemon.ac: Don't output 'nix/scripts/authenticate'. * nix/libstore/local-store.cc (runAuthenticationProgram): Run 'guix authenticate'. Ludovic Courtès 2019-09-08daemon: Invoke 'guix gc --list-busy' instead of 'list-runtime-roots'....* nix/scripts/list-runtime-roots.in: Remove. * guix/store/roots.scm (%proc-directory): New variable. (proc-file-roots, proc-exe-roots, proc-cwd-roots) (proc-fd-roots, proc-maps-roots, proc-environ-roots) (referenced-files, canonicalize-store-item, busy-store-items): New procedures, taken from 'list-runtime-roots.in'. * nix/libstore/globals.hh (Settings)[guixProgram]: New field. * nix/libstore/globals.cc (Settings::processEnvironment): Initialize 'guixProgram'. * nix/libstore/gc.cc (addAdditionalRoots): Drop code related to 'NIX_ROOT_FINDER'. Run "guix gc --list-busy". * nix/local.mk (nodist_pkglibexec_SCRIPTS): Remove 'scripts/list-runtime-roots'. * config-daemon.ac: Don't output nix/scripts/list-runtime-roots. * build-aux/pre-inst-env.in: Don't set 'NIX_ROOT_FINDER'. Set 'GUIX'. * doc/guix.texi (Invoking guix gc): Document '--list-busy'. * guix/scripts/gc.scm (show-help, %options): Add "--list-busy". (guix-gc)[list-busy]: New procedure. Handle the 'list-busy' action. Ludovic Courtès 2019-02-04daemon: Add "/guix" to default 'nixLibexecDir'....This makes it easier to run the uninstalled daemon. * nix/local.mk (libstore_a_CPPFLAGS): Append "/guix" to NIX_LIBEXEC_DIR. * build-aux/pre-inst-env.in (NIX_LIBEXEC_DIR): Adjust comment. * nix/libstore/builtins.cc (builtinDownload): Remove SUBDIR and its use. * nix/libstore/local-store.cc (runAuthenticationProgram): Ditto. * nix/libstore/gc.cc (addAdditionalRoots): Remove "/guix" prefix. * nix/nix-daemon/guix-daemon.cc (main): Ditto. Ludovic Courtès 2019-02-04daemon: Remove unused 'NIX_DATA_DIR' environment variable....* nix/libstore/globals.hh (Settings)[nixDataDir]: Remove. * nix/libstore/globals.cc (Settings:processEnvironment): Remove setting of 'nixDataDir'. * nix/local.mk (libstore_a_CPPFLAGS): Remove '-DNIX_DATA_DIR'. Ludovic Courtès 2018-11-14daemon: Install 'authenticate' script under LIBEXECDIR/guix....That way it is handled in the same way as other helper scripts. * nix/scripts/guix-authenticate.in: Rename to... * nix/scripts/authenticate.in: ... this. * config-daemon.ac: Adjust accordingly. * nix/local.mk (libstore_a_CPPFLAGS): Remove -DOPENSSL_PATH. (nodist_libexec_SCRIPTS): Remove. (nodist_pkglibexec_SCRIPTS): New variable. * nix/nix-daemon/guix-daemon.cc (main): Remove 'setenv' call for "PATH". * nix/libstore/local-store.cc (runAuthenticationProgram): New function. (LocalStore::exportPath, LocalStore::importPath): Use it instead of 'runProgram' and OPENSSL_PATH. Ludovic Courtès 2018-06-22build: Remove leftover reference to nix/libstore/schema.sql....This is a followup to 3931c76154d4f418d5ea9acc5e47bf911d371c24. Reported by Julien Lepiller. * nix/local.mk (EXTRA_DIST): Remove schema.sql. Ludovic Courtès 2018-06-14Remove 'guix-register' and its traces....* Makefile.am (SH_TESTS): Remove tests/guix-register.sh. * build-aux/pre-inst-env.in (GUIX_REGISTER): Remove. * gnu/build/install.scm (directives): Remove outdated comment. * gnu/build/vm.scm (root-partition-initializer): Update comment. * gnu/packages/package-management.scm (guix-register): Remove. * guix/config.scm.in (%sbindir, %guix-register-program): Remove. * guix/scripts/system.scm (install): Adjust docstring. * guix/self.scm (make-config.scm): Remove #:guix. Do not generate %sbindir and %guix-register-program. (specification->package): Remove "guix". * nix/guix-register/guix-register.cc: Remove. * nix/libstore/store-api.cc (decodeValidPathInfo): Remove. * nix/libstore/store-api.hh (decodeValidPathInfo): Remove declaration. * nix/local.mk (sbin_PROGRAMS, guix_register_SOURCES) (guix_register_CPPFLAGS, guix_register_LDFLAGS): Remove. * tests/guix-register.sh: Remove. Ludovic Courtès 2018-06-14database: 'with-database' can now initialize new databases....* nix/libstore/schema.sql: Rename to... * guix/store/schema.sql: ... this. * Makefile.am (nobase_dist_guilemodule_DATA): Add it. * nix/local.mk (%D%/libstore/schema.sql.hh): Adjust accordingly. * guix/store/database.scm (sql-schema): New variable. (sqlite-exec, initialize-database, call-with-database): New procedures. (with-database): Rewrite in terms of 'call-with-database'. * tests/store-database.scm ("new database"): New test. * guix/self.scm (compiled-guix)[*core-modules*]: Add 'schema.sql' to #:extra-files. Ludovic Courtès 2018-06-08build: Do not add all of $(BUILT_SOURCES) to $(CLEANFILES)....Reported by Gábor Boskovits <boskovits@gmail.com>. Fixes <https://bugs.gnu.org/31700>. * nix/local.mk (CLEANFILES): Add nothing but schema.sql.hh. Ludovic Courtès 2018-01-07daemon: Make libbz2 an optional dependency....* config-daemon.ac: Don't bail out when libbz2 is missing. Define 'HAVE_LIBBZ2' Automake conditional. * nix/libstore/build.cc: Wrap relevant bits in '#if HAVE_BZLIB_H'. * nix/libstore/globals.cc (Settings::Settings): 'logCompression' defaults to COMPRESSION_GZIP when HAVE_BZLIB_H is false. * nix/libstore/globals.hh (CompressionType): Make 'COMPRESSION_BZIP2' conditional on HAVE_BZLIB_H. * nix/local.mk (guix_register_LDADD, guix_daemon_LDADD): Add -lbz2 only when HAVE_LIBBZ2. * nix/nix-daemon/guix-daemon.cc (parse_opt): Ignore "bzip2" when not HAVE_BZLIB_H. Ludovic Courtès 2018-01-07daemon: Add gzip log compression....* nix/nix-daemon/guix-daemon.cc (GUIX_OPT_LOG_COMPRESSION): New macro. (options): Mark "disable-log-compression" as hidden and add "log-compression". (parse_opt): Handle GUIX_OPT_LOG_COMPRESSION. * nix/libstore/build.cc (DerivationGoal): Add 'gzLogFile'. (openLogFile): Initialize it when 'logCompression' is COMPRESSION_GZIP. (closeLogFile, handleChildOutput): Honor 'gzLogFile'. * nix/libstore/globals.hh (Settings)[compressLog]: Remove. [logCompression]: New field. (CompressionType): New enum. * nix/libstore/globals.cc (Settings::Settings): Initialize it. (update): Remove '_get' call for 'compressLog'. * nix/local.mk (guix_daemon_LDADD, guix_register_LDADD): Add -lz. * guix/store.scm (log-file): Handle '.gz' log files. * tests/guix-daemon.sh: Add test with '--log-compression=gzip'. * doc/guix.texi (Invoking guix-daemon): Adjust accordingly. * config-daemon.ac: Check for libz and zlib.h. Ludovic Courtès