aboutsummaryrefslogtreecommitdiff
path: root/tests/guix-authenticate.sh
blob: 0de6da187844bb65a9f249f8386f62b445572571 (about) (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87

# GNU Guix --- Functional package management for GNU
# Copyright © 2013, 2014, 2020 Ludovic Courtès <ludo@gnu.org>
#
# This file is part of GNU Guix.
#
# GNU Guix is free software; you can redistribute it and/or modify it
# under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 3 of the License, or (at
# your option) any later version.
#
# GNU Guix is distributed in the hope that it will be useful, but
# WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with GNU Guix.  If not, see <http://www.gnu.org/licenses/>.

#
# Test the 'guix authenticate' command-line utility.
#

guix authenticate --version

sig="t-signature-$$"
hash="t-hash-$$"
rm -f "$sig" "$hash"

trap 'rm -f "$sig" "$hash"' EXIT

key="$abs_top_srcdir/tests/keys/signing-key.sec"
key_len="`echo -n $key | wc -c`"

# A hexadecimal string as long as a sha256 hash.
hash="2749f0ea9f26c6c7be746a9cff8fa4c2f2a02b000070dba78429e9a11f87c6eb"
hash_len="`echo -n $hash | wc -c`"

echo "sign $key_len:$key $hash_len:$hash" | guix authenticate > "$sig"
test -f "$sig"
case "$(cat $sig)" in
    "0 "*) ;;
    *)     echo "broken signature: $(cat $sig)"
	   exit 42;;
esac

# Remove the leading "0".
sed -i "$sig" -e's/^0 //g'

hash2="$(echo verify $(cat "$sig") | guix authenticate)"
test "$(echo $hash2 | cut -d : -f 2)" = "$hash"

# Detect corrupt signatures.
code="$(echo "verify 5:wrong" | guix authenticate | cut -f1 -d ' ')"
test "$code" -ne 0

# Detect invalid signatures.
# The signature has (payload (data ... (hash sha256 #...#))).  We proceed by
# modifying this hash.
sed -i "$sig"											\
    -e's|#[A-Z0-9]\{64\}#|#0000000000000000000000000000000000000000000000000000000000000000#|g'
code="$(echo "verify $(cat $sig)" | guix authenticate | cut -f1 -d ' ')"
test "$code" -ne 0

# Make sure byte strings are correctly encoded.  The hash string below is
# "café" repeated 8 times.  Libgcrypt would normally choose to write it as a
# string rather than a hex sequence.  We want that string to be Latin-1
# encoded independently of the current locale: <https://bugs.gnu.org/43421>.
hash="636166e9636166e9636166e9636166e9636166e9636166e9636166e9636166e9"
latin1_cafe="caf$(printf '\351')"
echo "sign 26:tests/keys/signing-key.sec 64:$hash" | guix authenticate \
    | LC_ALL=C grep "hash sha256 \"$latin1_cafe"

# Test for <http://bugs.gnu.org/17312>: make sure 'guix authenticate' produces
# valid signatures when run in the C locale.
hash="5eff0b55c9c5f5e87b4e34cd60a2d5654ca1eb78c7b3c67c3179fed1cff07b4c"

LC_ALL=C
export LC_ALL

echo "sign $key_len:$key $hash_len:$hash" | guix authenticate > "$sig"

# Remove the leading "0".
sed -i "$sig" -e's/^0 //g'

echo "verify $(cat $sig)" | guix authenticate
hash2="$(echo "verify $(cat $sig)" | guix authenticate | cut -f2 -d ' ')"
test "$(echo $hash2 | cut -d : -f 2)" = "$hash"
generated by cgit
Christopher Baines 2023-09-08services: ganeti: Fix tests....* gnu/tests/ganeti.scm (run-ganeti-test)["force-start wconfd"]: Don't use INVOKE. ["gnt-os list"]: Import (ice-9 textual-ports). Marius Bakke 2023-08-25image: Add mbr-raw-image-type and use by default....* gnu/system/image.scm (mbr-disk-image, mbr-raw-image-type): New variables. (qcow2-image-type): Inherit mbr-disk-image. * guix/scripts/system.scm (%default-options): Use mbr-raw-image-type by default. * gnu/tests/install.scm (run-install): Use mbr-raw in the tests. * doc/guix-cookbook.texi (Guix System Image API): Update the list of image types. * doc/guix.texi (Invoking guix system, System Images, image-type Reference): Add mbr-raw and switch documented default to it. Josselin Poiret 2023-08-16gnu: elogind: Update to 252.9....* gnu/packages/freedesktop.scm (elogind): Update to 252.9. [source]: Replace elogind-revert-polkit-detection.patch with elogind-fix-rpath.patch in patches. [configure-flags]: Add the dbussystemservicedir, dbussessionservicedir, dbussystemservicedir and dbus-interfaces-dir flags. [phases] <use-global-hook-directory> Update list of patched files. <adjust-tests> Update substitutions, and skip the copy_holes test. [native-inputs]: Add python-jinja2. [inputs]: Add util-linux:lib. * gnu/services/desktop.scm (elogind-dbus-service) <elogind-dbus-service-wrapper>: Add a symlink to elogind's share/dbus-1/system.d to expose D-Bus policy configurations. * gnu/tests/desktop.scm (run-elogind-test): Adjust expected result for the new "linger" value. * gnu/packages/patches/elogind-revert-polkit-detection.patch: Delete file. * gnu/packages/patches/elogind-fix-rpath.patch: New file. * gnu/local.mk (dist_patch_DATA): Update. Series-to: 64938@debbugs.gnu.org Series-prefix: elogind-updates Series-version: 2 Series-changes: 2 - Fix elogind system test - Install D-Bus policy files in elogind-dbus-service-wrapper - Remove duplicate 'dbussystemservicedir' configure flag Maxim Cournoyer 2023-08-15services: Add cachefilesd service....Thanks to Bruno Victal "mirai" for cooperating on this patch and for generously sharing a wealth of insights about Guix services. Thanks to Jean-Baptiste Note for an early version of this service! * doc/guix.texi (Linux Services)[Cachefilesd Service]: New heading. * gnu/services/linux.scm (serialize-string, non-negative-integer?) (serialize-non-negative-integer, string, non-negative-integer) (make-option-serializer, make-percentage-threshold-serializer): New procedures. (cachefilesd-configuration): New record type. (cachefilesd-service-type): New variable. * gnu/tests/cachefilesd.scm: New file. * gnu/local.mk (GNU_SYSTEM_MODULES): Add it. Co-authored-by: Bruno Victal <mirai@makinata.eu> Signed-off-by: Ludovic Courtès <ludo@gnu.org> Felix Lechner 2023-08-15tests: pam-limits: Confirm actual ulimits are installed....This revised system test is superior to the one accepted when #61744 was closed because it confirms whether the configured limits are actually being enforced upon login. The previous test merely validated the serialization of one particular config in the config file. * gnu/tests/pam.scm (pam-limits-service): Revise test to confirm limits on login. (%test-pam-limits)[description]: Update. (%test-pam-limits-deprecated): Remove. Signed-off-by: Ludovic Courtès <ludo@gnu.org> Felix Lechner 2023-07-19tests: lightdm: Bump timeout waiting for screen text to 60 seconds....This is to avoid non-deterministic failures on slower machines. * gnu/tests/lightdm.scm (run-lightdm-test) <wait-for-screen-text>: Bump timeout to 60 s (from the default 30 s). Maxim Cournoyer 2023-07-19tests: xvnc: Fix 'gdm auto-suspend is disabled' test....This failure is another collateral from commit a09c7da ("tests: Fork and exec a new Guile for the marionette REPL."), which isolated the marionette evaluation environment from that of the host. * gnu/tests/vnc.scm (run-xvnc-test): Move the (guix build utils) import to... ["gdm auto-suspend is disabled"]: ... inside the marionette-eval of this test. Complete comment. Reported-by: Bruno Victal <mirai@makinata.eu> Maxim Cournoyer 2023-07-19tests: xvnc: Group up GDM test and use GNU Ocrad instead of Tesseract....* gnu/tests/vnc.scm (run-xvnc-test): Group up GDM test. Use GNU Ocrad. Signed-off-by: Maxim Cournoyer <maxim.cournoyer@gmail.com> Modified-by: Maxim Cournoyer <maxim.cournoyer@gmail.com> Bruno Victal 2023-07-19tests: gdm: Prefer OCR to delay....* gnu/tests/gdm.scm (run-gdm-test): Use wait-for-screen-text instead of sleep. Signed-off-by: Maxim Cournoyer <maxim.cournoyer@gmail.com> Modified-by: Maxim Cournoyer <maxim.cournoyer@gmail.com> Bruno Victal 2023-07-09gnu: lightdm: Apply patch to fix VNC server address binding ordering....* gnu/packages/patches/lightdm-vnc-ipv6.patch: New patch file. * gnu/local.mk (dist_patch_DATA): Register it. * gnu/packages/display-managers.scm (lightdm): Apply it. * gnu/tests/lightdm.scm (run-lightdm-test): Remove comment and expected fail directive for the "can connect to TCP port 5900 on IPv6" test. Suggested-by: Bruno Victal <mirai@makinata.eu> Maxim Cournoyer 2023-07-07image: Prefer gpt partition table for efi images...* gnu/system/image.scm (efi-disk-image): Use gpt partition-table-type. (efi32-disk-image): Use gpt partition-table-type. (qcow2-image-type): Use mbr partition-table-type explicitly. * gnu/tests/image.scm: Assert partition table type of efi-disk-image. Signed-off-by: Josselin Poiret <dev@jpoiret.xyz> Sergey Trofimov 2023-05-25tests: Fix the Jami service system tests....This fixes a regression introduced with commit a09c7da ("tests: Fork and exec a new Guile for the marionette REPL.") and only partially fixed with the follow-up commit f518882 (" tests: Add missing module imports for marionette-evaluated code."). * gnu/tests/telephony.scm (run-jami-test): Remove extraneous module imports. Move the setting of the DBUS_SESSION_BUS_ADDRESS environment variable inside the first marionette-eval'd setup test. ["service can be stopped"]: Add missing (gnu build dbus-service) module. Maxim Cournoyer 2023-05-18services: rsync: Use make-inetd-constructor....* gnu/services/rsync.scm (rsync-shepherd-service): Use make-inetd-constructor if available in start slot. * gnu/tests/rsync.scm (run-rsync-test): Delete "PID file" test. Reviewed-by: Ludovic Courtès <ludo@gnu.org> Maxim Cournoyer 2023-05-14tests: elogind: Wait until 'elogind' is up....Previously we could find ourselves typing in too early. * gnu/tests/desktop.scm (run-elogind-test)["login on tty1"]: Wait for 'elogind in to 'term-tty1. ["screendump"]: New test. Ludovic Courtès 2023-05-14tests: dhcpd: Avoid race conditions....Those tests were racy: it could take a while for those files to appear and for the shepherd service to be up. Thus, wait a little longer for each of them. * gnu/tests/networking.scm (run-dhcpd-test)["pid file exists"] ["lease file exists"]: Use 'wait-for-file'. ["dhcpd is alive"]: Use 'wait-for-service'. Ludovic Courtès 2023-05-11tests: vnstat: Avoid call to 'getservbyname'....This would break "make as-derivation" because /etc/services is unavailable in the build environment: [ 38/ 80] loading... 95.0% of 40 filesBacktrace: In guix/build/compile.scm: 249:8 19 (compile-files "." "/gnu/store/s5nadqd6hkzivkxp33svwqslfn608ng5-guix-system-tests" ("gnu/tests/audio.scm" "gnu/tests/base.scm" "gnu/tests/ci.scm" "gnu/tests/cups.scm" "gnu/tests/d…" …) …) […] In unknown file: 0 (getserv "discard" "tcp") ERROR: In procedure getserv: In procedure getserv: no such service discard builder for `/gnu/store/…-guix-system-tests.drv' failed with exit code 1 * gnu/tests/vnstat.scm (run-vnstat-test): Hard-code 'guest-port' instead of calling 'getservbyname'. Ludovic Courtès 2023-05-11tests: Add vnstat tests....* gnu/tests/vnstat.scm: New file. * gnu/local.mk: Register it. Signed-off-by: Ludovic Courtès <ludo@gnu.org> Bruno Victal 2023-05-11tests: openvswitch: Wait for 'openvswitch-configuration' to be up....Checking for "br0" should only be done once the 'openvswitch-configuration' service is up because it's the one that sets it up. * gnu/tests/networking.scm (run-openvswitch-test)["openvswitch-configuration is running"]: New test. Ludovic Courtès 2023-05-10tests: docker-system: Add missing import....This is a followup to f51888272558d98cf5c196b93fb6c499056fbf6c. * gnu/tests/docker.scm (run-docker-system-test)["load system image and run it"]: Use (guix build utils). Ludovic Courtès 2023-05-06tests: Add missing module imports for marionette-evaluated code....This missing imports became apparent with commit a09c7da8f8d8e732f969cf0a09aaa78f87032ab1, which runs the marionette service in a fresh Guile process with fewer imports. * gnu/tests/databases.scm (run-postgresql-test, run-timescaledb-test) (run-mysql-test): Add missing module imports for code passed to 'marionette-eval'. * gnu/tests/docker.scm (run-docker-test, run-docker-system-test): Likewise. * gnu/tests/mail.scm (run-dovecot-test, run-getmail-test): Likewise. * gnu/tests/monitoring.scm (run-zabbix-server-test): Likewise. * gnu/tests/pam.scm (run-test-pam-limits): Likewise. * gnu/tests/reconfigure.scm (run-switch-to-system-test) (run-install-bootloader-test): Likewise. * gnu/tests/security-token.scm (run-pcscd-test): Likewise. * gnu/tests/install.scm (gui-test-program): Likewise. * gnu/tests/telephony.scm (run-jami-test): Add modules to the #:imported-modules argument of 'marionette-operating-system'. [test]: Remove them from 'with-imported-modules'; remove 'with-extensions'. Add "d-bus tooling loaded" test to set up %load-path and %load-compiled-path so the marionette process can find guile-ac-d-bus and guile-packrat. Ludovic Courtès 2023-04-21tests: Use the client 'start-service' procedure....The previous code worked "by chance": 'start' from (shepherd service) happened to be in scope because the marionette REPL is created by a mere 'primitive-fork', and 'start' happened to kinda work. * gnu/tests/base.scm (run-basic-test): Use 'start-service' from (gnu services herd), not 'start' from (shepherd service), which is not supposed to work. * gnu/tests/install.scm (run-install): Likewise. Ludovic Courtès 2023-04-14gnu: MariaDB: Update to 10.10.2....* gnu/packages/databases.scm (mariadb): Update to 10.9.3. [source](snippet): Remove adjustments for deprecated TokuDB. [arguments]: Remove obsolete #:configure-flags. Build with system libfmt. Adjust tests for 10.10.2, and mariadb_config file name. Remove patch phase. [native-inputs]: Remove obsolete patch. [inputs]: Add FMT. Change from OPENSSL-1.1 to OPENSSL. * gnu/tests/databases.scm (%mysql-os): Adjust config file so MariaDB works on overlayfs. Marius Bakke 2023-03-30services: pam-limits-service-type: Deprecate file-like object support in favo......* doc/guix.texi (Base Services): Document it. * gnu/local.mk: Register test. * gnu/services/base.scm (pam-limits-service-type): Accept both lists and file-like objects. Deprecate file-like object support. * gnu/tests/pam.scm: New file. Signed-off-by: Ludovic Courtès <ludo@gnu.org> Bruno Victal