diff options
author | Ludovic Courtès <ludo@gnu.org> | 2014-03-30 22:29:35 +0200 |
---|---|---|
committer | Ludovic Courtès <ludo@gnu.org> | 2014-03-30 22:32:11 +0200 |
commit | cdea30e061490a521f1e9c66ff870ca98ae5d7e5 (patch) | |
tree | bf2959c6283ae2ccbc39a52f75b5250897aa03a3 /bootstrap | |
parent | 00230df1074400acbcf8e80eeab5e67a3e1b3210 (diff) | |
download | guix-cdea30e061490a521f1e9c66ff870ca98ae5d7e5.tar.gz |
substitute-binary: Defer narinfo authentication and authorization checks.
* guix/scripts/substitute-binary.scm (narinfo-signature->canonical-sexp): Catch 'gcry-error' around 'string->canonical-sexp' call, and re-raise as a SRFI-35 &message and &nar-signature-error. (narinfo-maker): Handle when SIGNATURE is #f or an invalid canonical sexp. (&nar-signature-error, &nar-invalid-hash-error): New variables. (assert-valid-signature): Use them. Expect 'signature' to be a canonical sexp. (read-narinfo): Remove authentication and authorization checks. (%signature-line-rx): New variable. (assert-valid-narinfo, valid-narinfo?): New procedures. (guix-substitute-binary): Wrap body in 'with-error-handling'. [valid?]: New procedure. <--query>: Show only store items of narinfos that match 'valid-narinfo?'. <--substitute>: Call 'assert-valid-narinfo'. * tests/substitute-binary.scm (test-error*): Use 'test-equal'. (%keypair): Remove. (%public-key, %private-key): Load from signing-key.{pub,sec}. (signature-body): Add #:public-key parameter. (call-with-narinfo): New procedure. (with-narinfo): New macro. ("corrupt signature data", "unauthorized public key", "invalid signature"): Make the first argument to 'assert-valid-signature' a canonical sexp. ("invalid hash", "valid read-narinfo", "valid write-narinfo"): Remove. ("query narinfo with invalid hash", "query narinfo signed with authorized key", "query narinfo signed with unauthorized key", "substitute, invalid hash", "substitute, unauthorized key"): New tests.
Diffstat (limited to 'bootstrap')
0 files changed, 0 insertions, 0 deletions