diff options
| author | Ludovic Courtès <ludo@gnu.org> | 2022-02-09 18:36:35 +0100 |
|---|---|---|
| committer | Ludovic Courtès <ludo@gnu.org> | 2022-02-14 11:23:56 +0100 |
| commit | 6adce1538d2df6fa2d68abc13ae94e2fa826d124 (patch) | |
| tree | 082b9a1355cdb8a321a11f312ef2b2d9ed0a57ec /tests/substitute.scm | |
| parent | ca87601dd97dd9d356409827802eb0f8a3a535f0 (diff) | |
| download | guix-6adce1538d2df6fa2d68abc13ae94e2fa826d124.tar.gz | |
publish: Do not sign the URL/Compression/FileSize narinfo fields.
This will allow mirror operators to alter these non-normative bits of a
narinfo without having to resign narinfos.
* guix/scripts/publish.scm (narinfo-string): Remove
URL/Compression/FileSize from BASE-INFO. Move them after "Signature".
* tests/publish.scm ("/*.narinfo")
("/*.narinfo with properly encoded '+' sign")
("/*.narinfo with lzip + gzip")
("with cache, lzip + gzip"): Adjust accordingly.
* tests/substitute.scm ("query narinfo with signature over relevant subset"):
New test.
Diffstat (limited to 'tests/substitute.scm')
| -rw-r--r-- | tests/substitute.scm | 25 |
1 files changed, 24 insertions, 1 deletions
diff --git a/tests/substitute.scm b/tests/substitute.scm index 21b513e1d8..049e6ba762 100644 --- a/tests/substitute.scm +++ b/tests/substitute.scm @@ -1,6 +1,6 @@ ;;; GNU Guix --- Functional package management for GNU ;;; Copyright © 2014 Nikita Karetnikov <nikita@karetnikov.org> -;;; Copyright © 2014, 2015, 2017, 2018, 2019, 2021 Ludovic Courtès <ludo@gnu.org> +;;; Copyright © 2014-2015, 2017-2019, 2021-2022 Ludovic Courtès <ludo@gnu.org> ;;; ;;; This file is part of GNU Guix. ;;; @@ -268,6 +268,29 @@ System: mips64el-linux\n") (lambda () (guix-substitute "--query"))))))))) +(test-equal "query narinfo with signature over relevant subset" + ;; The signature covers the StorePath/NarHash/References tuple, so it is + ;; valid; it does not cover non-normative fields, which is fine. + (string-append (%store-prefix) "/aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa-foo") + + (let ((prefix (string-append "StorePath: " (%store-prefix) + "/aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa-foo +NarHash: sha256:aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa +References: bar baz\n"))) + (with-narinfo (string-append prefix + "Signature: " (signature-field prefix) " +URL: example.nar +Compression: none +NarSize: 42 +Deriver: " (%store-prefix) "/foo.drv") + (string-trim-both + (with-output-to-string + (lambda () + (with-input-from-string (string-append "have " (%store-prefix) + "/aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa-foo") + (lambda () + (guix-substitute "--query"))))))))) + (test-equal "query narinfo signed with authorized key" (string-append (%store-prefix) "/aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa-foo") |