From 3677b97030e5954fa26bdb435e0d3379a1a4ec43 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ludovic=20Court=C3=A8s?= Date: Mon, 12 Dec 2022 14:55:32 +0100 Subject: [PATCH] pki: 'public-keys->acl' deduplicates entries. Reported by Tobias Geerinckx-Rice in . * guix/pki.scm (public-keys->acl): Add call to 'delete-duplicates'. * tests/pki.scm ("public-keys->acl deduplication"): New test. --- guix/pki.scm | 8 +++++--- tests/pki.scm | 6 +++++- 2 files changed, 10 insertions(+), 4 deletions(-) diff --git a/guix/pki.scm b/guix/pki.scm index 6326e065e9..c5b2fb9634 100644 --- a/guix/pki.scm +++ b/guix/pki.scm @@ -1,5 +1,5 @@ ;;; GNU Guix --- Functional package management for GNU -;;; Copyright © 2013, 2014, 2016 Ludovic Courtès +;;; Copyright © 2013, 2014, 2016, 2022 Ludovic Courtès ;;; ;;; This file is part of GNU Guix. ;;; @@ -21,6 +21,7 @@ (define-module (guix pki) #:use-module (gcrypt pk-crypto) #:use-module ((guix utils) #:select (with-atomic-file-output)) #:use-module ((guix build utils) #:select (mkdir-p)) + #:autoload (srfi srfi-1) (delete-duplicates) #:use-module (ice-9 match) #:use-module (ice-9 rdelim) #:use-module (ice-9 binary-ports) @@ -61,9 +62,10 @@ (define (public-keys->acl keys) ;; want to have name certificates and to use subject names instead of ;; complete keys. `(acl ,@(map (lambda (key) - `(entry ,(canonical-sexp->sexp key) + `(entry ,key (tag (guix import)))) - keys))) + (delete-duplicates + (map canonical-sexp->sexp keys))))) (define %acl-file (string-append %config-directory "/acl")) diff --git a/tests/pki.scm b/tests/pki.scm index d6a6b476c7..86daff8ddf 100644 --- a/tests/pki.scm +++ b/tests/pki.scm @@ -1,5 +1,5 @@ ;;; GNU Guix --- Functional package management for GNU -;;; Copyright © 2013, 2014 Ludovic Courtès +;;; Copyright © 2013, 2014, 2022 Ludovic Courtès ;;; ;;; This file is part of GNU Guix. ;;; @@ -66,6 +66,10 @@ (define %alternate-secret-key (test-assert "authorized-key? public-key singleton" (authorized-key? %public-key (public-keys->acl (list %public-key)))) +(test-equal "public-keys->acl deduplication" + (public-keys->acl (list %public-key)) + (public-keys->acl (make-list 10 %public-key))) + (test-assert "signature-case valid-signature" (let* ((hash (sha256 #vu8(1 2 3))) (data (bytevector->hash-data hash #:key-type (key-type %public-key)))