publish: Export 'signed-string'.

* guix/scripts/publish.scm (signed-string): Export and improve docstring.
* tests/publish.scm ("/*.narinfo")
("/*.narinfo with properly encoded '+' sign"): Adjust accordingly.
This commit is contained in:
Ludovic Courtès 2020-01-16 10:43:29 +01:00
parent a2548a3b5e
commit 4fe01b09ea
No known key found for this signature in database
GPG key ID: 090B11993D9AEBB5
2 changed files with 6 additions and 6 deletions

View file

@ -64,6 +64,7 @@ (define-module (guix scripts publish)
#:use-module ((guix build syscalls) #:select (set-thread-name)) #:use-module ((guix build syscalls) #:select (set-thread-name))
#:export (%public-key #:export (%public-key
%private-key %private-key
signed-string
guix-publish)) guix-publish))
@ -237,7 +238,8 @@ (define %nix-cache-info
("Priority" . 100))) ("Priority" . 100)))
(define (signed-string s) (define (signed-string s)
"Sign the hash of the string S with the daemon's key." "Sign the hash of the string S with the daemon's key. Return a canonical
sexp for the signature."
(let* ((public-key (%public-key)) (let* ((public-key (%public-key))
(hash (bytevector->hash-data (sha256 (string->utf8 s)) (hash (bytevector->hash-data (sha256 (string->utf8 s))
#:key-type (key-type public-key)))) #:key-type (key-type public-key))))

View file

@ -1,6 +1,6 @@
;;; GNU Guix --- Functional package management for GNU ;;; GNU Guix --- Functional package management for GNU
;;; Copyright © 2015 David Thompson <davet@gnu.org> ;;; Copyright © 2015 David Thompson <davet@gnu.org>
;;; Copyright © 2016, 2017, 2018, 2019 Ludovic Courtès <ludo@gnu.org> ;;; Copyright © 2016, 2017, 2018, 2019, 2020 Ludovic Courtès <ludo@gnu.org>
;;; ;;;
;;; This file is part of GNU Guix. ;;; This file is part of GNU Guix.
;;; ;;;
@ -153,8 +153,7 @@ (define %gzip-magic-bytes
(signature (base64-encode (signature (base64-encode
(string->utf8 (string->utf8
(canonical-sexp->string (canonical-sexp->string
((@@ (guix scripts publish) signed-string) (signed-string unsigned-info))))))
unsigned-info))))))
(format #f "~aSignature: 1;~a;~a~%" (format #f "~aSignature: 1;~a;~a~%"
unsigned-info (gethostname) signature)) unsigned-info (gethostname) signature))
(utf8->string (utf8->string
@ -184,8 +183,7 @@ (define %gzip-magic-bytes
(signature (base64-encode (signature (base64-encode
(string->utf8 (string->utf8
(canonical-sexp->string (canonical-sexp->string
((@@ (guix scripts publish) signed-string) (signed-string unsigned-info))))))
unsigned-info))))))
(format #f "~aSignature: 1;~a;~a~%" (format #f "~aSignature: 1;~a;~a~%"
unsigned-info (gethostname) signature)) unsigned-info (gethostname) signature))