authenticate: Support reading the hash or key from stdin.

* guix/scripts/authenticate.scm (guix-authenticate): Add clauses
  for ("rsautl" "-sign" "-inkey" key) and ("rsautl" "-verify" "-inkey" _
  "-pubin").
* tests/guix-authenticate.sh (hash): Add test using -sign and -verify in
  a pipeline.
This commit is contained in:
Ludovic Courtès 2014-03-22 22:46:11 +01:00
parent 9dbe6e43ea
commit 9b0a2233db
2 changed files with 20 additions and 1 deletions

View file

@ -90,14 +90,22 @@ (define (validate-signature port)
(define (guix-authenticate . args)
(match args
;; As invoked by guix-daemon.
(("rsautl" "-sign" "-inkey" key "-in" hash-file)
(call-with-input-file hash-file
(lambda (port)
(sign-with-key key port))))
;; As invoked by Nix/Crypto.pm (used by Hydra.)
(("rsautl" "-sign" "-inkey" key)
(sign-with-key key (current-input-port)))
;; As invoked by guix-daemon.
(("rsautl" "-verify" "-inkey" _ "-pubin" "-in" signature-file)
(call-with-input-file signature-file
(lambda (port)
(validate-signature port))))
;; As invoked by Nix/Crypto.pm (used by Hydra.)
(("rsautl" "-verify" "-inkey" _ "-pubin")
(validate-signature (current-input-port)))
(("--help")
(display (_ "Usage: guix authenticate OPTION...
Sign or verify the signature on the given file. This tool is meant to

View file

@ -1,5 +1,5 @@
# GNU Guix --- Functional package management for GNU
# Copyright © 2013 Ludovic Courtès <ludo@gnu.org>
# Copyright © 2013, 2014 Ludovic Courtès <ludo@gnu.org>
#
# This file is part of GNU Guix.
#
@ -42,6 +42,17 @@ hash2="`guix authenticate rsautl -verify \
-pubin -in $sig`"
test "$hash2" = `cat "$hash"`
# Same thing in a pipeline, using the command line syntax that Nix/Crypto.pm
# uses.
hash2="` \
cat "$hash" \
| guix authenticate rsautl -sign \
-inkey "$abs_top_srcdir/tests/signing-key.sec" \
| guix authenticate rsautl -verify \
-inkey $abs_top_srcdir/tests/signing-key.pub \
-pubin`"
test "$hash2" = `cat "$hash"`
# Detect corrupt signatures.
if guix authenticate rsautl -verify \
-inkey "$abs_top_srcdir/tests/signing-key.pub" \