mirror of
https://git.in.rschanz.org/ryan77627/guix.git
synced 2024-12-24 05:18:07 -05:00
authenticate: Support reading the hash or key from stdin.
* guix/scripts/authenticate.scm (guix-authenticate): Add clauses for ("rsautl" "-sign" "-inkey" key) and ("rsautl" "-verify" "-inkey" _ "-pubin"). * tests/guix-authenticate.sh (hash): Add test using -sign and -verify in a pipeline.
This commit is contained in:
parent
9dbe6e43ea
commit
9b0a2233db
2 changed files with 20 additions and 1 deletions
|
@ -90,14 +90,22 @@ (define (validate-signature port)
|
|||
|
||||
(define (guix-authenticate . args)
|
||||
(match args
|
||||
;; As invoked by guix-daemon.
|
||||
(("rsautl" "-sign" "-inkey" key "-in" hash-file)
|
||||
(call-with-input-file hash-file
|
||||
(lambda (port)
|
||||
(sign-with-key key port))))
|
||||
;; As invoked by Nix/Crypto.pm (used by Hydra.)
|
||||
(("rsautl" "-sign" "-inkey" key)
|
||||
(sign-with-key key (current-input-port)))
|
||||
;; As invoked by guix-daemon.
|
||||
(("rsautl" "-verify" "-inkey" _ "-pubin" "-in" signature-file)
|
||||
(call-with-input-file signature-file
|
||||
(lambda (port)
|
||||
(validate-signature port))))
|
||||
;; As invoked by Nix/Crypto.pm (used by Hydra.)
|
||||
(("rsautl" "-verify" "-inkey" _ "-pubin")
|
||||
(validate-signature (current-input-port)))
|
||||
(("--help")
|
||||
(display (_ "Usage: guix authenticate OPTION...
|
||||
Sign or verify the signature on the given file. This tool is meant to
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
# GNU Guix --- Functional package management for GNU
|
||||
# Copyright © 2013 Ludovic Courtès <ludo@gnu.org>
|
||||
# Copyright © 2013, 2014 Ludovic Courtès <ludo@gnu.org>
|
||||
#
|
||||
# This file is part of GNU Guix.
|
||||
#
|
||||
|
@ -42,6 +42,17 @@ hash2="`guix authenticate rsautl -verify \
|
|||
-pubin -in $sig`"
|
||||
test "$hash2" = `cat "$hash"`
|
||||
|
||||
# Same thing in a pipeline, using the command line syntax that Nix/Crypto.pm
|
||||
# uses.
|
||||
hash2="` \
|
||||
cat "$hash" \
|
||||
| guix authenticate rsautl -sign \
|
||||
-inkey "$abs_top_srcdir/tests/signing-key.sec" \
|
||||
| guix authenticate rsautl -verify \
|
||||
-inkey $abs_top_srcdir/tests/signing-key.pub \
|
||||
-pubin`"
|
||||
test "$hash2" = `cat "$hash"`
|
||||
|
||||
# Detect corrupt signatures.
|
||||
if guix authenticate rsautl -verify \
|
||||
-inkey "$abs_top_srcdir/tests/signing-key.pub" \
|
||||
|
|
Loading…
Reference in a new issue