mirror of
https://git.in.rschanz.org/ryan77627/guix.git
synced 2025-01-12 06:06:53 -05:00
authenticate: Encode strings as ISO-8859-1.
Fixes <https://bugs.gnu.org/43421>. * guix/scripts/authenticate.scm (read-command): Decode strings as ISO-8859-1, not UTF-8. (guix-authenticate)[send-reply]: Encode strings as ISO-8859-1, not UTF-8. * tests/guix-authenticate.sh: Add test.
This commit is contained in:
parent
1b157bbef0
commit
b911d65474
2 changed files with 14 additions and 3 deletions
|
@ -31,6 +31,7 @@ (define-module (guix scripts authenticate)
|
||||||
#:use-module (ice-9 rdelim)
|
#:use-module (ice-9 rdelim)
|
||||||
#:use-module (ice-9 match)
|
#:use-module (ice-9 match)
|
||||||
#:use-module (ice-9 vlist)
|
#:use-module (ice-9 vlist)
|
||||||
|
#:use-module (ice-9 iconv)
|
||||||
#:export (guix-authenticate))
|
#:export (guix-authenticate))
|
||||||
|
|
||||||
;;; Commentary:
|
;;; Commentary:
|
||||||
|
@ -122,8 +123,9 @@ (define (consume-whitespace port)
|
||||||
(reverse result))
|
(reverse result))
|
||||||
(else
|
(else
|
||||||
(let* ((len (string->number (read-delimited ":" port)))
|
(let* ((len (string->number (read-delimited ":" port)))
|
||||||
(str (utf8->string
|
(str (bytevector->string
|
||||||
(get-bytevector-n port len))))
|
(get-bytevector-n port len)
|
||||||
|
"ISO-8859-1" 'error)))
|
||||||
(loop (cons str result))))))))))
|
(loop (cons str result))))))))))
|
||||||
|
|
||||||
(define-syntax define-enumerate-type ;TODO: factorize
|
(define-syntax define-enumerate-type ;TODO: factorize
|
||||||
|
@ -150,7 +152,7 @@ (define-command (guix-authenticate . args)
|
||||||
|
|
||||||
(define (send-reply code str)
|
(define (send-reply code str)
|
||||||
;; Send CODE and STR as a reply to our client.
|
;; Send CODE and STR as a reply to our client.
|
||||||
(let ((bv (string->utf8 str)))
|
(let ((bv (string->bytevector str "ISO-8859-1" 'error)))
|
||||||
(format #t "~a ~a:" code (bytevector-length bv))
|
(format #t "~a ~a:" code (bytevector-length bv))
|
||||||
(put-bytevector (current-output-port) bv)
|
(put-bytevector (current-output-port) bv)
|
||||||
(force-output (current-output-port))))
|
(force-output (current-output-port))))
|
||||||
|
|
|
@ -61,6 +61,15 @@ sed -i "$sig" \
|
||||||
code="$(echo "verify $(cat $sig)" | guix authenticate | cut -f1 -d ' ')"
|
code="$(echo "verify $(cat $sig)" | guix authenticate | cut -f1 -d ' ')"
|
||||||
test "$code" -ne 0
|
test "$code" -ne 0
|
||||||
|
|
||||||
|
# Make sure byte strings are correctly encoded. The hash string below is
|
||||||
|
# "café" repeated 8 times. Libgcrypt would normally choose to write it as a
|
||||||
|
# string rather than a hex sequence. We want that string to be Latin-1
|
||||||
|
# encoded independently of the current locale: <https://bugs.gnu.org/43421>.
|
||||||
|
hash="636166e9636166e9636166e9636166e9636166e9636166e9636166e9636166e9"
|
||||||
|
latin1_cafe="caf$(printf '\351')"
|
||||||
|
echo "sign 21:tests/signing-key.sec 64:$hash" | guix authenticate \
|
||||||
|
| LC_ALL=C grep "hash sha256 \"$latin1_cafe"
|
||||||
|
|
||||||
# Test for <http://bugs.gnu.org/17312>: make sure 'guix authenticate' produces
|
# Test for <http://bugs.gnu.org/17312>: make sure 'guix authenticate' produces
|
||||||
# valid signatures when run in the C locale.
|
# valid signatures when run in the C locale.
|
||||||
hash="5eff0b55c9c5f5e87b4e34cd60a2d5654ca1eb78c7b3c67c3179fed1cff07b4c"
|
hash="5eff0b55c9c5f5e87b4e34cd60a2d5654ca1eb78c7b3c67c3179fed1cff07b4c"
|
||||||
|
|
Loading…
Reference in a new issue