authenticate: Encode strings as ISO-8859-1.

Fixes <https://bugs.gnu.org/43421>.

* guix/scripts/authenticate.scm (read-command): Decode strings as
ISO-8859-1, not UTF-8.
(guix-authenticate)[send-reply]: Encode strings as ISO-8859-1, not
UTF-8.
* tests/guix-authenticate.sh: Add test.
This commit is contained in:
Ludovic Courtès 2020-09-15 14:24:05 +02:00
parent 1b157bbef0
commit b911d65474
No known key found for this signature in database
GPG key ID: 090B11993D9AEBB5
2 changed files with 14 additions and 3 deletions

View file

@ -31,6 +31,7 @@ (define-module (guix scripts authenticate)
#:use-module (ice-9 rdelim) #:use-module (ice-9 rdelim)
#:use-module (ice-9 match) #:use-module (ice-9 match)
#:use-module (ice-9 vlist) #:use-module (ice-9 vlist)
#:use-module (ice-9 iconv)
#:export (guix-authenticate)) #:export (guix-authenticate))
;;; Commentary: ;;; Commentary:
@ -122,8 +123,9 @@ (define (consume-whitespace port)
(reverse result)) (reverse result))
(else (else
(let* ((len (string->number (read-delimited ":" port))) (let* ((len (string->number (read-delimited ":" port)))
(str (utf8->string (str (bytevector->string
(get-bytevector-n port len)))) (get-bytevector-n port len)
"ISO-8859-1" 'error)))
(loop (cons str result)))))))))) (loop (cons str result))))))))))
(define-syntax define-enumerate-type ;TODO: factorize (define-syntax define-enumerate-type ;TODO: factorize
@ -150,7 +152,7 @@ (define-command (guix-authenticate . args)
(define (send-reply code str) (define (send-reply code str)
;; Send CODE and STR as a reply to our client. ;; Send CODE and STR as a reply to our client.
(let ((bv (string->utf8 str))) (let ((bv (string->bytevector str "ISO-8859-1" 'error)))
(format #t "~a ~a:" code (bytevector-length bv)) (format #t "~a ~a:" code (bytevector-length bv))
(put-bytevector (current-output-port) bv) (put-bytevector (current-output-port) bv)
(force-output (current-output-port)))) (force-output (current-output-port))))

View file

@ -61,6 +61,15 @@ sed -i "$sig" \
code="$(echo "verify $(cat $sig)" | guix authenticate | cut -f1 -d ' ')" code="$(echo "verify $(cat $sig)" | guix authenticate | cut -f1 -d ' ')"
test "$code" -ne 0 test "$code" -ne 0
# Make sure byte strings are correctly encoded. The hash string below is
# "café" repeated 8 times. Libgcrypt would normally choose to write it as a
# string rather than a hex sequence. We want that string to be Latin-1
# encoded independently of the current locale: <https://bugs.gnu.org/43421>.
hash="636166e9636166e9636166e9636166e9636166e9636166e9636166e9636166e9"
latin1_cafe="caf$(printf '\351')"
echo "sign 21:tests/signing-key.sec 64:$hash" | guix authenticate \
| LC_ALL=C grep "hash sha256 \"$latin1_cafe"
# Test for <http://bugs.gnu.org/17312>: make sure 'guix authenticate' produces # Test for <http://bugs.gnu.org/17312>: make sure 'guix authenticate' produces
# valid signatures when run in the C locale. # valid signatures when run in the C locale.
hash="5eff0b55c9c5f5e87b4e34cd60a2d5654ca1eb78c7b3c67c3179fed1cff07b4c" hash="5eff0b55c9c5f5e87b4e34cd60a2d5654ca1eb78c7b3c67c3179fed1cff07b4c"