futurile/guix-play
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
acdbb798d0
guix-play/guix/scripts/authenticate.scm

226 lines
8.7 KiB
Scheme
Raw Normal View History

daemon: Implement signed archive import/export. * guix/scripts/authenticate.scm, nix/scripts/guix-authenticate.in, tests/signing-key.pub, tests/signing-key.sec: New files. * po/POTFILES.in: Add 'guix/scripts/authenticate.scm'. * guix/store.scm (dump-port): New procedure. (process-stderr): Add 'user-port' optional parameter. Handle the %STDERR-WRITE and %STDERR-READ cases as expected. (import-paths, export-path, export-paths): New procedures. * tests/store.scm ("export/import several paths", "import corrupt path"): New tests. * Makefile.am (MODULES): Add 'guix/scripts/authenticate.scm'. (EXTRA_DIST): Add 'tests/signing-key.{pub,sec}'. * daemon.am (libstore_a_CPPFLAGS)[-DNIX_CONF_DIR]: Change 'NIX_CONF_DIR' to .../guix. Change 'OPENSSL_PATH' to 'guix-authenticate'. * config-daemon.ac: Instantiate 'nix/scripts/guix-authenticate'. * nix/nix-daemon/guix-daemon.cc (main): Augment $PATH to include 'settings.nixLibexecDir'. * test-env.in: Export 'NIX_CONF_DIR' and 'NIX_LIBEXEC_DIR'. Populate $NIX_CONF_DIR.
2013-12-20 11:17:42 -05:00
;;; GNU Guix --- Functional package management for GNU
scripts: Use 'define-command' and have 'guix help' use that. This changes 'guix help' to print a short synopsis for each command and to group commands by category. * guix/scripts.scm (synopsis, category): New variables. (define-command-categories, define-command): New macros. (%command-categories): New variable. * guix/ui.scm (<command>): New record type. (source-file-command): New procedure. (command-files): Return absolute file names. (commands): Return a list of <command> records. (show-guix-help)[display-commands, category-predicate]: New procedures. Display commands grouped in three categories. * guix/scripts/archive.scm (guix-archive): Use 'define-command'. * guix/scripts/authenticate.scm (guix-authenticate): Likewise. * guix/scripts/build.scm (guix-build): Likewise. * guix/scripts/challenge.scm (guix-challenge): Likewise. * guix/scripts/container.scm (guix-container): Likewise. * guix/scripts/copy.scm (guix-copy): Likewise. * guix/scripts/deploy.scm (guix-deploy): Likewise. * guix/scripts/describe.scm (guix-describe): Likewise. * guix/scripts/download.scm (guix-download): Likewise. * guix/scripts/edit.scm (guix-edit): Likewise. * guix/scripts/environment.scm (guix-environment): Likewise. * guix/scripts/gc.scm (guix-gc): Likewise. * guix/scripts/git.scm (guix-git): Likewise. * guix/scripts/graph.scm (guix-graph): Likewise. * guix/scripts/hash.scm (guix-hash): Likewise. * guix/scripts/import.scm (guix-import): Likewise. * guix/scripts/install.scm (guix-install): Likewise. * guix/scripts/lint.scm (guix-lint): Likewise. * guix/scripts/offload.scm (guix-offload): Likewise. * guix/scripts/pack.scm (guix-pack): Likewise. * guix/scripts/package.scm (guix-package): Likewise. * guix/scripts/perform-download.scm (guix-perform-download): Likewise. * guix/scripts/processes.scm (guix-processes): Likewise. * guix/scripts/publish.scm (guix-publish): Likewise. * guix/scripts/pull.scm (guix-pull): Likewise. * guix/scripts/refresh.scm (guix-refresh): Likewise. * guix/scripts/remove.scm (guix-remove): Likewise. * guix/scripts/repl.scm (guix-repl): Likewise. * guix/scripts/search.scm (guix-search): Likewise. * guix/scripts/show.scm (guix-show): Likewise. * guix/scripts/size.scm (guix-size): Likewise. * guix/scripts/substitute.scm (guix-substitute): Likewise. * guix/scripts/system.scm (guix-system): Likewise. * guix/scripts/time-machine.scm (guix-time-machine): Likewise. * guix/scripts/upgrade.scm (guix-upgrade): Likewise. * guix/scripts/weather.scm (guix-weather): Likewise.
2020-09-01 16:13:11 -04:00
;;; Copyright © 2013, 2014, 2015, 2016, 2017, 2020 Ludovic Courtès <ludo@gnu.org>
daemon: Implement signed archive import/export. * guix/scripts/authenticate.scm, nix/scripts/guix-authenticate.in, tests/signing-key.pub, tests/signing-key.sec: New files. * po/POTFILES.in: Add 'guix/scripts/authenticate.scm'. * guix/store.scm (dump-port): New procedure. (process-stderr): Add 'user-port' optional parameter. Handle the %STDERR-WRITE and %STDERR-READ cases as expected. (import-paths, export-path, export-paths): New procedures. * tests/store.scm ("export/import several paths", "import corrupt path"): New tests. * Makefile.am (MODULES): Add 'guix/scripts/authenticate.scm'. (EXTRA_DIST): Add 'tests/signing-key.{pub,sec}'. * daemon.am (libstore_a_CPPFLAGS)[-DNIX_CONF_DIR]: Change 'NIX_CONF_DIR' to .../guix. Change 'OPENSSL_PATH' to 'guix-authenticate'. * config-daemon.ac: Instantiate 'nix/scripts/guix-authenticate'. * nix/nix-daemon/guix-daemon.cc (main): Augment $PATH to include 'settings.nixLibexecDir'. * test-env.in: Export 'NIX_CONF_DIR' and 'NIX_LIBEXEC_DIR'. Populate $NIX_CONF_DIR.
2013-12-20 11:17:42 -05:00
;;;
;;; This file is part of GNU Guix.
;;;
;;; GNU Guix is free software; you can redistribute it and/or modify it
;;; under the terms of the GNU General Public License as published by
;;; the Free Software Foundation; either version 3 of the License, or (at
;;; your option) any later version.
;;;
;;; GNU Guix is distributed in the hope that it will be useful, but
;;; WITHOUT ANY WARRANTY; without even the implied warranty of
;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
;;; GNU General Public License for more details.
;;;
;;; You should have received a copy of the GNU General Public License
;;; along with GNU Guix. If not, see <http://www.gnu.org/licenses/>.
(define-module (guix scripts authenticate)
scripts: Use 'define-command' and have 'guix help' use that. This changes 'guix help' to print a short synopsis for each command and to group commands by category. * guix/scripts.scm (synopsis, category): New variables. (define-command-categories, define-command): New macros. (%command-categories): New variable. * guix/ui.scm (<command>): New record type. (source-file-command): New procedure. (command-files): Return absolute file names. (commands): Return a list of <command> records. (show-guix-help)[display-commands, category-predicate]: New procedures. Display commands grouped in three categories. * guix/scripts/archive.scm (guix-archive): Use 'define-command'. * guix/scripts/authenticate.scm (guix-authenticate): Likewise. * guix/scripts/build.scm (guix-build): Likewise. * guix/scripts/challenge.scm (guix-challenge): Likewise. * guix/scripts/container.scm (guix-container): Likewise. * guix/scripts/copy.scm (guix-copy): Likewise. * guix/scripts/deploy.scm (guix-deploy): Likewise. * guix/scripts/describe.scm (guix-describe): Likewise. * guix/scripts/download.scm (guix-download): Likewise. * guix/scripts/edit.scm (guix-edit): Likewise. * guix/scripts/environment.scm (guix-environment): Likewise. * guix/scripts/gc.scm (guix-gc): Likewise. * guix/scripts/git.scm (guix-git): Likewise. * guix/scripts/graph.scm (guix-graph): Likewise. * guix/scripts/hash.scm (guix-hash): Likewise. * guix/scripts/import.scm (guix-import): Likewise. * guix/scripts/install.scm (guix-install): Likewise. * guix/scripts/lint.scm (guix-lint): Likewise. * guix/scripts/offload.scm (guix-offload): Likewise. * guix/scripts/pack.scm (guix-pack): Likewise. * guix/scripts/package.scm (guix-package): Likewise. * guix/scripts/perform-download.scm (guix-perform-download): Likewise. * guix/scripts/processes.scm (guix-processes): Likewise. * guix/scripts/publish.scm (guix-publish): Likewise. * guix/scripts/pull.scm (guix-pull): Likewise. * guix/scripts/refresh.scm (guix-refresh): Likewise. * guix/scripts/remove.scm (guix-remove): Likewise. * guix/scripts/repl.scm (guix-repl): Likewise. * guix/scripts/search.scm (guix-search): Likewise. * guix/scripts/show.scm (guix-show): Likewise. * guix/scripts/size.scm (guix-size): Likewise. * guix/scripts/substitute.scm (guix-substitute): Likewise. * guix/scripts/system.scm (guix-system): Likewise. * guix/scripts/time-machine.scm (guix-time-machine): Likewise. * guix/scripts/upgrade.scm (guix-upgrade): Likewise. * guix/scripts/weather.scm (guix-weather): Likewise.
2020-09-01 16:13:11 -04:00
#:use-module (guix scripts)
utils: Move base16 procedures to (guix base16). * guix/utils.scm (bytevector->base16-string, base16-string->bytevector): Move to... * guix/base16.scm: ... here. New file. * tests/utils.scm ("bytevector->base16-string->bytevector"): Move to... * tests/base16.scm: ... here. New file. * Makefile.am (MODULES): Add guix/base16.scm. (SCM_TESTS): Add tests/base16.scm. * build-aux/download.scm, guix/derivations.scm, guix/docker.scm, guix/import/snix.scm, guix/pk-crypto.scm, guix/scripts/authenticate.scm, guix/scripts/download.scm, guix/scripts/hash.scm, guix/store.scm, tests/hash.scm, tests/pk-crypto.scm: Adjust imports accordingly.
2017-03-15 16:54:34 -04:00
#:use-module (guix base16)
Switch to Guile-Gcrypt. This removes (guix hash) and (guix pk-crypto), which now live as part of Guile-Gcrypt (version 0.1.0.) * guix/gcrypt.scm, guix/hash.scm, guix/pk-crypto.scm, tests/hash.scm, tests/pk-crypto.scm: Remove. * configure.ac: Test for Guile-Gcrypt. Remove LIBGCRYPT and LIBGCRYPT_LIBDIR assignments. * m4/guix.m4 (GUIX_ASSERT_LIBGCRYPT_USABLE): Remove. * README: Add Guile-Gcrypt to the dependencies; move libgcrypt as "required unless --disable-daemon". * doc/guix.texi (Requirements): Likewise. * gnu/packages/bash.scm, guix/derivations.scm, guix/docker.scm, guix/git.scm, guix/http-client.scm, guix/import/cpan.scm, guix/import/cran.scm, guix/import/crate.scm, guix/import/elpa.scm, guix/import/gnu.scm, guix/import/hackage.scm, guix/import/texlive.scm, guix/import/utils.scm, guix/nar.scm, guix/pki.scm, guix/scripts/archive.scm, guix/scripts/authenticate.scm, guix/scripts/download.scm, guix/scripts/hash.scm, guix/scripts/pack.scm, guix/scripts/publish.scm, guix/scripts/refresh.scm, guix/scripts/substitute.scm, guix/store.scm, guix/store/deduplication.scm, guix/tests.scm, tests/base32.scm, tests/builders.scm, tests/challenge.scm, tests/cpan.scm, tests/crate.scm, tests/derivations.scm, tests/gem.scm, tests/nar.scm, tests/opam.scm, tests/pki.scm, tests/publish.scm, tests/pypi.scm, tests/store-deduplication.scm, tests/store.scm, tests/substitute.scm: Adjust imports. * gnu/system/vm.scm: Likewise. (guile-sqlite3&co): Rename to... (gcrypt-sqlite3&co): ... this. Add GUILE-GCRYPT. (expression->derivation-in-linux-vm)[config]: Remove. (iso9660-image)[config]: Remove. (qemu-image)[config]: Remove. (system-docker-image)[config]: Remove. * guix/scripts/pack.scm: Adjust imports. (guile-sqlite3&co): Rename to... (gcrypt-sqlite3&co): ... this. Add GUILE-GCRYPT. (self-contained-tarball)[build]: Call 'make-config.scm' without #:libgcrypt argument. (squashfs-image)[libgcrypt]: Remove. [build]: Call 'make-config.scm' without #:libgcrypt. (docker-image)[config, json]: Remove. [build]: Add GUILE-GCRYPT to the extensions Remove (guix config) from the imported modules. * guix/self.scm (specification->package): Remove "libgcrypt", add "guile-gcrypt". (compiled-guix): Remove #:libgcrypt. [guile-gcrypt]: New variable. [dependencies]: Add it. [*core-modules*]: Remove #:libgcrypt from 'make-config.scm' call. Add #:extensions. [*config*]: Remove #:libgcrypt from 'make-config.scm' call. (%dependency-variables): Remove %libgcrypt. (make-config.scm): Remove #:libgcrypt. * build-aux/build-self.scm (guile-gcrypt): New variable. (make-config.scm): Remove #:libgcrypt. (build-program)[fake-gcrypt-hash]: New variable. Add (gcrypt hash) to the imported modules. Adjust load path assignments. * gnu/packages/package-management.scm (guix)[propagated-inputs]: Add GUILE-GCRYPT. [arguments]: In 'wrap-program' phase, add GUILE-GCRYPT to the search path.
2018-08-31 11:07:07 -04:00
#:use-module (gcrypt pk-crypto)
authenticate: Disallow imports signed with unauthorized keys. * guix/scripts/authenticate.scm (signature-sexp): Remove. (guix-authenticate): Upon '-verify', check whether the signature's public key passes 'authorized-key?'.
2013-12-29 09:55:38 -05:00
#:use-module (guix pki)
daemon: Implement signed archive import/export. * guix/scripts/authenticate.scm, nix/scripts/guix-authenticate.in, tests/signing-key.pub, tests/signing-key.sec: New files. * po/POTFILES.in: Add 'guix/scripts/authenticate.scm'. * guix/store.scm (dump-port): New procedure. (process-stderr): Add 'user-port' optional parameter. Handle the %STDERR-WRITE and %STDERR-READ cases as expected. (import-paths, export-path, export-paths): New procedures. * tests/store.scm ("export/import several paths", "import corrupt path"): New tests. * Makefile.am (MODULES): Add 'guix/scripts/authenticate.scm'. (EXTRA_DIST): Add 'tests/signing-key.{pub,sec}'. * daemon.am (libstore_a_CPPFLAGS)[-DNIX_CONF_DIR]: Change 'NIX_CONF_DIR' to .../guix. Change 'OPENSSL_PATH' to 'guix-authenticate'. * config-daemon.ac: Instantiate 'nix/scripts/guix-authenticate'. * nix/nix-daemon/guix-daemon.cc (main): Augment $PATH to include 'settings.nixLibexecDir'. * test-env.in: Export 'NIX_CONF_DIR' and 'NIX_LIBEXEC_DIR'. Populate $NIX_CONF_DIR.
2013-12-20 11:17:42 -05:00
#:use-module (guix ui)
daemon: Spawn 'guix authenticate' once for all. Previously, we'd spawn 'guix authenticate' once for each item that has to be signed (when exporting) or authenticated (when importing). Now, we spawn it once for all and then follow a request/reply protocol. This reduces the wall-clock time of: guix archive --export -r $(guix build coreutils -d) from 30s to 2s. * guix/scripts/authenticate.scm (sign-with-key): Return the signature instead of displaying it. Raise a &formatted-message instead of calling 'leave'. (validate-signature): Likewise. (read-command): New procedure. (define-enumerate-type, reply-code): New macros. (guix-authenticate)[send-reply]: New procedure. Change to read commands from current-input-port. * nix/libstore/local-store.cc (runAuthenticationProgram): Remove. (authenticationAgent, readInteger, readAuthenticateReply): New functions. (signHash, verifySignature): Rewrite in terms of the agent. * tests/store.scm ("import not signed"): Remove 'pk' call. ("import signed by unauthorized key"): Check the error message of C. * tests/guix-authenticate.sh: Rewrite using the new protocol. fixlet
2020-09-11 06:51:36 -04:00
#:use-module (guix diagnostics)
#:use-module (srfi srfi-34)
#:use-module (srfi srfi-35)
authenticate: Cache the ACL and key pairs. In practice we're always using the same key pair, /etc/guix/signing-key.{pub,sec}. Keeping them in cache allows us to avoid redundant I/O and parsing when signing multiple store items in a row. * guix/scripts/authenticate.scm (load-key-pair): New procedure. (sign-with-key): Remove 'key-file' parameter and add 'public-key' and 'secret-key'. Adjust accordingly. (validate-signature): Add 'acl' parameter and pass it to 'authorized-key?'. (guix-authenticate)[call-with-reply]: New procedure. [with-reply]: New macro. Call 'current-acl' upfront and cache its result. Add 'key-pairs' as an argument to 'loop' and use it as a cache of key pairs.
2020-09-11 08:35:07 -04:00
#:use-module (srfi srfi-71)
daemon: Spawn 'guix authenticate' once for all. Previously, we'd spawn 'guix authenticate' once for each item that has to be signed (when exporting) or authenticated (when importing). Now, we spawn it once for all and then follow a request/reply protocol. This reduces the wall-clock time of: guix archive --export -r $(guix build coreutils -d) from 30s to 2s. * guix/scripts/authenticate.scm (sign-with-key): Return the signature instead of displaying it. Raise a &formatted-message instead of calling 'leave'. (validate-signature): Likewise. (read-command): New procedure. (define-enumerate-type, reply-code): New macros. (guix-authenticate)[send-reply]: New procedure. Change to read commands from current-input-port. * nix/libstore/local-store.cc (runAuthenticationProgram): Remove. (authenticationAgent, readInteger, readAuthenticateReply): New functions. (signHash, verifySignature): Rewrite in terms of the agent. * tests/store.scm ("import not signed"): Remove 'pk' call. ("import signed by unauthorized key"): Check the error message of C. * tests/guix-authenticate.sh: Rewrite using the new protocol. fixlet
2020-09-11 06:51:36 -04:00
#:use-module (rnrs bytevectors)
Use (ice-9 binary-ports) instead of (rnrs io ports). This reduces the closure of (guix ui) from 123 to 106 modules. * guix/derivations.scm: Use (ice-9 binary-ports) instead of (rnrs io ports). (map-derivation)[substitute-file]: Use 'read-string' instead of 'get-string-all'. * guix/ftp-client.scm: Likewise. * guix/hash.scm: Likewise. * guix/http-client.scm: Likewise. * guix/pki.scm (ensure-acl, current-acl): Likewise. * guix/scripts/archive.scm (authorize-key)[read-key]: Likewise. * guix/scripts/authenticate.scm (read-canonical-sexp) (read-hash-data): Likewise. * guix/scripts/download.scm: Likewise. * guix/scripts/offload.scm (register-gc-root, remove-gc-roots) (send-files): Likewise. * guix/scripts/publish.scm (lazy-read-file-sexp): Likewise. * guix/scripts/refresh.scm: Likewise. * guix/scripts/substitute.scm (check-acl-initialized): Likewise. * guix/serialization.scm (read-maybe-utf8-string): Likewise. * guix/scripts/hash.scm (guix-hash): Use 'force-output' instead of 'flush-output-port'. * guix/store.scm (process-stderr): Likewise. * guix/tests.scm: Likewise. * guix/utils.scm: Use (ice-9 binary-ports) and autoload (rnrs io ports) for 'make-custom-binary-input-port'.
2016-10-19 08:28:56 -04:00
#:use-module (ice-9 binary-ports)
#:use-module (ice-9 rdelim)
daemon: Implement signed archive import/export. * guix/scripts/authenticate.scm, nix/scripts/guix-authenticate.in, tests/signing-key.pub, tests/signing-key.sec: New files. * po/POTFILES.in: Add 'guix/scripts/authenticate.scm'. * guix/store.scm (dump-port): New procedure. (process-stderr): Add 'user-port' optional parameter. Handle the %STDERR-WRITE and %STDERR-READ cases as expected. (import-paths, export-path, export-paths): New procedures. * tests/store.scm ("export/import several paths", "import corrupt path"): New tests. * Makefile.am (MODULES): Add 'guix/scripts/authenticate.scm'. (EXTRA_DIST): Add 'tests/signing-key.{pub,sec}'. * daemon.am (libstore_a_CPPFLAGS)[-DNIX_CONF_DIR]: Change 'NIX_CONF_DIR' to .../guix. Change 'OPENSSL_PATH' to 'guix-authenticate'. * config-daemon.ac: Instantiate 'nix/scripts/guix-authenticate'. * nix/nix-daemon/guix-daemon.cc (main): Augment $PATH to include 'settings.nixLibexecDir'. * test-env.in: Export 'NIX_CONF_DIR' and 'NIX_LIBEXEC_DIR'. Populate $NIX_CONF_DIR.
2013-12-20 11:17:42 -05:00
#:use-module (ice-9 match)
authenticate: Cache the ACL and key pairs. In practice we're always using the same key pair, /etc/guix/signing-key.{pub,sec}. Keeping them in cache allows us to avoid redundant I/O and parsing when signing multiple store items in a row. * guix/scripts/authenticate.scm (load-key-pair): New procedure. (sign-with-key): Remove 'key-file' parameter and add 'public-key' and 'secret-key'. Adjust accordingly. (validate-signature): Add 'acl' parameter and pass it to 'authorized-key?'. (guix-authenticate)[call-with-reply]: New procedure. [with-reply]: New macro. Call 'current-acl' upfront and cache its result. Add 'key-pairs' as an argument to 'loop' and use it as a cache of key pairs.
2020-09-11 08:35:07 -04:00
#:use-module (ice-9 vlist)
authenticate: Encode strings as ISO-8859-1. Fixes <https://bugs.gnu.org/43421>. * guix/scripts/authenticate.scm (read-command): Decode strings as ISO-8859-1, not UTF-8. (guix-authenticate)[send-reply]: Encode strings as ISO-8859-1, not UTF-8. * tests/guix-authenticate.sh: Add test.
2020-09-15 08:24:05 -04:00
#:use-module (ice-9 iconv)
daemon: Implement signed archive import/export. * guix/scripts/authenticate.scm, nix/scripts/guix-authenticate.in, tests/signing-key.pub, tests/signing-key.sec: New files. * po/POTFILES.in: Add 'guix/scripts/authenticate.scm'. * guix/store.scm (dump-port): New procedure. (process-stderr): Add 'user-port' optional parameter. Handle the %STDERR-WRITE and %STDERR-READ cases as expected. (import-paths, export-path, export-paths): New procedures. * tests/store.scm ("export/import several paths", "import corrupt path"): New tests. * Makefile.am (MODULES): Add 'guix/scripts/authenticate.scm'. (EXTRA_DIST): Add 'tests/signing-key.{pub,sec}'. * daemon.am (libstore_a_CPPFLAGS)[-DNIX_CONF_DIR]: Change 'NIX_CONF_DIR' to .../guix. Change 'OPENSSL_PATH' to 'guix-authenticate'. * config-daemon.ac: Instantiate 'nix/scripts/guix-authenticate'. * nix/nix-daemon/guix-daemon.cc (main): Augment $PATH to include 'settings.nixLibexecDir'. * test-env.in: Export 'NIX_CONF_DIR' and 'NIX_LIBEXEC_DIR'. Populate $NIX_CONF_DIR.
2013-12-20 11:17:42 -05:00
#:export (guix-authenticate))
;;; Commentary:
;;;
;;; This program is used internally by the daemon to sign exported archive
;;; (the 'export-paths' RPC), and to authenticate imported archives (the
;;; 'import-paths' RPC.)
;;;
;;; Code:
authenticate: Move actual work to separate procedures. * guix/scripts/authenticate.scm (read-canonical-sexp): Change to expect a port instead of a file name. (read-hash-data): Likewise. (sign-with-key, validate-signature): New procedures. (guix-authenticate): Rewrite in terms of these two procedures.
2014-03-22 17:38:23 -04:00
(define read-canonical-sexp
;; Read a gcrypt sexp from a port and return it.
Use (ice-9 binary-ports) instead of (rnrs io ports). This reduces the closure of (guix ui) from 123 to 106 modules. * guix/derivations.scm: Use (ice-9 binary-ports) instead of (rnrs io ports). (map-derivation)[substitute-file]: Use 'read-string' instead of 'get-string-all'. * guix/ftp-client.scm: Likewise. * guix/hash.scm: Likewise. * guix/http-client.scm: Likewise. * guix/pki.scm (ensure-acl, current-acl): Likewise. * guix/scripts/archive.scm (authorize-key)[read-key]: Likewise. * guix/scripts/authenticate.scm (read-canonical-sexp) (read-hash-data): Likewise. * guix/scripts/download.scm: Likewise. * guix/scripts/offload.scm (register-gc-root, remove-gc-roots) (send-files): Likewise. * guix/scripts/publish.scm (lazy-read-file-sexp): Likewise. * guix/scripts/refresh.scm: Likewise. * guix/scripts/substitute.scm (check-acl-initialized): Likewise. * guix/serialization.scm (read-maybe-utf8-string): Likewise. * guix/scripts/hash.scm (guix-hash): Use 'force-output' instead of 'flush-output-port'. * guix/store.scm (process-stderr): Likewise. * guix/tests.scm: Likewise. * guix/utils.scm: Use (ice-9 binary-ports) and autoload (rnrs io ports) for 'make-custom-binary-input-port'.
2016-10-19 08:28:56 -04:00
(compose string->canonical-sexp read-string))
daemon: Implement signed archive import/export. * guix/scripts/authenticate.scm, nix/scripts/guix-authenticate.in, tests/signing-key.pub, tests/signing-key.sec: New files. * po/POTFILES.in: Add 'guix/scripts/authenticate.scm'. * guix/store.scm (dump-port): New procedure. (process-stderr): Add 'user-port' optional parameter. Handle the %STDERR-WRITE and %STDERR-READ cases as expected. (import-paths, export-path, export-paths): New procedures. * tests/store.scm ("export/import several paths", "import corrupt path"): New tests. * Makefile.am (MODULES): Add 'guix/scripts/authenticate.scm'. (EXTRA_DIST): Add 'tests/signing-key.{pub,sec}'. * daemon.am (libstore_a_CPPFLAGS)[-DNIX_CONF_DIR]: Change 'NIX_CONF_DIR' to .../guix. Change 'OPENSSL_PATH' to 'guix-authenticate'. * config-daemon.ac: Instantiate 'nix/scripts/guix-authenticate'. * nix/nix-daemon/guix-daemon.cc (main): Augment $PATH to include 'settings.nixLibexecDir'. * test-env.in: Export 'NIX_CONF_DIR' and 'NIX_LIBEXEC_DIR'. Populate $NIX_CONF_DIR.
2013-12-20 11:17:42 -05:00
authenticate: Cache the ACL and key pairs. In practice we're always using the same key pair, /etc/guix/signing-key.{pub,sec}. Keeping them in cache allows us to avoid redundant I/O and parsing when signing multiple store items in a row. * guix/scripts/authenticate.scm (load-key-pair): New procedure. (sign-with-key): Remove 'key-file' parameter and add 'public-key' and 'secret-key'. Adjust accordingly. (validate-signature): Add 'acl' parameter and pass it to 'authorized-key?'. (guix-authenticate)[call-with-reply]: New procedure. [with-reply]: New macro. Call 'current-acl' upfront and cache its result. Add 'key-pairs' as an argument to 'loop' and use it as a cache of key pairs.
2020-09-11 08:35:07 -04:00
(define (load-key-pair key-file)
"Load the key pair whose secret key lives at KEY-FILE. Return a pair of
canonical sexps representing those keys."
(catch 'system-error
(lambda ()
(let* ((secret-key (call-with-input-file key-file read-canonical-sexp))
(public-key (call-with-input-file
authenticate: Move actual work to separate procedures. * guix/scripts/authenticate.scm (read-canonical-sexp): Change to expect a port instead of a file name. (read-hash-data): Likewise. (sign-with-key, validate-signature): New procedures. (guix-authenticate): Rewrite in terms of these two procedures.
2014-03-22 17:38:23 -04:00
(string-append (string-drop-right key-file 4)
".pub")
authenticate: Cache the ACL and key pairs. In practice we're always using the same key pair, /etc/guix/signing-key.{pub,sec}. Keeping them in cache allows us to avoid redundant I/O and parsing when signing multiple store items in a row. * guix/scripts/authenticate.scm (load-key-pair): New procedure. (sign-with-key): Remove 'key-file' parameter and add 'public-key' and 'secret-key'. Adjust accordingly. (validate-signature): Add 'acl' parameter and pass it to 'authorized-key?'. (guix-authenticate)[call-with-reply]: New procedure. [with-reply]: New macro. Call 'current-acl' upfront and cache its result. Add 'key-pairs' as an argument to 'loop' and use it as a cache of key pairs.
2020-09-11 08:35:07 -04:00
read-canonical-sexp)))
(cons public-key secret-key)))
(lambda args
(let ((errno (system-error-errno args)))
(raise
(formatted-message
(G_ "failed to load key pair at '~a': ~a~%")
key-file (strerror errno)))))))
(define (sign-with-key public-key secret-key sha256)
"Sign the hash SHA256 (a bytevector) with SECRET-KEY (a canonical sexp), and
return the signature as a canonical sexp that includes SHA256, PUBLIC-KEY, and
the actual signature."
(let ((data (bytevector->hash-data sha256
#:key-type (key-type public-key))))
(signature-sexp data secret-key public-key)))
(define (validate-signature signature acl)
daemon: Simplify interface with 'guix authenticate'. There's no reason at this point to mimic the calling convention of the 'openssl' command. * nix/libstore/local-store.cc (LocalStore::exportPath): Add only "sign" and HASH to ARGS. Remove 'tmpDir' and 'hashFile'. (LocalStore::importPath): Add only "verify" and SIGNATURE to * guix/scripts/authenticate.scm (guix-authenticate): Adjust accordingly; remove the OpenSSL-style clauses. (read-hash-data): Remove. (sign-with-key): Replace 'port' with 'sha256' and adjust accordingly. (validate-signature): Export SIGNATURE to be a canonical sexp. * tests/guix-authenticate.sh: Adjust tests accordingly.
2020-09-08 09:00:29 -04:00
"Validate SIGNATURE, a canonical sexp. Check whether its public key is
authenticate: Cache the ACL and key pairs. In practice we're always using the same key pair, /etc/guix/signing-key.{pub,sec}. Keeping them in cache allows us to avoid redundant I/O and parsing when signing multiple store items in a row. * guix/scripts/authenticate.scm (load-key-pair): New procedure. (sign-with-key): Remove 'key-file' parameter and add 'public-key' and 'secret-key'. Adjust accordingly. (validate-signature): Add 'acl' parameter and pass it to 'authorized-key?'. (guix-authenticate)[call-with-reply]: New procedure. [with-reply]: New macro. Call 'current-acl' upfront and cache its result. Add 'key-pairs' as an argument to 'loop' and use it as a cache of key pairs.
2020-09-11 08:35:07 -04:00
authorized in ACL, verify the signature, and return the signed data (a
bytevector) upon success."
daemon: Simplify interface with 'guix authenticate'. There's no reason at this point to mimic the calling convention of the 'openssl' command. * nix/libstore/local-store.cc (LocalStore::exportPath): Add only "sign" and HASH to ARGS. Remove 'tmpDir' and 'hashFile'. (LocalStore::importPath): Add only "verify" and SIGNATURE to * guix/scripts/authenticate.scm (guix-authenticate): Adjust accordingly; remove the OpenSSL-style clauses. (read-hash-data): Remove. (sign-with-key): Replace 'port' with 'sha256' and adjust accordingly. (validate-signature): Export SIGNATURE to be a canonical sexp. * tests/guix-authenticate.sh: Adjust tests accordingly.
2020-09-08 09:00:29 -04:00
(let* ((subject (signature-subject signature))
(data (signature-signed-data signature)))
authenticate: Move actual work to separate procedures. * guix/scripts/authenticate.scm (read-canonical-sexp): Change to expect a port instead of a file name. (read-hash-data): Likewise. (sign-with-key, validate-signature): New procedures. (guix-authenticate): Rewrite in terms of these two procedures.
2014-03-22 17:38:23 -04:00
(if (and data subject)
authenticate: Cache the ACL and key pairs. In practice we're always using the same key pair, /etc/guix/signing-key.{pub,sec}. Keeping them in cache allows us to avoid redundant I/O and parsing when signing multiple store items in a row. * guix/scripts/authenticate.scm (load-key-pair): New procedure. (sign-with-key): Remove 'key-file' parameter and add 'public-key' and 'secret-key'. Adjust accordingly. (validate-signature): Add 'acl' parameter and pass it to 'authorized-key?'. (guix-authenticate)[call-with-reply]: New procedure. [with-reply]: New macro. Call 'current-acl' upfront and cache its result. Add 'key-pairs' as an argument to 'loop' and use it as a cache of key pairs.
2020-09-11 08:35:07 -04:00
(if (authorized-key? subject acl)
authenticate: Move actual work to separate procedures. * guix/scripts/authenticate.scm (read-canonical-sexp): Change to expect a port instead of a file name. (read-hash-data): Likewise. (sign-with-key, validate-signature): New procedures. (guix-authenticate): Rewrite in terms of these two procedures.
2014-03-22 17:38:23 -04:00
(if (valid-signature? signature)
daemon: Spawn 'guix authenticate' once for all. Previously, we'd spawn 'guix authenticate' once for each item that has to be signed (when exporting) or authenticated (when importing). Now, we spawn it once for all and then follow a request/reply protocol. This reduces the wall-clock time of: guix archive --export -r $(guix build coreutils -d) from 30s to 2s. * guix/scripts/authenticate.scm (sign-with-key): Return the signature instead of displaying it. Raise a &formatted-message instead of calling 'leave'. (validate-signature): Likewise. (read-command): New procedure. (define-enumerate-type, reply-code): New macros. (guix-authenticate)[send-reply]: New procedure. Change to read commands from current-input-port. * nix/libstore/local-store.cc (runAuthenticationProgram): Remove. (authenticationAgent, readInteger, readAuthenticateReply): New functions. (signHash, verifySignature): Rewrite in terms of the agent. * tests/store.scm ("import not signed"): Remove 'pk' call. ("import signed by unauthorized key"): Check the error message of C. * tests/guix-authenticate.sh: Rewrite using the new protocol. fixlet
2020-09-11 06:51:36 -04:00
(hash-data->bytevector data) ; success
(raise
(formatted-message (G_ "invalid signature: ~a")
(canonical-sexp->string signature))))
(raise
(formatted-message (G_ "unauthorized public key: ~a")
(canonical-sexp->string subject))))
(raise
(formatted-message (G_ "corrupt signature data: ~a")
(canonical-sexp->string signature))))))
(define (read-command port)
"Read a command from PORT and return the command and arguments as a list of
strings. Return the empty list when the end-of-file is reached.
Commands are newline-terminated and must look something like this:
COMMAND 3:abc 5:abcde 1:x
where COMMAND is an alphanumeric sequence and the remainder is the command
arguments. Each argument is written as its length (in characters), followed
by colon, followed by the given number of characters."
(define (consume-whitespace port)
(let ((chr (lookahead-u8 port)))
(when (eqv? chr (char->integer #\space))
(get-u8 port)
(consume-whitespace port))))
(match (read-delimited " \t\n\r" port)
((? eof-object?)
'())
(command
(let loop ((result (list command)))
(consume-whitespace port)
(let ((next (lookahead-u8 port)))
(cond ((eqv? next (char->integer #\newline))
(get-u8 port)
(reverse result))
((eof-object? next)
(reverse result))
(else
(let* ((len (string->number (read-delimited ":" port)))
authenticate: Encode strings as ISO-8859-1. Fixes <https://bugs.gnu.org/43421>. * guix/scripts/authenticate.scm (read-command): Decode strings as ISO-8859-1, not UTF-8. (guix-authenticate)[send-reply]: Encode strings as ISO-8859-1, not UTF-8. * tests/guix-authenticate.sh: Add test.
2020-09-15 08:24:05 -04:00
(str (bytevector->string
(get-bytevector-n port len)
"ISO-8859-1" 'error)))
daemon: Spawn 'guix authenticate' once for all. Previously, we'd spawn 'guix authenticate' once for each item that has to be signed (when exporting) or authenticated (when importing). Now, we spawn it once for all and then follow a request/reply protocol. This reduces the wall-clock time of: guix archive --export -r $(guix build coreutils -d) from 30s to 2s. * guix/scripts/authenticate.scm (sign-with-key): Return the signature instead of displaying it. Raise a &formatted-message instead of calling 'leave'. (validate-signature): Likewise. (read-command): New procedure. (define-enumerate-type, reply-code): New macros. (guix-authenticate)[send-reply]: New procedure. Change to read commands from current-input-port. * nix/libstore/local-store.cc (runAuthenticationProgram): Remove. (authenticationAgent, readInteger, readAuthenticateReply): New functions. (signHash, verifySignature): Rewrite in terms of the agent. * tests/store.scm ("import not signed"): Remove 'pk' call. ("import signed by unauthorized key"): Check the error message of C. * tests/guix-authenticate.sh: Rewrite using the new protocol. fixlet
2020-09-11 06:51:36 -04:00
(loop (cons str result))))))))))
(define-syntax define-enumerate-type ;TODO: factorize
(syntax-rules ()
((_ name->int (name id) ...)
(define-syntax name->int
(syntax-rules (name ...)
((_ name) id) ...)))))
;; Codes used when reply to requests.
(define-enumerate-type reply-code
(success 0)
(command-not-found 404)
(command-failed 500))
authenticate: Add compatibility hack for Guile 2.0.5. * guix/scripts/authenticate.scm (%default-port-conversion-strategy): New variable. Reported by Andreas Enge <andreas@enge.fr>.
2014-05-16 04:22:19 -04:00
daemon: Implement signed archive import/export. * guix/scripts/authenticate.scm, nix/scripts/guix-authenticate.in, tests/signing-key.pub, tests/signing-key.sec: New files. * po/POTFILES.in: Add 'guix/scripts/authenticate.scm'. * guix/store.scm (dump-port): New procedure. (process-stderr): Add 'user-port' optional parameter. Handle the %STDERR-WRITE and %STDERR-READ cases as expected. (import-paths, export-path, export-paths): New procedures. * tests/store.scm ("export/import several paths", "import corrupt path"): New tests. * Makefile.am (MODULES): Add 'guix/scripts/authenticate.scm'. (EXTRA_DIST): Add 'tests/signing-key.{pub,sec}'. * daemon.am (libstore_a_CPPFLAGS)[-DNIX_CONF_DIR]: Change 'NIX_CONF_DIR' to .../guix. Change 'OPENSSL_PATH' to 'guix-authenticate'. * config-daemon.ac: Instantiate 'nix/scripts/guix-authenticate'. * nix/nix-daemon/guix-daemon.cc (main): Augment $PATH to include 'settings.nixLibexecDir'. * test-env.in: Export 'NIX_CONF_DIR' and 'NIX_LIBEXEC_DIR'. Populate $NIX_CONF_DIR.
2013-12-20 11:17:42 -05:00
;;;
daemon: Simplify interface with 'guix authenticate'. There's no reason at this point to mimic the calling convention of the 'openssl' command. * nix/libstore/local-store.cc (LocalStore::exportPath): Add only "sign" and HASH to ARGS. Remove 'tmpDir' and 'hashFile'. (LocalStore::importPath): Add only "verify" and SIGNATURE to * guix/scripts/authenticate.scm (guix-authenticate): Adjust accordingly; remove the OpenSSL-style clauses. (read-hash-data): Remove. (sign-with-key): Replace 'port' with 'sha256' and adjust accordingly. (validate-signature): Export SIGNATURE to be a canonical sexp. * tests/guix-authenticate.sh: Adjust tests accordingly.
2020-09-08 09:00:29 -04:00
;;; Entry point.
daemon: Implement signed archive import/export. * guix/scripts/authenticate.scm, nix/scripts/guix-authenticate.in, tests/signing-key.pub, tests/signing-key.sec: New files. * po/POTFILES.in: Add 'guix/scripts/authenticate.scm'. * guix/store.scm (dump-port): New procedure. (process-stderr): Add 'user-port' optional parameter. Handle the %STDERR-WRITE and %STDERR-READ cases as expected. (import-paths, export-path, export-paths): New procedures. * tests/store.scm ("export/import several paths", "import corrupt path"): New tests. * Makefile.am (MODULES): Add 'guix/scripts/authenticate.scm'. (EXTRA_DIST): Add 'tests/signing-key.{pub,sec}'. * daemon.am (libstore_a_CPPFLAGS)[-DNIX_CONF_DIR]: Change 'NIX_CONF_DIR' to .../guix. Change 'OPENSSL_PATH' to 'guix-authenticate'. * config-daemon.ac: Instantiate 'nix/scripts/guix-authenticate'. * nix/nix-daemon/guix-daemon.cc (main): Augment $PATH to include 'settings.nixLibexecDir'. * test-env.in: Export 'NIX_CONF_DIR' and 'NIX_LIBEXEC_DIR'. Populate $NIX_CONF_DIR.
2013-12-20 11:17:42 -05:00
;;;
scripts: Use 'define-command' and have 'guix help' use that. This changes 'guix help' to print a short synopsis for each command and to group commands by category. * guix/scripts.scm (synopsis, category): New variables. (define-command-categories, define-command): New macros. (%command-categories): New variable. * guix/ui.scm (<command>): New record type. (source-file-command): New procedure. (command-files): Return absolute file names. (commands): Return a list of <command> records. (show-guix-help)[display-commands, category-predicate]: New procedures. Display commands grouped in three categories. * guix/scripts/archive.scm (guix-archive): Use 'define-command'. * guix/scripts/authenticate.scm (guix-authenticate): Likewise. * guix/scripts/build.scm (guix-build): Likewise. * guix/scripts/challenge.scm (guix-challenge): Likewise. * guix/scripts/container.scm (guix-container): Likewise. * guix/scripts/copy.scm (guix-copy): Likewise. * guix/scripts/deploy.scm (guix-deploy): Likewise. * guix/scripts/describe.scm (guix-describe): Likewise. * guix/scripts/download.scm (guix-download): Likewise. * guix/scripts/edit.scm (guix-edit): Likewise. * guix/scripts/environment.scm (guix-environment): Likewise. * guix/scripts/gc.scm (guix-gc): Likewise. * guix/scripts/git.scm (guix-git): Likewise. * guix/scripts/graph.scm (guix-graph): Likewise. * guix/scripts/hash.scm (guix-hash): Likewise. * guix/scripts/import.scm (guix-import): Likewise. * guix/scripts/install.scm (guix-install): Likewise. * guix/scripts/lint.scm (guix-lint): Likewise. * guix/scripts/offload.scm (guix-offload): Likewise. * guix/scripts/pack.scm (guix-pack): Likewise. * guix/scripts/package.scm (guix-package): Likewise. * guix/scripts/perform-download.scm (guix-perform-download): Likewise. * guix/scripts/processes.scm (guix-processes): Likewise. * guix/scripts/publish.scm (guix-publish): Likewise. * guix/scripts/pull.scm (guix-pull): Likewise. * guix/scripts/refresh.scm (guix-refresh): Likewise. * guix/scripts/remove.scm (guix-remove): Likewise. * guix/scripts/repl.scm (guix-repl): Likewise. * guix/scripts/search.scm (guix-search): Likewise. * guix/scripts/show.scm (guix-show): Likewise. * guix/scripts/size.scm (guix-size): Likewise. * guix/scripts/substitute.scm (guix-substitute): Likewise. * guix/scripts/system.scm (guix-system): Likewise. * guix/scripts/time-machine.scm (guix-time-machine): Likewise. * guix/scripts/upgrade.scm (guix-upgrade): Likewise. * guix/scripts/weather.scm (guix-weather): Likewise.
2020-09-01 16:13:11 -04:00
(define-command (guix-authenticate . args)
(category internal)
(synopsis "sign or verify signatures on normalized archives (nars)")
daemon: Spawn 'guix authenticate' once for all. Previously, we'd spawn 'guix authenticate' once for each item that has to be signed (when exporting) or authenticated (when importing). Now, we spawn it once for all and then follow a request/reply protocol. This reduces the wall-clock time of: guix archive --export -r $(guix build coreutils -d) from 30s to 2s. * guix/scripts/authenticate.scm (sign-with-key): Return the signature instead of displaying it. Raise a &formatted-message instead of calling 'leave'. (validate-signature): Likewise. (read-command): New procedure. (define-enumerate-type, reply-code): New macros. (guix-authenticate)[send-reply]: New procedure. Change to read commands from current-input-port. * nix/libstore/local-store.cc (runAuthenticationProgram): Remove. (authenticationAgent, readInteger, readAuthenticateReply): New functions. (signHash, verifySignature): Rewrite in terms of the agent. * tests/store.scm ("import not signed"): Remove 'pk' call. ("import signed by unauthorized key"): Check the error message of C. * tests/guix-authenticate.sh: Rewrite using the new protocol. fixlet
2020-09-11 06:51:36 -04:00
(define (send-reply code str)
;; Send CODE and STR as a reply to our client.
authenticate: Encode strings as ISO-8859-1. Fixes <https://bugs.gnu.org/43421>. * guix/scripts/authenticate.scm (read-command): Decode strings as ISO-8859-1, not UTF-8. (guix-authenticate)[send-reply]: Encode strings as ISO-8859-1, not UTF-8. * tests/guix-authenticate.sh: Add test.
2020-09-15 08:24:05 -04:00
(let ((bv (string->bytevector str "ISO-8859-1" 'error)))
daemon: Spawn 'guix authenticate' once for all. Previously, we'd spawn 'guix authenticate' once for each item that has to be signed (when exporting) or authenticated (when importing). Now, we spawn it once for all and then follow a request/reply protocol. This reduces the wall-clock time of: guix archive --export -r $(guix build coreutils -d) from 30s to 2s. * guix/scripts/authenticate.scm (sign-with-key): Return the signature instead of displaying it. Raise a &formatted-message instead of calling 'leave'. (validate-signature): Likewise. (read-command): New procedure. (define-enumerate-type, reply-code): New macros. (guix-authenticate)[send-reply]: New procedure. Change to read commands from current-input-port. * nix/libstore/local-store.cc (runAuthenticationProgram): Remove. (authenticationAgent, readInteger, readAuthenticateReply): New functions. (signHash, verifySignature): Rewrite in terms of the agent. * tests/store.scm ("import not signed"): Remove 'pk' call. ("import signed by unauthorized key"): Check the error message of C. * tests/guix-authenticate.sh: Rewrite using the new protocol. fixlet
2020-09-11 06:51:36 -04:00
(format #t "~a ~a:" code (bytevector-length bv))
(put-bytevector (current-output-port) bv)
(force-output (current-output-port))))
authenticate: Cache the ACL and key pairs. In practice we're always using the same key pair, /etc/guix/signing-key.{pub,sec}. Keeping them in cache allows us to avoid redundant I/O and parsing when signing multiple store items in a row. * guix/scripts/authenticate.scm (load-key-pair): New procedure. (sign-with-key): Remove 'key-file' parameter and add 'public-key' and 'secret-key'. Adjust accordingly. (validate-signature): Add 'acl' parameter and pass it to 'authorized-key?'. (guix-authenticate)[call-with-reply]: New procedure. [with-reply]: New macro. Call 'current-acl' upfront and cache its result. Add 'key-pairs' as an argument to 'loop' and use it as a cache of key pairs.
2020-09-11 08:35:07 -04:00
(define (call-with-reply thunk)
;; Send a reply for the result of THUNK or for any exception raised during
;; its execution.
(guard (c ((formatted-message? c)
(send-reply (reply-code command-failed)
(apply format #f
(G_ (formatted-message-string c))
(formatted-message-arguments c)))))
(send-reply (reply-code success) (thunk))))
(define-syntax-rule (with-reply exp ...)
(call-with-reply (lambda () exp ...)))
authenticate: Allow signatures with binary data to be written to stdout. Fixes <http://bugs.gnu.org/17312>. * guix/scripts/authenticate.scm (guix-authenticate): Add calls to 'set-port-encoding!' and 'set-port-conversion-strategy!'. Wrap body in 'with-fluids' form that sets '%default-port-encoding' and '%default-port-conversion-strategy'. * tests/guix-authenticate.sh: Add test. * tests/pk-crypto.scm ("hash corrupt due to restrictive locale encoding"): Add reference to bug.
2014-04-22 05:30:51 -04:00
;; Signature sexps written to stdout may contain binary data, so force
;; ISO-8859-1 encoding so that things are not mangled. See
;; <http://bugs.gnu.org/17312> for details.
(set-port-encoding! (current-output-port) "ISO-8859-1")
(set-port-conversion-strategy! (current-output-port) 'error)
;; Same goes for input ports.
(with-fluids ((%default-port-encoding "ISO-8859-1")
(%default-port-conversion-strategy 'error))
(match args
(("--help")
ui: Rename '_' to 'G_'. This avoids collisions with '_' when the latter is used as a 'match' pattern for instance. See <https://lists.gnu.org/archive/html/guix-devel/2017-04/msg00464.html>. * guix/ui.scm: Rename '_' to 'G_'. * po/guix/Makevars (XGETTEXT_OPTIONS): Adjust accordingly. * build-aux/compile-all.scm (warnings): Remove 'format'. * gnu/packages.scm, gnu/services.scm, gnu/services/shepherd.scm, gnu/system.scm, gnu/system/shadow.scm, guix/gnupg.scm, guix/http-client.scm, guix/import/cpan.scm, guix/import/elpa.scm, guix/import/pypi.scm, guix/nar.scm, guix/scripts.scm, guix/scripts/archive.scm, guix/scripts/authenticate.scm, guix/scripts/build.scm, guix/scripts/challenge.scm, guix/scripts/container.scm, guix/scripts/container/exec.scm, guix/scripts/copy.scm, guix/scripts/download.scm, guix/scripts/edit.scm, guix/scripts/environment.scm, guix/scripts/gc.scm, guix/scripts/graph.scm, guix/scripts/hash.scm, guix/scripts/import.scm, guix/scripts/import/cpan.scm, guix/scripts/import/cran.scm, guix/scripts/import/crate.scm, guix/scripts/import/elpa.scm, guix/scripts/import/gem.scm, guix/scripts/import/gnu.scm, guix/scripts/import/hackage.scm, guix/scripts/import/nix.scm, guix/scripts/import/pypi.scm, guix/scripts/import/stackage.scm, guix/scripts/lint.scm, guix/scripts/offload.scm, guix/scripts/pack.scm, guix/scripts/package.scm, guix/scripts/perform-download.scm, guix/scripts/publish.scm, guix/scripts/pull.scm, guix/scripts/refresh.scm, guix/scripts/size.scm, guix/scripts/substitute.scm, guix/scripts/system.scm, guix/ssh.scm, guix/upstream.scm: Use 'G_' instead of '_'. Most of this change was obtained by running: "sed -i -e's/(_ "/(G_ "/g' `find -name \*.scm`".
2017-05-03 09:57:02 -04:00
(display (G_ "Usage: guix authenticate OPTION...
daemon: Spawn 'guix authenticate' once for all. Previously, we'd spawn 'guix authenticate' once for each item that has to be signed (when exporting) or authenticated (when importing). Now, we spawn it once for all and then follow a request/reply protocol. This reduces the wall-clock time of: guix archive --export -r $(guix build coreutils -d) from 30s to 2s. * guix/scripts/authenticate.scm (sign-with-key): Return the signature instead of displaying it. Raise a &formatted-message instead of calling 'leave'. (validate-signature): Likewise. (read-command): New procedure. (define-enumerate-type, reply-code): New macros. (guix-authenticate)[send-reply]: New procedure. Change to read commands from current-input-port. * nix/libstore/local-store.cc (runAuthenticationProgram): Remove. (authenticationAgent, readInteger, readAuthenticateReply): New functions. (signHash, verifySignature): Rewrite in terms of the agent. * tests/store.scm ("import not signed"): Remove 'pk' call. ("import signed by unauthorized key"): Check the error message of C. * tests/guix-authenticate.sh: Rewrite using the new protocol. fixlet
2020-09-11 06:51:36 -04:00
Sign data or verify signatures. This tool is meant to be used internally by
'guix-daemon'.\n")))
authenticate: Allow signatures with binary data to be written to stdout. Fixes <http://bugs.gnu.org/17312>. * guix/scripts/authenticate.scm (guix-authenticate): Add calls to 'set-port-encoding!' and 'set-port-conversion-strategy!'. Wrap body in 'with-fluids' form that sets '%default-port-encoding' and '%default-port-conversion-strategy'. * tests/guix-authenticate.sh: Add test. * tests/pk-crypto.scm ("hash corrupt due to restrictive locale encoding"): Add reference to bug.
2014-04-22 05:30:51 -04:00
(("--version")
(show-version-and-exit "guix authenticate"))
daemon: Spawn 'guix authenticate' once for all. Previously, we'd spawn 'guix authenticate' once for each item that has to be signed (when exporting) or authenticated (when importing). Now, we spawn it once for all and then follow a request/reply protocol. This reduces the wall-clock time of: guix archive --export -r $(guix build coreutils -d) from 30s to 2s. * guix/scripts/authenticate.scm (sign-with-key): Return the signature instead of displaying it. Raise a &formatted-message instead of calling 'leave'. (validate-signature): Likewise. (read-command): New procedure. (define-enumerate-type, reply-code): New macros. (guix-authenticate)[send-reply]: New procedure. Change to read commands from current-input-port. * nix/libstore/local-store.cc (runAuthenticationProgram): Remove. (authenticationAgent, readInteger, readAuthenticateReply): New functions. (signHash, verifySignature): Rewrite in terms of the agent. * tests/store.scm ("import not signed"): Remove 'pk' call. ("import signed by unauthorized key"): Check the error message of C. * tests/guix-authenticate.sh: Rewrite using the new protocol. fixlet
2020-09-11 06:51:36 -04:00
(()
authenticate: Cache the ACL and key pairs. In practice we're always using the same key pair, /etc/guix/signing-key.{pub,sec}. Keeping them in cache allows us to avoid redundant I/O and parsing when signing multiple store items in a row. * guix/scripts/authenticate.scm (load-key-pair): New procedure. (sign-with-key): Remove 'key-file' parameter and add 'public-key' and 'secret-key'. Adjust accordingly. (validate-signature): Add 'acl' parameter and pass it to 'authorized-key?'. (guix-authenticate)[call-with-reply]: New procedure. [with-reply]: New macro. Call 'current-acl' upfront and cache its result. Add 'key-pairs' as an argument to 'loop' and use it as a cache of key pairs.
2020-09-11 08:35:07 -04:00
(let ((acl (current-acl)))
(let loop ((key-pairs vlist-null))
daemon: Spawn 'guix authenticate' once for all. Previously, we'd spawn 'guix authenticate' once for each item that has to be signed (when exporting) or authenticated (when importing). Now, we spawn it once for all and then follow a request/reply protocol. This reduces the wall-clock time of: guix archive --export -r $(guix build coreutils -d) from 30s to 2s. * guix/scripts/authenticate.scm (sign-with-key): Return the signature instead of displaying it. Raise a &formatted-message instead of calling 'leave'. (validate-signature): Likewise. (read-command): New procedure. (define-enumerate-type, reply-code): New macros. (guix-authenticate)[send-reply]: New procedure. Change to read commands from current-input-port. * nix/libstore/local-store.cc (runAuthenticationProgram): Remove. (authenticationAgent, readInteger, readAuthenticateReply): New functions. (signHash, verifySignature): Rewrite in terms of the agent. * tests/store.scm ("import not signed"): Remove 'pk' call. ("import signed by unauthorized key"): Check the error message of C. * tests/guix-authenticate.sh: Rewrite using the new protocol. fixlet
2020-09-11 06:51:36 -04:00
;; Read a request on standard input and reply.
(match (read-command (current-input-port))
(("sign" signing-key (= base16-string->bytevector hash))
authenticate: Cache the ACL and key pairs. In practice we're always using the same key pair, /etc/guix/signing-key.{pub,sec}. Keeping them in cache allows us to avoid redundant I/O and parsing when signing multiple store items in a row. * guix/scripts/authenticate.scm (load-key-pair): New procedure. (sign-with-key): Remove 'key-file' parameter and add 'public-key' and 'secret-key'. Adjust accordingly. (validate-signature): Add 'acl' parameter and pass it to 'authorized-key?'. (guix-authenticate)[call-with-reply]: New procedure. [with-reply]: New macro. Call 'current-acl' upfront and cache its result. Add 'key-pairs' as an argument to 'loop' and use it as a cache of key pairs.
2020-09-11 08:35:07 -04:00
(let* ((key-pairs keys
(match (vhash-assoc signing-key key-pairs)
((_ . keys)
(values key-pairs keys))
(#f
(let ((keys (load-key-pair signing-key)))
(values (vhash-cons signing-key keys
key-pairs)
keys))))))
(with-reply (canonical-sexp->string
(match keys
((public . secret)
(sign-with-key public secret hash)))))
(loop key-pairs)))
daemon: Spawn 'guix authenticate' once for all. Previously, we'd spawn 'guix authenticate' once for each item that has to be signed (when exporting) or authenticated (when importing). Now, we spawn it once for all and then follow a request/reply protocol. This reduces the wall-clock time of: guix archive --export -r $(guix build coreutils -d) from 30s to 2s. * guix/scripts/authenticate.scm (sign-with-key): Return the signature instead of displaying it. Raise a &formatted-message instead of calling 'leave'. (validate-signature): Likewise. (read-command): New procedure. (define-enumerate-type, reply-code): New macros. (guix-authenticate)[send-reply]: New procedure. Change to read commands from current-input-port. * nix/libstore/local-store.cc (runAuthenticationProgram): Remove. (authenticationAgent, readInteger, readAuthenticateReply): New functions. (signHash, verifySignature): Rewrite in terms of the agent. * tests/store.scm ("import not signed"): Remove 'pk' call. ("import signed by unauthorized key"): Check the error message of C. * tests/guix-authenticate.sh: Rewrite using the new protocol. fixlet
2020-09-11 06:51:36 -04:00
(("verify" signature)
authenticate: Cache the ACL and key pairs. In practice we're always using the same key pair, /etc/guix/signing-key.{pub,sec}. Keeping them in cache allows us to avoid redundant I/O and parsing when signing multiple store items in a row. * guix/scripts/authenticate.scm (load-key-pair): New procedure. (sign-with-key): Remove 'key-file' parameter and add 'public-key' and 'secret-key'. Adjust accordingly. (validate-signature): Add 'acl' parameter and pass it to 'authorized-key?'. (guix-authenticate)[call-with-reply]: New procedure. [with-reply]: New macro. Call 'current-acl' upfront and cache its result. Add 'key-pairs' as an argument to 'loop' and use it as a cache of key pairs.
2020-09-11 08:35:07 -04:00
(with-reply (bytevector->base16-string
daemon: Spawn 'guix authenticate' once for all. Previously, we'd spawn 'guix authenticate' once for each item that has to be signed (when exporting) or authenticated (when importing). Now, we spawn it once for all and then follow a request/reply protocol. This reduces the wall-clock time of: guix archive --export -r $(guix build coreutils -d) from 30s to 2s. * guix/scripts/authenticate.scm (sign-with-key): Return the signature instead of displaying it. Raise a &formatted-message instead of calling 'leave'. (validate-signature): Likewise. (read-command): New procedure. (define-enumerate-type, reply-code): New macros. (guix-authenticate)[send-reply]: New procedure. Change to read commands from current-input-port. * nix/libstore/local-store.cc (runAuthenticationProgram): Remove. (authenticationAgent, readInteger, readAuthenticateReply): New functions. (signHash, verifySignature): Rewrite in terms of the agent. * tests/store.scm ("import not signed"): Remove 'pk' call. ("import signed by unauthorized key"): Check the error message of C. * tests/guix-authenticate.sh: Rewrite using the new protocol. fixlet
2020-09-11 06:51:36 -04:00
(validate-signature
authenticate: Cache the ACL and key pairs. In practice we're always using the same key pair, /etc/guix/signing-key.{pub,sec}. Keeping them in cache allows us to avoid redundant I/O and parsing when signing multiple store items in a row. * guix/scripts/authenticate.scm (load-key-pair): New procedure. (sign-with-key): Remove 'key-file' parameter and add 'public-key' and 'secret-key'. Adjust accordingly. (validate-signature): Add 'acl' parameter and pass it to 'authorized-key?'. (guix-authenticate)[call-with-reply]: New procedure. [with-reply]: New macro. Call 'current-acl' upfront and cache its result. Add 'key-pairs' as an argument to 'loop' and use it as a cache of key pairs.
2020-09-11 08:35:07 -04:00
(string->canonical-sexp signature)
acl)))
(loop key-pairs))
daemon: Spawn 'guix authenticate' once for all. Previously, we'd spawn 'guix authenticate' once for each item that has to be signed (when exporting) or authenticated (when importing). Now, we spawn it once for all and then follow a request/reply protocol. This reduces the wall-clock time of: guix archive --export -r $(guix build coreutils -d) from 30s to 2s. * guix/scripts/authenticate.scm (sign-with-key): Return the signature instead of displaying it. Raise a &formatted-message instead of calling 'leave'. (validate-signature): Likewise. (read-command): New procedure. (define-enumerate-type, reply-code): New macros. (guix-authenticate)[send-reply]: New procedure. Change to read commands from current-input-port. * nix/libstore/local-store.cc (runAuthenticationProgram): Remove. (authenticationAgent, readInteger, readAuthenticateReply): New functions. (signHash, verifySignature): Rewrite in terms of the agent. * tests/store.scm ("import not signed"): Remove 'pk' call. ("import signed by unauthorized key"): Check the error message of C. * tests/guix-authenticate.sh: Rewrite using the new protocol. fixlet
2020-09-11 06:51:36 -04:00
(()
(exit 0))
(commands
(warning (G_ "~s: invalid command; ignoring~%") commands)
(send-reply (reply-code command-not-found)
authenticate: Cache the ACL and key pairs. In practice we're always using the same key pair, /etc/guix/signing-key.{pub,sec}. Keeping them in cache allows us to avoid redundant I/O and parsing when signing multiple store items in a row. * guix/scripts/authenticate.scm (load-key-pair): New procedure. (sign-with-key): Remove 'key-file' parameter and add 'public-key' and 'secret-key'. Adjust accordingly. (validate-signature): Add 'acl' parameter and pass it to 'authorized-key?'. (guix-authenticate)[call-with-reply]: New procedure. [with-reply]: New macro. Call 'current-acl' upfront and cache its result. Add 'key-pairs' as an argument to 'loop' and use it as a cache of key pairs.
2020-09-11 08:35:07 -04:00
"invalid command")
(loop key-pairs))))))
daemon: Spawn 'guix authenticate' once for all. Previously, we'd spawn 'guix authenticate' once for each item that has to be signed (when exporting) or authenticated (when importing). Now, we spawn it once for all and then follow a request/reply protocol. This reduces the wall-clock time of: guix archive --export -r $(guix build coreutils -d) from 30s to 2s. * guix/scripts/authenticate.scm (sign-with-key): Return the signature instead of displaying it. Raise a &formatted-message instead of calling 'leave'. (validate-signature): Likewise. (read-command): New procedure. (define-enumerate-type, reply-code): New macros. (guix-authenticate)[send-reply]: New procedure. Change to read commands from current-input-port. * nix/libstore/local-store.cc (runAuthenticationProgram): Remove. (authenticationAgent, readInteger, readAuthenticateReply): New functions. (signHash, verifySignature): Rewrite in terms of the agent. * tests/store.scm ("import not signed"): Remove 'pk' call. ("import signed by unauthorized key"): Check the error message of C. * tests/guix-authenticate.sh: Rewrite using the new protocol. fixlet
2020-09-11 06:51:36 -04:00
(_
(leave (G_ "wrong arguments~%"))))))
daemon: Implement signed archive import/export. * guix/scripts/authenticate.scm, nix/scripts/guix-authenticate.in, tests/signing-key.pub, tests/signing-key.sec: New files. * po/POTFILES.in: Add 'guix/scripts/authenticate.scm'. * guix/store.scm (dump-port): New procedure. (process-stderr): Add 'user-port' optional parameter. Handle the %STDERR-WRITE and %STDERR-READ cases as expected. (import-paths, export-path, export-paths): New procedures. * tests/store.scm ("export/import several paths", "import corrupt path"): New tests. * Makefile.am (MODULES): Add 'guix/scripts/authenticate.scm'. (EXTRA_DIST): Add 'tests/signing-key.{pub,sec}'. * daemon.am (libstore_a_CPPFLAGS)[-DNIX_CONF_DIR]: Change 'NIX_CONF_DIR' to .../guix. Change 'OPENSSL_PATH' to 'guix-authenticate'. * config-daemon.ac: Instantiate 'nix/scripts/guix-authenticate'. * nix/nix-daemon/guix-daemon.cc (main): Augment $PATH to include 'settings.nixLibexecDir'. * test-env.in: Export 'NIX_CONF_DIR' and 'NIX_LIBEXEC_DIR'. Populate $NIX_CONF_DIR.
2013-12-20 11:17:42 -05:00
;;; authenticate.scm ends here
Reference in New Issue Copy Permalink