diff options
| author | Ludovic Courtès <ludo@gnu.org> | 2020-09-15 14:24:05 +0200 |
|---|---|---|
| committer | Ludovic Courtès <ludo@gnu.org> | 2020-09-15 14:40:20 +0200 |
| commit | b911d6547444b5f8d17b224bafa5ee1b5aafaff5 (patch) | |
| tree | 0d6115a775a0286ab5fbda156940aa2f84b7e682 | |
| parent | 1b157bbef0032121c88be2bbb834846115ce9341 (diff) | |
| download | guix-patches-b911d6547444b5f8d17b224bafa5ee1b5aafaff5.tar guix-patches-b911d6547444b5f8d17b224bafa5ee1b5aafaff5.tar.gz | |
authenticate: Encode strings as ISO-8859-1.
Fixes <https://bugs.gnu.org/43421>.
* guix/scripts/authenticate.scm (read-command): Decode strings as
ISO-8859-1, not UTF-8.
(guix-authenticate)[send-reply]: Encode strings as ISO-8859-1, not
UTF-8.
* tests/guix-authenticate.sh: Add test.
| -rw-r--r-- | guix/scripts/authenticate.scm | 8 | ||||
| -rw-r--r-- | tests/guix-authenticate.sh | 9 |
2 files changed, 14 insertions, 3 deletions
diff --git a/guix/scripts/authenticate.scm b/guix/scripts/authenticate.scm index 0bac13edee..45f62f6ebc 100644 --- a/guix/scripts/authenticate.scm +++ b/guix/scripts/authenticate.scm @@ -31,6 +31,7 @@ #:use-module (ice-9 rdelim) #:use-module (ice-9 match) #:use-module (ice-9 vlist) + #:use-module (ice-9 iconv) #:export (guix-authenticate)) ;;; Commentary: @@ -122,8 +123,9 @@ by colon, followed by the given number of characters." (reverse result)) (else (let* ((len (string->number (read-delimited ":" port))) - (str (utf8->string - (get-bytevector-n port len)))) + (str (bytevector->string + (get-bytevector-n port len) + "ISO-8859-1" 'error))) (loop (cons str result)))))))))) (define-syntax define-enumerate-type ;TODO: factorize @@ -150,7 +152,7 @@ by colon, followed by the given number of characters." (define (send-reply code str) ;; Send CODE and STR as a reply to our client. - (let ((bv (string->utf8 str))) + (let ((bv (string->bytevector str "ISO-8859-1" 'error))) (format #t "~a ~a:" code (bytevector-length bv)) (put-bytevector (current-output-port) bv) (force-output (current-output-port)))) diff --git a/tests/guix-authenticate.sh b/tests/guix-authenticate.sh index f3b36ee41d..3a05b232c1 100644 --- a/tests/guix-authenticate.sh +++ b/tests/guix-authenticate.sh @@ -61,6 +61,15 @@ sed -i "$sig" \ code="$(echo "verify $(cat $sig)" | guix authenticate | cut -f1 -d ' ')" test "$code" -ne 0 +# Make sure byte strings are correctly encoded. The hash string below is +# "café" repeated 8 times. Libgcrypt would normally choose to write it as a +# string rather than a hex sequence. We want that string to be Latin-1 +# encoded independently of the current locale: <https://bugs.gnu.org/43421>. +hash="636166e9636166e9636166e9636166e9636166e9636166e9636166e9636166e9" +latin1_cafe="caf$(printf '\351')" +echo "sign 21:tests/signing-key.sec 64:$hash" | guix authenticate \ + | LC_ALL=C grep "hash sha256 \"$latin1_cafe" + # Test for <http://bugs.gnu.org/17312>: make sure 'guix authenticate' produces # valid signatures when run in the C locale. hash="5eff0b55c9c5f5e87b4e34cd60a2d5654ca1eb78c7b3c67c3179fed1cff07b4c" |