diff options
author | Ludovic Courtès <ludo@gnu.org> | 2013-12-20 17:17:42 +0100 |
---|---|---|
committer | Ludovic Courtès <ludo@gnu.org> | 2013-12-20 17:17:42 +0100 |
commit | 526382ff92b20f6c651f03711c160c0c88264b88 (patch) | |
tree | 6fc13ecae4c6bccf635511acd7d38e26b29644ef /guix/scripts | |
parent | ce507041f79bd66f54ce406d20b9e33a328a3f3d (diff) | |
download | guix-patches-526382ff92b20f6c651f03711c160c0c88264b88.tar guix-patches-526382ff92b20f6c651f03711c160c0c88264b88.tar.gz |
daemon: Implement signed archive import/export.
* guix/scripts/authenticate.scm, nix/scripts/guix-authenticate.in,
tests/signing-key.pub, tests/signing-key.sec: New files.
* po/POTFILES.in: Add 'guix/scripts/authenticate.scm'.
* guix/store.scm (dump-port): New procedure.
(process-stderr): Add 'user-port' optional parameter. Handle
the %STDERR-WRITE and %STDERR-READ cases as expected.
(import-paths, export-path, export-paths): New procedures.
* tests/store.scm ("export/import several paths", "import corrupt
path"): New tests.
* Makefile.am (MODULES): Add 'guix/scripts/authenticate.scm'.
(EXTRA_DIST): Add 'tests/signing-key.{pub,sec}'.
* daemon.am (libstore_a_CPPFLAGS)[-DNIX_CONF_DIR]: Change 'NIX_CONF_DIR'
to .../guix. Change 'OPENSSL_PATH' to 'guix-authenticate'.
* config-daemon.ac: Instantiate 'nix/scripts/guix-authenticate'.
* nix/nix-daemon/guix-daemon.cc (main): Augment $PATH to include
'settings.nixLibexecDir'.
* test-env.in: Export 'NIX_CONF_DIR' and 'NIX_LIBEXEC_DIR'. Populate
$NIX_CONF_DIR.
Diffstat (limited to 'guix/scripts')
-rw-r--r-- | guix/scripts/authenticate.scm | 98 |
1 files changed, 98 insertions, 0 deletions
diff --git a/guix/scripts/authenticate.scm b/guix/scripts/authenticate.scm new file mode 100644 index 0000000000..cbafed79d0 --- /dev/null +++ b/guix/scripts/authenticate.scm @@ -0,0 +1,98 @@ +;;; GNU Guix --- Functional package management for GNU +;;; Copyright © 2013 Ludovic Courtès <ludo@gnu.org> +;;; +;;; This file is part of GNU Guix. +;;; +;;; GNU Guix is free software; you can redistribute it and/or modify it +;;; under the terms of the GNU General Public License as published by +;;; the Free Software Foundation; either version 3 of the License, or (at +;;; your option) any later version. +;;; +;;; GNU Guix is distributed in the hope that it will be useful, but +;;; WITHOUT ANY WARRANTY; without even the implied warranty of +;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +;;; GNU General Public License for more details. +;;; +;;; You should have received a copy of the GNU General Public License +;;; along with GNU Guix. If not, see <http://www.gnu.org/licenses/>. + +(define-module (guix scripts authenticate) + #:use-module (guix config) + #:use-module (guix utils) + #:use-module (guix pk-crypto) + #:use-module (guix ui) + #:use-module (rnrs io ports) + #:use-module (ice-9 match) + #:export (guix-authenticate)) + +;;; Commentary: +;;; +;;; This program is used internally by the daemon to sign exported archive +;;; (the 'export-paths' RPC), and to authenticate imported archives (the +;;; 'import-paths' RPC.) +;;; +;;; Code: + +(define (read-gcry-sexp file) + "Read a gcrypt sexp from FILE and return it." + (call-with-input-file file + (compose string->gcry-sexp get-string-all))) + +(define (read-hash-data file) + "Read sha256 hash data from FILE and return it as a gcrypt sexp." + (let* ((hex (call-with-input-file file get-string-all)) + (bv (base16-string->bytevector (string-trim-both hex)))) + (bytevector->hash-data bv))) + + +;;; +;;; Entry point with 'openssl'-compatible interface. We support this +;;; interface because that's what the daemon expects, and we want to leave it +;;; unmodified currently. +;;; + +(define (guix-authenticate . args) + (match args + (("rsautl" "-sign" "-inkey" key "-in" hash-file) + ;; Sign the hash in HASH-FILE with KEY, and return an sexp that includes + ;; both the hash and the actual signature. + (let* ((secret-key (read-gcry-sexp key)) + (data (read-hash-data hash-file))) + (format #t + "(guix-signature ~a (payload ~a))" + (gcry-sexp->string (sign data secret-key)) + (gcry-sexp->string data)) + #t)) + (("rsautl" "-verify" "-inkey" key "-pubin" "-in" signature-file) + ;; Read the signature as produced above, check it against KEY, and print + ;; the signed data to stdout upon success. + (let* ((public-key (read-gcry-sexp key)) + (sig+data (read-gcry-sexp signature-file)) + (data (find-sexp-token sig+data 'payload)) + (signature (find-sexp-token sig+data 'sig-val))) + (if (and data signature) + (if (verify signature data public-key) + (begin + (display (bytevector->base16-string + (hash-data->bytevector data))) + #t) ; success + (begin + (format (current-error-port) + "error: invalid signature: ~a~%" + (gcry-sexp->string signature)) + (exit 1))) + (begin + (format (current-error-port) + "error: corrupt signature data: ~a~%" + (gcry-sexp->string sig+data)) + (exit 1))))) + (("--help") + (display (_ "Usage: guix authenticate OPTION... +Sign or verify the signature on the given file. This tool is meant to +be used internally by 'guix-daemon'.\n"))) + (("--version") + (show-version-and-exit "guix authenticate")) + (else + (leave (_ "wrong arguments"))))) + +;;; authenticate.scm ends here |