From debbugs-submit-bounces@debbugs.gnu.org Tue Sep 08 17:58:59 2020 Received: (at submit) by debbugs.gnu.org; 8 Sep 2020 21:58:59 +0000 Received: from localhost ([127.0.0.1]:56658 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1kFldj-0000d8-5i for submit@debbugs.gnu.org; Tue, 08 Sep 2020 17:58:59 -0400 Received: from lists.gnu.org ([209.51.188.17]:55620) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1kFldf-0000cy-Tl for submit@debbugs.gnu.org; Tue, 08 Sep 2020 17:58:57 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:39666) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1kFldf-0007UO-JP for guix-patches@gnu.org; Tue, 08 Sep 2020 17:58:55 -0400 Received: from fencepost.gnu.org ([2001:470:142:3::e]:49879) by eggs.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1kFlde-000266-H5; Tue, 08 Sep 2020 17:58:54 -0400 Received: from [2a01:e0a:1d:7270:af76:b9b:ca24:c465] (port=54168 helo=gnu.org) by fencepost.gnu.org with esmtpsa (TLS1.2:DHE_RSA_AES_256_CBC_SHA1:256) (Exim 4.82) (envelope-from ) id 1kFldZ-0007Q0-MZ; Tue, 08 Sep 2020 17:58:53 -0400 From: =?UTF-8?q?Ludovic=20Court=C3=A8s?= To: guix-patches@gnu.org Subject: [PATCH 0/3] Improve 'import-paths' tests and 'guix authenticate' interface Date: Tue, 8 Sep 2020 23:58:37 +0200 Message-Id: <20200908215837.32037-1-ludo@gnu.org> X-Mailer: git-send-email 2.28.0 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Spam-Score: -2.3 (--) X-Debbugs-Envelope-To: submit Cc: =?UTF-8?q?Ludovic=20Court=C3=A8s?= X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -3.3 (---) Hi! These patches are about improving testing around the ‘import-paths’ RPC and cleaning up the interface between ‘guix authenticate’ and the daemon. Ludo’. Ludovic Courtès (3): store: Test 'import-paths' with unauthorized and unsigned nar bundles. doc: Distinguish the "nar bundle" format from "nar". daemon: Simplify interface with 'guix authenticate'. doc/guix.texi | 12 +++++- guix/nar.scm | 15 ++++---- guix/scripts/authenticate.scm | 57 +++++++++------------------ nix/libstore/local-store.cc | 24 ++---------- tests/store.scm | 72 +++++++++++++++++++++++++++++++++++ 5 files changed, 113 insertions(+), 67 deletions(-) -- 2.28.0 From debbugs-submit-bounces@debbugs.gnu.org Tue Sep 08 18:16:58 2020 Received: (at 43285) by debbugs.gnu.org; 8 Sep 2020 22:16:58 +0000 Received: from localhost ([127.0.0.1]:56674 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1kFlv8-0002qP-6n for submit@debbugs.gnu.org; Tue, 08 Sep 2020 18:16:58 -0400 Received: from eggs.gnu.org ([209.51.188.92]:33262) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1kFlv5-0002k1-3j for 43285@debbugs.gnu.org; Tue, 08 Sep 2020 18:16:57 -0400 Received: from fencepost.gnu.org ([2001:470:142:3::e]:50275) by eggs.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1kFluz-0004WR-4T; Tue, 08 Sep 2020 18:16:49 -0400 Received: from [2a01:e0a:1d:7270:af76:b9b:ca24:c465] (port=54296 helo=gnu.org) by fencepost.gnu.org with esmtpsa (TLS1.2:DHE_RSA_AES_256_CBC_SHA1:256) (Exim 4.82) (envelope-from ) id 1kFlux-0008Ez-Vn; Tue, 08 Sep 2020 18:16:48 -0400 From: =?UTF-8?q?Ludovic=20Court=C3=A8s?= To: 43285@debbugs.gnu.org Subject: [PATCH 1/3] store: Test 'import-paths' with unauthorized and unsigned nar bundles. Date: Wed, 9 Sep 2020 00:16:33 +0200 Message-Id: <20200908221635.32684-1-ludo@gnu.org> X-Mailer: git-send-email 2.28.0 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Spam-Score: -2.3 (--) X-Debbugs-Envelope-To: 43285 Cc: =?UTF-8?q?Ludovic=20Court=C3=A8s?= X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -3.3 (---) * tests/store.scm ("import not signed") ("import signed by unauthorized key"): New tests. --- tests/store.scm | 72 +++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 72 insertions(+) diff --git a/tests/store.scm b/tests/store.scm index e168d3dcf6..8ff76e8f98 100644 --- a/tests/store.scm +++ b/tests/store.scm @@ -23,6 +23,8 @@ #:use-module (guix utils) #:use-module (guix monads) #:use-module ((gcrypt hash) #:prefix gcrypt:) + #:use-module ((gcrypt pk-crypto) #:prefix gcrypt:) + #:use-module (guix pki) #:use-module (guix base32) #:use-module (guix packages) #:use-module (guix derivations) @@ -966,6 +968,76 @@ (list out1 out2)))) #:guile-for-build (%guile-for-build))) + +(test-assert "import not signed" + (let* ((text (random-text)) + (file (add-file-tree-to-store %store + `("tree" directory + ("text" regular (data ,text)) + ("link" symlink "text")))) + (dump (call-with-bytevector-output-port + (lambda (port) + (write-int 1 port) ;start + + (write-file file port) ;contents + (write-int #x4558494e port) ;%export-magic + (write-string file port) ;store item + (write-string-list '() port) ;references + (write-string "" port) ;deriver + (write-int 0 port) ;not signed + + (write-int 0 port))))) ;done + + ;; Ensure 'import-paths' raises an exception. + (guard (c ((store-protocol-error? c) + (and (not (zero? (store-protocol-error-status (pk 'C c)))) + (string-contains (store-protocol-error-message c) + "lacks a signature")))) + (let* ((source (open-bytevector-input-port dump)) + (imported (import-paths %store source))) + (pk 'unsigned-imported imported) + #f)))) + +(test-assert "import signed by unauthorized key" + (let* ((text (random-text)) + (file (add-file-tree-to-store %store + `("tree" directory + ("text" regular (data ,text)) + ("link" symlink "text")))) + (key (gcrypt:generate-key + (gcrypt:string->canonical-sexp + "(genkey (ecdsa (curve Ed25519) (flags rfc6979)))"))) + (dump (call-with-bytevector-output-port + (lambda (port) + (write-int 1 port) ;start + + (write-file file port) ;contents + (write-int #x4558494e port) ;%export-magic + (write-string file port) ;store item + (write-string-list '() port) ;references + (write-string "" port) ;deriver + (write-int 1 port) ;signed + (write-string (gcrypt:canonical-sexp->string + (signature-sexp + (gcrypt:bytevector->hash-data + (gcrypt:sha256 #vu8(0 1 2)) + #:key-type 'ecc) + (gcrypt:find-sexp-token key 'private-key) + (gcrypt:find-sexp-token key 'public-key))) + port) + + (write-int 0 port))))) ;done + + ;; Ensure 'import-paths' raises an exception. + (guard (c ((store-protocol-error? c) + ;; XXX: The daemon-provided error message currently doesn't + ;; mention the reason of the failure. + (not (zero? (store-protocol-error-status c))))) + (let* ((source (open-bytevector-input-port dump)) + (imported (import-paths %store source))) + (pk 'unauthorized-imported imported) + #f)))) + (test-assert "import corrupt path" (let* ((text (random-text)) (file (add-text-to-store %store "text" text)) -- 2.28.0 From debbugs-submit-bounces@debbugs.gnu.org Tue Sep 08 18:16:59 2020 Received: (at 43285) by debbugs.gnu.org; 8 Sep 2020 22:16:59 +0000 Received: from localhost ([127.0.0.1]:56676 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1kFlv8-0002qo-O9 for submit@debbugs.gnu.org; Tue, 08 Sep 2020 18:16:59 -0400 Received: from eggs.gnu.org ([209.51.188.92]:33266) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1kFlv5-0002k8-9A for 43285@debbugs.gnu.org; Tue, 08 Sep 2020 18:16:57 -0400 Received: from fencepost.gnu.org ([2001:470:142:3::e]:50276) by eggs.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1kFlv0-0004WV-3B; Tue, 08 Sep 2020 18:16:50 -0400 Received: from [2a01:e0a:1d:7270:af76:b9b:ca24:c465] (port=54296 helo=gnu.org) by fencepost.gnu.org with esmtpsa (TLS1.2:DHE_RSA_AES_256_CBC_SHA1:256) (Exim 4.82) (envelope-from ) id 1kFluz-0008Ez-Aw; Tue, 08 Sep 2020 18:16:49 -0400 From: =?UTF-8?q?Ludovic=20Court=C3=A8s?= To: 43285@debbugs.gnu.org Subject: [PATCH 2/3] doc: Distinguish the "nar bundle" format from "nar". Date: Wed, 9 Sep 2020 00:16:34 +0200 Message-Id: <20200908221635.32684-2-ludo@gnu.org> X-Mailer: git-send-email 2.28.0 In-Reply-To: <20200908221635.32684-1-ludo@gnu.org> References: <20200908221635.32684-1-ludo@gnu.org> MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Spam-Score: -2.3 (--) X-Debbugs-Envelope-To: 43285 Cc: =?UTF-8?q?Ludovic=20Court=C3=A8s?= X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -3.3 (---) * doc/guix.texi (Invoking guix archive): Introduce the term "nar bundle" and clarify what the output of "guix archive --export" really is. * guix/nar.scm (restore-one-item, restore-file-set): Use the term "nar bundle" in docstrings. --- doc/guix.texi | 12 +++++++++++- guix/nar.scm | 15 ++++++++------- 2 files changed, 19 insertions(+), 8 deletions(-) diff --git a/doc/guix.texi b/doc/guix.texi index 1d6782e6fa..5cb4fe2dfd 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -4990,7 +4990,13 @@ what you should use in this case (@pxref{Invoking guix copy}). @cindex nar, archive format @cindex normalized archive (nar) -Archives are stored in the ``normalized archive'' or ``nar'' format, which is +@cindex nar bundle, archive format +Each store item is written in the @dfn{normalized archive} or @dfn{nar} +format (described below), and the output of @command{guix archive +--export} (and input of @command{guix archive --import}) is a @dfn{nar +bundle}. + +The nar format is comparable in spirit to `tar', but with differences that make it more appropriate for our purposes. First, rather than recording all Unix metadata for each file, the nar format only mentions @@ -5000,6 +5006,10 @@ entries are stored always follows the order of file names according to the C locale collation order. This makes archive production fully deterministic. +That nar bundle format is essentially the concatenation of zero or more +nars along with metadata for each store item it contains: its file name, +references, corresponding derivation, and a digital signature. + When exporting, the daemon digitally signs the contents of the archive, and that digital signature is appended. When importing, the daemon verifies the signature and rejects the import in case of an invalid diff --git a/guix/nar.scm b/guix/nar.scm index 6bb2ea5b96..a23af2e5de 100644 --- a/guix/nar.scm +++ b/guix/nar.scm @@ -1,5 +1,5 @@ ;;; GNU Guix --- Functional package management for GNU -;;; Copyright © 2012, 2013, 2014, 2015, 2016, 2018, 2019 Ludovic Courtès +;;; Copyright © 2012, 2013, 2014, 2015, 2016, 2018, 2019, 2020 Ludovic Courtès ;;; Copyright © 2014 Mark H Weaver ;;; ;;; This file is part of GNU Guix. @@ -156,7 +156,8 @@ protected from GC." (define* (restore-one-item port #:key acl (verify-signature? #t) (lock? #t) (log-port (current-error-port))) - "Restore one store item from PORT; return its file name on success." + "Restore one store item of a nar bundle read from PORT; return its file name +on success." (define (assert-valid-signature signature hash file) ;; Bail out if SIGNATURE, which must be a string as produced by @@ -251,11 +252,11 @@ a signature")) (define* (restore-file-set port #:key (verify-signature? #t) (lock? #t) (log-port (current-error-port))) - "Restore the file set read from PORT to the store. The format of the data -on PORT must be as created by 'export-paths'---i.e., a series of Nar-formatted -archives with interspersed meta-data joining them together, possibly with a -digital signature at the end. Log progress to LOG-PORT. Return the list of -files restored. + "Restore the file set (\"nar bundle\") read from PORT to the store. The +format of the data on PORT must be as created by 'export-paths'---i.e., a +series of Nar-formatted archives with interspersed meta-data joining them +together, possibly with a digital signature at the end. Log progress to +LOG-PORT. Return the list of files restored. When LOCK? is #f, assume locks for the files to be restored are already held. This is the case when the daemon calls a build hook. -- 2.28.0 From debbugs-submit-bounces@debbugs.gnu.org Tue Sep 08 18:17:02 2020 Received: (at 43285) by debbugs.gnu.org; 8 Sep 2020 22:17:02 +0000 Received: from localhost ([127.0.0.1]:56678 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1kFlvB-0002sx-DD for submit@debbugs.gnu.org; Tue, 08 Sep 2020 18:17:02 -0400 Received: from eggs.gnu.org ([209.51.188.92]:33276) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1kFlv6-0002lN-Rp for 43285@debbugs.gnu.org; Tue, 08 Sep 2020 18:16:58 -0400 Received: from fencepost.gnu.org ([2001:470:142:3::e]:50277) by eggs.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1kFlv1-0004Wo-Ls; Tue, 08 Sep 2020 18:16:51 -0400 Received: from [2a01:e0a:1d:7270:af76:b9b:ca24:c465] (port=54296 helo=gnu.org) by fencepost.gnu.org with esmtpsa (TLS1.2:DHE_RSA_AES_256_CBC_SHA1:256) (Exim 4.82) (envelope-from ) id 1kFlv0-0008Ez-DX; Tue, 08 Sep 2020 18:16:50 -0400 From: =?UTF-8?q?Ludovic=20Court=C3=A8s?= To: 43285@debbugs.gnu.org Subject: [PATCH 3/3] daemon: Simplify interface with 'guix authenticate'. Date: Wed, 9 Sep 2020 00:16:35 +0200 Message-Id: <20200908221635.32684-3-ludo@gnu.org> X-Mailer: git-send-email 2.28.0 In-Reply-To: <20200908221635.32684-1-ludo@gnu.org> References: <20200908221635.32684-1-ludo@gnu.org> MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Spam-Score: -2.3 (--) X-Debbugs-Envelope-To: 43285 Cc: =?UTF-8?q?Ludovic=20Court=C3=A8s?= X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -3.3 (---) There's no reason at this point to mimic the calling convention of the 'openssl' command. * nix/libstore/local-store.cc (LocalStore::exportPath): Add only "sign" and HASH to ARGS. Remove 'tmpDir' and 'hashFile'. (LocalStore::importPath): Add only "verify" and SIGNATURE to ARGS. Remove 'sigFile'. * guix/scripts/authenticate.scm (guix-authenticate): Adjust accordingly; remove the OpenSSL-style clauses. (read-hash-data): Remove. (sign-with-key): Replace 'port' with 'sha256' and adjust accordingly. (validate-signature): Export SIGNATURE to be a canonical sexp. --- guix/scripts/authenticate.scm | 57 +++++++++++------------------------ nix/libstore/local-store.cc | 24 +++------------ 2 files changed, 22 insertions(+), 59 deletions(-) diff --git a/guix/scripts/authenticate.scm b/guix/scripts/authenticate.scm index f1fd8ee895..b5f043e6ac 100644 --- a/guix/scripts/authenticate.scm +++ b/guix/scripts/authenticate.scm @@ -1,5 +1,5 @@ ;;; GNU Guix --- Functional package management for GNU -;;; Copyright © 2013, 2014, 2015, 2016, 2017 Ludovic Courtès +;;; Copyright © 2013, 2014, 2015, 2016, 2017, 2020 Ludovic Courtès ;;; ;;; This file is part of GNU Guix. ;;; @@ -17,7 +17,6 @@ ;;; along with GNU Guix. If not, see . (define-module (guix scripts authenticate) - #:use-module (guix config) #:use-module (guix base16) #:use-module (gcrypt pk-crypto) #:use-module (guix pki) @@ -39,16 +38,9 @@ ;; Read a gcrypt sexp from a port and return it. (compose string->canonical-sexp read-string)) -(define (read-hash-data port key-type) - "Read sha256 hash data from PORT and return it as a gcrypt sexp. KEY-TYPE -is a symbol representing the type of public key algo being used." - (let* ((hex (read-string port)) - (bv (base16-string->bytevector (string-trim-both hex)))) - (bytevector->hash-data bv #:key-type key-type))) - -(define (sign-with-key key-file port) - "Sign the hash read from PORT with KEY-FILE, and write an sexp that includes -both the hash and the actual signature." +(define (sign-with-key key-file sha256) + "Sign the hash SHA256 (a bytevector) with KEY-FILE, and write an sexp that +includes both the hash and the actual signature." (let* ((secret-key (call-with-input-file key-file read-canonical-sexp)) (public-key (if (string-suffix? ".sec" key-file) (call-with-input-file @@ -58,18 +50,18 @@ both the hash and the actual signature." (leave (G_ "cannot find public key for secret key '~a'~%") key-file))) - (data (read-hash-data port (key-type public-key))) + (data (bytevector->hash-data sha256 + #:key-type (key-type public-key))) (signature (signature-sexp data secret-key public-key))) (display (canonical-sexp->string signature)) #t)) -(define (validate-signature port) - "Read the signature from PORT (which is as produced above), check whether -its public key is authorized, verify the signature, and print the signed data -to stdout upon success." - (let* ((signature (read-canonical-sexp port)) - (subject (signature-subject signature)) - (data (signature-signed-data signature))) +(define (validate-signature signature) + "Validate SIGNATURE, a canonical sexp. Check whether its public key is +authorized, verify the signature, and print the signed data to stdout upon +success." + (let* ((subject (signature-subject signature)) + (data (signature-signed-data signature))) (if (and data subject) (if (authorized-key? subject) (if (valid-signature? signature) @@ -85,9 +77,7 @@ to stdout upon success." ;;; -;;; Entry point with 'openssl'-compatible interface. We support this -;;; interface because that's what the daemon expects, and we want to leave it -;;; unmodified currently. +;;; Entry point. ;;; (define (guix-authenticate . args) @@ -101,22 +91,11 @@ to stdout upon success." (with-fluids ((%default-port-encoding "ISO-8859-1") (%default-port-conversion-strategy 'error)) (match args - ;; As invoked by guix-daemon. - (("rsautl" "-sign" "-inkey" key "-in" hash-file) - (call-with-input-file hash-file - (lambda (port) - (sign-with-key key port)))) - ;; As invoked by Nix/Crypto.pm (used by Hydra.) - (("rsautl" "-sign" "-inkey" key) - (sign-with-key key (current-input-port))) - ;; As invoked by guix-daemon. - (("rsautl" "-verify" "-inkey" _ "-pubin" "-in" signature-file) - (call-with-input-file signature-file - (lambda (port) - (validate-signature port)))) - ;; As invoked by Nix/Crypto.pm (used by Hydra.) - (("rsautl" "-verify" "-inkey" _ "-pubin") - (validate-signature (current-input-port))) + (("sign" key-file hash) + (sign-with-key key-file (base16-string->bytevector hash))) + (("verify" signature) + (validate-signature (string->canonical-sexp signature))) + (("--help") (display (G_ "Usage: guix authenticate OPTION... Sign or verify the signature on the given file. This tool is meant to diff --git a/nix/libstore/local-store.cc b/nix/libstore/local-store.cc index 7a520925e5..0534f2a3fc 100644 --- a/nix/libstore/local-store.cc +++ b/nix/libstore/local-store.cc @@ -1277,21 +1277,13 @@ void LocalStore::exportPath(const Path & path, bool sign, writeInt(1, hashAndWriteSink); - Path tmpDir = createTempDir(); - AutoDelete delTmp(tmpDir); - Path hashFile = tmpDir + "/hash"; - writeFile(hashFile, printHash(hash)); - Path secretKey = settings.nixConfDir + "/signing-key.sec"; checkSecrecy(secretKey); Strings args; - args.push_back("rsautl"); - args.push_back("-sign"); - args.push_back("-inkey"); + args.push_back("sign"); args.push_back(secretKey); - args.push_back("-in"); - args.push_back(hashFile); + args.push_back(printHash(hash)); string signature = runAuthenticationProgram(args); @@ -1372,17 +1364,9 @@ Path LocalStore::importPath(bool requireSignature, Source & source) string signature = readString(hashAndReadSource); if (requireSignature) { - Path sigFile = tmpDir + "/sig"; - writeFile(sigFile, signature); - Strings args; - args.push_back("rsautl"); - args.push_back("-verify"); - args.push_back("-inkey"); - args.push_back(settings.nixConfDir + "/signing-key.pub"); - args.push_back("-pubin"); - args.push_back("-in"); - args.push_back(sigFile); + args.push_back("verify"); + args.push_back(signature); string hash2 = runAuthenticationProgram(args); /* Note: runProgram() throws an exception if the signature -- 2.28.0 From debbugs-submit-bounces@debbugs.gnu.org Tue Sep 08 19:08:11 2020 Received: (at 43285) by debbugs.gnu.org; 8 Sep 2020 23:08:11 +0000 Received: from localhost ([127.0.0.1]:56694 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1kFmih-0006cH-CY for submit@debbugs.gnu.org; Tue, 08 Sep 2020 19:08:11 -0400 Received: from mail-qv1-f68.google.com ([209.85.219.68]:38512) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1kFmid-0006c3-MR for 43285@debbugs.gnu.org; Tue, 08 Sep 2020 19:08:10 -0400 Received: by mail-qv1-f68.google.com with SMTP id p15so71673qvk.5 for <43285@debbugs.gnu.org>; Tue, 08 Sep 2020 16:08:07 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc:content-transfer-encoding; bh=5QHQTDDJkUFfdB70Nb2KpT8L+zmunEbe3wrmPhZVNq0=; b=pGA0gEc6BBtgGWAILP45Ojbi+3np+KALqDTmRtVSW3VfiCDpVkIAoKS2fEJRKgV9H8 SrQ1Q1OwKHM0ndjopNhkbgHNGvfuEG1bb3Id6XV5mdDr57bb/FuSX141cANNuX6bWI/d 5nAgaRb1gn9ykYh4GvDghpZIkddQh8UKF6gUXpzz7ZCWSoopd7qzQLpcvnATWLAQmAAd DaZ48g8g5/qkpEJ7lwX2xwxsw9A8dnJ1/qDwRrRAdCICnt+iF1Lj5KFmnWSEoMWdLyTE tg0a9eTuD0cipHwJAy7Fpnu3vnGB94jJLgyhYMN6+vX0Fiu3eyO7g6qKfkToct4CzCAv 0/lw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc:content-transfer-encoding; bh=5QHQTDDJkUFfdB70Nb2KpT8L+zmunEbe3wrmPhZVNq0=; b=bP8umpjkJ/6MrxY8rE89y3eZycZiP55sHqLnd1ZPCT30pSYSnjWKHdw3qHu1JCynbf XBOj9ssN8E0InxaWyENNYCfv7RUHJ065JuWWXpOUaqYVK8LTMm+Zlpl0ModQZCPcXcYH DKV3WZp8VZACs5g91MVBQC5V6M1acQ4X8lR73eabkn2I2Wut38+4xIBPgOqXx0CoikL0 kCVafGtRNnvwnndZa1hM26om6F9c6eS9wo4KkFU0XxR2WAXCFMg0/aF4LBm8FEm8/BCi oS4xHnTIyH1NMV7WO0sPm2NYykfye/7aqQrRBTLyBSkf48pTh57sOGOPL0DcZ2SFypIY XI8Q== X-Gm-Message-State: AOAM531Q5Hy5Gv/IeQWo/7Qgs9hlt2WWraBVqfEzJULp573OAj7Cwgd9 y08Exa69CPd3S521tOsf3jR7up24giOIuPJRRiI= X-Google-Smtp-Source: ABdhPJzPs/u50S6+Q7OHIQvYOrBOCrZmH+6JTdTtzu9X8wpV7D5keIb4atXjvPxQy+wkzwq4kdkXcWLovndQDrmCitQ= X-Received: by 2002:a0c:becc:: with SMTP id f12mr1506250qvj.46.1599606482132; Tue, 08 Sep 2020 16:08:02 -0700 (PDT) MIME-Version: 1.0 References: <20200908215837.32037-1-ludo@gnu.org> In-Reply-To: <20200908215837.32037-1-ludo@gnu.org> From: zimoun Date: Wed, 9 Sep 2020 01:07:50 +0200 Message-ID: Subject: Re: [bug#43285] [PATCH 0/3] Improve 'import-paths' tests and 'guix authenticate' interface To: =?UTF-8?Q?Ludovic_Court=C3=A8s?= Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Spam-Score: 0.0 (/) X-Debbugs-Envelope-To: 43285 Cc: 43285@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) Hi Ludo, On Wed, 9 Sep 2020 at 00:16, Ludovic Court=C3=A8s wrote: > daemon: Simplify interface with 'guix authenticate'. I guess that the subcommand is "guix git authenticate". Well, I do not know if it matters. :-) Cheers, simon From debbugs-submit-bounces@debbugs.gnu.org Wed Sep 09 03:04:13 2020 Received: (at 43285) by debbugs.gnu.org; 9 Sep 2020 07:04:13 +0000 Received: from localhost ([127.0.0.1]:56982 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1kFu9N-0001CV-Df for submit@debbugs.gnu.org; Wed, 09 Sep 2020 03:04:13 -0400 Received: from eggs.gnu.org ([209.51.188.92]:35226) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1kFu9L-0001CI-BH for 43285@debbugs.gnu.org; Wed, 09 Sep 2020 03:04:11 -0400 Received: from fencepost.gnu.org ([2001:470:142:3::e]:57004) by eggs.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1kFu9G-00035i-4C; Wed, 09 Sep 2020 03:04:06 -0400 Received: from [2a01:e0a:1d:7270:af76:b9b:ca24:c465] (port=54408 helo=ribbon) by fencepost.gnu.org with esmtpsa (TLS1.2:RSA_AES_256_CBC_SHA1:256) (Exim 4.82) (envelope-from ) id 1kFu9F-0003NK-4D; Wed, 09 Sep 2020 03:04:05 -0400 From: =?utf-8?Q?Ludovic_Court=C3=A8s?= To: zimoun Subject: Re: [bug#43285] [PATCH 0/3] Improve 'import-paths' tests and 'guix authenticate' interface References: <20200908215837.32037-1-ludo@gnu.org> X-URL: http://www.fdn.fr/~lcourtes/ X-Revolutionary-Date: 24 Fructidor an 228 de la =?utf-8?Q?R=C3=A9volution?= X-PGP-Key-ID: 0x090B11993D9AEBB5 X-PGP-Key: http://www.fdn.fr/~lcourtes/ludovic.asc X-PGP-Fingerprint: 3CE4 6455 8A84 FDC6 9DB4 0CFB 090B 1199 3D9A EBB5 X-OS: x86_64-pc-linux-gnu Date: Wed, 09 Sep 2020 09:03:59 +0200 In-Reply-To: (zimoun's message of "Wed, 9 Sep 2020 01:07:50 +0200") Message-ID: <87imcno2hs.fsf@gnu.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/26.3 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Spam-Score: -2.3 (--) X-Debbugs-Envelope-To: 43285 Cc: 43285@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -3.3 (---) Hello! zimoun skribis: > On Wed, 9 Sep 2020 at 00:16, Ludovic Court=C3=A8s wrote: > >> daemon: Simplify interface with 'guix authenticate'. > > I guess that the subcommand is "guix git authenticate". Well, I do > not know if it matters. :-) No, it=E2=80=99s really =E2=80=98guix authenticate=E2=80=99, an internal co= mmand. :-) Ludo=E2=80=99. From debbugs-submit-bounces@debbugs.gnu.org Fri Sep 11 11:59:17 2020 Received: (at 43285-done) by debbugs.gnu.org; 11 Sep 2020 15:59:17 +0000 Received: from localhost ([127.0.0.1]:45199 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1kGlSH-0008Gb-8a for submit@debbugs.gnu.org; Fri, 11 Sep 2020 11:59:17 -0400 Received: from eggs.gnu.org ([209.51.188.92]:48480) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1kGlSE-0008GN-DJ for 43285-done@debbugs.gnu.org; Fri, 11 Sep 2020 11:59:16 -0400 Received: from fencepost.gnu.org ([2001:470:142:3::e]:41888) by eggs.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1kGlS9-0003bL-2b for 43285-done@debbugs.gnu.org; Fri, 11 Sep 2020 11:59:09 -0400 Received: from [2a01:e0a:1d:7270:af76:b9b:ca24:c465] (port=39780 helo=ribbon) by fencepost.gnu.org with esmtpsa (TLS1.2:RSA_AES_256_CBC_SHA1:256) (Exim 4.82) (envelope-from ) id 1kGlS8-0006dn-6z for 43285-done@debbugs.gnu.org; Fri, 11 Sep 2020 11:59:08 -0400 From: =?utf-8?Q?Ludovic_Court=C3=A8s?= To: 43285-done@debbugs.gnu.org Subject: Re: [bug#43285] [PATCH 0/3] Improve 'import-paths' tests and 'guix authenticate' interface References: <20200908215837.32037-1-ludo@gnu.org> Date: Fri, 11 Sep 2020 17:59:00 +0200 In-Reply-To: <20200908215837.32037-1-ludo@gnu.org> ("Ludovic =?utf-8?Q?Cou?= =?utf-8?Q?rt=C3=A8s=22's?= message of "Tue, 8 Sep 2020 23:58:37 +0200") Message-ID: <87mu1ws3sr.fsf@gnu.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/27.1 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Spam-Score: -2.3 (--) X-Debbugs-Envelope-To: 43285-done X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -3.3 (---) Hi, Ludovic Court=C3=A8s skribis: > These patches are about improving testing around the =E2=80=98import-path= s=E2=80=99 > RPC and cleaning up the interface between =E2=80=98guix authenticate=E2= =80=99 and > the daemon. > > Ludo=E2=80=99. > > Ludovic Court=C3=A8s (3): > store: Test 'import-paths' with unauthorized and unsigned nar bundles. > doc: Distinguish the "nar bundle" format from "nar". > daemon: Simplify interface with 'guix authenticate'. Pushed as 6dd8ffc57420ee2f6f19e79e41028e78fe9e6a7e. I realized I hadn=E2=80=99t updated tests/guix-archive.sh, which I did, and that also prompted me to keep the temporary file for the =E2=80=9Cverify=E2= =80=9D operation so it=E2=80=99s decoded with the right encoding. Anyway, the real bit will be . Ludo=E2=80=99. From unknown Sat Jun 21 10:42:04 2025 Received: (at fakecontrol) by fakecontrolmessage; To: internal_control@debbugs.gnu.org From: Debbugs Internal Request Subject: Internal Control Message-Id: bug archived. Date: Sat, 10 Oct 2020 11:24:07 +0000 User-Agent: Fakemail v42.6.9 # This is a fake control message. # # The action: # bug archived. thanks # This fakemail brought to you by your local debbugs # administrator