HCoop / jackhill / guix / guix.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
epiphany w/ gtk4 and webkitgtk 2.38
[jackhill/guix/guix.git] / tests / guix-authenticate.sh
CommitLineData
0820098d 1# GNU Guix --- Functional package management for GNU
6dd8ffc5 2# Copyright © 2013, 2014, 2020 Ludovic Courtès <ludo@gnu.org>
0820098d
LC		 3#
4# This file is part of GNU Guix.
5#
6# GNU Guix is free software; you can redistribute it and/or modify it
7# under the terms of the GNU General Public License as published by
8# the Free Software Foundation; either version 3 of the License, or (at
9# your option) any later version.
10#
11# GNU Guix is distributed in the hope that it will be useful, but
12# WITHOUT ANY WARRANTY; without even the implied warranty of
13# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14# GNU General Public License for more details.
15#
16# You should have received a copy of the GNU General Public License
17# along with GNU Guix. If not, see <http://www.gnu.org/licenses/>.
18
19#
20# Test the 'guix authenticate' command-line utility.
21#
22
23guix authenticate --version
24
25sig="t-signature-$$"
26hash="t-hash-$$"
27rm -f "$sig" "$hash"
28
29trap 'rm -f "$sig" "$hash"' EXIT
30
9ebc9ca0 31key="$abs_top_srcdir/tests/keys/signing-key.sec"
64cf660f
LC		 32key_len="`echo -n $key | wc -c`"
33
0820098d 34# A hexadecimal string as long as a sha256 hash.
6dd8ffc5 35hash="2749f0ea9f26c6c7be746a9cff8fa4c2f2a02b000070dba78429e9a11f87c6eb"
64cf660f 36hash_len="`echo -n $hash | wc -c`"
0820098d 37
64cf660f 38echo "sign $key_len:$key $hash_len:$hash" | guix authenticate > "$sig"
0820098d 39test -f "$sig"
64cf660f
LC		 40case "$(cat $sig)" in
41 "0 "*) ;;
42 *) echo "broken signature: $(cat $sig)"
43 exit 42;;
44esac
45
46# Remove the leading "0".
47sed -i "$sig" -e's/^0 //g'
0820098d 48
64cf660f
LC		 49hash2="$(echo verify $(cat "$sig") | guix authenticate)"
50test "$(echo $hash2 | cut -d : -f 2)" = "$hash"
9b0a2233 51
0820098d 52# Detect corrupt signatures.
64cf660f
LC		 53code="$(echo "verify 5:wrong" | guix authenticate | cut -f1 -d ' ')"
54test "$code" -ne 0
0820098d
LC		 55
56# Detect invalid signatures.
57# The signature has (payload (data ... (hash sha256 #...#))). We proceed by
58# modifying this hash.
59sed -i "$sig" \
60 -e's|#[A-Z0-9]\{64\}#|#0000000000000000000000000000000000000000000000000000000000000000#|g'
64cf660f
LC		 61code="$(echo "verify $(cat $sig)" | guix authenticate | cut -f1 -d ' ')"
62test "$code" -ne 0
6f695885 63
b911d654
LC		 64# Make sure byte strings are correctly encoded. The hash string below is
65# "café" repeated 8 times. Libgcrypt would normally choose to write it as a
66# string rather than a hex sequence. We want that string to be Latin-1
67# encoded independently of the current locale: <https://bugs.gnu.org/43421>.
68hash="636166e9636166e9636166e9636166e9636166e9636166e9636166e9636166e9"
69latin1_cafe="caf$(printf '\351')"
9ebc9ca0 70echo "sign 26:tests/keys/signing-key.sec 64:$hash" | guix authenticate \
b911d654
LC		 71 | LC_ALL=C grep "hash sha256 \"$latin1_cafe"
72
6f695885
LC		 73# Test for <http://bugs.gnu.org/17312>: make sure 'guix authenticate' produces
74# valid signatures when run in the C locale.
6dd8ffc5 75hash="5eff0b55c9c5f5e87b4e34cd60a2d5654ca1eb78c7b3c67c3179fed1cff07b4c"
6f695885
LC		 76
77LC_ALL=C
78export LC_ALL
79
64cf660f
LC		 80echo "sign $key_len:$key $hash_len:$hash" | guix authenticate > "$sig"
81
82# Remove the leading "0".
83sed -i "$sig" -e's/^0 //g'
6f695885 84
64cf660f
LC		 85echo "verify $(cat $sig)" | guix authenticate
86hash2="$(echo "verify $(cat $sig)" | guix authenticate | cut -f2 -d ' ')"
87test "$(echo $hash2 | cut -d : -f 2)" = "$hash"
jackhill's copy of GNU Guix: https://guix.gnu.org/