HCoop Git - jackhill/guix/guix.git/commit - tests/guix-authenticate.sh

author	Ludovic Courtès <ludo@gnu.org>
	Fri, 11 Sep 2020 10:51:36 +0000 (12:51 +0200)
committer	Ludovic Courtès <ludo@gnu.org>
	Mon, 14 Sep 2020 13:42:55 +0000 (15:42 +0200)
commit	64cf660f872fb7aaf0d2b463e45b4c756297f743
tree	e1fdd38b1a704915b4df4cd0b7db6669bd7b77dc	tree \| snapshot (tar.gz zip)
parent	ee9dff34f9317509cb2b833d07a0d5e01a36a4ae	commit \| diff

daemon: Spawn 'guix authenticate' once for all.

Previously, we'd spawn 'guix authenticate' once for each item that has
to be signed (when exporting) or authenticated (when importing).  Now,
we spawn it once for all and then follow a request/reply protocol.  This
reduces the wall-clock time of:

  guix archive --export -r $(guix build coreutils -d)

from 30s to 2s.

* guix/scripts/authenticate.scm (sign-with-key): Return the signature
instead of displaying it.  Raise a &formatted-message instead of calling
'leave'.
(validate-signature): Likewise.
(read-command): New procedure.
(define-enumerate-type, reply-code): New macros.
(guix-authenticate)[send-reply]: New procedure.
Change to read commands from current-input-port.
* nix/libstore/local-store.cc (runAuthenticationProgram): Remove.
(authenticationAgent, readInteger, readAuthenticateReply): New
functions.
(signHash, verifySignature): Rewrite in terms of the agent.
* tests/store.scm ("import not signed"): Remove 'pk' call.
("import signed by unauthorized key"): Check the error message of C.
* tests/guix-authenticate.sh: Rewrite using the new protocol.

fixlet

guix/scripts/authenticate.scm		diff \| blob \| blame \| history
nix/libstore/local-store.cc		diff \| blob \| blame \| history
tests/guix-authenticate.sh		diff \| blob \| blame \| history
tests/store.scm		diff \| blob \| blame \| history