return runProgram(settings.guixProgram, false, fullArgs);
}
+/* Sign HASH with the key stored in file SECRETKEY. Return the signature as a
+ string, or raise an exception upon error. */
+static std::string signHash(const string &secretKey, const Hash &hash)
+{
+ Strings args;
+ args.push_back("sign");
+ args.push_back(secretKey);
+ args.push_back(printHash(hash));
+
+ return runAuthenticationProgram(args);
+}
+
+/* Verify SIGNATURE and return the base16-encoded hash over which it was
+ computed. */
+static std::string verifySignature(const string &signature)
+{
+ Path tmpDir = createTempDir("", "guix", true, true, 0700);
+ AutoDelete delTmp(tmpDir);
+
+ Path sigFile = tmpDir + "/sig";
+ writeFile(sigFile, signature);
+
+ Strings args;
+ args.push_back("verify");
+ args.push_back(sigFile);
+ return runAuthenticationProgram(args);
+}
+
void LocalStore::exportPath(const Path & path, bool sign,
Sink & sink)
{
Path secretKey = settings.nixConfDir + "/signing-key.sec";
checkSecrecy(secretKey);
- Strings args;
- args.push_back("sign");
- args.push_back(secretKey);
- args.push_back(printHash(hash));
-
- string signature = runAuthenticationProgram(args);
+ string signature = signHash(secretKey, hash);
writeString(signature, hashAndWriteSink);
string signature = readString(hashAndReadSource);
if (requireSignature) {
- Path sigFile = tmpDir + "/sig";
- writeFile(sigFile, signature);
-
- Strings args;
- args.push_back("verify");
- args.push_back(sigFile);
- string hash2 = runAuthenticationProgram(args);
+ string hash2 = verifySignature(signature);
/* Note: runProgram() throws an exception if the signature
is invalid. */