HCoop / jackhill / guix / guix.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 6b34499) | patch
substitute: Ignore irrelevant narinfo signatures.
authorLudovic Courtès <ludo@gnu.org>
Thu, 13 Dec 2018 18:45:47 +0000 (19:45 +0100)
committerLudovic Courtès <ludo@gnu.org>
Thu, 13 Dec 2018 23:02:59 +0000 (00:02 +0100)
commit60b04024f8823192b74c1ed5b14f318049865ac7
treef7473e247c3d6f926d757b316b00216523800a86tree | snapshot (tar.gz zip)
parent6b34499dc62a55283dabd04c39f9b4d53fcf13c8commit | diff
substitute: Ignore irrelevant narinfo signatures.

Fixes <https://bugs.gnu.org/33733>.

Fixes a bug whereby 'guix substitute' would accept narinfos whose
signature does not cover the StorePath/NarHash/References tuple.

* guix/scripts/substitute.scm (narinfo-sha256)[%mandatory-fields]: New
variable.
Compute SIGNED-FIELDS; return #f unless each of the %MANDATORY-FIELDS
is among SIGNED-FIELDS.
 * tests/substitute.scm ("query narinfo with signature over nothing")
("query narinfo with signature over irrelevant bits"): New tests.
guix/scripts/substitute.scm diff | blob | blame | history
tests/substitute.scm diff | blob | blame | history
jackhill's copy of GNU Guix: https://guix.gnu.org/