From mboxrd@z Thu Jan 1 00:00:00 1970 From: ludo@gnu.org (Ludovic =?utf-8?Q?Court=C3=A8s?=) Subject: Re: Signed archives (preliminary patch) Date: Mon, 31 Mar 2014 23:54:37 +0200 Message-ID: <87r45i590i.fsf@gnu.org> References: <87txcqesqv.fsf@karetnikov.org> <87eh3ure1r.fsf@gnu.org> <87bnyyiv2u.fsf_-_@karetnikov.org> <87ha8qo7rl.fsf@gnu.org> <8761p5jv1g.fsf@karetnikov.org> <87r47tfmes.fsf@gnu.org> <8738k0pj8c.fsf@karetnikov.org> <874n4fnhs7.fsf@gnu.org> <87ppmigld8.fsf@karetnikov.org> <87y514dv2u.fsf@gnu.org> <87y50wffjy.fsf_-_@karetnikov.org> <874n3kp46f.fsf@gnu.org> <87lhwqsxjr.fsf@karetnikov.org> <87bnxl62ws.fsf@gnu.org> <87k3c4joyt.fsf@karetnikov.org> <87a9cz9f1k.fsf@gnu.org> Mime-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Return-path: Received: from eggs.gnu.org ([2001:4830:134:3::10]:34182) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1WUkAG-0005qu-TV for guix-devel@gnu.org; Mon, 31 Mar 2014 17:54:49 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1WUkAC-0003Oa-Dm for guix-devel@gnu.org; Mon, 31 Mar 2014 17:54:44 -0400 Received: from hera.aquilenet.fr ([2a01:474::1]:54319) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1WUkAC-0003OV-01 for guix-devel@gnu.org; Mon, 31 Mar 2014 17:54:40 -0400 In-Reply-To: <87a9cz9f1k.fsf@gnu.org> ("Ludovic \=\?utf-8\?Q\?Court\=C3\=A8s\=22'\?\= \=\?utf-8\?Q\?s\?\= message of "Sun, 09 Mar 2014 23:35:03 +0100") List-Id: "Development of GNU Guix and the GNU System distribution." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org Sender: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org To: Nikita Karetnikov Cc: guix-devel@gnu.org ludo@gnu.org (Ludovic Court=C3=A8s) skribis: > Nikita Karetnikov skribis: [...] >> + (raise (condition (&message (message "invalid hash")) >> + (&nar-invalid-hash-error >> + (port port) (file file) >> + (signature signature) >> + (expected (hash-data->bytevector dat= a)) >> + (actual hash))))) >> + (raise (condition (&message (message "unauthorized public k= ey")) >> + (&nar-signature-error >> + (signature signature) (file file) (port = port))))) >> + (raise (condition >> + (&message (message "corrupt signature data")) >> + (&nar-signature-error >> + (signature signature) (file file) (port port))))))) > > Actually, the problem with making =E2=80=98assert-valid-signature=E2=80= =99 public is > that it raises &nar error conditions. > > It could be changed to raise a more generic &signature-error, but then > =E2=80=98restore-file-set=E2=80=99 would have to guard against it to re-t= hrow it along > with a &nar-error (making a compound condition.) And then ui.scm would > figure it out. Blech. > > It=E2=80=99s worth factorizing, but I don=E2=80=99t see how to do it nice= ly. Thoughts? I ended up introducing a =E2=80=98signature-case=E2=80=99 macro in 81deef2.= It simplifies code, and fails to compile unless all the cases are covered. In (guix scripts substitute-binary), the result looks like this: (define* (assert-valid-signature narinfo signature hash #:optional (acl (current-acl))) (let ((uri (uri->string (narinfo-uri narinfo)))) (signature-case (signature hash acl) (valid-signature #t) (invalid-signature (leave (_ "invalid signature for '~a'~%") uri)) (hash-mismatch (leave (_ "hash mismatch for '~a'~%") uri)) (unauthorized-key (leave (_ "'~a' is signed with an unauthorized key~%") uri)) (corrupt-signature (leave (_ "signature on '~a' is corrupt~%") uri))))) Ludo=E2=80=99.