From: ludo@gnu.org (Ludovic Courtès)
To: Nikita Karetnikov <nikita@karetnikov.org>
Cc: guix-devel@gnu.org
Subject: Re: Signed archives (preliminary patch)
Date: Sun, 09 Mar 2014 23:35:03 +0100 [thread overview]
Message-ID: <87a9cz9f1k.fsf@gnu.org> (raw)
In-Reply-To: <87k3c4joyt.fsf@karetnikov.org> (Nikita Karetnikov's message of "Sun, 09 Mar 2014 02:38:18 +0400")
Nikita Karetnikov <nikita@karetnikov.org> skribis:
> I think the current docstring of ‘assert-valid-signature’ is not correct
> since ‘signature’ must be a string (as produced by
> ‘canonical-sexp->string’), not an sexp.
In guix/nar.scm, the comment is:
(define (assert-valid-signature signature hash file)
;; Bail out if SIGNATURE, an sexp, doesn't match HASH, a bytevector
;; containing the expected hash for FILE.
and indeed, SIGNATURE must be a string here.
> Similarly, the “signature is not a valid s-expression” and “corrupt
> signature data” messages are a bit confusing due to the way
> ‘string->canonical-sexp’ works (try ‘string->canonical-sexp "foo"’).
> But I may be wrong about the latter.
Ah right, you could get “corrupt signature data” when
(string->canonical-sexp signature) returns the null canonical sexp,
whereas you’d want “not a valid s-expression”.
Well, we can fix that in a separate patch if you want.
> +(define* (assert-valid-signature signature hash port
> + #:optional (acl (current-acl)))
> + ;; Bail out if SIGNATURE, a string, doesn't match HASH, a bytevector
> + ;; containing the expected hash for PORT.
Make it a docstring.
Also, please make this change a separate patch.
> + (let* ((file (port-filename port))
I don’t think this will work, because most of the time PORT is a pipe
(an input port), whereas FILE is supposed to be the name of the file
being restored.
> + (raise (condition (&message (message "invalid hash"))
> + (&nar-invalid-hash-error
> + (port port) (file file)
> + (signature signature)
> + (expected (hash-data->bytevector data))
> + (actual hash)))))
> + (raise (condition (&message (message "unauthorized public key"))
> + (&nar-signature-error
> + (signature signature) (file file) (port port)))))
> + (raise (condition
> + (&message (message "corrupt signature data"))
> + (&nar-signature-error
> + (signature signature) (file file) (port port)))))))
Actually, the problem with making ‘assert-valid-signature’ public is
that it raises &nar error conditions.
It could be changed to raise a more generic &signature-error, but then
‘restore-file-set’ would have to guard against it to re-throw it along
with a &nar-error (making a compound condition.) And then ui.scm would
figure it out. Blech.
It’s worth factorizing, but I don’t see how to do it nicely. Thoughts?
> +(define (parse-signature str)
> + "Return the value of a narinfo's 'Signature' field as a canonical sexp."
I don’t remember if I said it before, but I’d prefer a name like
‘narinfo-signature->canonical-sexp’.
> +(define* (read-narinfo port #:optional url (acl (current-acl)))
> + "Read a narinfo from PORT. If URL is true, it must be a string used to
> +build full URIs from relative URIs found while reading PORT."
> + (let* ((str (begin (set-port-encoding! port "UTF-8")
> + (get-string-all port)))
Rather set the encoding when PORT is created, or use
(utf8->string (get-bytevector-all port))
That’s it.
Did I miss something?
Thanks,
Ludo’.
next prev parent reply other threads:[~2014-03-09 22:35 UTC|newest]
Thread overview: 34+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-01-26 14:13 ‘guix archive’ doesn’t work over ‘./pre-inst-env’ Nikita Karetnikov
2014-01-26 14:52 ` Ludovic Courtès
2014-01-26 16:09 ` Signed archives (was: ‘guix archive’ doesn’t work over ‘./pre-inst-env’) Nikita Karetnikov
2014-01-26 19:36 ` Signed archives Ludovic Courtès
2014-01-27 15:36 ` Nikita Karetnikov
2014-01-27 15:56 ` Ludovic Courtès
2014-02-03 10:45 ` Nikita Karetnikov
2014-02-04 13:12 ` Ludovic Courtès
2014-02-20 9:54 ` Nikita Karetnikov
2014-02-21 21:17 ` Ludovic Courtès
2014-02-27 20:48 ` Signed archives (preliminary patch) Nikita Karetnikov
2014-02-27 22:43 ` Ludovic Courtès
2014-02-28 9:21 ` Mark H Weaver
2014-02-28 10:37 ` Ludovic Courtès
2014-02-28 18:46 ` Nikita Karetnikov
2014-02-28 21:22 ` Nikita Karetnikov
2014-02-28 22:05 ` Ludovic Courtès
2014-03-03 22:54 ` Nikita Karetnikov
2014-03-04 21:59 ` Ludovic Courtès
2014-03-08 22:38 ` Nikita Karetnikov
2014-03-08 22:46 ` Nikita Karetnikov
2014-03-09 17:22 ` Ludovic Courtès
2014-03-09 22:35 ` Ludovic Courtès [this message]
2014-03-11 9:51 ` Nikita Karetnikov
2014-03-12 11:57 ` Nikita Karetnikov
2014-03-12 14:25 ` Ludovic Courtès
2014-03-12 23:37 ` [PATCH 2/2] guix substitute-binary: Support the Signature field of a narinfo file. (was: Signed archives (preliminary patch)) Nikita Karetnikov
2014-03-13 21:38 ` [PATCH 2/2] guix substitute-binary: Support the Signature field of a narinfo file Ludovic Courtès
2014-03-13 21:55 ` Nikita Karetnikov
2014-03-13 22:53 ` Ludovic Courtès
2014-03-15 12:24 ` Nikita Karetnikov
2014-03-31 21:54 ` Signed archives (preliminary patch) Ludovic Courtès
2014-02-21 22:10 ` Applying the GPG web-of-trust to Guix (was Re: Signed archives) Mark H Weaver
2014-02-21 23:10 ` Ludovic Courtès
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87a9cz9f1k.fsf@gnu.org \
--to=ludo@gnu.org \
--cc=guix-devel@gnu.org \
--cc=nikita@karetnikov.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this external index
https://git.savannah.gnu.org/cgit/guix.git
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.