authenticate: Allow signatures with binary data to be written to stdout.

Fixes <http://bugs.gnu.org/17312>. * guix/scripts/authenticate.scm (guix-authenticate): Add calls to 'set-port-encoding!' and 'set-port-conversion-strategy!'. Wrap body in 'with-fluids' form that sets '%default-port-encoding' and '%default-port-conversion-strategy'. * tests/guix-authenticate.sh: Add test. * tests/pk-crypto.scm ("hash corrupt due to restrictive locale encoding"): Add reference to bug.
8 years ago · 6f69588529
3 changed files with 54 additions and 24 deletions
--- a/guix/scripts/authenticate.scm
+++ b/guix/scripts/authenticate.scm
@ -89,30 +89,39 @@ to stdout upon success."
 ;;;

 (define (guix-authenticate . args)
-  (match args
-    ;; As invoked by guix-daemon.
-    (("rsautl" "-sign" "-inkey" key "-in" hash-file)
-     (call-with-input-file hash-file
-       (lambda (port)
-         (sign-with-key key port))))
-    ;; As invoked by Nix/Crypto.pm (used by Hydra.)
-    (("rsautl" "-sign" "-inkey" key)
-     (sign-with-key key (current-input-port)))
-    ;; As invoked by guix-daemon.
-    (("rsautl" "-verify" "-inkey" _ "-pubin" "-in" signature-file)
-     (call-with-input-file signature-file
-       (lambda (port)
-         (validate-signature port))))
-    ;; As invoked by Nix/Crypto.pm (used by Hydra.)
-    (("rsautl" "-verify" "-inkey" _ "-pubin")
-     (validate-signature (current-input-port)))
-    (("--help")
-     (display (_ "Usage: guix authenticate OPTION...
+  ;; Signature sexps written to stdout may contain binary data, so force
+  ;; ISO-8859-1 encoding so that things are not mangled.  See
+  ;; <http://bugs.gnu.org/17312> for details.
+  (set-port-encoding! (current-output-port) "ISO-8859-1")
+  (set-port-conversion-strategy! (current-output-port) 'error)
+
+  ;; Same goes for input ports.
+  (with-fluids ((%default-port-encoding "ISO-8859-1")
+                (%default-port-conversion-strategy 'error))
+    (match args
+      ;; As invoked by guix-daemon.
+      (("rsautl" "-sign" "-inkey" key "-in" hash-file)
+       (call-with-input-file hash-file
+         (lambda (port)
+           (sign-with-key key port))))
+      ;; As invoked by Nix/Crypto.pm (used by Hydra.)
+      (("rsautl" "-sign" "-inkey" key)
+       (sign-with-key key (current-input-port)))
+      ;; As invoked by guix-daemon.
+      (("rsautl" "-verify" "-inkey" _ "-pubin" "-in" signature-file)
+       (call-with-input-file signature-file
+         (lambda (port)
+           (validate-signature port))))
+      ;; As invoked by Nix/Crypto.pm (used by Hydra.)
+      (("rsautl" "-verify" "-inkey" _ "-pubin")
+       (validate-signature (current-input-port)))
+      (("--help")
+       (display (_ "Usage: guix authenticate OPTION...
 Sign or verify the signature on the given file.  This tool is meant to
 be used internally by 'guix-daemon'.\n")))
-    (("--version")
-     (show-version-and-exit "guix authenticate"))
-    (else
-     (leave (_ "wrong arguments")))))
+      (("--version")
+       (show-version-and-exit "guix authenticate"))
+      (else
+       (leave (_ "wrong arguments"))))))

 ;;; authenticate.scm ends here
--- a/tests/guix-authenticate.sh
+++ b/tests/guix-authenticate.sh
@ -72,3 +72,24 @@ if guix authenticate rsautl -verify				\
 then false
 else true
 fi
+
+
+# Test for <http://bugs.gnu.org/17312>: make sure 'guix authenticate' produces
+# valid signatures when run in the C locale.
+echo "5eff0b55c9c5f5e87b4e34cd60a2d5654ca1eb78c7b3c67c3179fed1cff07b4c" \
+    > "$hash"
+
+LC_ALL=C
+export LC_ALL
+
+guix authenticate rsautl -sign				\
+    -inkey "$abs_top_srcdir/tests/signing-key.sec"	\
+    -in "$hash" > "$sig"
+
+guix authenticate rsautl -verify			\
+        -inkey "$abs_top_srcdir/tests/signing-key.pub"	\
+        -pubin -in "$sig"
+hash2="`guix authenticate rsautl -verify		\
+          -inkey $abs_top_srcdir/tests/signing-key.pub	\
+          -pubin -in $sig`"
+test "$hash2" = `cat "$hash"`
--- a/tests/pk-crypto.scm
+++ b/tests/pk-crypto.scm
@ -153,7 +153,7 @@
    ;; In Guix up to 0.6 included this test would fail because at some point
    ;; the hash value would be cropped to ASCII.  In practice 'guix
    ;; authenticate' would produce invalid signatures that would fail
-    ;; signature verification.
+    ;; signature verification.  See <http://bugs.gnu.org/17312>.
    (let ((locale (setlocale LC_ALL)))
     (dynamic-wind
       (lambda ()