GNU Guixguix source archive branch, master, updated. v0.5-487-gc4202d6

guix-commits
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
GNU Guixguix source archive branch, master, updated. v0.5-487-gc4202d6

From:	Ludovic Court�s
Subject:	GNU Guixguix source archive branch, master, updated. v0.5-487-gc4202d6
Date:	Sun, 30 Mar 2014 21:42:42 +0000
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "guix source archive".

The branch, master has been updated
       via  c4202d60b21dd62f5d63112b62e5139980b44b5a (commit)
       via  bf59c06d36717178387e7451b39ba8423eadd3e8 (commit)
       via  f84f8590938e3cbcef10a51dda87f99c6c3b8b54 (commit)
       via  e903b7c1a8cc4d96653f9dd12b9b8c05a3e01bd1 (commit)
       via  52f80dfc8a1c2f116a91a20c8cefd62a317f3d36 (commit)
       via  491e6de7d65604f3f3c1d8fa0e88dfd77541db68 (commit)
       via  cdea30e061490a521f1e9c66ff870ca98ae5d7e5 (commit)
       via  00230df1074400acbcf8e80eeab5e67a3e1b3210 (commit)
       via  e9c6c58418043f36862a798389f3a7f4253f74cc (commit)
       via  24194b6b543427510766813fdce01cfb79d00651 (commit)
      from  3f5497ee10e2ae55ce25d527b7352fb6647b14c2 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit c4202d60b21dd62f5d63112b62e5139980b44b5a
Author: Ludovic CourtÃ¨s <address@hidden>
Date:   Sun Mar 30 23:37:46 2014 +0200

    doc: Document substitutes.
    
    * doc/guix.texi (Invoking guix-daemon): Add cross-reference to
      "Substitutes".
      (Features): Remove footnote about unauthenticated substitutes.  Link
      to "Substitutes".
      (Substitutes): New node.
      (Invoking guix build): Link to "Substitutes".
      (Packaging Guidelines): Likewise.

commit bf59c06d36717178387e7451b39ba8423eadd3e8
Author: Ludovic CourtÃ¨s <address@hidden>
Date:   Sun Mar 30 23:34:20 2014 +0200

    Add hydra.gnu.org's narinfo signing public key.
    
    * hydra.gnu.org.pub: New file.
    * Makefile.am (pkgdata_DATA): New variable.

commit f84f8590938e3cbcef10a51dda87f99c6c3b8b54
Author: Ludovic CourtÃ¨s <address@hidden>
Date:   Sun Mar 30 22:25:47 2014 +0200

    tests: Test the error output of 'substitute-binary'.
    
    * tests/substitute-binary.scm (test-error*): Rename to...
      (test-quit): ... this.  Add 'error-rx' parameter and honor it.
      ("not a number", "wrong version number", "substitute, no signature",
      "substitute, invalid hash", "substitute, unauthorized key"): Adjust
      accordingly.

commit e903b7c1a8cc4d96653f9dd12b9b8c05a3e01bd1
Author: Ludovic CourtÃ¨s <address@hidden>
Date:   Sun Mar 30 22:11:22 2014 +0200

    tests: Add more signed substitute tests.
    
    * tests/substitute-binary.scm (%narinfo): Set 'URL', 'Compression', and
      'NarHash'.
      (call-with-narinfo): Create 'example.out' and 'example.nar'.
      ("query narinfo without signature", "substitute, no signature",
      "substitute, authorized key"): New tests.

commit 52f80dfc8a1c2f116a91a20c8cefd62a317f3d36
Author: Ludovic CourtÃ¨s <address@hidden>
Date:   Sun Mar 30 21:35:22 2014 +0200

    tests: Simplify 'substitute-binary' tests; reduce use of global variables.
    
    * tests/substitute-binary.scm (signature-body): Change 'str' parameter
      to 'bv', and expect it to be a bytevector.
      (%signature-body, %wrong-signature, %acl): Remove.
      (signature): Rename to...
      (signature-field): ... this.  Add 'bv-or-str' parameter.  Change 'str'
      parameter to #:version.  Add #:public-key parameter.  Call
      'signature-body' directly.  Change domain part of the signature to
      'example.gnu.org'.
      ("not a number", "wrong version number", "valid
      narinfo-signature->canonical-sexp"): Use 'signature-field' instead of
      'signature' or %SIGNATURE.
      (test-error-condition): Add 'message-rx' parameter and honor it.
      ("corrupt signature data", "unauthorized public key", "invalid
      signature"): Adjust accordingly.
      (narinfo, %signed-narinfo): Remove.
      ("query narinfo with invalid hash"): Use '%narinfo' and
      'signature-field' instead of 'narinfo' and '%signature'.
      ("query narinfo signed with authorized key", "query narinfo signed
      with unauthorized key", "substitute, invalid hash", "substitute,
      unauthorized key"): Likewise.

commit 491e6de7d65604f3f3c1d8fa0e88dfd77541db68
Author: Ludovic CourtÃ¨s <address@hidden>
Date:   Sun Mar 30 16:01:58 2014 +0200

    tests: Make sure the daemon reports substitute hash mismatches.
    
    * tests/store.scm ("substitute, corrupt output hash"): New test.

commit cdea30e061490a521f1e9c66ff870ca98ae5d7e5
Author: Ludovic CourtÃ¨s <address@hidden>
Date:   Sun Mar 30 22:29:35 2014 +0200

    substitute-binary: Defer narinfo authentication and authorization checks.
    
    * guix/scripts/substitute-binary.scm (narinfo-signature->canonical-sexp):
      Catch 'gcry-error' around 'string->canonical-sexp' call, and re-raise
      as a SRFI-35 &message and &nar-signature-error.
      (narinfo-maker): Handle when SIGNATURE is #f or an invalid canonical
      sexp.
      (&nar-signature-error, &nar-invalid-hash-error): New variables.
      (assert-valid-signature): Use them.  Expect 'signature' to be a
      canonical sexp.
      (read-narinfo): Remove authentication and authorization checks.
      (%signature-line-rx): New variable.
      (assert-valid-narinfo, valid-narinfo?): New procedures.
      (guix-substitute-binary): Wrap body in 'with-error-handling'.
      [valid?]: New procedure.
      <--query>: Show only store items of narinfos that match
      'valid-narinfo?'.
      <--substitute>: Call 'assert-valid-narinfo'.
    * tests/substitute-binary.scm (test-error*): Use 'test-equal'.
      (%keypair): Remove.
      (%public-key, %private-key): Load from signing-key.{pub,sec}.
      (signature-body): Add #:public-key parameter.
      (call-with-narinfo): New procedure.
      (with-narinfo): New macro.
      ("corrupt signature data", "unauthorized public key", "invalid
      signature"): Make the first argument to 'assert-valid-signature' a
      canonical sexp.
      ("invalid hash", "valid read-narinfo", "valid write-narinfo"):
      Remove.
      ("query narinfo with invalid hash", "query narinfo signed with
      authorized key", "query narinfo signed with unauthorized key",
      "substitute, invalid hash", "substitute, unauthorized key"): New
      tests.

commit 00230df1074400acbcf8e80eeab5e67a3e1b3210
Author: Ludovic CourtÃ¨s <address@hidden>
Date:   Wed Mar 26 23:31:31 2014 +0100

    substitute-binary: Store the cache's URI in the local cached narinfo.
    
    * guix/scripts/substitute-binary.scm (<narinfo>)[uri-base]: New field.
      (narinfo-maker): Pass CACHE-URL as the 'uri-base' value.
      (string->narinfo): Add 'cache-uri' parameter.
      (lookup-narinfo)[cache-entry]: Switch to version 1.  Add 'cache-uri'
      field.  Adjust body accordingly.
      (remove-expired-cached-narinfos): Switch to version 1 by default.

commit e9c6c58418043f36862a798389f3a7f4253f74cc
Author: Nikita Karetnikov <address@hidden>
Date:   Sat Mar 29 00:06:41 2014 +0100

    substitute-binary: Support the Signature field of a narinfo file.
    
    * guix/scripts/substitute-binary.scm (<narinfo>): Add the 'signature'
      and 'contents' fields.
      (narinfo-signature->canonical-sexp): New function.
      (narinfo-maker): Add the 'signature' argument and use it.
      (assert-valid-signature): New function.
      (read-narinfo): Support the Signature field.
      (write-narinfo): Use 'narinfo-contents'.
      (%allow-unauthenticated-substitutes?): New variable.
    * guix/base64.scm, tests/base64.scm, tests/substitute-binary.scm: New files.
    * Makefile.am (SCM_TESTS): Add tests/base64.scm and
      tests/substitute-binary.scm.
      (MODULES): Add guix/base64.scm.
    * test-env.in: Set 'GUIX_ALLOW_UNAUTHENTICATED_SUBSTITUTES'.

commit 24194b6b543427510766813fdce01cfb79d00651
Author: Nikita Karetnikov <address@hidden>
Date:   Sat Mar 15 11:46:16 2014 +0000

    nar: Clarify that 'assert-valid-signature' accepts a string.
    
    * guix/nar.scm (assert-valid-signature): Improve the wording.

-----------------------------------------------------------------------

Summary of changes:
 Makefile.am                        |    5 +
 doc/guix.texi                      |  125 ++++++++++--
 guix/base64.scm                    |  212 ++++++++++++++++++
 guix/nar.scm                       |    5 +-
 guix/scripts/substitute-binary.scm |  421 +++++++++++++++++++++++-------------
 hydra.gnu.org.pub                  |    6 +
 test-env.in                        |    5 +
 tests/base64.scm                   |   59 +++++
 tests/store.scm                    |   58 +++++
 tests/substitute-binary.scm        |  322 +++++++++++++++++++++++++++
 10 files changed, 1056 insertions(+), 162 deletions(-)
 create mode 100644 guix/base64.scm
 create mode 100644 hydra.gnu.org.pub
 create mode 100644 tests/base64.scm
 create mode 100644 tests/substitute-binary.scm


hooks/post-receive
-- 
guix source archive
[Prev in Thread]
Current Thread
[Next in Thread]
GNU Guixguix source archive branch, master, updated. v0.5-487-gc4202d6, Ludovic Court�s <=
Prev by Date: GNU Guixguix source archive branch, master, updated. v0.5-477-g3f5497e
Next by Date: GNU Guixguix source archive branch, wip-signed-archives, deleted. v0.5-478-ged15f75
Previous by thread: GNU Guixguix source archive branch, master, updated. v0.5-477-g3f5497e
Next by thread: GNU Guixguix source archive branch, wip-signed-archives, deleted. v0.5-478-ged15f75
Index(es):
- Date
- Thread