TakeV
/
guix
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

pki: 'public-keys->acl' deduplicates entries. 

Reported by Tobias Geerinckx-Rice <me@tobias.gr>
in <https://issues.guix.gnu.org/50892>.

* guix/pki.scm (public-keys->acl): Add call to 'delete-duplicates'.
* tests/pki.scm ("public-keys->acl deduplication"): New test.
This commit is contained in:
Ludovic Courtès 2022-12-12 14:55:32 +01:00
parent 94e9651241
commit 3677b97030
No known key found for this signature in database
GPG Key ID: 090B11993D9AEBB5
2 changed files with 10 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
guix/pki.scm
View File

@ -1,5 +1,5 @@
;;; GNU Guix --- Functional package management for GNU
;;; Copyright © 2013, 2014, 2016 Ludovic Courtès <ludo@gnu.org>
;;; Copyright © 2013, 2014, 2016, 2022 Ludovic Courtès <ludo@gnu.org>
;;;
;;; This file is part of GNU Guix.
;;;
@ -21,6 +21,7 @@
#:use-module (gcrypt pk-crypto)
#:use-module ((guix utils) #:select (with-atomic-file-output))
#:use-module ((guix build utils) #:select (mkdir-p))
#:autoload (srfi srfi-1) (delete-duplicates)
#:use-module (ice-9 match)
#:use-module (ice-9 rdelim)
#:use-module (ice-9 binary-ports)
@ -61,9 +62,10 @@ element in KEYS must be a canonical sexp with type 'public-key'."
;; want to have name certificates and to use subject names instead of
;; complete keys.
`(acl ,@(map (lambda (key)
`(entry ,(canonical-sexp->sexp key)
`(entry ,key
(tag (guix import))))
keys)))
(delete-duplicates
(map canonical-sexp->sexp keys)))))
(define %acl-file
(string-append %config-directory "/acl"))

6
tests/pki.scm
View File

@ -1,5 +1,5 @@
;;; GNU Guix --- Functional package management for GNU
;;; Copyright © 2013, 2014 Ludovic Courtès <ludo@gnu.org>
;;; Copyright © 2013, 2014, 2022 Ludovic Courtès <ludo@gnu.org>
;;;
;;; This file is part of GNU Guix.
;;;
@ -66,6 +66,10 @@
(test-assert "authorized-key? public-key singleton"
(authorized-key? %public-key (public-keys->acl (list %public-key))))
(test-equal "public-keys->acl deduplication"
(public-keys->acl (list %public-key))
(public-keys->acl (make-list 10 %public-key)))
(test-assert "signature-case valid-signature"
(let* ((hash (sha256 #vu8(1 2 3)))
(data (bytevector->hash-data hash #:key-type (key-type %public-key)))