pki: 'public-keys->acl' deduplicates entries.
Reported by Tobias Geerinckx-Rice <me@tobias.gr> in <https://issues.guix.gnu.org/50892>. * guix/pki.scm (public-keys->acl): Add call to 'delete-duplicates'. * tests/pki.scm ("public-keys->acl deduplication"): New test.
parent
94e9651241
commit
3677b97030
|
@ -1,5 +1,5 @@
|
||||||
;;; GNU Guix --- Functional package management for GNU
|
;;; GNU Guix --- Functional package management for GNU
|
||||||
;;; Copyright © 2013, 2014, 2016 Ludovic Courtès <ludo@gnu.org>
|
;;; Copyright © 2013, 2014, 2016, 2022 Ludovic Courtès <ludo@gnu.org>
|
||||||
;;;
|
;;;
|
||||||
;;; This file is part of GNU Guix.
|
;;; This file is part of GNU Guix.
|
||||||
;;;
|
;;;
|
||||||
|
@ -21,6 +21,7 @@
|
||||||
#:use-module (gcrypt pk-crypto)
|
#:use-module (gcrypt pk-crypto)
|
||||||
#:use-module ((guix utils) #:select (with-atomic-file-output))
|
#:use-module ((guix utils) #:select (with-atomic-file-output))
|
||||||
#:use-module ((guix build utils) #:select (mkdir-p))
|
#:use-module ((guix build utils) #:select (mkdir-p))
|
||||||
|
#:autoload (srfi srfi-1) (delete-duplicates)
|
||||||
#:use-module (ice-9 match)
|
#:use-module (ice-9 match)
|
||||||
#:use-module (ice-9 rdelim)
|
#:use-module (ice-9 rdelim)
|
||||||
#:use-module (ice-9 binary-ports)
|
#:use-module (ice-9 binary-ports)
|
||||||
|
@ -61,9 +62,10 @@ element in KEYS must be a canonical sexp with type 'public-key'."
|
||||||
;; want to have name certificates and to use subject names instead of
|
;; want to have name certificates and to use subject names instead of
|
||||||
;; complete keys.
|
;; complete keys.
|
||||||
`(acl ,@(map (lambda (key)
|
`(acl ,@(map (lambda (key)
|
||||||
`(entry ,(canonical-sexp->sexp key)
|
`(entry ,key
|
||||||
(tag (guix import))))
|
(tag (guix import))))
|
||||||
keys)))
|
(delete-duplicates
|
||||||
|
(map canonical-sexp->sexp keys)))))
|
||||||
|
|
||||||
(define %acl-file
|
(define %acl-file
|
||||||
(string-append %config-directory "/acl"))
|
(string-append %config-directory "/acl"))
|
||||||
|
|
|
@ -1,5 +1,5 @@
|
||||||
;;; GNU Guix --- Functional package management for GNU
|
;;; GNU Guix --- Functional package management for GNU
|
||||||
;;; Copyright © 2013, 2014 Ludovic Courtès <ludo@gnu.org>
|
;;; Copyright © 2013, 2014, 2022 Ludovic Courtès <ludo@gnu.org>
|
||||||
;;;
|
;;;
|
||||||
;;; This file is part of GNU Guix.
|
;;; This file is part of GNU Guix.
|
||||||
;;;
|
;;;
|
||||||
|
@ -66,6 +66,10 @@
|
||||||
(test-assert "authorized-key? public-key singleton"
|
(test-assert "authorized-key? public-key singleton"
|
||||||
(authorized-key? %public-key (public-keys->acl (list %public-key))))
|
(authorized-key? %public-key (public-keys->acl (list %public-key))))
|
||||||
|
|
||||||
|
(test-equal "public-keys->acl deduplication"
|
||||||
|
(public-keys->acl (list %public-key))
|
||||||
|
(public-keys->acl (make-list 10 %public-key)))
|
||||||
|
|
||||||
(test-assert "signature-case valid-signature"
|
(test-assert "signature-case valid-signature"
|
||||||
(let* ((hash (sha256 #vu8(1 2 3)))
|
(let* ((hash (sha256 #vu8(1 2 3)))
|
||||||
(data (bytevector->hash-data hash #:key-type (key-type %public-key)))
|
(data (bytevector->hash-data hash #:key-type (key-type %public-key)))
|
||||||
|
|
Reference in New Issue