From 0ac2a0fd1813fb5c04b22f6443d8f8a96d3c9645 Mon Sep 17 00:00:00 2001 From: Ludovic Courtès Date: Fri, 19 Dec 2025 09:34:47 +0100 Subject: authenticate: Report failure to load keys to the daemon. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Previously, when failing to load a signing key, ‘guix authenticate’ would print a backtrace and exit with a non-zero code. That, in turn, would lead the guix-daemon child process to crash with: nix/libutil/serialise.cc:15: virtual nix::BufferedSink::~BufferedSink(): Assertion `!bufPos' failed. This patch fixes it by reporting the error to the daemon as was intended. * guix/scripts/authenticate.scm (guix-authenticate): Arrange to call ‘load-key-pair’ from within ‘with-reply’. * tests/guix-authenticate.sh: Test it. Fixes: guix/guix#4928 Reported-by: Rutherther Change-Id: I8654ad6fdfbe18c55e1e85647d0c49f408d0574a Signed-off-by: Ludovic Courtès Merges: #4961 --- tests/guix-authenticate.sh | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) (limited to 'tests') diff --git a/tests/guix-authenticate.sh b/tests/guix-authenticate.sh index 0de6da1878..ddd39d09c4 100644 --- a/tests/guix-authenticate.sh +++ b/tests/guix-authenticate.sh @@ -1,5 +1,5 @@ # GNU Guix --- Functional package management for GNU -# Copyright © 2013, 2014, 2020 Ludovic Courtès +# Copyright © 2013, 2014, 2020, 2025 Ludovic Courtès # # This file is part of GNU Guix. # @@ -85,3 +85,8 @@ sed -i "$sig" -e's/^0 //g' echo "verify $(cat $sig)" | guix authenticate hash2="$(echo "verify $(cat $sig)" | guix authenticate | cut -f2 -d ' ')" test "$(echo $hash2 | cut -d : -f 2)" = "$hash" + +# Make sure an error is properly reported for unreadable key pairs, with exit +# code zero (the process would keep running commands on standard input). +echo "sign 9:/dev/null $hash_len:$hash" | guix authenticate +test $(echo "sign 9:/dev/null $hash_len:$hash" | guix authenticate | cut -f1 -d ' ') = 500 -- cgit v1.3