‘guix authenticate’ failure in C locale
(address . bug-guix@gnu.org)
As seen in http://hydra.gnu.org/build/54212, ‘guix authenticate’ could
fail when running in the C locale (as is the case on hydra.gnu.org):
Toggle snippet (8 lines)
@ build-started /gnu/store/639n30wn56fsnvxnp5sv4nxshxdsym32-gmp-6.0.0a.drv - x86_64-linux /nix/var/log/guix/drvs/63//9n30wn56fsnvxnp5sv4nxshxdsym32-gmp-6.0.0a.drv
sending 2 store files to 'hydra.gnunet.org'...
importing path `/gnu/store/hyr8lvpbl2lbbkvr5v1qa25895bpcxls-gmp-6.0.0a-guile-builder'
guix archive: error: build failed: program `guix-authenticate' failed with exit code 1
builder for `/gnu/store/639n30wn56fsnvxnp5sv4nxshxdsym32-gmp-6.0.0a.drv' failed to produce output path `/gnu/store/6va1dygagfrlc1xqy71ckawh4cymrl4h-gmp-6.0.0a-debug'
@ hook-failed /gnu/store/639n30wn56fsnvxnp5sv4nxshxdsym32-gmp-6.0.0a.drv - 0 builder for `/gnu/store/639n30wn56fsnvxnp5sv4nxshxdsym32-gmp-6.0.0a.drv' failed to produce output path `/gnu/store/6va1dygagfrlc1xqy71ckawh4cymrl4h-gmp-6.0.0a-debug'
The problem was that it could in some cases produce a signature sexp
with an invalid hash value. For example:
guix archive --export /gnu/store/hyr8lvpbl2lbbkvr5v1qa25895bpcxls-gmp-6.0.0a-guile-builder
would produce an archive with a signature sexp like this (literally):
(signature
(data
(flags pkcs1)
(hash sha256 "^?\vU????{N4?`??eL??x???|1y????{L")
)
[...]
The problem is that the hash value shown here is the result of
substituting non-ASCII characters with question marks and other things.
Obviously signature verification on such a thing would fail, leading to
errors like the one above.
This could happen in some cases, when libgcrypt would choose to use a
byte string representation instead of a hexadecimal string, and is due
to the fact that ‘string->canonical-sexp’ would convert strings passed
to ‘gcry_sexp_new’ to locale encoding.
This is fixed with commit 6030d84 (see that commit for a concrete
example.)
Ludo’.