[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: ‘guix authenticate’: Throw to key `gcry-error' with args `(536871113
|
From: |
Ludovic Courtès |
|
Subject: |
Re: ‘guix authenticate’: Throw to key `gcry-error' with args `(536871113)'. |
|
Date: |
Tue, 11 Feb 2014 23:26:21 +0100 |
|
User-agent: |
Gnus/5.130007 (Ma Gnus v0.7) Emacs/24.3 (gnu/linux) |
Nikita Karetnikov <address@hidden> skribis:
> The keypair was created this way:
>
> $ openssl genrsa -out ./cache-key.sec 2048
> $ openssl rsa -in ./cache-key.sec -pubout > ./cache-key.pub
>
> All the tests pass. What’s wrong?
>
> $ guix authenticate rsautl -sign -inkey cache-key.sec -in
> 3r2n9zm3kxb28klpzgarjxj8x3y3y6wf.narinfo.hash
[...]
> In guix/scripts/authenticate.scm:
> 60: 1 [guix-authenticate "rsautl" "-sign" ...]
> In ice-9/boot-9.scm:
> 793: 0 [call-with-input-file "cache-key.sec" ...]
>
> ice-9/boot-9.scm:793:17: In procedure call-with-input-file:
> ice-9/boot-9.scm:793:17: Throw to key `gcry-error' with args `(536871113)'.
‘guix authenticate’ expects cache-key.sec to be a key in “canonical
sexp” format, like in tests/signing-key.sec. That’s why it barfs here.
IOW, the idea is that it’s a drop-in replacement for ‘openssl’ in terms
of command-line handling, but what happens behind is very different (see
<https://lists.nongnu.org/archive/html/guix-devel/2013-12/msg00135.html>
and related messages.)
(The command-line compatibility requirement stems from the fact that for
now I want to avoid Guix-specific modifications to the daemon.)
HTH,
Ludo’.