authenticate: Report failure to load keys to the daemon.

Previously, when failing to load a signing key, ‘guix authenticate’ would print a backtrace and exit with a non-zero code. That, in turn, would lead the guix-daemon child process to crash with: nix/libutil/serialise.cc:15: virtual nix::BufferedSink::~BufferedSink(): Assertion `!bufPos' failed. This patch fixes it by reporting the error to the daemon as was intended. * guix/scripts/authenticate.scm (guix-authenticate): Arrange to call ‘load-key-pair’ from within ‘with-reply’. * tests/guix-authenticate.sh: Test it. Fixes: guix/guix#4928 Reported-by: Rutherther <rutherther@ditigal.xyz> Change-Id: I8654ad6fdfbe18c55e1e85647d0c49f408d0574a Signed-off-by: Ludovic Courtès <ludo@gnu.org> Merges: #4961
2026-04-06 13:10:33 +02:00 · 2025-12-19 09:34:47 +01:00
parent 5d6dfd8981
commit 0ac2a0fd18
2 changed files with 24 additions and 16 deletions
--- a/tests/guix-authenticate.sh
+++ b/tests/guix-authenticate.sh
@@ -1,5 +1,5 @@
 # GNU Guix --- Functional package management for GNU
-# Copyright © 2013, 2014, 2020 Ludovic Courtès <ludo@gnu.org>
+# Copyright © 2013, 2014, 2020, 2025 Ludovic Courtès <ludo@gnu.org>
 #
 # This file is part of GNU Guix.
 #
@@ -85,3 +85,8 @@ sed -i "$sig" -e's/^0 //g'
 echo "verify $(cat $sig)" | guix authenticate
 hash2="$(echo "verify $(cat $sig)" | guix authenticate | cut -f2 -d ' ')"
 test "$(echo $hash2 | cut -d : -f 2)" = "$hash"
+
+# Make sure an error is properly reported for unreadable key pairs, with exit
+# code zero (the process would keep running commands on standard input).
+echo "sign 9:/dev/null $hash_len:$hash" | guix authenticate
+test $(echo "sign 9:/dev/null $hash_len:$hash" | guix authenticate | cut -f1 -d ' ') = 500