Commit 13acc37b authored by Ludovic Courtès's avatar Ludovic Courtès
Browse files

Use Guile-Gcrypt rather than OpenSSL to compute HMACs.

* guix-kernel/hmac.scm (get-signature): Rewrite using (gcrypt hmac)
and (gcrypt base16).
* Check for (gcrypt hmac).
* environment.scm: Remove 'sed-openssl' phase; add GUILE-GCRYPT to DEPS
in the 'sed-kernel-json' phase.  Add GUILE-GCRYPT to 'propagated-inputs'.
parent c77ee1ad
......@@ -40,6 +40,12 @@ if test "x$have_guile_json" != "xyes"; then
AC_MSG_ERROR([Guile-Json is missing; please install it.])
dnl Check for Guile-Gcrypt.
GUILE_MODULE_AVAILABLE([have_guile_gcrypt], [(gcrypt hmac)])
if test "x$have_guile_gcrypt" != "xyes"; then
AC_MSG_ERROR([Guile-Gcrypt could not be found; please install it.])
......@@ -12,6 +12,7 @@
(guix build-system gnu)
(gnu packages)
(gnu packages autotools)
(gnu packages gnupg)
(gnu packages guile)
(gnu packages lisp)
(gnu packages tls)
......@@ -36,13 +37,6 @@
(lambda _
(setenv "GUILE_AUTO_COMPILE" "0")
(add-before 'build 'sed-openssl
(lambda* (#:key inputs outputs #:allow-other-keys)
(substitute* (string-append "guix-kernel/hmac.scm")
(string-append (assoc-ref %build-inputs "openssl")
(add-after 'install 'sed-kernel-json
(lambda* (#:key inputs outputs #:allow-other-keys)
(let* ((out (assoc-ref outputs "out"))
......@@ -50,7 +44,8 @@
(guile (assoc-ref inputs "guile"))
(json (assoc-ref inputs "guile-json"))
(s-zmq (assoc-ref inputs "guile-simple-zmq"))
(deps (list out s-zmq guix json))
(gcrypt (assoc-ref inputs "guile-gcrypt"))
(deps (list out s-zmq guix json gcrypt))
(open-pipe* OPEN_READ
......@@ -82,11 +77,11 @@
("pkg-config" ,pkg-config)))
`(("guix" ,guix)
("guile" ,guile-2.2)
("openssl" ,openssl)))
("guile" ,guile-2.2)))
`(("guile-json" ,guile-json)
("guile-simple-zmq" ,guile-simple-zmq)))
("guile-simple-zmq" ,guile-simple-zmq)
("guile-gcrypt" ,guile-gcrypt)))
(list (search-path-specification
;;; Guix-kernel -- Guix kernel for Jupyter
;;; Copyright (C) 2018 Evgeny Panfilov <>
;;; Copyright (C) 2018 Evgeny Panfilov <>
;;; Copyright (C) 2018 Ludovic Courtès <>
;;; This program is free software: you can redistribute it and/or modify
;;; it under the terms of the GNU General Public License as published by
......@@ -15,22 +16,14 @@
;;; along with this program. If not, see <>.
(define-module (guix-kernel hmac)
#:use-module (ice-9 rdelim)
#:use-module (ice-9 popen)
#:use-module (gcrypt hmac)
#:use-module (gcrypt base16)
#:use-module (rnrs bytevectors)
#:export (get-signature))
(define (get-signature key str)
(let* ((p2c (pipe))
(read-pipe (car p2c))
(write-pipe (cdr p2c))
(port (with-input-from-port read-pipe
(lambda ()
(string-append "openssl dgst -sha256 -hmac "
(display str write-pipe)
(close-port write-pipe)
(let ((result (read-line port)))
(close-port read-pipe)
(close-pipe port)
(substring result 9))))
"Return a hexadecimal string containing the SHA256 HMAC of STR, a string,
with KEY, another string."
(sign-data key (string->utf8 str)
#:algorithm 'sha256)))
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment