pk-crypto: Don't use Ed25519 when libgcrypt is older than 1.6.0.

* guix/pk-crypto.scm (gcrypt-version): New procedure. * guix/scripts/archive.scm (%key-generation-parameters): New variable. (%options) <generate-key>: Use it. * tests/pk-crypto.scm ("sign + verify, Ed25519"): Skip if using gcrypt < 1.6.0.
2025-10-02 02:15:12 +00:00 · 2014-03-20 22:33:52 +01:00 · 2014-03-20 22:33:52 +01:00 · 1fda6840a8
commit 1fda6840a8
parent 2f66e64c53
3 changed files with 23 additions and 3 deletions
--- a/guix/scripts/archive.scm
+++ b/guix/scripts/archive.scm
@ -87,6 +87,13 @@ Export/import one or more packages from/to the store.\n"))
  (newline)
  (show-bug-report-information))

+(define %key-generation-parameters
+  ;; Default key generation parameters.  We prefer Ed25519, but it was
+  ;; introduced in libgcrypt 1.6.0.
+  (if (version>? (gcrypt-version) "1.6.0")
+      "(genkey (ecdsa (curve Ed25519) (flags rfc6979)))"
+      "(genkey (rsa (nbits 4:4096)))"))
+
 (define %options
  ;; Specifications of the command-line options.
  (cons* (option '(#\h "help") #f #f
@ -114,8 +121,7 @@ Export/import one or more packages from/to the store.\n"))
                       ;; libgcrypt 1.6.0.
                       (let ((params
                              (string->canonical-sexp
-                               (or arg "\
- (genkey (ecdsa (curve Ed25519) (flags rfc6979)))"))))
+                               (or arg %key-generation-parameters))))
                         (alist-cons 'generate-key params result)))
                     (lambda (key err)
                       (leave (_ "invalid key generation parameters: ~a: ~a~%")