forked from lix-project/lix
Move signatures from NarInfo to ValidPathInfo
This allows queryPathInfo() to return signatures.
This commit is contained in:
parent
cebc150b7c
commit
712b616a84
4 changed files with 21 additions and 11 deletions
|
@ -126,8 +126,8 @@ NarInfo BinaryCacheStore::readNarInfo(const Path & storePath)
|
|||
stats.narInfoRead++;
|
||||
|
||||
if (publicKeys) {
|
||||
if (!narInfo->checkSignature(*publicKeys))
|
||||
throw Error(format("invalid signature on NAR info file ‘%1%’") % narInfoFile);
|
||||
if (!narInfo->checkSignatures(*publicKeys))
|
||||
throw Error(format("no good signature on NAR info file ‘%1%’") % narInfoFile);
|
||||
}
|
||||
|
||||
{
|
||||
|
|
|
@ -66,7 +66,7 @@ NarInfo::NarInfo(const std::string & s, const std::string & whence)
|
|||
else if (name == "System")
|
||||
system = value;
|
||||
else if (name == "Sig")
|
||||
sig = value;
|
||||
sigs.insert(value);
|
||||
|
||||
pos = eol + 1;
|
||||
}
|
||||
|
@ -98,7 +98,7 @@ std::string NarInfo::to_string() const
|
|||
if (!system.empty())
|
||||
res += "System: " + system + "\n";
|
||||
|
||||
if (!sig.empty())
|
||||
for (auto sig : sigs)
|
||||
res += "Sig: " + sig + "\n";
|
||||
|
||||
return res;
|
||||
|
@ -123,12 +123,16 @@ Strings NarInfo::shortRefs() const
|
|||
|
||||
void NarInfo::sign(const SecretKey & secretKey)
|
||||
{
|
||||
sig = secretKey.signDetached(fingerprint());
|
||||
sigs.insert(secretKey.signDetached(fingerprint()));
|
||||
}
|
||||
|
||||
bool NarInfo::checkSignature(const PublicKeys & publicKeys) const
|
||||
unsigned int NarInfo::checkSignatures(const PublicKeys & publicKeys) const
|
||||
{
|
||||
return sig != "" && verifyDetached(fingerprint(), sig, publicKeys);
|
||||
unsigned int good = 0;
|
||||
for (auto & sig : sigs)
|
||||
if (verifyDetached(fingerprint(), sig, publicKeys))
|
||||
good++;
|
||||
return good;
|
||||
}
|
||||
|
||||
}
|
||||
|
|
|
@ -13,7 +13,6 @@ struct NarInfo : ValidPathInfo
|
|||
Hash fileHash;
|
||||
uint64_t fileSize = 0;
|
||||
std::string system;
|
||||
std::string sig; // FIXME: support multiple signatures
|
||||
|
||||
NarInfo() { }
|
||||
NarInfo(const ValidPathInfo & info) : ValidPathInfo(info) { }
|
||||
|
@ -31,9 +30,9 @@ struct NarInfo : ValidPathInfo
|
|||
|
||||
void sign(const SecretKey & secretKey);
|
||||
|
||||
/* Return true iff this .narinfo is signed by one of the specified
|
||||
keys. */
|
||||
bool checkSignature(const PublicKeys & publicKeys) const;
|
||||
/* Return the number of signatures on this .narinfo that were
|
||||
produced by one of the specified keys. */
|
||||
unsigned int checkSignatures(const PublicKeys & publicKeys) const;
|
||||
|
||||
private:
|
||||
|
||||
|
|
|
@ -98,6 +98,13 @@ struct ValidPathInfo
|
|||
unsigned long long narSize = 0; // 0 = unknown
|
||||
unsigned long long id; // internal use only
|
||||
|
||||
/* Whether the path is ultimately trusted, that is, it was built
|
||||
locally or is content-addressable (e.g. added via addToStore()
|
||||
or the result of a fixed-output derivation). */
|
||||
bool ultimate = false;
|
||||
|
||||
StringSet sigs; // note: not necessarily verified
|
||||
|
||||
bool operator == (const ValidPathInfo & i) const
|
||||
{
|
||||
return
|
||||
|
|
Loading…
Reference in a new issue