forked from lix-project/lix
bc23a44c54
Already, we had classes like `BuiltPathsCommand` and `StorePathsCommand` which provided alternative `run` virtual functions providing the implementation with more arguments. This was a very nice and easy way to make writing command; just fill in the virtual functions and it is fairly clear what to do. However, exception to this pattern were `Installable{,s}Command`. These two classes instead just had a field where the installables would be stored, and various side-effecting `prepare` and `load` machinery too fill them in. Command would wish out those fields. This isn't so clear to use. What this commit does is make those command classes like the others, with richer `run` functions. Not only does this restore the pattern making commands easier to write, it has a number of other benefits: - `prepare` and `load` are gone entirely! One command just hands just hands off to the next. - `useDefaultInstallables` because `defaultInstallables`. This takes over `prepare` for the one case that needs it, and provides enough flexiblity to handle `nix repl`'s idiosyncratic migration. - We can use `ref` instead of `std::shared_ptr`. The former must be initialized (so it is like Rust's `Box` rather than `Option<Box>`, This expresses the invariant that the installable are in fact initialized much better. This is possible because since we just have local variables not fields, we can stop worrying about the not-yet-initialized case. - Fewer lines of code! (Finally I have a large refactor that makes the number go down not up...) - `nix repl` is now implemented in a clearer way. The last item deserves further mention. `nix repl` is not like the other installable commands because instead working from once-loaded installables, it needs to be able to load them again and again. To properly support this, we make a new superclass `RawInstallablesCommand`. This class has the argument parsing and completion logic, but does *not* hand off parsed installables but instead just the raw string arguments. This is exactly what `nix repl` needs, and allows us to instead of having the logic awkwardly split between `prepare`, `useDefaultInstallables,` and `load`, have everything right next to each other. I think this will enable future simplifications of that argument defaulting logic, but I am saving those for a future PR --- best to keep code motion and more complicated boolean expression rewriting separate steps. The "diagnostic ignored `-Woverloaded-virtual`" pragma helps because C++ doesn't like our many `run` methods. In our case, we don't mind the shadowing it all --- it is *intentional* that the derived class only provides a `run` method, and doesn't call any of the overridden `run` methods. Helps with https://github.com/NixOS/rfcs/pull/134
227 lines
5.8 KiB
C++
227 lines
5.8 KiB
C++
#include "command.hh"
|
|
#include "shared.hh"
|
|
#include "store-api.hh"
|
|
#include "thread-pool.hh"
|
|
|
|
#include <atomic>
|
|
|
|
using namespace nix;
|
|
|
|
struct CmdCopySigs : StorePathsCommand
|
|
{
|
|
Strings substituterUris;
|
|
|
|
CmdCopySigs()
|
|
{
|
|
addFlag({
|
|
.longName = "substituter",
|
|
.shortName = 's',
|
|
.description = "Copy signatures from the specified store.",
|
|
.labels = {"store-uri"},
|
|
.handler = {[&](std::string s) { substituterUris.push_back(s); }},
|
|
});
|
|
}
|
|
|
|
std::string description() override
|
|
{
|
|
return "copy store path signatures from substituters";
|
|
}
|
|
|
|
void run(ref<Store> store, StorePaths && storePaths) override
|
|
{
|
|
if (substituterUris.empty())
|
|
throw UsageError("you must specify at least one substituter using '-s'");
|
|
|
|
// FIXME: factor out commonality with MixVerify.
|
|
std::vector<ref<Store>> substituters;
|
|
for (auto & s : substituterUris)
|
|
substituters.push_back(openStore(s));
|
|
|
|
ThreadPool pool;
|
|
|
|
std::string doneLabel = "done";
|
|
std::atomic<size_t> added{0};
|
|
|
|
//logger->setExpected(doneLabel, storePaths.size());
|
|
|
|
auto doPath = [&](const Path & storePathS) {
|
|
//Activity act(*logger, lvlInfo, "getting signatures for '%s'", storePath);
|
|
|
|
checkInterrupt();
|
|
|
|
auto storePath = store->parseStorePath(storePathS);
|
|
|
|
auto info = store->queryPathInfo(storePath);
|
|
|
|
StringSet newSigs;
|
|
|
|
for (auto & store2 : substituters) {
|
|
try {
|
|
auto info2 = store2->queryPathInfo(info->path);
|
|
|
|
/* Don't import signatures that don't match this
|
|
binary. */
|
|
if (info->narHash != info2->narHash ||
|
|
info->narSize != info2->narSize ||
|
|
info->references != info2->references)
|
|
continue;
|
|
|
|
for (auto & sig : info2->sigs)
|
|
if (!info->sigs.count(sig))
|
|
newSigs.insert(sig);
|
|
} catch (InvalidPath &) {
|
|
}
|
|
}
|
|
|
|
if (!newSigs.empty()) {
|
|
store->addSignatures(storePath, newSigs);
|
|
added += newSigs.size();
|
|
}
|
|
|
|
//logger->incProgress(doneLabel);
|
|
};
|
|
|
|
for (auto & storePath : storePaths)
|
|
pool.enqueue(std::bind(doPath, store->printStorePath(storePath)));
|
|
|
|
pool.process();
|
|
|
|
printInfo("imported %d signatures", added);
|
|
}
|
|
};
|
|
|
|
static auto rCmdCopySigs = registerCommand2<CmdCopySigs>({"store", "copy-sigs"});
|
|
|
|
struct CmdSign : StorePathsCommand
|
|
{
|
|
Path secretKeyFile;
|
|
|
|
CmdSign()
|
|
{
|
|
addFlag({
|
|
.longName = "key-file",
|
|
.shortName = 'k',
|
|
.description = "File containing the secret signing key.",
|
|
.labels = {"file"},
|
|
.handler = {&secretKeyFile},
|
|
.completer = completePath
|
|
});
|
|
}
|
|
|
|
std::string description() override
|
|
{
|
|
return "sign store paths";
|
|
}
|
|
|
|
void run(ref<Store> store, StorePaths && storePaths) override
|
|
{
|
|
if (secretKeyFile.empty())
|
|
throw UsageError("you must specify a secret key file using '-k'");
|
|
|
|
SecretKey secretKey(readFile(secretKeyFile));
|
|
|
|
size_t added{0};
|
|
|
|
for (auto & storePath : storePaths) {
|
|
auto info = store->queryPathInfo(storePath);
|
|
|
|
auto info2(*info);
|
|
info2.sigs.clear();
|
|
info2.sign(*store, secretKey);
|
|
assert(!info2.sigs.empty());
|
|
|
|
if (!info->sigs.count(*info2.sigs.begin())) {
|
|
store->addSignatures(storePath, info2.sigs);
|
|
added++;
|
|
}
|
|
}
|
|
|
|
printInfo("added %d signatures", added);
|
|
}
|
|
};
|
|
|
|
static auto rCmdSign = registerCommand2<CmdSign>({"store", "sign"});
|
|
|
|
struct CmdKeyGenerateSecret : Command
|
|
{
|
|
std::optional<std::string> keyName;
|
|
|
|
CmdKeyGenerateSecret()
|
|
{
|
|
addFlag({
|
|
.longName = "key-name",
|
|
.description = "Identifier of the key (e.g. `cache.example.org-1`).",
|
|
.labels = {"name"},
|
|
.handler = {&keyName},
|
|
});
|
|
}
|
|
|
|
std::string description() override
|
|
{
|
|
return "generate a secret key for signing store paths";
|
|
}
|
|
|
|
std::string doc() override
|
|
{
|
|
return
|
|
#include "key-generate-secret.md"
|
|
;
|
|
}
|
|
|
|
void run() override
|
|
{
|
|
if (!keyName)
|
|
throw UsageError("required argument '--key-name' is missing");
|
|
|
|
writeFull(STDOUT_FILENO, SecretKey::generate(*keyName).to_string());
|
|
}
|
|
};
|
|
|
|
struct CmdKeyConvertSecretToPublic : Command
|
|
{
|
|
std::string description() override
|
|
{
|
|
return "generate a public key for verifying store paths from a secret key read from standard input";
|
|
}
|
|
|
|
std::string doc() override
|
|
{
|
|
return
|
|
#include "key-convert-secret-to-public.md"
|
|
;
|
|
}
|
|
|
|
void run() override
|
|
{
|
|
SecretKey secretKey(drainFD(STDIN_FILENO));
|
|
writeFull(STDOUT_FILENO, secretKey.toPublicKey().to_string());
|
|
}
|
|
};
|
|
|
|
struct CmdKey : NixMultiCommand
|
|
{
|
|
CmdKey()
|
|
: MultiCommand({
|
|
{"generate-secret", []() { return make_ref<CmdKeyGenerateSecret>(); }},
|
|
{"convert-secret-to-public", []() { return make_ref<CmdKeyConvertSecretToPublic>(); }},
|
|
})
|
|
{
|
|
}
|
|
|
|
std::string description() override
|
|
{
|
|
return "generate and convert Nix signing keys";
|
|
}
|
|
|
|
Category category() override { return catUtility; }
|
|
|
|
void run() override
|
|
{
|
|
if (!command)
|
|
throw UsageError("'nix key' requires a sub-command.");
|
|
command->second->run();
|
|
}
|
|
};
|
|
|
|
static auto rCmdKey = registerCommand<CmdKey>("key");
|