forked from lix-project/lix
712b616a84
This allows queryPathInfo() to return signatures.
139 lines
3.8 KiB
C++
139 lines
3.8 KiB
C++
#include "crypto.hh"
|
||
#include "globals.hh"
|
||
#include "nar-info.hh"
|
||
|
||
namespace nix {
|
||
|
||
NarInfo::NarInfo(const std::string & s, const std::string & whence)
|
||
{
|
||
auto corrupt = [&]() {
|
||
throw Error("NAR info file ‘%1%’ is corrupt");
|
||
};
|
||
|
||
auto parseHashField = [&](const string & s) {
|
||
string::size_type colon = s.find(':');
|
||
if (colon == string::npos) corrupt();
|
||
HashType ht = parseHashType(string(s, 0, colon));
|
||
if (ht == htUnknown) corrupt();
|
||
return parseHash16or32(ht, string(s, colon + 1));
|
||
};
|
||
|
||
size_t pos = 0;
|
||
while (pos < s.size()) {
|
||
|
||
size_t colon = s.find(':', pos);
|
||
if (colon == std::string::npos) corrupt();
|
||
|
||
std::string name(s, pos, colon - pos);
|
||
|
||
size_t eol = s.find('\n', colon + 2);
|
||
if (eol == std::string::npos) corrupt();
|
||
|
||
std::string value(s, colon + 2, eol - colon - 2);
|
||
|
||
if (name == "StorePath") {
|
||
if (!isStorePath(value)) corrupt();
|
||
path = value;
|
||
}
|
||
else if (name == "URL")
|
||
url = value;
|
||
else if (name == "Compression")
|
||
compression = value;
|
||
else if (name == "FileHash")
|
||
fileHash = parseHashField(value);
|
||
else if (name == "FileSize") {
|
||
if (!string2Int(value, fileSize)) corrupt();
|
||
}
|
||
else if (name == "NarHash")
|
||
narHash = parseHashField(value);
|
||
else if (name == "NarSize") {
|
||
if (!string2Int(value, narSize)) corrupt();
|
||
}
|
||
else if (name == "References") {
|
||
auto refs = tokenizeString<Strings>(value, " ");
|
||
if (!references.empty()) corrupt();
|
||
for (auto & r : refs) {
|
||
auto r2 = settings.nixStore + "/" + r;
|
||
if (!isStorePath(r2)) corrupt();
|
||
references.insert(r2);
|
||
}
|
||
}
|
||
else if (name == "Deriver") {
|
||
auto p = settings.nixStore + "/" + value;
|
||
if (!isStorePath(p)) corrupt();
|
||
deriver = p;
|
||
}
|
||
else if (name == "System")
|
||
system = value;
|
||
else if (name == "Sig")
|
||
sigs.insert(value);
|
||
|
||
pos = eol + 1;
|
||
}
|
||
|
||
if (compression == "") compression = "bzip2";
|
||
|
||
if (path.empty() || url.empty()) corrupt();
|
||
}
|
||
|
||
std::string NarInfo::to_string() const
|
||
{
|
||
std::string res;
|
||
res += "StorePath: " + path + "\n";
|
||
res += "URL: " + url + "\n";
|
||
assert(compression != "");
|
||
res += "Compression: " + compression + "\n";
|
||
assert(fileHash.type == htSHA256);
|
||
res += "FileHash: sha256:" + printHash32(fileHash) + "\n";
|
||
res += "FileSize: " + std::to_string(fileSize) + "\n";
|
||
assert(narHash.type == htSHA256);
|
||
res += "NarHash: sha256:" + printHash32(narHash) + "\n";
|
||
res += "NarSize: " + std::to_string(narSize) + "\n";
|
||
|
||
res += "References: " + concatStringsSep(" ", shortRefs()) + "\n";
|
||
|
||
if (!deriver.empty())
|
||
res += "Deriver: " + baseNameOf(deriver) + "\n";
|
||
|
||
if (!system.empty())
|
||
res += "System: " + system + "\n";
|
||
|
||
for (auto sig : sigs)
|
||
res += "Sig: " + sig + "\n";
|
||
|
||
return res;
|
||
}
|
||
|
||
std::string NarInfo::fingerprint() const
|
||
{
|
||
return
|
||
"1;" + path + ";"
|
||
+ printHashType(narHash.type) + ":" + printHash32(narHash) + ";"
|
||
+ std::to_string(narSize) + ";"
|
||
+ concatStringsSep(",", references);
|
||
}
|
||
|
||
Strings NarInfo::shortRefs() const
|
||
{
|
||
Strings refs;
|
||
for (auto & r : references)
|
||
refs.push_back(baseNameOf(r));
|
||
return refs;
|
||
}
|
||
|
||
void NarInfo::sign(const SecretKey & secretKey)
|
||
{
|
||
sigs.insert(secretKey.signDetached(fingerprint()));
|
||
}
|
||
|
||
unsigned int NarInfo::checkSignatures(const PublicKeys & publicKeys) const
|
||
{
|
||
unsigned int good = 0;
|
||
for (auto & sig : sigs)
|
||
if (verifyDetached(fingerprint(), sig, publicKeys))
|
||
good++;
|
||
return good;
|
||
}
|
||
|
||
}
|