Move signatures from NarInfo to ValidPathInfo

This allows queryPathInfo() to return signatures.
This commit is contained in:
Eelco Dolstra 2016-03-21 18:05:47 +01:00
parent cebc150b7c
commit 712b616a84
4 changed files with 21 additions and 11 deletions

View file

@ -126,8 +126,8 @@ NarInfo BinaryCacheStore::readNarInfo(const Path & storePath)
stats.narInfoRead++; stats.narInfoRead++;
if (publicKeys) { if (publicKeys) {
if (!narInfo->checkSignature(*publicKeys)) if (!narInfo->checkSignatures(*publicKeys))
throw Error(format("invalid signature on NAR info file %1%") % narInfoFile); throw Error(format("no good signature on NAR info file %1%") % narInfoFile);
} }
{ {

View file

@ -66,7 +66,7 @@ NarInfo::NarInfo(const std::string & s, const std::string & whence)
else if (name == "System") else if (name == "System")
system = value; system = value;
else if (name == "Sig") else if (name == "Sig")
sig = value; sigs.insert(value);
pos = eol + 1; pos = eol + 1;
} }
@ -98,7 +98,7 @@ std::string NarInfo::to_string() const
if (!system.empty()) if (!system.empty())
res += "System: " + system + "\n"; res += "System: " + system + "\n";
if (!sig.empty()) for (auto sig : sigs)
res += "Sig: " + sig + "\n"; res += "Sig: " + sig + "\n";
return res; return res;
@ -123,12 +123,16 @@ Strings NarInfo::shortRefs() const
void NarInfo::sign(const SecretKey & secretKey) void NarInfo::sign(const SecretKey & secretKey)
{ {
sig = secretKey.signDetached(fingerprint()); sigs.insert(secretKey.signDetached(fingerprint()));
} }
bool NarInfo::checkSignature(const PublicKeys & publicKeys) const unsigned int NarInfo::checkSignatures(const PublicKeys & publicKeys) const
{ {
return sig != "" && verifyDetached(fingerprint(), sig, publicKeys); unsigned int good = 0;
for (auto & sig : sigs)
if (verifyDetached(fingerprint(), sig, publicKeys))
good++;
return good;
} }
} }

View file

@ -13,7 +13,6 @@ struct NarInfo : ValidPathInfo
Hash fileHash; Hash fileHash;
uint64_t fileSize = 0; uint64_t fileSize = 0;
std::string system; std::string system;
std::string sig; // FIXME: support multiple signatures
NarInfo() { } NarInfo() { }
NarInfo(const ValidPathInfo & info) : ValidPathInfo(info) { } NarInfo(const ValidPathInfo & info) : ValidPathInfo(info) { }
@ -31,9 +30,9 @@ struct NarInfo : ValidPathInfo
void sign(const SecretKey & secretKey); void sign(const SecretKey & secretKey);
/* Return true iff this .narinfo is signed by one of the specified /* Return the number of signatures on this .narinfo that were
keys. */ produced by one of the specified keys. */
bool checkSignature(const PublicKeys & publicKeys) const; unsigned int checkSignatures(const PublicKeys & publicKeys) const;
private: private:

View file

@ -98,6 +98,13 @@ struct ValidPathInfo
unsigned long long narSize = 0; // 0 = unknown unsigned long long narSize = 0; // 0 = unknown
unsigned long long id; // internal use only unsigned long long id; // internal use only
/* Whether the path is ultimately trusted, that is, it was built
locally or is content-addressable (e.g. added via addToStore()
or the result of a fixed-output derivation). */
bool ultimate = false;
StringSet sigs; // note: not necessarily verified
bool operator == (const ValidPathInfo & i) const bool operator == (const ValidPathInfo & i) const
{ {
return return