forked from lix-project/lix
nix sign-paths: Support binary caches
This commit is contained in:
parent
d6dbda7004
commit
ec5b04862b
3 changed files with 43 additions and 15 deletions
|
@ -73,6 +73,23 @@ Path BinaryCacheStore::narInfoFileFor(const Path & storePath)
|
||||||
return storePathToHash(storePath) + ".narinfo";
|
return storePathToHash(storePath) + ".narinfo";
|
||||||
}
|
}
|
||||||
|
|
||||||
|
void BinaryCacheStore::writeNarInfo(ref<NarInfo> narInfo)
|
||||||
|
{
|
||||||
|
auto narInfoFile = narInfoFileFor(narInfo->path);
|
||||||
|
|
||||||
|
upsertFile(narInfoFile, narInfo->to_string(), "text/x-nix-narinfo");
|
||||||
|
|
||||||
|
auto hashPart = storePathToHash(narInfo->path);
|
||||||
|
|
||||||
|
{
|
||||||
|
auto state_(state.lock());
|
||||||
|
state_->pathInfoCache.upsert(hashPart, std::shared_ptr<NarInfo>(narInfo));
|
||||||
|
}
|
||||||
|
|
||||||
|
if (diskCache)
|
||||||
|
diskCache->upsertNarInfo(getUri(), hashPart, std::shared_ptr<NarInfo>(narInfo));
|
||||||
|
}
|
||||||
|
|
||||||
void BinaryCacheStore::addToStore(const ValidPathInfo & info, const ref<std::string> & nar,
|
void BinaryCacheStore::addToStore(const ValidPathInfo & info, const ref<std::string> & nar,
|
||||||
RepairFlag repair, CheckSigsFlag checkSigs, std::shared_ptr<FSAccessor> accessor)
|
RepairFlag repair, CheckSigsFlag checkSigs, std::shared_ptr<FSAccessor> accessor)
|
||||||
{
|
{
|
||||||
|
@ -89,8 +106,6 @@ void BinaryCacheStore::addToStore(const ValidPathInfo & info, const ref<std::str
|
||||||
% info.path % ref);
|
% info.path % ref);
|
||||||
}
|
}
|
||||||
|
|
||||||
auto narInfoFile = narInfoFileFor(info.path);
|
|
||||||
|
|
||||||
assert(nar->compare(0, narMagic.size(), narMagic) == 0);
|
assert(nar->compare(0, narMagic.size(), narMagic) == 0);
|
||||||
|
|
||||||
auto narInfo = make_ref<NarInfo>(info);
|
auto narInfo = make_ref<NarInfo>(info);
|
||||||
|
@ -168,17 +183,7 @@ void BinaryCacheStore::addToStore(const ValidPathInfo & info, const ref<std::str
|
||||||
/* Atomically write the NAR info file.*/
|
/* Atomically write the NAR info file.*/
|
||||||
if (secretKey) narInfo->sign(*secretKey);
|
if (secretKey) narInfo->sign(*secretKey);
|
||||||
|
|
||||||
upsertFile(narInfoFile, narInfo->to_string(), "text/x-nix-narinfo");
|
writeNarInfo(narInfo);
|
||||||
|
|
||||||
auto hashPart = storePathToHash(narInfo->path);
|
|
||||||
|
|
||||||
{
|
|
||||||
auto state_(state.lock());
|
|
||||||
state_->pathInfoCache.upsert(hashPart, std::shared_ptr<NarInfo>(narInfo));
|
|
||||||
}
|
|
||||||
|
|
||||||
if (diskCache)
|
|
||||||
diskCache->upsertNarInfo(getUri(), hashPart, std::shared_ptr<NarInfo>(narInfo));
|
|
||||||
|
|
||||||
stats.narInfoWrite++;
|
stats.narInfoWrite++;
|
||||||
}
|
}
|
||||||
|
@ -293,6 +298,22 @@ ref<FSAccessor> BinaryCacheStore::getFSAccessor()
|
||||||
return make_ref<RemoteFSAccessor>(ref<Store>(shared_from_this()), localNarCache);
|
return make_ref<RemoteFSAccessor>(ref<Store>(shared_from_this()), localNarCache);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
void BinaryCacheStore::addSignatures(const Path & storePath, const StringSet & sigs)
|
||||||
|
{
|
||||||
|
/* Note: this is inherently racy since there is no locking on
|
||||||
|
binary caches. In particular, with S3 this unreliable, even
|
||||||
|
when addSignatures() is called sequentially on a path, because
|
||||||
|
S3 might return an outdated cached version. */
|
||||||
|
|
||||||
|
auto narInfo = make_ref<NarInfo>((NarInfo &) *queryPathInfo(storePath));
|
||||||
|
|
||||||
|
narInfo->sigs.insert(sigs.begin(), sigs.end());
|
||||||
|
|
||||||
|
auto narInfoFile = narInfoFileFor(narInfo->path);
|
||||||
|
|
||||||
|
writeNarInfo(narInfo);
|
||||||
|
}
|
||||||
|
|
||||||
std::shared_ptr<std::string> BinaryCacheStore::getBuildLog(const Path & path)
|
std::shared_ptr<std::string> BinaryCacheStore::getBuildLog(const Path & path)
|
||||||
{
|
{
|
||||||
Path drvPath;
|
Path drvPath;
|
||||||
|
|
|
@ -59,6 +59,8 @@ private:
|
||||||
|
|
||||||
std::string narInfoFileFor(const Path & storePath);
|
std::string narInfoFileFor(const Path & storePath);
|
||||||
|
|
||||||
|
void writeNarInfo(ref<NarInfo> narInfo);
|
||||||
|
|
||||||
public:
|
public:
|
||||||
|
|
||||||
bool isValidPathUncached(const Path & path) override;
|
bool isValidPathUncached(const Path & path) override;
|
||||||
|
@ -119,8 +121,7 @@ public:
|
||||||
|
|
||||||
ref<FSAccessor> getFSAccessor() override;
|
ref<FSAccessor> getFSAccessor() override;
|
||||||
|
|
||||||
void addSignatures(const Path & storePath, const StringSet & sigs) override
|
void addSignatures(const Path & storePath, const StringSet & sigs) override;
|
||||||
{ unsupported(); }
|
|
||||||
|
|
||||||
std::shared_ptr<std::string> getBuildLog(const Path & path) override;
|
std::shared_ptr<std::string> getBuildLog(const Path & path) override;
|
||||||
|
|
||||||
|
|
|
@ -60,3 +60,9 @@ info=$(nix path-info --store file://$cacheDir --json $outPath2)
|
||||||
(! [[ $info =~ '"ultimate":true' ]])
|
(! [[ $info =~ '"ultimate":true' ]])
|
||||||
[[ $info =~ 'cache1.example.org' ]]
|
[[ $info =~ 'cache1.example.org' ]]
|
||||||
(! [[ $info =~ 'cache2.example.org' ]])
|
(! [[ $info =~ 'cache2.example.org' ]])
|
||||||
|
|
||||||
|
# Verify that adding a signature to a path in a binary cache works.
|
||||||
|
nix sign-paths --store file://$cacheDir --key-file $TEST_ROOT/sk2 $outPath2
|
||||||
|
info=$(nix path-info --store file://$cacheDir --json $outPath2)
|
||||||
|
[[ $info =~ 'cache1.example.org' ]]
|
||||||
|
[[ $info =~ 'cache2.example.org' ]]
|
||||||
|
|
Loading…
Reference in a new issue