RemoteStore::addToStore(): Pass content-addressability assertion

... and use this in Downloader::downloadCached(). This fixes

  $ nix-build https://nixos.org/channels/nixos-16.09-small/nixexprs.tar.xz -A hello
  error: cannot import path ‘/nix/store/csfbp1s60dkgmk9f8g0zk0mwb7hzgabd-nixexprs.tar.xz’ because it lacks a valid signature
This commit is contained in:
Eelco Dolstra 2017-02-22 16:31:04 +01:00
parent fe2db1dae5
commit f023f64f40
No known key found for this signature in database
GPG key ID: 8170B4726D7198DE
6 changed files with 16 additions and 3 deletions

View file

@ -612,6 +612,7 @@ Path Downloader::downloadCached(ref<Store> store, const string & url_, bool unpa
Hash hash = hashString(expectedHash ? expectedHash.type : htSHA256, *res.data); Hash hash = hashString(expectedHash ? expectedHash.type : htSHA256, *res.data);
info.path = store->makeFixedOutputPath(false, hash, name); info.path = store->makeFixedOutputPath(false, hash, name);
info.narHash = hashString(htSHA256, *sink.s); info.narHash = hashString(htSHA256, *sink.s);
info.ca = makeFixedOutputCA(false, hash);
store->addToStore(info, sink.s, false, true); store->addToStore(info, sink.s, false, true);
storePath = info.path; storePath = info.path;
} }

View file

@ -1002,7 +1002,7 @@ Path LocalStore::addToStoreFromDump(const string & dump, const string & name,
info.narHash = hash.first; info.narHash = hash.first;
info.narSize = hash.second; info.narSize = hash.second;
info.ultimate = true; info.ultimate = true;
info.ca = "fixed:" + (recursive ? (std::string) "r:" : "") + h.to_string(); info.ca = makeFixedOutputCA(recursive, h);
registerValidPath(info); registerValidPath(info);
} }

View file

@ -380,7 +380,7 @@ void RemoteStore::addToStore(const ValidPathInfo & info, const ref<std::string>
conn->to << wopAddToStoreNar conn->to << wopAddToStoreNar
<< info.path << info.deriver << printHash(info.narHash) << info.path << info.deriver << printHash(info.narHash)
<< info.references << info.registrationTime << info.narSize << info.references << info.registrationTime << info.narSize
<< info.ultimate << info.sigs << *nar << repair << dontCheckSigs; << info.ultimate << info.sigs << info.ca << *nar << repair << dontCheckSigs;
// FIXME: don't send nar as a string // FIXME: don't send nar as a string
conn->processStderr(); conn->processStderr();
} }

View file

@ -676,6 +676,12 @@ Strings ValidPathInfo::shortRefs() const
} }
std::string makeFixedOutputCA(bool recursive, const Hash & hash)
{
return "fixed:" + (recursive ? (std::string) "r:" : "") + hash.to_string();
}
} }

View file

@ -128,7 +128,7 @@ struct ValidPathInfo
of an output path of a derivation were actually produced by of an output path of a derivation were actually produced by
that derivation. In the intensional model, we have to trust that derivation. In the intensional model, we have to trust
that a particular output path was produced by a derivation; the that a particular output path was produced by a derivation; the
path name then implies the contents.) path then implies the contents.)
Ideally, the content-addressability assertion would just be a Ideally, the content-addressability assertion would just be a
Boolean, and the store path would be computed from Boolean, and the store path would be computed from
@ -687,6 +687,11 @@ ValidPathInfo decodeValidPathInfo(std::istream & str,
bool hashGiven = false); bool hashGiven = false);
/* Compute the content-addressability assertion (ValidPathInfo::ca)
for paths created by makeFixedOutputPath() / addToStore(). */
std::string makeFixedOutputCA(bool recursive, const Hash & hash);
MakeError(SubstError, Error) MakeError(SubstError, Error)
MakeError(BuildError, Error) /* denotes a permanent build failure */ MakeError(BuildError, Error) /* denotes a permanent build failure */
MakeError(InvalidPath, Error) MakeError(InvalidPath, Error)

View file

@ -582,6 +582,7 @@ static void performOp(ref<LocalStore> store, bool trusted, unsigned int clientVe
info.narSize = readLongLong(from); info.narSize = readLongLong(from);
info.ultimate = readLongLong(from); info.ultimate = readLongLong(from);
info.sigs = readStrings<StringSet>(from); info.sigs = readStrings<StringSet>(from);
info.ca = readString(from);
auto nar = make_ref<std::string>(readString(from)); auto nar = make_ref<std::string>(readString(from));
auto repair = readInt(from) ? true : false; auto repair = readInt(from) ? true : false;
auto dontCheckSigs = readInt(from) ? true : false; auto dontCheckSigs = readInt(from) ? true : false;