From 3a5f04f48cc39eec5cc454e387aa290e08295aff Mon Sep 17 00:00:00 2001 From: Eelco Dolstra Date: Mon, 1 May 2017 20:03:25 +0200 Subject: [PATCH] build-remote: Don't require signatures This restores the old behaviour. --- src/build-remote/build-remote.cc | 4 ++-- src/libstore/legacy-ssh-store.cc | 3 --- src/libstore/local-store.cc | 2 ++ src/libstore/store-api.cc | 18 +++++++++++++----- src/libstore/store-api.hh | 7 ++----- src/nix-copy-closure/nix-copy-closure.cc | 2 +- 6 files changed, 20 insertions(+), 16 deletions(-) diff --git a/src/build-remote/build-remote.cc b/src/build-remote/build-remote.cc index a19dac241..ba909ec44 100644 --- a/src/build-remote/build-remote.cc +++ b/src/build-remote/build-remote.cc @@ -279,7 +279,7 @@ connected: printError("somebody is hogging the upload lock for ‘%s’, continuing..."); alarm(0); signal(SIGALRM, old); - copyPaths(store, ref(sshStore), inputs); + copyPaths(store, ref(sshStore), inputs, false, true); uploadLock = -1; BasicDerivation drv(readDerivation(drvPath)); @@ -294,7 +294,7 @@ connected: if (!missing.empty()) { setenv("NIX_HELD_LOCKS", concatStringsSep(" ", missing).c_str(), 1); /* FIXME: ugly */ - copyPaths(ref(sshStore), store, missing); + copyPaths(ref(sshStore), store, missing, false, true); } return; diff --git a/src/libstore/legacy-ssh-store.cc b/src/libstore/legacy-ssh-store.cc index d6b70b992..1f6ea4dc1 100644 --- a/src/libstore/legacy-ssh-store.cc +++ b/src/libstore/legacy-ssh-store.cc @@ -223,9 +223,6 @@ struct LegacySSHStore : public Store void addSignatures(const Path & storePath, const StringSet & sigs) override { unsupported(); } - bool isTrusted() override - { return true; } - void computeFSClosure(const PathSet & paths, PathSet & out, bool flipDirection = false, bool includeOutputs = false, bool includeDerivers = false) override diff --git a/src/libstore/local-store.cc b/src/libstore/local-store.cc index 5a98454ab..c8e61126c 100644 --- a/src/libstore/local-store.cc +++ b/src/libstore/local-store.cc @@ -915,6 +915,8 @@ void LocalStore::invalidatePath(State & state, const Path & path) void LocalStore::addToStore(const ValidPathInfo & info, const ref & nar, bool repair, bool dontCheckSigs, std::shared_ptr accessor) { + assert(info.narHash); + Hash h = hashString(htSHA256, *nar); if (h != info.narHash) throw Error(format("hash mismatch importing path ‘%s’; expected hash ‘%s’, got ‘%s’") % diff --git a/src/libstore/store-api.cc b/src/libstore/store-api.cc index 75de4c933..b5a91e536 100644 --- a/src/libstore/store-api.cc +++ b/src/libstore/store-api.cc @@ -542,15 +542,22 @@ void copyStorePath(ref srcStore, ref dstStore, StringSink sink; srcStore->narFromPath({storePath}, sink); - if (srcStore->isTrusted()) - dontCheckSigs = true; - if (!info->narHash && dontCheckSigs) { auto info2 = make_ref(*info); info2->narHash = hashString(htSHA256, *sink.s); info = info2; } + assert(info->narHash); + + if (info->ultimate) { + auto info2 = make_ref(*info); + info2->ultimate = false; + info = info2; + } + + assert(info->narHash); + dstStore->addToStore(*info, sink.s, repair, dontCheckSigs); } @@ -802,7 +809,8 @@ std::list> getDefaultSubstituters() } -void copyPaths(ref from, ref to, const PathSet & storePaths, bool substitute) +void copyPaths(ref from, ref to, const PathSet & storePaths, + bool substitute, bool dontCheckSigs) { PathSet valid = to->queryValidPaths(storePaths, substitute); @@ -830,7 +838,7 @@ void copyPaths(ref from, ref to, const PathSet & storePaths, bool if (!to->isValidPath(storePath)) { Activity act(*logger, lvlInfo, format("copying ‘%s’...") % storePath); - copyStorePath(from, to, storePath); + copyStorePath(from, to, storePath, false, dontCheckSigs); logger->incProgress(copiedLabel); } else diff --git a/src/libstore/store-api.hh b/src/libstore/store-api.hh index 2388558b3..8ca3f4b27 100644 --- a/src/libstore/store-api.hh +++ b/src/libstore/store-api.hh @@ -570,10 +570,6 @@ public: const Stats & getStats(); - /* Whether this store paths from this store can be imported even - if they lack a signature. */ - virtual bool isTrusted() { return false; } - /* Return the build log of the specified store path, if available, or null otherwise. */ virtual std::shared_ptr getBuildLog(const Path & path) @@ -695,7 +691,8 @@ ref openStore(const std::string & uri = getEnv("NIX_REMOTE"), const Store::Params & extraParams = Store::Params()); -void copyPaths(ref from, ref to, const PathSet & storePaths, bool substitute = false); +void copyPaths(ref from, ref to, const PathSet & storePaths, + bool substitute = false, bool dontCheckSigs = false); enum StoreType { tDaemon, diff --git a/src/nix-copy-closure/nix-copy-closure.cc b/src/nix-copy-closure/nix-copy-closure.cc index ed43bffbc..dc324abcb 100755 --- a/src/nix-copy-closure/nix-copy-closure.cc +++ b/src/nix-copy-closure/nix-copy-closure.cc @@ -58,6 +58,6 @@ int main(int argc, char ** argv) PathSet closure; from->computeFSClosure(storePaths2, closure, false, includeOutputs); - copyPaths(from, to, closure, useSubstitutes); + copyPaths(from, to, closure, useSubstitutes, true); }); }