Move signatures from NarInfo to ValidPathInfo

This allows queryPathInfo() to return signatures.
This commit is contained in:
Eelco Dolstra 2016-03-21 18:05:47 +01:00
parent cebc150b7c
commit 712b616a84
4 changed files with 21 additions and 11 deletions

View file

@ -126,8 +126,8 @@ NarInfo BinaryCacheStore::readNarInfo(const Path & storePath)
stats.narInfoRead++;
if (publicKeys) {
if (!narInfo->checkSignature(*publicKeys))
throw Error(format("invalid signature on NAR info file %1%") % narInfoFile);
if (!narInfo->checkSignatures(*publicKeys))
throw Error(format("no good signature on NAR info file %1%") % narInfoFile);
}
{

View file

@ -66,7 +66,7 @@ NarInfo::NarInfo(const std::string & s, const std::string & whence)
else if (name == "System")
system = value;
else if (name == "Sig")
sig = value;
sigs.insert(value);
pos = eol + 1;
}
@ -98,7 +98,7 @@ std::string NarInfo::to_string() const
if (!system.empty())
res += "System: " + system + "\n";
if (!sig.empty())
for (auto sig : sigs)
res += "Sig: " + sig + "\n";
return res;
@ -123,12 +123,16 @@ Strings NarInfo::shortRefs() const
void NarInfo::sign(const SecretKey & secretKey)
{
sig = secretKey.signDetached(fingerprint());
sigs.insert(secretKey.signDetached(fingerprint()));
}
bool NarInfo::checkSignature(const PublicKeys & publicKeys) const
unsigned int NarInfo::checkSignatures(const PublicKeys & publicKeys) const
{
return sig != "" && verifyDetached(fingerprint(), sig, publicKeys);
unsigned int good = 0;
for (auto & sig : sigs)
if (verifyDetached(fingerprint(), sig, publicKeys))
good++;
return good;
}
}

View file

@ -13,7 +13,6 @@ struct NarInfo : ValidPathInfo
Hash fileHash;
uint64_t fileSize = 0;
std::string system;
std::string sig; // FIXME: support multiple signatures
NarInfo() { }
NarInfo(const ValidPathInfo & info) : ValidPathInfo(info) { }
@ -31,9 +30,9 @@ struct NarInfo : ValidPathInfo
void sign(const SecretKey & secretKey);
/* Return true iff this .narinfo is signed by one of the specified
keys. */
bool checkSignature(const PublicKeys & publicKeys) const;
/* Return the number of signatures on this .narinfo that were
produced by one of the specified keys. */
unsigned int checkSignatures(const PublicKeys & publicKeys) const;
private:

View file

@ -98,6 +98,13 @@ struct ValidPathInfo
unsigned long long narSize = 0; // 0 = unknown
unsigned long long id; // internal use only
/* Whether the path is ultimately trusted, that is, it was built
locally or is content-addressable (e.g. added via addToStore()
or the result of a fixed-output derivation). */
bool ultimate = false;
StringSet sigs; // note: not necessarily verified
bool operator == (const ValidPathInfo & i) const
{
return