From c2d27d30cfe000c4adff91e6cbde63c2a5b92b43 Mon Sep 17 00:00:00 2001 From: Eelco Dolstra Date: Tue, 31 May 2016 11:18:45 +0200 Subject: [PATCH] nix-copy-closure / build-remote.pl: Disable signature checking This restores the Nix 1.11 behaviour. --- perl/lib/Nix/Store.xs | 4 ++-- scripts/build-remote.pl.in | 2 +- scripts/nix-copy-closure.in | 2 +- src/libstore/binary-cache-store.cc | 3 ++- src/libstore/binary-cache-store.hh | 2 +- src/libstore/export-import.cc | 4 ++-- src/libstore/local-store.cc | 5 +++-- src/libstore/local-store.hh | 2 +- src/libstore/remote-store.cc | 3 ++- src/libstore/remote-store.hh | 2 +- src/libstore/store-api.hh | 6 +++--- src/nix-store/nix-store.cc | 2 +- 12 files changed, 20 insertions(+), 17 deletions(-) diff --git a/perl/lib/Nix/Store.xs b/perl/lib/Nix/Store.xs index ee60ce130..7a5458113 100644 --- a/perl/lib/Nix/Store.xs +++ b/perl/lib/Nix/Store.xs @@ -182,11 +182,11 @@ void exportPaths(int fd, ...) } -void importPaths(int fd) +void importPaths(int fd, int dontCheckSigs) PPCODE: try { FdSource source(fd); - store()->importPaths(source, 0); + store()->importPaths(source, 0, dontCheckSigs); } catch (Error & e) { croak("%s", e.what()); } diff --git a/scripts/build-remote.pl.in b/scripts/build-remote.pl.in index 4bf429411..b5fc629eb 100755 --- a/scripts/build-remote.pl.in +++ b/scripts/build-remote.pl.in @@ -271,5 +271,5 @@ if (scalar @outputs2 > 0) { writeInt(0, $to); # don't sign writeStrings(\@outputs2, $to); $ENV{'NIX_HELD_LOCKS'} = "@outputs2"; # FIXME: ugly - importPaths(fileno($from)); + importPaths(fileno($from), 1); } diff --git a/scripts/nix-copy-closure.in b/scripts/nix-copy-closure.in index 0078d7267..af1d30919 100755 --- a/scripts/nix-copy-closure.in +++ b/scripts/nix-copy-closure.in @@ -97,7 +97,7 @@ else { # Copy FROM the remote machine. writeInt(5, $to); # == cmdExportPaths writeInt(0, $to); # obsolete writeStrings(\@missing, $to); - importPaths(fileno($from)); + importPaths(fileno($from), 1); } } diff --git a/src/libstore/binary-cache-store.cc b/src/libstore/binary-cache-store.cc index 58cb87a51..1a95e01a5 100644 --- a/src/libstore/binary-cache-store.cc +++ b/src/libstore/binary-cache-store.cc @@ -63,7 +63,8 @@ Path BinaryCacheStore::narInfoFileFor(const Path & storePath) return storePathToHash(storePath) + ".narinfo"; } -void BinaryCacheStore::addToStore(const ValidPathInfo & info, const std::string & nar, bool repair) +void BinaryCacheStore::addToStore(const ValidPathInfo & info, const std::string & nar, + bool repair, bool dontCheckSigs) { if (!repair && isValidPath(info.path)) return; diff --git a/src/libstore/binary-cache-store.hh b/src/libstore/binary-cache-store.hh index c14ab8676..bedb4c9f0 100644 --- a/src/libstore/binary-cache-store.hh +++ b/src/libstore/binary-cache-store.hh @@ -84,7 +84,7 @@ public: bool wantMassQuery() { return wantMassQuery_; } void addToStore(const ValidPathInfo & info, const std::string & nar, - bool repair = false) override; + bool repair = false, bool dontCheckSigs = false) override; Path addToStore(const string & name, const Path & srcPath, bool recursive = true, HashType hashAlgo = htSHA256, diff --git a/src/libstore/export-import.cc b/src/libstore/export-import.cc index 4ec01add3..12b194643 100644 --- a/src/libstore/export-import.cc +++ b/src/libstore/export-import.cc @@ -82,7 +82,7 @@ struct NopSink : ParseSink { }; -Paths Store::importPaths(Source & source, std::shared_ptr accessor) +Paths Store::importPaths(Source & source, std::shared_ptr accessor, bool dontCheckSigs) { Paths res; while (true) { @@ -117,7 +117,7 @@ Paths Store::importPaths(Source & source, std::shared_ptr accessor) if (readInt(source) == 1) readString(source); - addToStore(info, *tee.data); + addToStore(info, *tee.data, false, dontCheckSigs); // FIXME: implement accessors? assert(!accessor); diff --git a/src/libstore/local-store.cc b/src/libstore/local-store.cc index b44384957..cd3a74d80 100644 --- a/src/libstore/local-store.cc +++ b/src/libstore/local-store.cc @@ -904,14 +904,15 @@ void LocalStore::invalidatePath(State & state, const Path & path) } -void LocalStore::addToStore(const ValidPathInfo & info, const std::string & nar, bool repair) +void LocalStore::addToStore(const ValidPathInfo & info, const std::string & nar, + bool repair, bool dontCheckSigs) { Hash h = hashString(htSHA256, nar); if (h != info.narHash) throw Error(format("hash mismatch importing path ‘%s’; expected hash ‘%s’, got ‘%s’") % info.path % info.narHash.to_string() % h.to_string()); - if (requireSigs && !info.checkSignatures(publicKeys)) + if (requireSigs && !dontCheckSigs && !info.checkSignatures(publicKeys)) throw Error(format("cannot import path ‘%s’ because it lacks a valid signature") % info.path); addTempRoot(info.path); diff --git a/src/libstore/local-store.hh b/src/libstore/local-store.hh index 2a3f452bc..231ae65a3 100644 --- a/src/libstore/local-store.hh +++ b/src/libstore/local-store.hh @@ -117,7 +117,7 @@ public: SubstitutablePathInfos & infos) override; void addToStore(const ValidPathInfo & info, const std::string & nar, - bool repair) override; + bool repair, bool dontCheckSigs) override; Path addToStore(const string & name, const Path & srcPath, bool recursive = true, HashType hashAlgo = htSHA256, diff --git a/src/libstore/remote-store.cc b/src/libstore/remote-store.cc index 9a00a6ed9..48653595f 100644 --- a/src/libstore/remote-store.cc +++ b/src/libstore/remote-store.cc @@ -326,7 +326,8 @@ Path RemoteStore::queryPathFromHashPart(const string & hashPart) } -void RemoteStore::addToStore(const ValidPathInfo & info, const std::string & nar, bool repair) +void RemoteStore::addToStore(const ValidPathInfo & info, const std::string & nar, + bool repair, bool dontCheckSigs) { throw Error("RemoteStore::addToStore() not implemented"); } diff --git a/src/libstore/remote-store.hh b/src/libstore/remote-store.hh index 0757f82e8..3e0fc4e04 100644 --- a/src/libstore/remote-store.hh +++ b/src/libstore/remote-store.hh @@ -52,7 +52,7 @@ public: SubstitutablePathInfos & infos) override; void addToStore(const ValidPathInfo & info, const std::string & nar, - bool repair) override; + bool repair, bool dontCheckSigs) override; Path addToStore(const string & name, const Path & srcPath, bool recursive = true, HashType hashAlgo = htSHA256, diff --git a/src/libstore/store-api.hh b/src/libstore/store-api.hh index 8c618bf3e..ab7baf82d 100644 --- a/src/libstore/store-api.hh +++ b/src/libstore/store-api.hh @@ -257,7 +257,7 @@ public: /* Import a path into the store. */ virtual void addToStore(const ValidPathInfo & info, const std::string & nar, - bool repair = false) = 0; + bool repair = false, bool dontCheckSigs = false) = 0; /* Copy the contents of a path to the store and register the validity the resulting path. The resulting path is returned. @@ -398,8 +398,8 @@ public: the Nix store. Optionally, the contents of the NARs are preloaded into the specified FS accessor to speed up subsequent access. */ - Paths importPaths(Source & source, - std::shared_ptr accessor); + Paths importPaths(Source & source, std::shared_ptr accessor, + bool dontCheckSigs = false); struct Stats { diff --git a/src/nix-store/nix-store.cc b/src/nix-store/nix-store.cc index 0038fff03..1fd8a148e 100644 --- a/src/nix-store/nix-store.cc +++ b/src/nix-store/nix-store.cc @@ -901,7 +901,7 @@ static void opServe(Strings opFlags, Strings opArgs) case cmdImportPaths: { if (!writeAllowed) throw Error("importing paths is not allowed"); - store->importPaths(in, 0); + store->importPaths(in, 0, true); // FIXME: should we skip sig checking? out << 1; // indicate success break; }