forked from lix-project/lix
Move signature support from NarInfo to ValidPathInfo
This commit is contained in:
parent
11525377e1
commit
374198ad6d
|
@ -1,4 +1,3 @@
|
|||
#include "crypto.hh"
|
||||
#include "globals.hh"
|
||||
#include "nar-info.hh"
|
||||
|
||||
|
@ -104,15 +103,6 @@ std::string NarInfo::to_string() const
|
|||
return res;
|
||||
}
|
||||
|
||||
std::string NarInfo::fingerprint() const
|
||||
{
|
||||
return
|
||||
"1;" + path + ";"
|
||||
+ printHashType(narHash.type) + ":" + printHash32(narHash) + ";"
|
||||
+ std::to_string(narSize) + ";"
|
||||
+ concatStringsSep(",", references);
|
||||
}
|
||||
|
||||
Strings NarInfo::shortRefs() const
|
||||
{
|
||||
Strings refs;
|
||||
|
@ -121,18 +111,4 @@ Strings NarInfo::shortRefs() const
|
|||
return refs;
|
||||
}
|
||||
|
||||
void NarInfo::sign(const SecretKey & secretKey)
|
||||
{
|
||||
sigs.insert(secretKey.signDetached(fingerprint()));
|
||||
}
|
||||
|
||||
unsigned int NarInfo::checkSignatures(const PublicKeys & publicKeys) const
|
||||
{
|
||||
unsigned int good = 0;
|
||||
for (auto & sig : sigs)
|
||||
if (verifyDetached(fingerprint(), sig, publicKeys))
|
||||
good++;
|
||||
return good;
|
||||
}
|
||||
|
||||
}
|
||||
|
|
|
@ -20,20 +20,6 @@ struct NarInfo : ValidPathInfo
|
|||
|
||||
std::string to_string() const;
|
||||
|
||||
/* Return a fingerprint of the store path to be used in binary
|
||||
cache signatures. It contains the store path, the base-32
|
||||
SHA-256 hash of the NAR serialisation of the path, the size of
|
||||
the NAR, and the sorted references. The size field is strictly
|
||||
speaking superfluous, but might prevent endless/excessive data
|
||||
attacks. */
|
||||
std::string fingerprint() const;
|
||||
|
||||
void sign(const SecretKey & secretKey);
|
||||
|
||||
/* Return the number of signatures on this .narinfo that were
|
||||
produced by one of the specified keys. */
|
||||
unsigned int checkSignatures(const PublicKeys & publicKeys) const;
|
||||
|
||||
private:
|
||||
|
||||
Strings shortRefs() const;
|
||||
|
|
|
@ -1,5 +1,6 @@
|
|||
#include "store-api.hh"
|
||||
#include "crypto.hh"
|
||||
#include "globals.hh"
|
||||
#include "store-api.hh"
|
||||
#include "util.hh"
|
||||
|
||||
|
||||
|
@ -309,6 +310,32 @@ void Store::exportPaths(const Paths & paths,
|
|||
}
|
||||
|
||||
|
||||
std::string ValidPathInfo::fingerprint() const
|
||||
{
|
||||
return
|
||||
"1;" + path + ";"
|
||||
+ printHashType(narHash.type) + ":" + printHash32(narHash) + ";"
|
||||
+ std::to_string(narSize) + ";"
|
||||
+ concatStringsSep(",", references);
|
||||
}
|
||||
|
||||
|
||||
void ValidPathInfo::sign(const SecretKey & secretKey)
|
||||
{
|
||||
sigs.insert(secretKey.signDetached(fingerprint()));
|
||||
}
|
||||
|
||||
|
||||
unsigned int ValidPathInfo::checkSignatures(const PublicKeys & publicKeys) const
|
||||
{
|
||||
unsigned int good = 0;
|
||||
for (auto & sig : sigs)
|
||||
if (verifyDetached(fingerprint(), sig, publicKeys))
|
||||
good++;
|
||||
return good;
|
||||
}
|
||||
|
||||
|
||||
}
|
||||
|
||||
|
||||
|
|
|
@ -2,6 +2,7 @@
|
|||
|
||||
#include "hash.hh"
|
||||
#include "serialise.hh"
|
||||
#include "crypto.hh"
|
||||
|
||||
#include <string>
|
||||
#include <limits>
|
||||
|
@ -112,6 +113,20 @@ struct ValidPathInfo
|
|||
&& narHash == i.narHash
|
||||
&& references == i.references;
|
||||
}
|
||||
|
||||
/* Return a fingerprint of the store path to be used in binary
|
||||
cache signatures. It contains the store path, the base-32
|
||||
SHA-256 hash of the NAR serialisation of the path, the size of
|
||||
the NAR, and the sorted references. The size field is strictly
|
||||
speaking superfluous, but might prevent endless/excessive data
|
||||
attacks. */
|
||||
std::string fingerprint() const;
|
||||
|
||||
void sign(const SecretKey & secretKey);
|
||||
|
||||
/* Return the number of signatures on this .narinfo that were
|
||||
produced by one of the specified keys. */
|
||||
unsigned int checkSignatures(const PublicKeys & publicKeys) const;
|
||||
};
|
||||
|
||||
typedef list<ValidPathInfo> ValidPathInfos;
|
||||
|
|
Loading…
Reference in a new issue