2016-04-05 13:30:22 +00:00
|
|
|
#include "command.hh"
|
|
|
|
#include "shared.hh"
|
|
|
|
#include "store-api.hh"
|
|
|
|
#include "thread-pool.hh"
|
2024-03-10 06:36:47 +00:00
|
|
|
#include "signals.hh"
|
2016-04-05 13:30:22 +00:00
|
|
|
|
|
|
|
#include <atomic>
|
|
|
|
|
|
|
|
using namespace nix;
|
|
|
|
|
|
|
|
struct CmdCopySigs : StorePathsCommand
|
|
|
|
{
|
|
|
|
Strings substituterUris;
|
|
|
|
|
|
|
|
CmdCopySigs()
|
|
|
|
{
|
2020-05-04 20:40:19 +00:00
|
|
|
addFlag({
|
|
|
|
.longName = "substituter",
|
|
|
|
.shortName = 's',
|
2021-01-25 18:03:13 +00:00
|
|
|
.description = "Copy signatures from the specified store.",
|
2020-05-04 20:40:19 +00:00
|
|
|
.labels = {"store-uri"},
|
|
|
|
.handler = {[&](std::string s) { substituterUris.push_back(s); }},
|
|
|
|
});
|
2016-04-05 13:30:22 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
std::string description() override
|
|
|
|
{
|
2021-01-25 18:03:13 +00:00
|
|
|
return "copy store path signatures from substituters";
|
2016-04-05 13:30:22 +00:00
|
|
|
}
|
|
|
|
|
2021-09-27 08:53:09 +00:00
|
|
|
void run(ref<Store> store, StorePaths && storePaths) override
|
2016-04-05 13:30:22 +00:00
|
|
|
{
|
|
|
|
if (substituterUris.empty())
|
2017-07-30 11:27:57 +00:00
|
|
|
throw UsageError("you must specify at least one substituter using '-s'");
|
2016-04-05 13:30:22 +00:00
|
|
|
|
|
|
|
// FIXME: factor out commonality with MixVerify.
|
|
|
|
std::vector<ref<Store>> substituters;
|
|
|
|
for (auto & s : substituterUris)
|
2016-09-02 10:35:48 +00:00
|
|
|
substituters.push_back(openStore(s));
|
2016-04-05 13:30:22 +00:00
|
|
|
|
|
|
|
ThreadPool pool;
|
|
|
|
|
2016-04-25 13:26:07 +00:00
|
|
|
std::string doneLabel = "done";
|
2016-04-05 13:30:22 +00:00
|
|
|
std::atomic<size_t> added{0};
|
|
|
|
|
2017-05-16 14:09:57 +00:00
|
|
|
//logger->setExpected(doneLabel, storePaths.size());
|
2016-04-05 13:30:22 +00:00
|
|
|
|
2019-12-05 18:11:09 +00:00
|
|
|
auto doPath = [&](const Path & storePathS) {
|
2023-03-02 14:44:19 +00:00
|
|
|
//Activity act(*logger, lvlInfo, "getting signatures for '%s'", storePath);
|
2016-04-05 13:30:22 +00:00
|
|
|
|
|
|
|
checkInterrupt();
|
|
|
|
|
2019-12-05 18:11:09 +00:00
|
|
|
auto storePath = store->parseStorePath(storePathS);
|
|
|
|
|
2016-04-05 13:30:22 +00:00
|
|
|
auto info = store->queryPathInfo(storePath);
|
|
|
|
|
|
|
|
StringSet newSigs;
|
|
|
|
|
|
|
|
for (auto & store2 : substituters) {
|
2016-04-19 16:50:15 +00:00
|
|
|
try {
|
2019-12-05 18:11:09 +00:00
|
|
|
auto info2 = store2->queryPathInfo(info->path);
|
2016-04-19 16:50:15 +00:00
|
|
|
|
|
|
|
/* Don't import signatures that don't match this
|
|
|
|
binary. */
|
|
|
|
if (info->narHash != info2->narHash ||
|
|
|
|
info->narSize != info2->narSize ||
|
|
|
|
info->references != info2->references)
|
|
|
|
continue;
|
|
|
|
|
|
|
|
for (auto & sig : info2->sigs)
|
|
|
|
if (!info->sigs.count(sig))
|
|
|
|
newSigs.insert(sig);
|
|
|
|
} catch (InvalidPath &) {
|
|
|
|
}
|
2016-04-05 13:30:22 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
if (!newSigs.empty()) {
|
|
|
|
store->addSignatures(storePath, newSigs);
|
|
|
|
added += newSigs.size();
|
|
|
|
}
|
|
|
|
|
2017-05-16 14:09:57 +00:00
|
|
|
//logger->incProgress(doneLabel);
|
2016-04-05 13:30:22 +00:00
|
|
|
};
|
|
|
|
|
|
|
|
for (auto & storePath : storePaths)
|
2019-12-05 18:11:09 +00:00
|
|
|
pool.enqueue(std::bind(doPath, store->printStorePath(storePath)));
|
2016-04-05 13:30:22 +00:00
|
|
|
|
|
|
|
pool.process();
|
|
|
|
|
2019-12-05 18:11:09 +00:00
|
|
|
printInfo("imported %d signatures", added);
|
2016-04-05 13:30:22 +00:00
|
|
|
}
|
|
|
|
};
|
|
|
|
|
2020-07-24 18:38:56 +00:00
|
|
|
static auto rCmdCopySigs = registerCommand2<CmdCopySigs>({"store", "copy-sigs"});
|
2016-04-05 13:30:22 +00:00
|
|
|
|
2021-01-13 22:31:18 +00:00
|
|
|
struct CmdSign : StorePathsCommand
|
2016-04-05 14:39:29 +00:00
|
|
|
{
|
|
|
|
Path secretKeyFile;
|
|
|
|
|
2021-01-13 22:31:18 +00:00
|
|
|
CmdSign()
|
2016-04-05 14:39:29 +00:00
|
|
|
{
|
2020-05-04 20:40:19 +00:00
|
|
|
addFlag({
|
|
|
|
.longName = "key-file",
|
|
|
|
.shortName = 'k',
|
2021-01-13 13:18:04 +00:00
|
|
|
.description = "File containing the secret signing key.",
|
2020-05-04 20:40:19 +00:00
|
|
|
.labels = {"file"},
|
2020-05-10 19:35:07 +00:00
|
|
|
.handler = {&secretKeyFile},
|
|
|
|
.completer = completePath
|
2020-05-04 20:40:19 +00:00
|
|
|
});
|
2016-04-05 14:39:29 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
std::string description() override
|
|
|
|
{
|
2021-01-25 18:03:13 +00:00
|
|
|
return "sign store paths";
|
2016-04-05 14:39:29 +00:00
|
|
|
}
|
|
|
|
|
2021-09-27 08:53:09 +00:00
|
|
|
void run(ref<Store> store, StorePaths && storePaths) override
|
2016-04-05 14:39:29 +00:00
|
|
|
{
|
|
|
|
if (secretKeyFile.empty())
|
2017-07-30 11:27:57 +00:00
|
|
|
throw UsageError("you must specify a secret key file using '-k'");
|
2016-04-05 14:39:29 +00:00
|
|
|
|
|
|
|
SecretKey secretKey(readFile(secretKeyFile));
|
|
|
|
|
|
|
|
size_t added{0};
|
|
|
|
|
|
|
|
for (auto & storePath : storePaths) {
|
|
|
|
auto info = store->queryPathInfo(storePath);
|
|
|
|
|
2016-04-19 16:50:15 +00:00
|
|
|
auto info2(*info);
|
2016-04-05 14:39:29 +00:00
|
|
|
info2.sigs.clear();
|
2019-12-05 18:11:09 +00:00
|
|
|
info2.sign(*store, secretKey);
|
2016-04-05 14:39:29 +00:00
|
|
|
assert(!info2.sigs.empty());
|
|
|
|
|
2016-04-19 16:50:15 +00:00
|
|
|
if (!info->sigs.count(*info2.sigs.begin())) {
|
2016-04-05 14:39:29 +00:00
|
|
|
store->addSignatures(storePath, info2.sigs);
|
|
|
|
added++;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2019-12-05 18:11:09 +00:00
|
|
|
printInfo("added %d signatures", added);
|
2016-04-05 14:39:29 +00:00
|
|
|
}
|
|
|
|
};
|
|
|
|
|
2021-01-13 22:31:18 +00:00
|
|
|
static auto rCmdSign = registerCommand2<CmdSign>({"store", "sign"});
|
2021-01-06 16:41:16 +00:00
|
|
|
|
|
|
|
struct CmdKeyGenerateSecret : Command
|
|
|
|
{
|
|
|
|
std::optional<std::string> keyName;
|
|
|
|
|
|
|
|
CmdKeyGenerateSecret()
|
|
|
|
{
|
|
|
|
addFlag({
|
|
|
|
.longName = "key-name",
|
2021-01-13 13:18:04 +00:00
|
|
|
.description = "Identifier of the key (e.g. `cache.example.org-1`).",
|
2021-01-06 16:41:16 +00:00
|
|
|
.labels = {"name"},
|
|
|
|
.handler = {&keyName},
|
|
|
|
});
|
|
|
|
}
|
|
|
|
|
|
|
|
std::string description() override
|
|
|
|
{
|
|
|
|
return "generate a secret key for signing store paths";
|
|
|
|
}
|
|
|
|
|
|
|
|
std::string doc() override
|
|
|
|
{
|
|
|
|
return
|
|
|
|
#include "key-generate-secret.md"
|
|
|
|
;
|
|
|
|
}
|
|
|
|
|
|
|
|
void run() override
|
|
|
|
{
|
|
|
|
if (!keyName)
|
|
|
|
throw UsageError("required argument '--key-name' is missing");
|
|
|
|
|
2023-03-02 14:02:24 +00:00
|
|
|
writeFull(STDOUT_FILENO, SecretKey::generate(*keyName).to_string());
|
2021-01-06 16:41:16 +00:00
|
|
|
}
|
|
|
|
};
|
|
|
|
|
|
|
|
struct CmdKeyConvertSecretToPublic : Command
|
|
|
|
{
|
|
|
|
std::string description() override
|
|
|
|
{
|
|
|
|
return "generate a public key for verifying store paths from a secret key read from standard input";
|
|
|
|
}
|
|
|
|
|
|
|
|
std::string doc() override
|
|
|
|
{
|
|
|
|
return
|
|
|
|
#include "key-convert-secret-to-public.md"
|
|
|
|
;
|
|
|
|
}
|
|
|
|
|
|
|
|
void run() override
|
|
|
|
{
|
|
|
|
SecretKey secretKey(drainFD(STDIN_FILENO));
|
2023-03-02 14:02:24 +00:00
|
|
|
writeFull(STDOUT_FILENO, secretKey.toPublicKey().to_string());
|
2021-01-06 16:41:16 +00:00
|
|
|
}
|
|
|
|
};
|
|
|
|
|
|
|
|
struct CmdKey : NixMultiCommand
|
|
|
|
{
|
|
|
|
CmdKey()
|
|
|
|
: MultiCommand({
|
|
|
|
{"generate-secret", []() { return make_ref<CmdKeyGenerateSecret>(); }},
|
|
|
|
{"convert-secret-to-public", []() { return make_ref<CmdKeyConvertSecretToPublic>(); }},
|
|
|
|
})
|
|
|
|
{
|
|
|
|
}
|
|
|
|
|
|
|
|
std::string description() override
|
|
|
|
{
|
|
|
|
return "generate and convert Nix signing keys";
|
|
|
|
}
|
|
|
|
|
|
|
|
Category category() override { return catUtility; }
|
|
|
|
|
|
|
|
void run() override
|
|
|
|
{
|
|
|
|
if (!command)
|
2021-11-12 02:29:18 +00:00
|
|
|
throw UsageError("'nix key' requires a sub-command.");
|
2024-05-17 20:01:50 +00:00
|
|
|
|
tree-wide: unify progress bar inactive and paused states
Previously, the progress bar had two subtly different states in which the bar
would not actually render, both with their own shortcomings: inactive (which
was irreversible) and paused (reversible, but swallowing logs). Furthermore,
there was no way of resetting the statistics, so a very bad solution was
implemented (243c0f18dae2a08ea0e46f7ff33277c63f7506d7) that would create a new
logger for each line of the repl, leaking the previous one and discarding the
value of printBuildLogs. Finally, if stderr was not attached to a TTY, the
update thread was started even though the logger was not active, violating the
invariant required by the destructor (which is not observed because the logger
is leaked).
In this commit, the two aforementioned states are unified into a single one,
which can be exited again, correctly upholds the invariant that the update
thread is only running while the progress bar is active, and does not swallow
logs. The latter change in behavior is not expected to be a problems in the
rare cases where the paused state was used before, since other loggers (like
the simple one) don't exhibit it anyway. The startProgressBar/stopProgressBar
API is removed due to being a footgun, and a new method for properly resetting
the progress is added.
Co-Authored-By: Qyriad <qyriad@qyriad.me>
Change-Id: I2b7c3eb17d439cd0c16f7b896cfb61239ac7ff3a
2024-06-29 13:03:44 +00:00
|
|
|
logger->pause();
|
2021-01-06 16:41:16 +00:00
|
|
|
command->second->run();
|
|
|
|
}
|
|
|
|
};
|
|
|
|
|
|
|
|
static auto rCmdKey = registerCommand<CmdKey>("key");
|