2020-06-24 21:22:13 +00:00
|
|
|
|
#pragma once
|
2023-04-01 03:18:41 +00:00
|
|
|
|
///@file
|
2020-06-24 21:22:13 +00:00
|
|
|
|
|
2020-08-06 18:31:48 +00:00
|
|
|
|
#include "crypto.hh"
|
2020-06-24 21:22:13 +00:00
|
|
|
|
#include "path.hh"
|
|
|
|
|
#include "hash.hh"
|
|
|
|
|
#include "content-address.hh"
|
2020-08-03 21:02:28 +00:00
|
|
|
|
|
2020-06-24 21:22:13 +00:00
|
|
|
|
#include <string>
|
|
|
|
|
#include <optional>
|
|
|
|
|
|
|
|
|
|
namespace nix {
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
class Store;
|
|
|
|
|
|
2020-08-03 21:02:28 +00:00
|
|
|
|
|
|
|
|
|
struct SubstitutablePathInfo
|
|
|
|
|
{
|
|
|
|
|
std::optional<StorePath> deriver;
|
|
|
|
|
StorePathSet references;
|
2023-04-07 13:55:28 +00:00
|
|
|
|
/**
|
|
|
|
|
* 0 = unknown or inapplicable
|
|
|
|
|
*/
|
|
|
|
|
uint64_t downloadSize;
|
|
|
|
|
/**
|
|
|
|
|
* 0 = unknown
|
|
|
|
|
*/
|
|
|
|
|
uint64_t narSize;
|
2020-08-03 21:02:28 +00:00
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
typedef std::map<StorePath, SubstitutablePathInfo> SubstitutablePathInfos;
|
|
|
|
|
|
|
|
|
|
|
2020-06-24 21:22:13 +00:00
|
|
|
|
struct ValidPathInfo
|
|
|
|
|
{
|
|
|
|
|
StorePath path;
|
|
|
|
|
std::optional<StorePath> deriver;
|
2023-04-07 13:55:28 +00:00
|
|
|
|
/**
|
|
|
|
|
* \todo document this
|
|
|
|
|
*/
|
2020-08-05 18:42:48 +00:00
|
|
|
|
Hash narHash;
|
2020-06-24 21:22:13 +00:00
|
|
|
|
StorePathSet references;
|
|
|
|
|
time_t registrationTime = 0;
|
|
|
|
|
uint64_t narSize = 0; // 0 = unknown
|
|
|
|
|
uint64_t id; // internal use only
|
|
|
|
|
|
2023-04-07 13:55:28 +00:00
|
|
|
|
/**
|
|
|
|
|
* Whether the path is ultimately trusted, that is, it's a
|
|
|
|
|
* derivation output that was built locally.
|
|
|
|
|
*/
|
2020-06-24 21:22:13 +00:00
|
|
|
|
bool ultimate = false;
|
|
|
|
|
|
|
|
|
|
StringSet sigs; // note: not necessarily verified
|
|
|
|
|
|
2023-04-07 13:55:28 +00:00
|
|
|
|
/**
|
|
|
|
|
* If non-empty, an assertion that the path is content-addressed,
|
|
|
|
|
* i.e., that the store path is computed from a cryptographic hash
|
|
|
|
|
* of the contents of the path, plus some other bits of data like
|
|
|
|
|
* the "name" part of the path. Such a path doesn't need
|
|
|
|
|
* signatures, since we don't have to trust anybody's claim that
|
|
|
|
|
* the path is the output of a particular derivation. (In the
|
|
|
|
|
* extensional store model, we have to trust that the *contents*
|
|
|
|
|
* of an output path of a derivation were actually produced by
|
|
|
|
|
* that derivation. In the intensional model, we have to trust
|
|
|
|
|
* that a particular output path was produced by a derivation; the
|
|
|
|
|
* path then implies the contents.)
|
|
|
|
|
*
|
|
|
|
|
* Ideally, the content-addressability assertion would just be a Boolean,
|
|
|
|
|
* and the store path would be computed from the name component, ‘narHash’
|
|
|
|
|
* and ‘references’. However, we support many types of content addresses.
|
|
|
|
|
*/
|
2020-06-24 21:22:13 +00:00
|
|
|
|
std::optional<ContentAddress> ca;
|
|
|
|
|
|
|
|
|
|
bool operator == (const ValidPathInfo & i) const
|
|
|
|
|
{
|
|
|
|
|
return
|
|
|
|
|
path == i.path
|
|
|
|
|
&& narHash == i.narHash
|
|
|
|
|
&& references == i.references;
|
|
|
|
|
}
|
|
|
|
|
|
2023-04-07 13:55:28 +00:00
|
|
|
|
/**
|
|
|
|
|
* Return a fingerprint of the store path to be used in binary
|
|
|
|
|
* cache signatures. It contains the store path, the base-32
|
|
|
|
|
* SHA-256 hash of the NAR serialisation of the path, the size of
|
|
|
|
|
* the NAR, and the sorted references. The size field is strictly
|
|
|
|
|
* speaking superfluous, but might prevent endless/excessive data
|
|
|
|
|
* attacks.
|
|
|
|
|
*/
|
2020-06-24 21:22:13 +00:00
|
|
|
|
std::string fingerprint(const Store & store) const;
|
|
|
|
|
|
|
|
|
|
void sign(const Store & store, const SecretKey & secretKey);
|
|
|
|
|
|
2023-04-07 13:55:28 +00:00
|
|
|
|
/**
|
|
|
|
|
* @return true iff the path is verifiably content-addressed.
|
|
|
|
|
*/
|
2020-06-24 21:22:13 +00:00
|
|
|
|
bool isContentAddressed(const Store & store) const;
|
|
|
|
|
|
|
|
|
|
static const size_t maxSigs = std::numeric_limits<size_t>::max();
|
|
|
|
|
|
2023-04-07 13:55:28 +00:00
|
|
|
|
/**
|
|
|
|
|
* Return the number of signatures on this .narinfo that were
|
|
|
|
|
* produced by one of the specified keys, or maxSigs if the path
|
|
|
|
|
* is content-addressed.
|
|
|
|
|
*/
|
2020-06-24 21:22:13 +00:00
|
|
|
|
size_t checkSignatures(const Store & store, const PublicKeys & publicKeys) const;
|
|
|
|
|
|
2023-04-07 13:55:28 +00:00
|
|
|
|
/**
|
|
|
|
|
* Verify a single signature.
|
|
|
|
|
*/
|
2020-06-24 21:22:13 +00:00
|
|
|
|
bool checkSignature(const Store & store, const PublicKeys & publicKeys, const std::string & sig) const;
|
|
|
|
|
|
|
|
|
|
Strings shortRefs() const;
|
|
|
|
|
|
|
|
|
|
ValidPathInfo(const ValidPathInfo & other) = default;
|
|
|
|
|
|
2020-08-06 18:31:48 +00:00
|
|
|
|
ValidPathInfo(StorePath && path, Hash narHash) : path(std::move(path)), narHash(narHash) { };
|
|
|
|
|
ValidPathInfo(const StorePath & path, Hash narHash) : path(path), narHash(narHash) { };
|
2020-06-24 21:22:13 +00:00
|
|
|
|
|
|
|
|
|
virtual ~ValidPathInfo() { }
|
2021-07-26 11:31:09 +00:00
|
|
|
|
|
|
|
|
|
static ValidPathInfo read(Source & source, const Store & store, unsigned int format);
|
|
|
|
|
static ValidPathInfo read(Source & source, const Store & store, unsigned int format, StorePath && path);
|
|
|
|
|
|
|
|
|
|
void write(Sink & sink, const Store & store, unsigned int format, bool includePath = true) const;
|
2020-06-24 21:22:13 +00:00
|
|
|
|
};
|
|
|
|
|
|
2020-11-03 11:52:57 +00:00
|
|
|
|
typedef std::map<StorePath, ValidPathInfo> ValidPathInfos;
|
2020-08-03 21:02:28 +00:00
|
|
|
|
|
2020-06-24 21:22:13 +00:00
|
|
|
|
}
|