Sketching
This commit is contained in:
commit
7786c1d8e3
288
LICENSE
Normal file
288
LICENSE
Normal file
|
@ -0,0 +1,288 @@
|
|||
EUROPEAN UNION PUBLIC LICENCE v. 1.2
|
||||
EUPL © the European Union 2007, 2016
|
||||
|
||||
This European Union Public Licence (the ‘EUPL’) applies to the Work (as defined
|
||||
below) which is provided under the terms of this Licence. Any use of the Work,
|
||||
other than as authorised under this Licence is prohibited (to the extent such
|
||||
use is covered by a right of the copyright holder of the Work).
|
||||
|
||||
The Work is provided under the terms of this Licence when the Licensor (as
|
||||
defined below) has placed the following notice immediately following the
|
||||
copyright notice for the Work:
|
||||
|
||||
Licensed under the EUPL
|
||||
|
||||
or has expressed by any other means his willingness to license under the EUPL.
|
||||
|
||||
1. Definitions
|
||||
|
||||
In this Licence, the following terms have the following meaning:
|
||||
|
||||
- ‘The Licence’: this Licence.
|
||||
|
||||
- ‘The Original Work’: the work or software distributed or communicated by the
|
||||
Licensor under this Licence, available as Source Code and also as Executable
|
||||
Code as the case may be.
|
||||
|
||||
- ‘Derivative Works’: the works or software that could be created by the
|
||||
Licensee, based upon the Original Work or modifications thereof. This Licence
|
||||
does not define the extent of modification or dependence on the Original Work
|
||||
required in order to classify a work as a Derivative Work; this extent is
|
||||
determined by copyright law applicable in the country mentioned in Article 15.
|
||||
|
||||
- ‘The Work’: the Original Work or its Derivative Works.
|
||||
|
||||
- ‘The Source Code’: the human-readable form of the Work which is the most
|
||||
convenient for people to study and modify.
|
||||
|
||||
- ‘The Executable Code’: any code which has generally been compiled and which is
|
||||
meant to be interpreted by a computer as a program.
|
||||
|
||||
- ‘The Licensor’: the natural or legal person that distributes or communicates
|
||||
the Work under the Licence.
|
||||
|
||||
- ‘Contributor(s)’: any natural or legal person who modifies the Work under the
|
||||
Licence, or otherwise contributes to the creation of a Derivative Work.
|
||||
|
||||
- ‘The Licensee’ or ‘You’: any natural or legal person who makes any usage of
|
||||
the Work under the terms of the Licence.
|
||||
|
||||
- ‘Distribution’ or ‘Communication’: any act of selling, giving, lending,
|
||||
renting, distributing, communicating, transmitting, or otherwise making
|
||||
available, online or offline, copies of the Work or providing access to its
|
||||
essential functionalities at the disposal of any other natural or legal
|
||||
person.
|
||||
|
||||
2. Scope of the rights granted by the Licence
|
||||
|
||||
The Licensor hereby grants You a worldwide, royalty-free, non-exclusive,
|
||||
sublicensable licence to do the following, for the duration of copyright vested
|
||||
in the Original Work:
|
||||
|
||||
- use the Work in any circumstance and for all usage,
|
||||
- reproduce the Work,
|
||||
- modify the Work, and make Derivative Works based upon the Work,
|
||||
- communicate to the public, including the right to make available or display
|
||||
the Work or copies thereof to the public and perform publicly, as the case may
|
||||
be, the Work,
|
||||
- distribute the Work or copies thereof,
|
||||
- lend and rent the Work or copies thereof,
|
||||
- sublicense rights in the Work or copies thereof.
|
||||
|
||||
Those rights can be exercised on any media, supports and formats, whether now
|
||||
known or later invented, as far as the applicable law permits so.
|
||||
|
||||
In the countries where moral rights apply, the Licensor waives his right to
|
||||
exercise his moral right to the extent allowed by law in order to make effective
|
||||
the licence of the economic rights here above listed.
|
||||
|
||||
The Licensor grants to the Licensee royalty-free, non-exclusive usage rights to
|
||||
any patents held by the Licensor, to the extent necessary to make use of the
|
||||
rights granted on the Work under this Licence.
|
||||
|
||||
3. Communication of the Source Code
|
||||
|
||||
The Licensor may provide the Work either in its Source Code form, or as
|
||||
Executable Code. If the Work is provided as Executable Code, the Licensor
|
||||
provides in addition a machine-readable copy of the Source Code of the Work
|
||||
along with each copy of the Work that the Licensor distributes or indicates, in
|
||||
a notice following the copyright notice attached to the Work, a repository where
|
||||
the Source Code is easily and freely accessible for as long as the Licensor
|
||||
continues to distribute or communicate the Work.
|
||||
|
||||
4. Limitations on copyright
|
||||
|
||||
Nothing in this Licence is intended to deprive the Licensee of the benefits from
|
||||
any exception or limitation to the exclusive rights of the rights owners in the
|
||||
Work, of the exhaustion of those rights or of other applicable limitations
|
||||
thereto.
|
||||
|
||||
5. Obligations of the Licensee
|
||||
|
||||
The grant of the rights mentioned above is subject to some restrictions and
|
||||
obligations imposed on the Licensee. Those obligations are the following:
|
||||
|
||||
Attribution right: The Licensee shall keep intact all copyright, patent or
|
||||
trademarks notices and all notices that refer to the Licence and to the
|
||||
disclaimer of warranties. The Licensee must include a copy of such notices and a
|
||||
copy of the Licence with every copy of the Work he/she distributes or
|
||||
communicates. The Licensee must cause any Derivative Work to carry prominent
|
||||
notices stating that the Work has been modified and the date of modification.
|
||||
|
||||
Copyleft clause: If the Licensee distributes or communicates copies of the
|
||||
Original Works or Derivative Works, this Distribution or Communication will be
|
||||
done under the terms of this Licence or of a later version of this Licence
|
||||
unless the Original Work is expressly distributed only under this version of the
|
||||
Licence — for example by communicating ‘EUPL v. 1.2 only’. The Licensee
|
||||
(becoming Licensor) cannot offer or impose any additional terms or conditions on
|
||||
the Work or Derivative Work that alter or restrict the terms of the Licence.
|
||||
|
||||
Compatibility clause: If the Licensee Distributes or Communicates Derivative
|
||||
Works or copies thereof based upon both the Work and another work licensed under
|
||||
a Compatible Licence, this Distribution or Communication can be done under the
|
||||
terms of this Compatible Licence. For the sake of this clause, ‘Compatible
|
||||
Licence’ refers to the licences listed in the appendix attached to this Licence.
|
||||
Should the Licensee's obligations under the Compatible Licence conflict with
|
||||
his/her obligations under this Licence, the obligations of the Compatible
|
||||
Licence shall prevail.
|
||||
|
||||
Provision of Source Code: When distributing or communicating copies of the Work,
|
||||
the Licensee will provide a machine-readable copy of the Source Code or indicate
|
||||
a repository where this Source will be easily and freely available for as long
|
||||
as the Licensee continues to distribute or communicate the Work.
|
||||
|
||||
Legal Protection: This Licence does not grant permission to use the trade names,
|
||||
trademarks, service marks, or names of the Licensor, except as required for
|
||||
reasonable and customary use in describing the origin of the Work and
|
||||
reproducing the content of the copyright notice.
|
||||
|
||||
6. Chain of Authorship
|
||||
|
||||
The original Licensor warrants that the copyright in the Original Work granted
|
||||
hereunder is owned by him/her or licensed to him/her and that he/she has the
|
||||
power and authority to grant the Licence.
|
||||
|
||||
Each Contributor warrants that the copyright in the modifications he/she brings
|
||||
to the Work are owned by him/her or licensed to him/her and that he/she has the
|
||||
power and authority to grant the Licence.
|
||||
|
||||
Each time You accept the Licence, the original Licensor and subsequent
|
||||
Contributors grant You a licence to their contributions to the Work, under the
|
||||
terms of this Licence.
|
||||
|
||||
7. Disclaimer of Warranty
|
||||
|
||||
The Work is a work in progress, which is continuously improved by numerous
|
||||
Contributors. It is not a finished work and may therefore contain defects or
|
||||
‘bugs’ inherent to this type of development.
|
||||
|
||||
For the above reason, the Work is provided under the Licence on an ‘as is’ basis
|
||||
and without warranties of any kind concerning the Work, including without
|
||||
limitation merchantability, fitness for a particular purpose, absence of defects
|
||||
or errors, accuracy, non-infringement of intellectual property rights other than
|
||||
copyright as stated in Article 6 of this Licence.
|
||||
|
||||
This disclaimer of warranty is an essential part of the Licence and a condition
|
||||
for the grant of any rights to the Work.
|
||||
|
||||
8. Disclaimer of Liability
|
||||
|
||||
Except in the cases of wilful misconduct or damages directly caused to natural
|
||||
persons, the Licensor will in no event be liable for any direct or indirect,
|
||||
material or moral, damages of any kind, arising out of the Licence or of the use
|
||||
of the Work, including without limitation, damages for loss of goodwill, work
|
||||
stoppage, computer failure or malfunction, loss of data or any commercial
|
||||
damage, even if the Licensor has been advised of the possibility of such damage.
|
||||
However, the Licensor will be liable under statutory product liability laws as
|
||||
far such laws apply to the Work.
|
||||
|
||||
9. Additional agreements
|
||||
|
||||
While distributing the Work, You may choose to conclude an additional agreement,
|
||||
defining obligations or services consistent with this Licence. However, if
|
||||
accepting obligations, You may act only on your own behalf and on your sole
|
||||
responsibility, not on behalf of the original Licensor or any other Contributor,
|
||||
and only if You agree to indemnify, defend, and hold each Contributor harmless
|
||||
for any liability incurred by, or claims asserted against such Contributor by
|
||||
the fact You have accepted any warranty or additional liability.
|
||||
|
||||
10. Acceptance of the Licence
|
||||
|
||||
The provisions of this Licence can be accepted by clicking on an icon ‘I agree’
|
||||
placed under the bottom of a window displaying the text of this Licence or by
|
||||
affirming consent in any other similar way, in accordance with the rules of
|
||||
applicable law. Clicking on that icon indicates your clear and irrevocable
|
||||
acceptance of this Licence and all of its terms and conditions.
|
||||
|
||||
Similarly, you irrevocably accept this Licence and all of its terms and
|
||||
conditions by exercising any rights granted to You by Article 2 of this Licence,
|
||||
such as the use of the Work, the creation by You of a Derivative Work or the
|
||||
Distribution or Communication by You of the Work or copies thereof.
|
||||
|
||||
11. Information to the public
|
||||
|
||||
In case of any Distribution or Communication of the Work by means of electronic
|
||||
communication by You (for example, by offering to download the Work from a
|
||||
remote location) the distribution channel or media (for example, a website) must
|
||||
at least provide to the public the information requested by the applicable law
|
||||
regarding the Licensor, the Licence and the way it may be accessible, concluded,
|
||||
stored and reproduced by the Licensee.
|
||||
|
||||
12. Termination of the Licence
|
||||
|
||||
The Licence and the rights granted hereunder will terminate automatically upon
|
||||
any breach by the Licensee of the terms of the Licence.
|
||||
|
||||
Such a termination will not terminate the licences of any person who has
|
||||
received the Work from the Licensee under the Licence, provided such persons
|
||||
remain in full compliance with the Licence.
|
||||
|
||||
13. Miscellaneous
|
||||
|
||||
Without prejudice of Article 9 above, the Licence represents the complete
|
||||
agreement between the Parties as to the Work.
|
||||
|
||||
If any provision of the Licence is invalid or unenforceable under applicable
|
||||
law, this will not affect the validity or enforceability of the Licence as a
|
||||
whole. Such provision will be construed or reformed so as necessary to make it
|
||||
valid and enforceable.
|
||||
|
||||
The European Commission may publish other linguistic versions or new versions of
|
||||
this Licence or updated versions of the Appendix, so far this is required and
|
||||
reasonable, without reducing the scope of the rights granted by the Licence. New
|
||||
versions of the Licence will be published with a unique version number.
|
||||
|
||||
All linguistic versions of this Licence, approved by the European Commission,
|
||||
have identical value. Parties can take advantage of the linguistic version of
|
||||
their choice.
|
||||
|
||||
14. Jurisdiction
|
||||
|
||||
Without prejudice to specific agreement between parties,
|
||||
|
||||
- any litigation resulting from the interpretation of this License, arising
|
||||
between the European Union institutions, bodies, offices or agencies, as a
|
||||
Licensor, and any Licensee, will be subject to the jurisdiction of the Court
|
||||
of Justice of the European Union, as laid down in article 272 of the Treaty on
|
||||
the Functioning of the European Union,
|
||||
|
||||
- any litigation arising between other parties and resulting from the
|
||||
interpretation of this License, will be subject to the exclusive jurisdiction
|
||||
of the competent court where the Licensor resides or conducts its primary
|
||||
business.
|
||||
|
||||
15. Applicable Law
|
||||
|
||||
Without prejudice to specific agreement between parties,
|
||||
|
||||
- this Licence shall be governed by the law of the European Union Member State
|
||||
where the Licensor has his seat, resides or has his registered office,
|
||||
|
||||
- this licence shall be governed by Belgian law if the Licensor has no seat,
|
||||
residence or registered office inside a European Union Member State.
|
||||
|
||||
Appendix
|
||||
|
||||
‘Compatible Licences’ according to Article 5 EUPL are:
|
||||
|
||||
- GNU General Public License (GPL) v. 2, v. 3
|
||||
- GNU Affero General Public License (AGPL) v. 3
|
||||
- Open Software License (OSL) v. 2.1, v. 3.0
|
||||
- Eclipse Public License (EPL) v. 1.0
|
||||
- CeCILL v. 2.0, v. 2.1
|
||||
- Mozilla Public Licence (MPL) v. 2
|
||||
- GNU Lesser General Public Licence (LGPL) v. 2.1, v. 3
|
||||
- Creative Commons Attribution-ShareAlike v. 3.0 Unported (CC BY-SA 3.0) for
|
||||
works other than software
|
||||
- European Union Public Licence (EUPL) v. 1.1, v. 1.2
|
||||
- Québec Free and Open-Source Licence — Reciprocity (LiLiQ-R) or Strong
|
||||
Reciprocity (LiLiQ-R+).
|
||||
|
||||
The European Commission may update this Appendix to later versions of the above
|
||||
licences without producing a new version of the EUPL, as long as they provide
|
||||
the rights granted in Article 2 of this Licence and protect the covered Source
|
||||
Code from exclusive appropriation.
|
||||
|
||||
All other changes or additions to this Appendix require the production of a new
|
||||
EUPL version.
|
||||
|
133
README.md
Normal file
133
README.md
Normal file
|
@ -0,0 +1,133 @@
|
|||
# Iron seal
|
||||
|
||||
This is a daemon for re-signing narinfo files from a binary cache. The idea of
|
||||
this is that we can decouple high value private keys that are hard to rotate
|
||||
from the data plane of the build infrastructure running untrusted code,
|
||||
allowing *much* lower value ephemeral private keys to be used on the builders.
|
||||
|
||||
## Worldview
|
||||
|
||||
Iron Seal believes that narinfo files should not be stored in s3 to begin with
|
||||
since they are tiny text files full of valuable metadata that really ought to
|
||||
be queryable, so they belong in a database.
|
||||
|
||||
For the initial prototype, narinfos are to be fetched from s3 on-demand and
|
||||
loaded into the database, in order to allow integration with existing Lix
|
||||
systems. This is somewhat silly because it means that we have garbage narinfos
|
||||
that will never be looked at again in s3, but it does mean that iron-seal is
|
||||
not critical to the future value of the s3 cache.
|
||||
|
||||
narinfos are then serialized on-demand out of the database, with new signatures
|
||||
added as-required on the fly based on signature rules. Currently this is
|
||||
assumed to be that all in-date owned keys should sign a path if it was
|
||||
previously validly signed by a builder or owned key.
|
||||
|
||||
### Remaining questions
|
||||
|
||||
- Can a store path be built multiple times?
|
||||
- What does this mean for the narinfo? How is that cache invalidated if we
|
||||
do do such a silly thing?
|
||||
|
||||
### Schema
|
||||
|
||||
#### What's in a narinfo?
|
||||
|
||||
- StorePath: /nix/store/(hash, name)
|
||||
- Compression: enum of some limited set of values
|
||||
- URL: nar/FileHash.nar.zst (redundant)
|
||||
- FileSize: int
|
||||
- FileHash: (type, nixbase32(digest))
|
||||
- NarSize: int
|
||||
- NarHash: (type, nixbase32(digest))
|
||||
- CA: hashtype + hash + type
|
||||
- text:hashtype:hash
|
||||
- fixed:r:hashtype:hash
|
||||
- fixed:hashtype:hash
|
||||
- hashtype:hash, but it seems to be for legacy stuff only and the code to
|
||||
make them is Gone???
|
||||
- This should be redundant: there are three cases: text, fixed recursive,
|
||||
fixed, and the hash is always sha256 in practice
|
||||
- References[]: store path names
|
||||
|
||||
Is it better to denormalize the names or reference ids? Chose to normalize
|
||||
harder and natural-key the hashes. Then we can enforce there is only one
|
||||
instance of a name for a given store path. 20 bytes is a kind of silly key
|
||||
type, but it's not really worse than a 16 byte uuid lol.
|
||||
- Sig[]: keyname:base64(sig)
|
||||
|
||||
Observations:
|
||||
- We can compress the living daylights out of this by simply not base64ing
|
||||
anything and storing binary as binary, as well as removing strings
|
||||
- Storing references as IDs in a join table would knock even more bytes off of it
|
||||
- URL is completely redundant
|
||||
- StorePath is sorta redundant but -> need to be able to lookup by hash
|
||||
- Split out name
|
||||
|
||||
|
||||
```
|
||||
~ » curl --compressed https://cache.lix.systems/0018nm26ljlp20g9m22bj55ql9kz3klz.narinfo
|
||||
StorePath: /nix/store/0018nm26ljlp20g9m22bj55ql9kz3klz-apple-framework-CoreFoundation-11.0.0.drv
|
||||
URL: nar/1zp24fp4cf01066mrj7dhdmp6zizcahp32xglpw1sg4473bxv0x6.nar.zst
|
||||
Compression: zstd
|
||||
FileHash: sha256:1zp24fp4cf01066mrj7dhdmp6zizcahp32xglpw1sg4473bxv0x6
|
||||
FileSize: 1429
|
||||
NarHash: sha256:135jwl0vl96mx9294ylb1b6y8rlw4bnhyx8zn7pdmsp5md7p5wfm
|
||||
NarSize: 3776
|
||||
References: 5iqpm377dcnzaj0bjip0alh6shvjrfpc-cf-setup-hook.sh 6ag32dimxbc019zm5nx09v40wl1w0ysv-bootstrap-tools.drv a045scfay8yb7xxw36r3glxbx5v7cvyh-rewrite-tbd-unstable-2023-03-27.drv kpp0z1ia13ph5lkypdh5kfcmggj9agpy-bootstrap-stage1-stdenv-darwin.drv r7mhby3fppgh801xkidw9hg6y5wvdab8-libobjc-11.0.0.drv v6x3cs394jgqfbi0a42pam708flxaphh-default-builder.sh v9034cqc4h5bm10z4vz3n1q2n55grv5y-role.bash y171r47m5ryvqnwc5ld0drvq5klnbdcb-MacOSX-SDK-11.0.0.drv
|
||||
Sig: cache.lix.systems:RwRtAxn0kO0zTa3ESZDI6g8K0F/fhbENKv6K8Yh3+imzBSqtXwjbpRRBnD38caSjaVpa8ws212ZQQelhLdiZAA==
|
||||
CA: text:sha256:0s9difwgh59k43qlvkqvcwr0jm3qq2yd2zgwmy2gvxjqmjw4hk91
|
||||
|
||||
~ » curl --compressed https://cache.lix.systems/rwakndmpj9dbr1sh2271g47l7d2fl1zf.narinfo
|
||||
StorePath: /nix/store/rwakndmpj9dbr1sh2271g47l7d2fl1zf-source
|
||||
URL: nar/127d2kh80xhlpv14810zb8d9wgxqv125hpy4b1mmnihlj45y861z.nar.zst
|
||||
Compression: zstd
|
||||
FileHash: sha256:127d2kh80xhlpv14810zb8d9wgxqv125hpy4b1mmnihlj45y861z
|
||||
FileSize: 1336187
|
||||
NarHash: sha256:0b03rwv7kawsqj3grdjs4dyip02l31x4hll6rbgyx7gvsgn4r2mi
|
||||
NarSize: 5294376
|
||||
References:
|
||||
Sig: cache.lix.systems:z6sKt0+CMPfOvyyPyAmfisQFH89+gIlLKGT+W5caN46zkPKzQg40T9KUw+ppqB/Gfkhoz4UcRVHzE2VSbbqyBQ==
|
||||
CA: fixed:r:sha256:0b03rwv7kawsqj3grdjs4dyip02l31x4hll6rbgyx7gvsgn4r2mi
|
||||
|
||||
~ » curl --compressed https://cache.lix.systems/v9034cqc4h5bm10z4vz3n1q2n55grv5y.narinfo
|
||||
StorePath: /nix/store/v9034cqc4h5bm10z4vz3n1q2n55grv5y-role.bash
|
||||
URL: nar/0k78kc5xs5kvnz119hrqc8k0lzpv094jzrs7j6i386hl50bw1051.nar.xz
|
||||
Compression: xz
|
||||
FileHash: sha256:0k78kc5xs5kvnz119hrqc8k0lzpv094jzrs7j6i386hl50bw1051
|
||||
FileSize: 916
|
||||
NarHash: sha256:1wm870bpkip4d9xaa8rj2fiapnjz27xkgbycl47av7f64q98502s
|
||||
NarSize: 2328
|
||||
References:
|
||||
Sig: cache.lix.systems:+9mf0JXUAuhEAEyGE7vfylI+byK1xYNOCrBQiIKDqRNZFNeh0UJC01oWddvoGm3TLmY8bSnVFNxDpBy2ajgaCw==
|
||||
CA: fixed:r:sha256:1wm870bpkip4d9xaa8rj2fiapnjz27xkgbycl47av7f64q98502s
|
||||
```
|
||||
|
||||
An output and its deriver:
|
||||
|
||||
Outputs don't have CA.
|
||||
|
||||
```
|
||||
~ » curl --compressed https://cache.lix.systems/ws234x3s0in12ks97miwrrdnfx6iys7w.narinfo
|
||||
StorePath: /nix/store/ws234x3s0in12ks97miwrrdnfx6iys7w-lix-2.91.0-debug
|
||||
URL: nar/0767zlbsfp572ikqwv8k2kv0bvdr2kpr2xp3vl6843bhpn89srcf.nar.zst
|
||||
Compression: zstd
|
||||
FileHash: sha256:0767zlbsfp572ikqwv8k2kv0bvdr2kpr2xp3vl6843bhpn89srcf
|
||||
FileSize: 149517914
|
||||
NarHash: sha256:0nv4qv7yy82l2w3sgkfc6ax3s5mv5hffwgbjp45wji6vcpn48639
|
||||
NarSize: 152916192
|
||||
References:
|
||||
Deriver: iz2nhchdh0dl96z591maai3f5hnl9jd9-lix-2.91.0.drv
|
||||
Sig: cache.lix.systems:AxW+LHBGOFAqNhN5esqu/jNDASq9q4HQZ1uetf+8m9UC7uXNgfzTWMvWjNHzc2cbiLFN4Lv8wTxaGCW6CqSTAQ==
|
||||
|
||||
~ » curl --compressed https://cache.lix.systems/iz2nhchdh0dl96z591maai3f5hnl9jd9.narinfo
|
||||
StorePath: /nix/store/iz2nhchdh0dl96z591maai3f5hnl9jd9-lix-2.91.0.drv
|
||||
URL: nar/1zrhxs2md2ppharrdgm4pzf67n9ngvrd0k7swchvvqqnxs2zg0cn.nar.zst
|
||||
Compression: zstd
|
||||
FileHash: sha256:1zrhxs2md2ppharrdgm4pzf67n9ngvrd0k7swchvvqqnxs2zg0cn
|
||||
FileSize: 3826
|
||||
NarHash: sha256:152viw7i9iq9nql205i6xx1w1x3pz4pyd5k1l2rffnz8mws1skrf
|
||||
NarSize: 8696
|
||||
References: 02whz8bddsbc1fc3z4lp9r5d93gfi19b-jq-1.7.1.drv 09xdqf5vm3671iw83hq83ra55211zisl-gcc-13.2.0.drv 12l2v3kmacnpmx14p2345kk41fpv31rw-separate-debug-info.sh 1gk1c7x53fa5wqcqcwayagvblzinn8rx-openssl-3.0.14.drv 1h6y345b14l439y668mgfmhp7x611vsn-pkg-config-wrapper-0.29.2.drv 1z8izdpyzhd23nk2amhsyfkmphzajcc5-rapidcheck-0-unstable-2023-12-14.drv 24z6w1l9pfjixbp57q0vz98njvk53mdb-bzip2-1.0.8.drv 2q0p6sd6994k99x3cw6xvg9wlb9b2hym-sqlite-3.45.3.drv 377zz3y35n2aqzj39rxxvki5nw4jn32a-meson-1.4.1.drv 49wp9a3ldgyf8zr3875bpznr1vgb2cp9-mercurial-6.6.3.drv 5246sqmc35hxwxi905vz14wq9bg7ss13-util-linux-minimal-2.39.4.drv 5r7dangpzlqbh9qikfvcy2hkcr9dfn2i-libseccomp-2.5.5.drv 6fxk6xxg5r25glpychiwii4913wzkv0j-toml11-3.7.1.drv 7vgvm6maz2q40c5600ig0470hzmyvi2y-ninja-1.11.1.drv 8yb3slw042zr414dw6cnsjs7jz3b3d3d-mdbook-linkcheck-0.7.7.drv 98hyrmv2d8s133y0gfg7v4bz2g26lnzh-gtest-1.14.0.drv c89v384z3l833ykvjxc05y89jyqimpk2-cmake-3.29.2.drv cl2aa2ixggw275v1mfq9qxnna95pssvg-brotli-1.1.0.drv d58bmmhv8zzv18hf0mi57jgqj4fmnkgi-lowdown-1.1.0.drv dl3158bk4h8fahfgddvd5hjg4mnayddi-boost-1.81.0.drv fw3srq3319h1c3b10bi51sj68zhgl4wh-aws-sdk-cpp-1.11.318.drv g45hm2v7cjjsbm8z1hzma5ybbg2l9igw-editline-1.17.1.drv gvf4apg8zc1hg27409mb62fsvw5x1n0i-lsof-4.99.3.drv ibvns8id2frl8lg02gpyhvrav38dx1pm-pegtl-3.2.7.drv iwc1b7yk89rr37j546hgs6hfw9h2zfdc-busybox-static-aarch64-unknown-linux-musl-1.36.1.drv ix79ffj7sdnllcb06bry8ahqmjmh3hkh-git-2.44.1.drv iy52yascwcmgwm4q7x0vhgwig6g1q2qn-nlohmann_json-3.11.3.drv kfibsc08liqs0f3sm2wfha0qv0c0nfa3-libsodium-1.0.19.drv m7sjf5692xdv77rmp1mr947kvkr24zkf-python3-3.11.9.drv n8bzpa0g4zqlb1l463yr6gjwj9alb4lx-boehm-gc-8.2.6.drv nd47yjmilyhjkx77lvqg20izc9l7kvhs-mdbook-0.4.37.drv nnak6v9iccf7rsvw21wbwrqq2k8s780d-lix-doc.drv ridfqdfrv7hbrka1swxrnv3apgrvi2b6-bash-5.2p26.drv rwakndmpj9dbr1sh2271g47l7d2fl1zf-source rzb066q38jcjm223c07x6nlqibbgbq7i-libarchive-3.7.4.drv v6x3cs394jgqfbi0a42pam708flxaphh-default-builder.sh vpy0352yk1vl1l1dhmr4yhyhvcnig2xw-stdenv-linux.drv wcyypaafk1mzm47rwhbcmx481q43j4s4-xz-5.4.7.drv xp1bywj9afd809zmcyc5g9y66paxgqav-curl-8.7.1.drv
|
||||
Sig: cache.lix.systems:yauNRyXEq2heiwJASbT14kDBnK0hrEMKQgDf1eb78e5m4xaQDun1ZcvMKRoa2K8JFuN+UjESH4h83Ndx4N8bDg==
|
||||
CA: text:sha256:18gfki09lpdnqpxwdjdw8nmq1ryzyc0dhncgi5yvb9qvlphgyj3m
|
||||
```
|
110
schema.sql
Normal file
110
schema.sql
Normal file
|
@ -0,0 +1,110 @@
|
|||
begin transaction;
|
||||
|
||||
create domain NixPath as bytea
|
||||
check (length(value) = 20);
|
||||
create domain SHA256Hash as bytea
|
||||
check (length(value) = 16);
|
||||
create domain Ed25519Public as bytea
|
||||
check (length(value) = 32);
|
||||
create domain SignatureBytes as bytea
|
||||
check (length(value) = 64);
|
||||
|
||||
create table PathName (
|
||||
hash NixPath not null primary key,
|
||||
-- Split off into a separate PathName table since a reference only requires
|
||||
-- a PathName exists but not necessarily a full NarInfo
|
||||
name text not null
|
||||
);
|
||||
|
||||
-- Yoinked from https://git.lix.systems/lix-project/lix/src/e34833c0253340f47dc0add8609eb86cf9cba19b/src/libstore/binary-cache-store.cc#L151-L158
|
||||
create type Compression as enum (
|
||||
'none',
|
||||
'bzip2',
|
||||
'zstd',
|
||||
'xz',
|
||||
'lzip',
|
||||
'lz4',
|
||||
'br'
|
||||
);
|
||||
|
||||
-- There are no non sha256 CA hashes in the wild and we can honestly just tell anyone sending us one to go away
|
||||
create type CAType as enum (
|
||||
'textsha256',
|
||||
'fixedrecsha256',
|
||||
'fixedflatsha256'
|
||||
);
|
||||
|
||||
create table NarInfo (
|
||||
-- URL not needed (derivable from file_hash and compression)
|
||||
file_size bigint not null,
|
||||
nar_size bigint not null,
|
||||
|
||||
hash NixPath primary key not null references PathName(hash),
|
||||
file_hash SHA256Hash not null,
|
||||
nar_hash SHA256Hash not null,
|
||||
ca_hash SHA256Hash,
|
||||
|
||||
compression Compression not null,
|
||||
ca_type CAType
|
||||
);
|
||||
|
||||
create table Reference (
|
||||
target NixPath not null references PathName(hash),
|
||||
by_narinfo NixPath not null references NarInfo(hash),
|
||||
primary key (target, by_narinfo)
|
||||
);
|
||||
|
||||
create index reference_by_target on Reference using hash (target);
|
||||
create index reference_by_referencer on Reference using hash (by_narinfo);
|
||||
|
||||
create table KeyName (
|
||||
id serial primary key,
|
||||
name text not null
|
||||
);
|
||||
|
||||
comment on table KeyName is 'The Nix name for a key, which is often, but not strictly, related to the domain name';
|
||||
|
||||
-- FIXME: partitioning the system for security? e.g. can we make it so that the app *cannot* mess with public key validity periods?
|
||||
create table BuilderPublicKey (
|
||||
id integer primary key references KeyName(id),
|
||||
public_key Ed25519Public not null,
|
||||
comment text,
|
||||
valid_from timestamptz,
|
||||
valid_until timestamptz
|
||||
);
|
||||
|
||||
comment on table BuilderPublicKey is 'Public keys which iron-seal is willing to re-sign paths signed with';
|
||||
comment on column BuilderPublicKey.valid_from is 'Signature time when the public key is first trusted for new signatures. If null, from a time in the indefinite past.';
|
||||
comment on column BuilderPublicKey.valid_until is 'Signature time when the public key is last trusted for new signatures. If null, to a time in the indefinite future.';
|
||||
|
||||
create table OwnPublicKey (
|
||||
id integer primary key references KeyName(id),
|
||||
public_key Ed25519Public not null,
|
||||
comment text,
|
||||
valid_from timestamptz,
|
||||
valid_until timestamptz
|
||||
);
|
||||
|
||||
comment on table OwnPublicKey is 'Public keys which iron-seal will sign paths with during their validity period';
|
||||
comment on column OwnPublicKey.valid_from is 'Signature time when the public key will first be used for new signatures. If null, from a time in the indefinite past.';
|
||||
comment on column OwnPublicKey.valid_until is 'Signature time when the public key will last be used for new signatures. If null, to a time in the indefinite future.';
|
||||
|
||||
create table Signature (
|
||||
path NixPath references NarInfo(hash),
|
||||
|
||||
id serial primary key,
|
||||
signer integer not null references KeyName(id),
|
||||
sig_bytes SignatureBytes not null,
|
||||
signed_at timestamptz not null
|
||||
);
|
||||
|
||||
comment on column Signature.signed_at is 'When the path was signed. For s3-sourced paths we have a reliable idea of it if we take the narinfo date as the signature date (and can assume there is no backdating by trusting s3)';
|
||||
|
||||
create unique index signature_path_only_signed_once on Signature (signer, path);
|
||||
|
||||
-- Definitely want to be able to look up signatures by store path
|
||||
create index signature_by_path on Signature using hash (path);
|
||||
-- Definitely want to be able to look up paths signed by a key
|
||||
create index signature_by_signer on Signature (signer);
|
||||
|
||||
rollback;
|
Loading…
Reference in a new issue