the-distro/iron-seal
1
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity

Sketching

Browse source
This commit is contained in:
jade 2024-08-20 22:55:31 -07:00
commit 7786c1d8e3
3 changed files with 531 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

288
LICENSE Normal file
View file

@ -0,0 +1,288 @@
EUROPEAN UNION PUBLIC LICENCE v. 1.2
EUPL © the European Union 2007, 2016
This European Union Public Licence (the EUPL) applies to the Work (as defined
below) which is provided under the terms of this Licence. Any use of the Work,
other than as authorised under this Licence is prohibited (to the extent such
use is covered by a right of the copyright holder of the Work).
The Work is provided under the terms of this Licence when the Licensor (as
defined below) has placed the following notice immediately following the
copyright notice for the Work:
Licensed under the EUPL
or has expressed by any other means his willingness to license under the EUPL.
1. Definitions
In this Licence, the following terms have the following meaning:
- The Licence: this Licence.
- The Original Work: the work or software distributed or communicated by the
Licensor under this Licence, available as Source Code and also as Executable
Code as the case may be.
- Derivative Works: the works or software that could be created by the
Licensee, based upon the Original Work or modifications thereof. This Licence
does not define the extent of modification or dependence on the Original Work
required in order to classify a work as a Derivative Work; this extent is
determined by copyright law applicable in the country mentioned in Article 15.
- The Work: the Original Work or its Derivative Works.
- The Source Code: the human-readable form of the Work which is the most
convenient for people to study and modify.
- The Executable Code: any code which has generally been compiled and which is
meant to be interpreted by a computer as a program.
- The Licensor: the natural or legal person that distributes or communicates
the Work under the Licence.
- Contributor(s): any natural or legal person who modifies the Work under the
Licence, or otherwise contributes to the creation of a Derivative Work.
- The Licensee or You: any natural or legal person who makes any usage of
the Work under the terms of the Licence.
- Distribution or Communication: any act of selling, giving, lending,
renting, distributing, communicating, transmitting, or otherwise making
available, online or offline, copies of the Work or providing access to its
essential functionalities at the disposal of any other natural or legal
person.
2. Scope of the rights granted by the Licence
The Licensor hereby grants You a worldwide, royalty-free, non-exclusive,
sublicensable licence to do the following, for the duration of copyright vested
in the Original Work:
- use the Work in any circumstance and for all usage,
- reproduce the Work,
- modify the Work, and make Derivative Works based upon the Work,
- communicate to the public, including the right to make available or display
the Work or copies thereof to the public and perform publicly, as the case may
be, the Work,
- distribute the Work or copies thereof,
- lend and rent the Work or copies thereof,
- sublicense rights in the Work or copies thereof.
Those rights can be exercised on any media, supports and formats, whether now
known or later invented, as far as the applicable law permits so.
In the countries where moral rights apply, the Licensor waives his right to
exercise his moral right to the extent allowed by law in order to make effective
the licence of the economic rights here above listed.
The Licensor grants to the Licensee royalty-free, non-exclusive usage rights to
any patents held by the Licensor, to the extent necessary to make use of the
rights granted on the Work under this Licence.
3. Communication of the Source Code
The Licensor may provide the Work either in its Source Code form, or as
Executable Code. If the Work is provided as Executable Code, the Licensor
provides in addition a machine-readable copy of the Source Code of the Work
along with each copy of the Work that the Licensor distributes or indicates, in
a notice following the copyright notice attached to the Work, a repository where
the Source Code is easily and freely accessible for as long as the Licensor
continues to distribute or communicate the Work.
4. Limitations on copyright
Nothing in this Licence is intended to deprive the Licensee of the benefits from
any exception or limitation to the exclusive rights of the rights owners in the
Work, of the exhaustion of those rights or of other applicable limitations
thereto.
5. Obligations of the Licensee
The grant of the rights mentioned above is subject to some restrictions and
obligations imposed on the Licensee. Those obligations are the following:
Attribution right: The Licensee shall keep intact all copyright, patent or
trademarks notices and all notices that refer to the Licence and to the
disclaimer of warranties. The Licensee must include a copy of such notices and a
copy of the Licence with every copy of the Work he/she distributes or
communicates. The Licensee must cause any Derivative Work to carry prominent
notices stating that the Work has been modified and the date of modification.
Copyleft clause: If the Licensee distributes or communicates copies of the
Original Works or Derivative Works, this Distribution or Communication will be
done under the terms of this Licence or of a later version of this Licence
unless the Original Work is expressly distributed only under this version of the
Licence — for example by communicating EUPL v. 1.2 only. The Licensee
(becoming Licensor) cannot offer or impose any additional terms or conditions on
the Work or Derivative Work that alter or restrict the terms of the Licence.
Compatibility clause: If the Licensee Distributes or Communicates Derivative
Works or copies thereof based upon both the Work and another work licensed under
a Compatible Licence, this Distribution or Communication can be done under the
terms of this Compatible Licence. For the sake of this clause, Compatible
Licence refers to the licences listed in the appendix attached to this Licence.
Should the Licensee's obligations under the Compatible Licence conflict with
his/her obligations under this Licence, the obligations of the Compatible
Licence shall prevail.
Provision of Source Code: When distributing or communicating copies of the Work,
the Licensee will provide a machine-readable copy of the Source Code or indicate
a repository where this Source will be easily and freely available for as long
as the Licensee continues to distribute or communicate the Work.
Legal Protection: This Licence does not grant permission to use the trade names,
trademarks, service marks, or names of the Licensor, except as required for
reasonable and customary use in describing the origin of the Work and
reproducing the content of the copyright notice.
6. Chain of Authorship
The original Licensor warrants that the copyright in the Original Work granted
hereunder is owned by him/her or licensed to him/her and that he/she has the
power and authority to grant the Licence.
Each Contributor warrants that the copyright in the modifications he/she brings
to the Work are owned by him/her or licensed to him/her and that he/she has the
power and authority to grant the Licence.
Each time You accept the Licence, the original Licensor and subsequent
Contributors grant You a licence to their contributions to the Work, under the
terms of this Licence.
7. Disclaimer of Warranty
The Work is a work in progress, which is continuously improved by numerous
Contributors. It is not a finished work and may therefore contain defects or
bugs inherent to this type of development.
For the above reason, the Work is provided under the Licence on an as is basis
and without warranties of any kind concerning the Work, including without
limitation merchantability, fitness for a particular purpose, absence of defects
or errors, accuracy, non-infringement of intellectual property rights other than
copyright as stated in Article 6 of this Licence.
This disclaimer of warranty is an essential part of the Licence and a condition
for the grant of any rights to the Work.
8. Disclaimer of Liability
Except in the cases of wilful misconduct or damages directly caused to natural
persons, the Licensor will in no event be liable for any direct or indirect,
material or moral, damages of any kind, arising out of the Licence or of the use
of the Work, including without limitation, damages for loss of goodwill, work
stoppage, computer failure or malfunction, loss of data or any commercial
damage, even if the Licensor has been advised of the possibility of such damage.
However, the Licensor will be liable under statutory product liability laws as
far such laws apply to the Work.
9. Additional agreements
While distributing the Work, You may choose to conclude an additional agreement,
defining obligations or services consistent with this Licence. However, if
accepting obligations, You may act only on your own behalf and on your sole
responsibility, not on behalf of the original Licensor or any other Contributor,
and only if You agree to indemnify, defend, and hold each Contributor harmless
for any liability incurred by, or claims asserted against such Contributor by
the fact You have accepted any warranty or additional liability.
10. Acceptance of the Licence
The provisions of this Licence can be accepted by clicking on an icon I agree
placed under the bottom of a window displaying the text of this Licence or by
affirming consent in any other similar way, in accordance with the rules of
applicable law. Clicking on that icon indicates your clear and irrevocable
acceptance of this Licence and all of its terms and conditions.
Similarly, you irrevocably accept this Licence and all of its terms and
conditions by exercising any rights granted to You by Article 2 of this Licence,
such as the use of the Work, the creation by You of a Derivative Work or the
Distribution or Communication by You of the Work or copies thereof.
11. Information to the public
In case of any Distribution or Communication of the Work by means of electronic
communication by You (for example, by offering to download the Work from a
remote location) the distribution channel or media (for example, a website) must
at least provide to the public the information requested by the applicable law
regarding the Licensor, the Licence and the way it may be accessible, concluded,
stored and reproduced by the Licensee.
12. Termination of the Licence
The Licence and the rights granted hereunder will terminate automatically upon
any breach by the Licensee of the terms of the Licence.
Such a termination will not terminate the licences of any person who has
received the Work from the Licensee under the Licence, provided such persons
remain in full compliance with the Licence.
13. Miscellaneous
Without prejudice of Article 9 above, the Licence represents the complete
agreement between the Parties as to the Work.
If any provision of the Licence is invalid or unenforceable under applicable
law, this will not affect the validity or enforceability of the Licence as a
whole. Such provision will be construed or reformed so as necessary to make it
valid and enforceable.
The European Commission may publish other linguistic versions or new versions of
this Licence or updated versions of the Appendix, so far this is required and
reasonable, without reducing the scope of the rights granted by the Licence. New
versions of the Licence will be published with a unique version number.
All linguistic versions of this Licence, approved by the European Commission,
have identical value. Parties can take advantage of the linguistic version of
their choice.
14. Jurisdiction
Without prejudice to specific agreement between parties,
- any litigation resulting from the interpretation of this License, arising
between the European Union institutions, bodies, offices or agencies, as a
Licensor, and any Licensee, will be subject to the jurisdiction of the Court
of Justice of the European Union, as laid down in article 272 of the Treaty on
the Functioning of the European Union,
- any litigation arising between other parties and resulting from the
interpretation of this License, will be subject to the exclusive jurisdiction
of the competent court where the Licensor resides or conducts its primary
business.
15. Applicable Law
Without prejudice to specific agreement between parties,
- this Licence shall be governed by the law of the European Union Member State
where the Licensor has his seat, resides or has his registered office,
- this licence shall be governed by Belgian law if the Licensor has no seat,
residence or registered office inside a European Union Member State.
Appendix
Compatible Licences according to Article 5 EUPL are:
- GNU General Public License (GPL) v. 2, v. 3
- GNU Affero General Public License (AGPL) v. 3
- Open Software License (OSL) v. 2.1, v. 3.0
- Eclipse Public License (EPL) v. 1.0
- CeCILL v. 2.0, v. 2.1
- Mozilla Public Licence (MPL) v. 2
- GNU Lesser General Public Licence (LGPL) v. 2.1, v. 3
- Creative Commons Attribution-ShareAlike v. 3.0 Unported (CC BY-SA 3.0) for
works other than software
- European Union Public Licence (EUPL) v. 1.1, v. 1.2
- Québec Free and Open-Source Licence — Reciprocity (LiLiQ-R) or Strong
Reciprocity (LiLiQ-R+).
The European Commission may update this Appendix to later versions of the above
licences without producing a new version of the EUPL, as long as they provide
the rights granted in Article 2 of this Licence and protect the covered Source
Code from exclusive appropriation.
All other changes or additions to this Appendix require the production of a new
EUPL version.

133
README.md Normal file
View file

@ -0,0 +1,133 @@
# Iron seal
This is a daemon for re-signing narinfo files from a binary cache. The idea of
this is that we can decouple high value private keys that are hard to rotate
from the data plane of the build infrastructure running untrusted code,
allowing *much* lower value ephemeral private keys to be used on the builders.
## Worldview
Iron Seal believes that narinfo files should not be stored in s3 to begin with
since they are tiny text files full of valuable metadata that really ought to
be queryable, so they belong in a database.
For the initial prototype, narinfos are to be fetched from s3 on-demand and
loaded into the database, in order to allow integration with existing Lix
systems. This is somewhat silly because it means that we have garbage narinfos
that will never be looked at again in s3, but it does mean that iron-seal is
not critical to the future value of the s3 cache.
narinfos are then serialized on-demand out of the database, with new signatures
added as-required on the fly based on signature rules. Currently this is
assumed to be that all in-date owned keys should sign a path if it was
previously validly signed by a builder or owned key.
### Remaining questions
- Can a store path be built multiple times?
- What does this mean for the narinfo? How is that cache invalidated if we
do do such a silly thing?
### Schema
#### What's in a narinfo?
- StorePath: /nix/store/(hash, name)
- Compression: enum of some limited set of values
- URL: nar/FileHash.nar.zst (redundant)
- FileSize: int
- FileHash: (type, nixbase32(digest))
- NarSize: int
- NarHash: (type, nixbase32(digest))
- CA: hashtype + hash + type
- text:hashtype:hash
- fixed:r:hashtype:hash
- fixed:hashtype:hash
- hashtype:hash, but it seems to be for legacy stuff only and the code to
make them is Gone???
- This should be redundant: there are three cases: text, fixed recursive,
fixed, and the hash is always sha256 in practice
- References[]: store path names
Is it better to denormalize the names or reference ids? Chose to normalize
harder and natural-key the hashes. Then we can enforce there is only one
instance of a name for a given store path. 20 bytes is a kind of silly key
type, but it's not really worse than a 16 byte uuid lol.
- Sig[]: keyname:base64(sig)
Observations:
- We can compress the living daylights out of this by simply not base64ing
anything and storing binary as binary, as well as removing strings
- Storing references as IDs in a join table would knock even more bytes off of it
- URL is completely redundant
- StorePath is sorta redundant but -> need to be able to lookup by hash
- Split out name
```
~ » curl --compressed https://cache.lix.systems/0018nm26ljlp20g9m22bj55ql9kz3klz.narinfo
StorePath: /nix/store/0018nm26ljlp20g9m22bj55ql9kz3klz-apple-framework-CoreFoundation-11.0.0.drv
URL: nar/1zp24fp4cf01066mrj7dhdmp6zizcahp32xglpw1sg4473bxv0x6.nar.zst
Compression: zstd
FileHash: sha256:1zp24fp4cf01066mrj7dhdmp6zizcahp32xglpw1sg4473bxv0x6
FileSize: 1429
NarHash: sha256:135jwl0vl96mx9294ylb1b6y8rlw4bnhyx8zn7pdmsp5md7p5wfm
NarSize: 3776
References: 5iqpm377dcnzaj0bjip0alh6shvjrfpc-cf-setup-hook.sh 6ag32dimxbc019zm5nx09v40wl1w0ysv-bootstrap-tools.drv a045scfay8yb7xxw36r3glxbx5v7cvyh-rewrite-tbd-unstable-2023-03-27.drv kpp0z1ia13ph5lkypdh5kfcmggj9agpy-bootstrap-stage1-stdenv-darwin.drv r7mhby3fppgh801xkidw9hg6y5wvdab8-libobjc-11.0.0.drv v6x3cs394jgqfbi0a42pam708flxaphh-default-builder.sh v9034cqc4h5bm10z4vz3n1q2n55grv5y-role.bash y171r47m5ryvqnwc5ld0drvq5klnbdcb-MacOSX-SDK-11.0.0.drv
Sig: cache.lix.systems:RwRtAxn0kO0zTa3ESZDI6g8K0F/fhbENKv6K8Yh3+imzBSqtXwjbpRRBnD38caSjaVpa8ws212ZQQelhLdiZAA==
CA: text:sha256:0s9difwgh59k43qlvkqvcwr0jm3qq2yd2zgwmy2gvxjqmjw4hk91
~ » curl --compressed https://cache.lix.systems/rwakndmpj9dbr1sh2271g47l7d2fl1zf.narinfo
StorePath: /nix/store/rwakndmpj9dbr1sh2271g47l7d2fl1zf-source
URL: nar/127d2kh80xhlpv14810zb8d9wgxqv125hpy4b1mmnihlj45y861z.nar.zst
Compression: zstd
FileHash: sha256:127d2kh80xhlpv14810zb8d9wgxqv125hpy4b1mmnihlj45y861z
FileSize: 1336187
NarHash: sha256:0b03rwv7kawsqj3grdjs4dyip02l31x4hll6rbgyx7gvsgn4r2mi
NarSize: 5294376
References:
Sig: cache.lix.systems:z6sKt0+CMPfOvyyPyAmfisQFH89+gIlLKGT+W5caN46zkPKzQg40T9KUw+ppqB/Gfkhoz4UcRVHzE2VSbbqyBQ==
CA: fixed:r:sha256:0b03rwv7kawsqj3grdjs4dyip02l31x4hll6rbgyx7gvsgn4r2mi
~ » curl --compressed https://cache.lix.systems/v9034cqc4h5bm10z4vz3n1q2n55grv5y.narinfo
StorePath: /nix/store/v9034cqc4h5bm10z4vz3n1q2n55grv5y-role.bash
URL: nar/0k78kc5xs5kvnz119hrqc8k0lzpv094jzrs7j6i386hl50bw1051.nar.xz
Compression: xz
FileHash: sha256:0k78kc5xs5kvnz119hrqc8k0lzpv094jzrs7j6i386hl50bw1051
FileSize: 916
NarHash: sha256:1wm870bpkip4d9xaa8rj2fiapnjz27xkgbycl47av7f64q98502s
NarSize: 2328
References:
Sig: cache.lix.systems:+9mf0JXUAuhEAEyGE7vfylI+byK1xYNOCrBQiIKDqRNZFNeh0UJC01oWddvoGm3TLmY8bSnVFNxDpBy2ajgaCw==
CA: fixed:r:sha256:1wm870bpkip4d9xaa8rj2fiapnjz27xkgbycl47av7f64q98502s
```
An output and its deriver:
Outputs don't have CA.
```
~ » curl --compressed https://cache.lix.systems/ws234x3s0in12ks97miwrrdnfx6iys7w.narinfo
StorePath: /nix/store/ws234x3s0in12ks97miwrrdnfx6iys7w-lix-2.91.0-debug
URL: nar/0767zlbsfp572ikqwv8k2kv0bvdr2kpr2xp3vl6843bhpn89srcf.nar.zst
Compression: zstd
FileHash: sha256:0767zlbsfp572ikqwv8k2kv0bvdr2kpr2xp3vl6843bhpn89srcf
FileSize: 149517914
NarHash: sha256:0nv4qv7yy82l2w3sgkfc6ax3s5mv5hffwgbjp45wji6vcpn48639
NarSize: 152916192
References:
Deriver: iz2nhchdh0dl96z591maai3f5hnl9jd9-lix-2.91.0.drv
Sig: cache.lix.systems:AxW+LHBGOFAqNhN5esqu/jNDASq9q4HQZ1uetf+8m9UC7uXNgfzTWMvWjNHzc2cbiLFN4Lv8wTxaGCW6CqSTAQ==
~ » curl --compressed https://cache.lix.systems/iz2nhchdh0dl96z591maai3f5hnl9jd9.narinfo
StorePath: /nix/store/iz2nhchdh0dl96z591maai3f5hnl9jd9-lix-2.91.0.drv
URL: nar/1zrhxs2md2ppharrdgm4pzf67n9ngvrd0k7swchvvqqnxs2zg0cn.nar.zst
Compression: zstd
FileHash: sha256:1zrhxs2md2ppharrdgm4pzf67n9ngvrd0k7swchvvqqnxs2zg0cn
FileSize: 3826
NarHash: sha256:152viw7i9iq9nql205i6xx1w1x3pz4pyd5k1l2rffnz8mws1skrf
NarSize: 8696
References: 02whz8bddsbc1fc3z4lp9r5d93gfi19b-jq-1.7.1.drv 09xdqf5vm3671iw83hq83ra55211zisl-gcc-13.2.0.drv 12l2v3kmacnpmx14p2345kk41fpv31rw-separate-debug-info.sh 1gk1c7x53fa5wqcqcwayagvblzinn8rx-openssl-3.0.14.drv 1h6y345b14l439y668mgfmhp7x611vsn-pkg-config-wrapper-0.29.2.drv 1z8izdpyzhd23nk2amhsyfkmphzajcc5-rapidcheck-0-unstable-2023-12-14.drv 24z6w1l9pfjixbp57q0vz98njvk53mdb-bzip2-1.0.8.drv 2q0p6sd6994k99x3cw6xvg9wlb9b2hym-sqlite-3.45.3.drv 377zz3y35n2aqzj39rxxvki5nw4jn32a-meson-1.4.1.drv 49wp9a3ldgyf8zr3875bpznr1vgb2cp9-mercurial-6.6.3.drv 5246sqmc35hxwxi905vz14wq9bg7ss13-util-linux-minimal-2.39.4.drv 5r7dangpzlqbh9qikfvcy2hkcr9dfn2i-libseccomp-2.5.5.drv 6fxk6xxg5r25glpychiwii4913wzkv0j-toml11-3.7.1.drv 7vgvm6maz2q40c5600ig0470hzmyvi2y-ninja-1.11.1.drv 8yb3slw042zr414dw6cnsjs7jz3b3d3d-mdbook-linkcheck-0.7.7.drv 98hyrmv2d8s133y0gfg7v4bz2g26lnzh-gtest-1.14.0.drv c89v384z3l833ykvjxc05y89jyqimpk2-cmake-3.29.2.drv cl2aa2ixggw275v1mfq9qxnna95pssvg-brotli-1.1.0.drv d58bmmhv8zzv18hf0mi57jgqj4fmnkgi-lowdown-1.1.0.drv dl3158bk4h8fahfgddvd5hjg4mnayddi-boost-1.81.0.drv fw3srq3319h1c3b10bi51sj68zhgl4wh-aws-sdk-cpp-1.11.318.drv g45hm2v7cjjsbm8z1hzma5ybbg2l9igw-editline-1.17.1.drv gvf4apg8zc1hg27409mb62fsvw5x1n0i-lsof-4.99.3.drv ibvns8id2frl8lg02gpyhvrav38dx1pm-pegtl-3.2.7.drv iwc1b7yk89rr37j546hgs6hfw9h2zfdc-busybox-static-aarch64-unknown-linux-musl-1.36.1.drv ix79ffj7sdnllcb06bry8ahqmjmh3hkh-git-2.44.1.drv iy52yascwcmgwm4q7x0vhgwig6g1q2qn-nlohmann_json-3.11.3.drv kfibsc08liqs0f3sm2wfha0qv0c0nfa3-libsodium-1.0.19.drv m7sjf5692xdv77rmp1mr947kvkr24zkf-python3-3.11.9.drv n8bzpa0g4zqlb1l463yr6gjwj9alb4lx-boehm-gc-8.2.6.drv nd47yjmilyhjkx77lvqg20izc9l7kvhs-mdbook-0.4.37.drv nnak6v9iccf7rsvw21wbwrqq2k8s780d-lix-doc.drv ridfqdfrv7hbrka1swxrnv3apgrvi2b6-bash-5.2p26.drv rwakndmpj9dbr1sh2271g47l7d2fl1zf-source rzb066q38jcjm223c07x6nlqibbgbq7i-libarchive-3.7.4.drv v6x3cs394jgqfbi0a42pam708flxaphh-default-builder.sh vpy0352yk1vl1l1dhmr4yhyhvcnig2xw-stdenv-linux.drv wcyypaafk1mzm47rwhbcmx481q43j4s4-xz-5.4.7.drv xp1bywj9afd809zmcyc5g9y66paxgqav-curl-8.7.1.drv
Sig: cache.lix.systems:yauNRyXEq2heiwJASbT14kDBnK0hrEMKQgDf1eb78e5m4xaQDun1ZcvMKRoa2K8JFuN+UjESH4h83Ndx4N8bDg==
CA: text:sha256:18gfki09lpdnqpxwdjdw8nmq1ryzyc0dhncgi5yvb9qvlphgyj3m
```

110
schema.sql Normal file
View file

@ -0,0 +1,110 @@
begin transaction;
create domain NixPath as bytea
check (length(value) = 20);
create domain SHA256Hash as bytea
check (length(value) = 16);
create domain Ed25519Public as bytea
check (length(value) = 32);
create domain SignatureBytes as bytea
check (length(value) = 64);
create table PathName (
hash NixPath not null primary key,
-- Split off into a separate PathName table since a reference only requires
-- a PathName exists but not necessarily a full NarInfo
name text not null
);
-- Yoinked from https://git.lix.systems/lix-project/lix/src/e34833c0253340f47dc0add8609eb86cf9cba19b/src/libstore/binary-cache-store.cc#L151-L158
create type Compression as enum (
'none',
'bzip2',
'zstd',
'xz',
'lzip',
'lz4',
'br'
);
-- There are no non sha256 CA hashes in the wild and we can honestly just tell anyone sending us one to go away
create type CAType as enum (
'textsha256',
'fixedrecsha256',
'fixedflatsha256'
);
create table NarInfo (
-- URL not needed (derivable from file_hash and compression)
file_size bigint not null,
nar_size bigint not null,
hash NixPath primary key not null references PathName(hash),
file_hash SHA256Hash not null,
nar_hash SHA256Hash not null,
ca_hash SHA256Hash,
compression Compression not null,
ca_type CAType
);
create table Reference (
target NixPath not null references PathName(hash),
by_narinfo NixPath not null references NarInfo(hash),
primary key (target, by_narinfo)
);
create index reference_by_target on Reference using hash (target);
create index reference_by_referencer on Reference using hash (by_narinfo);
create table KeyName (
id serial primary key,
name text not null
);
comment on table KeyName is 'The Nix name for a key, which is often, but not strictly, related to the domain name';
-- FIXME: partitioning the system for security? e.g. can we make it so that the app *cannot* mess with public key validity periods?
create table BuilderPublicKey (
id integer primary key references KeyName(id),
public_key Ed25519Public not null,
comment text,
valid_from timestamptz,
valid_until timestamptz
);
comment on table BuilderPublicKey is 'Public keys which iron-seal is willing to re-sign paths signed with';
comment on column BuilderPublicKey.valid_from is 'Signature time when the public key is first trusted for new signatures. If null, from a time in the indefinite past.';
comment on column BuilderPublicKey.valid_until is 'Signature time when the public key is last trusted for new signatures. If null, to a time in the indefinite future.';
create table OwnPublicKey (
id integer primary key references KeyName(id),
public_key Ed25519Public not null,
comment text,
valid_from timestamptz,
valid_until timestamptz
);
comment on table OwnPublicKey is 'Public keys which iron-seal will sign paths with during their validity period';
comment on column OwnPublicKey.valid_from is 'Signature time when the public key will first be used for new signatures. If null, from a time in the indefinite past.';
comment on column OwnPublicKey.valid_until is 'Signature time when the public key will last be used for new signatures. If null, to a time in the indefinite future.';
create table Signature (
path NixPath references NarInfo(hash),
id serial primary key,
signer integer not null references KeyName(id),
sig_bytes SignatureBytes not null,
signed_at timestamptz not null
);
comment on column Signature.signed_at is 'When the path was signed. For s3-sourced paths we have a reliable idea of it if we take the narinfo date as the signature date (and can assume there is no backdating by trusting s3)';
create unique index signature_path_only_signed_once on Signature (signer, path);
-- Definitely want to be able to look up signatures by store path
create index signature_by_path on Signature using hash (path);
-- Definitely want to be able to look up paths signed by a key
create index signature_by_signer on Signature (signer);
rollback;