#include "command.hh" #include "shared.hh" #include "store-api.hh" #include "sync.hh" #include "thread-pool.hh" #include "references.hh" #include using namespace nix; struct CmdVerify : StorePathsCommand { bool noContents = false; bool noTrust = false; Strings substituterUris; size_t sigsNeeded = 0; CmdVerify() { mkFlag(0, "no-contents", "do not verify the contents of each store path", &noContents); mkFlag(0, "no-trust", "do not verify whether each store path is trusted", &noTrust); mkFlag() .longName("substituter") .shortName('s') .labels({"store-uri"}) .description("use signatures from specified store") .arity(1) .handler([&](std::vector ss) { substituterUris.push_back(ss[0]); }); mkIntFlag('n', "sigs-needed", "require that each path has at least N valid signatures", &sigsNeeded); } std::string description() override { return "verify the integrity of store paths"; } Examples examples() override { return { Example{ "To verify the entire Nix store:", "nix verify --all" }, Example{ "To check whether each path in the closure of Firefox has at least 2 signatures:", "nix verify -r -n2 --no-contents $(type -p firefox)" }, }; } void run(ref store, StorePaths storePaths) override { std::vector> substituters; for (auto & s : substituterUris) substituters.push_back(openStore(s)); auto publicKeys = getDefaultPublicKeys(); Activity act(*logger, actVerifyPaths); std::atomic done{0}; std::atomic untrusted{0}; std::atomic corrupted{0}; std::atomic failed{0}; std::atomic active{0}; auto update = [&]() { act.progress(done, storePaths.size(), active, failed); }; ThreadPool pool; auto doPath = [&](const Path & storePath) { try { checkInterrupt(); Activity act2(*logger, lvlInfo, actUnknown, fmt("checking '%s'", storePath)); MaintainCount> mcActive(active); update(); auto info = store->queryPathInfo(store->parseStorePath(storePath)); if (!noContents) { std::unique_ptr hashSink; if (info->ca == "") hashSink = std::make_unique(info->narHash.type); else hashSink = std::make_unique(info->narHash.type, storePathToHash(store->printStorePath(info->path))); store->narFromPath(info->path, *hashSink); auto hash = hashSink->finish(); if (hash.first != info->narHash) { corrupted++; act2.result(resCorruptedPath, store->printStorePath(info->path)); printError( "path '%s' was modified! expected hash '%s', got '%s'", store->printStorePath(info->path), info->narHash.to_string(), hash.first.to_string()); } } if (!noTrust) { bool good = false; if (info->ultimate && !sigsNeeded) good = true; else { StringSet sigsSeen; size_t actualSigsNeeded = std::max(sigsNeeded, (size_t) 1); size_t validSigs = 0; auto doSigs = [&](StringSet sigs) { for (auto sig : sigs) { if (!sigsSeen.insert(sig).second) continue; if (validSigs < ValidPathInfo::maxSigs && info->checkSignature(*store, publicKeys, sig)) validSigs++; } }; if (info->isContentAddressed(*store)) validSigs = ValidPathInfo::maxSigs; doSigs(info->sigs); for (auto & store2 : substituters) { if (validSigs >= actualSigsNeeded) break; try { auto info2 = store2->queryPathInfo(info->path); if (info2->isContentAddressed(*store)) validSigs = ValidPathInfo::maxSigs; doSigs(info2->sigs); } catch (InvalidPath &) { } catch (Error & e) { printError(format(ANSI_RED "error:" ANSI_NORMAL " %s") % e.what()); } } if (validSigs >= actualSigsNeeded) good = true; } if (!good) { untrusted++; act2.result(resUntrustedPath, store->printStorePath(info->path)); printError("path '%s' is untrusted", store->printStorePath(info->path)); } } done++; } catch (Error & e) { printError(format(ANSI_RED "error:" ANSI_NORMAL " %s") % e.what()); failed++; } update(); }; for (auto & storePath : storePaths) pool.enqueue(std::bind(doPath, store->printStorePath(storePath))); pool.process(); throw Exit( (corrupted ? 1 : 0) | (untrusted ? 2 : 0) | (failed ? 4 : 0)); } }; static auto r1 = registerCommand("verify");