Make libsodium an optional dependency

This commit is contained in:
Eelco Dolstra 2015-02-10 11:54:06 +01:00
parent 5d9cd27dce
commit 1c972cba14
6 changed files with 28 additions and 2 deletions

View file

@ -4,6 +4,7 @@ CFLAGS = @CFLAGS@
CXX = @CXX@
CXXFLAGS = @CXXFLAGS@
HAVE_OPENSSL = @HAVE_OPENSSL@
HAVE_SODIUM = @HAVE_SODIUM@
OPENSSL_LIBS = @OPENSSL_LIBS@
PACKAGE_NAME = @PACKAGE_NAME@
PACKAGE_VERSION = @PACKAGE_VERSION@

View file

@ -205,8 +205,12 @@ AC_CHECK_HEADERS([bzlib.h], [true],
PKG_CHECK_MODULES([SQLITE3], [sqlite3 >= 3.6.19], [CXXFLAGS="$SQLITE3_CFLAGS $CXXFLAGS"])
# Look for libsodium, a required dependency.
PKG_CHECK_MODULES([SODIUM], [libsodium], [CXXFLAGS="$SODIUM_CFLAGS $CXXFLAGS"])
# Look for libsodium, an optional dependency.
PKG_CHECK_MODULES([SODIUM], [libsodium],
[AC_DEFINE([HAVE_SODIUM], [1], [Whether to use libsodium for cryptography.])
CXXFLAGS="$SODIUM_CFLAGS $CXXFLAGS"
have_sodium=1], [have_sodium=])
AC_SUBST(HAVE_SODIUM, [$have_sodium])
# Whether to use the Boehm garbage collector.

View file

@ -11,7 +11,9 @@
#include <misc.hh>
#include <util.hh>
#if HAVE_SODIUM
#include <sodium.h>
#endif
using namespace nix;
@ -228,6 +230,7 @@ SV * hashString(char * algo, int base32, char * s)
SV * signString(SV * secretKey_, char * msg)
PPCODE:
try {
#if HAVE_SODIUM
STRLEN secretKeyLen;
unsigned char * secretKey = (unsigned char *) SvPV(secretKey_, secretKeyLen);
if (secretKeyLen != crypto_sign_SECRETKEYBYTES)
@ -237,6 +240,9 @@ SV * signString(SV * secretKey_, char * msg)
unsigned long long sigLen;
crypto_sign_detached(sig, &sigLen, (unsigned char *) msg, strlen(msg), secretKey);
XPUSHs(sv_2mortal(newSVpv((char *) sig, sigLen)));
#else
throw Error("Nix was not compiled with libsodium, required for signed binary cache support");
#endif
} catch (Error & e) {
croak(e.what());
}
@ -245,6 +251,7 @@ SV * signString(SV * secretKey_, char * msg)
int checkSignature(SV * publicKey_, SV * sig_, char * msg)
CODE:
try {
#if HAVE_SODIUM
STRLEN publicKeyLen;
unsigned char * publicKey = (unsigned char *) SvPV(publicKey_, publicKeyLen);
if (publicKeyLen != crypto_sign_PUBLICKEYBYTES)
@ -256,6 +263,9 @@ int checkSignature(SV * publicKey_, SV * sig_, char * msg)
throw Error("signature is not valid");
RETVAL = crypto_sign_verify_detached(sig, (unsigned char *) msg, strlen(msg), publicKey) == 0;
#else
throw Error("Nix was not compiled with libsodium, required for signed binary cache support");
#endif
} catch (Error & e) {
croak(e.what());
}

View file

@ -20,7 +20,9 @@
#include <bzlib.h>
#if HAVE_SODIUM
#include <sodium.h>
#endif
using namespace nix;
@ -1016,6 +1018,7 @@ static void opGenerateBinaryCacheKey(Strings opFlags, Strings opArgs)
if (opArgs.size() != 1) throw UsageError("one argument expected");
string keyName = opArgs.front();
#if HAVE_SODIUM
sodium_init();
unsigned char pk[crypto_sign_PUBLICKEYBYTES];
@ -1025,6 +1028,9 @@ static void opGenerateBinaryCacheKey(Strings opFlags, Strings opArgs)
std::cout << keyName << ":" << base64Encode(string((char *) pk, crypto_sign_PUBLICKEYBYTES)) << std::endl;
std::cout << keyName << ":" << base64Encode(string((char *) sk, crypto_sign_SECRETKEYBYTES)) << std::endl;
#else
throw Error("Nix was not compiled with libsodium, required for signed binary cache support");
#endif
}

View file

@ -89,6 +89,8 @@ nix-build --option binary-caches "file://$cacheDir" dependencies.nix -o $TEST_RO
grep -q "Downloading" $TEST_ROOT/log
if [ -n "$HAVE_SODIUM" ]; then
# Create a signed binary cache.
clearCache
@ -137,3 +139,5 @@ done
rm -f $NIX_STATE_DIR/binary-cache*
(! nix-store -r $outPath --option binary-caches "file://$cacheDir" --option signed-binary-caches '*' --option binary-cache-public-keys "$publicKey")
fi # HAVE_LIBSODIUM

View file

@ -25,6 +25,7 @@ export dot=@dot@
export xmllint="@xmllint@"
export SHELL="@bash@"
export PAGER=cat
export HAVE_SODIUM="@HAVE_SODIUM@"
export version=@PACKAGE_VERSION@
export system=@system@