picnoir
/
nix-gh
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

nix-copy-closure / build-remote.pl: Disable signature checking 

This restores the Nix 1.11 behaviour.
This commit is contained in:
Eelco Dolstra 2016-05-31 11:18:45 +02:00
parent e4f0ba55ac
commit c2d27d30cf
12 changed files with 20 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
perl/lib/Nix/Store.xs
View File

@ -182,11 +182,11 @@ void exportPaths(int fd, ...)
}
void importPaths(int fd)
void importPaths(int fd, int dontCheckSigs)
PPCODE:
try {
FdSource source(fd);
store()->importPaths(source, 0);
store()->importPaths(source, 0, dontCheckSigs);
} catch (Error & e) {
croak("%s", e.what());
}

2
scripts/build-remote.pl.in
View File

@ -271,5 +271,5 @@ if (scalar @outputs2 > 0) {
writeInt(0, $to); # don't sign
writeStrings(\@outputs2, $to);
$ENV{'NIX_HELD_LOCKS'} = "@outputs2"; # FIXME: ugly
importPaths(fileno($from));
importPaths(fileno($from), 1);
}

2
scripts/nix-copy-closure.in
View File

@ -97,7 +97,7 @@ else { # Copy FROM the remote machine.
writeInt(5, $to); # == cmdExportPaths
writeInt(0, $to); # obsolete
writeStrings(\@missing, $to);
importPaths(fileno($from));
importPaths(fileno($from), 1);
}
}

3
src/libstore/binary-cache-store.cc
View File

@ -63,7 +63,8 @@ Path BinaryCacheStore::narInfoFileFor(const Path & storePath)
return storePathToHash(storePath) + ".narinfo";
}
void BinaryCacheStore::addToStore(const ValidPathInfo & info, const std::string & nar, bool repair)
void BinaryCacheStore::addToStore(const ValidPathInfo & info, const std::string & nar,
bool repair, bool dontCheckSigs)
{
if (!repair && isValidPath(info.path)) return;

2
src/libstore/binary-cache-store.hh
View File

@ -84,7 +84,7 @@ public:
bool wantMassQuery() { return wantMassQuery_; }
void addToStore(const ValidPathInfo & info, const std::string & nar,
bool repair = false) override;
bool repair = false, bool dontCheckSigs = false) override;
Path addToStore(const string & name, const Path & srcPath,
bool recursive = true, HashType hashAlgo = htSHA256,

4
src/libstore/export-import.cc
View File

@ -82,7 +82,7 @@ struct NopSink : ParseSink
{
};
Paths Store::importPaths(Source & source, std::shared_ptr<FSAccessor> accessor)
Paths Store::importPaths(Source & source, std::shared_ptr<FSAccessor> accessor, bool dontCheckSigs)
{
Paths res;
while (true) {
@ -117,7 +117,7 @@ Paths Store::importPaths(Source & source, std::shared_ptr<FSAccessor> accessor)
if (readInt(source) == 1)
readString(source);
addToStore(info, *tee.data);
addToStore(info, *tee.data, false, dontCheckSigs);
// FIXME: implement accessors?
assert(!accessor);

5
src/libstore/local-store.cc
View File

@ -904,14 +904,15 @@ void LocalStore::invalidatePath(State & state, const Path & path)
}
void LocalStore::addToStore(const ValidPathInfo & info, const std::string & nar, bool repair)
void LocalStore::addToStore(const ValidPathInfo & info, const std::string & nar,
bool repair, bool dontCheckSigs)
{
Hash h = hashString(htSHA256, nar);
if (h != info.narHash)
throw Error(format("hash mismatch importing path %s; expected hash %s, got %s") %
info.path % info.narHash.to_string() % h.to_string());
if (requireSigs && !info.checkSignatures(publicKeys))
if (requireSigs && !dontCheckSigs && !info.checkSignatures(publicKeys))
throw Error(format("cannot import path %s because it lacks a valid signature") % info.path);
addTempRoot(info.path);

2
src/libstore/local-store.hh
View File

@ -117,7 +117,7 @@ public:
SubstitutablePathInfos & infos) override;
void addToStore(const ValidPathInfo & info, const std::string & nar,
bool repair) override;
bool repair, bool dontCheckSigs) override;
Path addToStore(const string & name, const Path & srcPath,
bool recursive = true, HashType hashAlgo = htSHA256,

3
src/libstore/remote-store.cc
View File

@ -326,7 +326,8 @@ Path RemoteStore::queryPathFromHashPart(const string & hashPart)
}
void RemoteStore::addToStore(const ValidPathInfo & info, const std::string & nar, bool repair)
void RemoteStore::addToStore(const ValidPathInfo & info, const std::string & nar,
bool repair, bool dontCheckSigs)
{
throw Error("RemoteStore::addToStore() not implemented");
}

2
src/libstore/remote-store.hh
View File

@ -52,7 +52,7 @@ public:
SubstitutablePathInfos & infos) override;
void addToStore(const ValidPathInfo & info, const std::string & nar,
bool repair) override;
bool repair, bool dontCheckSigs) override;
Path addToStore(const string & name, const Path & srcPath,
bool recursive = true, HashType hashAlgo = htSHA256,

6
src/libstore/store-api.hh
View File

@ -257,7 +257,7 @@ public:
/* Import a path into the store. */
virtual void addToStore(const ValidPathInfo & info, const std::string & nar,
bool repair = false) = 0;
bool repair = false, bool dontCheckSigs = false) = 0;
/* Copy the contents of a path to the store and register the
validity the resulting path. The resulting path is returned.
@ -398,8 +398,8 @@ public:
the Nix store. Optionally, the contents of the NARs are
preloaded into the specified FS accessor to speed up subsequent
access. */
Paths importPaths(Source & source,
std::shared_ptr<FSAccessor> accessor);
Paths importPaths(Source & source, std::shared_ptr<FSAccessor> accessor,
bool dontCheckSigs = false);
struct Stats
{

2
src/nix-store/nix-store.cc
View File

@ -901,7 +901,7 @@ static void opServe(Strings opFlags, Strings opArgs)
case cmdImportPaths: {
if (!writeAllowed) throw Error("importing paths is not allowed");
store->importPaths(in, 0);
store->importPaths(in, 0, true); // FIXME: should we skip sig checking?
out << 1; // indicate success
break;
}