feat(tvix/nix-compat): add narinfo::Signature::verify

This adds support for verifying signatures found in NARInfo files. This still needs to be hooked together with the nix+http[s] backend. Change-Id: Ic1c8ddbdecfb05cefca2492808388b0f7f3f2637 Reviewed-on: https://cl.tvl.fyi/c/depot/+/10081 Autosubmit: flokli <flokli@flokli.de> Reviewed-by: raitobezarius <tvl@lahfa.xyz> Tested-by: BuildkiteCI
2023-11-19 22:21:24 +02:00 · 2023-11-19 22:21:24 +02:00 · bb18556bf3
commit bb18556bf3
parent 9322d29ea9
6 changed files with 1388 additions and 211 deletions
--- a/tvix/Cargo.lock
+++ b/tvix/Cargo.lock
@ -112,8 +112,8 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "5fd55a5ba1179988837d24ab4c7cc8ed6efdeff578ede0416b4225a5fca35bd0"
 dependencies = [
 "proc-macro2 1.0.67",
- "quote 1.0.26",
- "syn 2.0.16",
+ "quote 1.0.33",
+ "syn 2.0.39",
 ]

 [[package]]
@ -134,8 +134,8 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "16e62a023e7c117e27523144c5d2459f4397fcc3cab0085af8e2224f643a0193"
 dependencies = [
 "proc-macro2 1.0.67",
- "quote 1.0.26",
- "syn 2.0.16",
+ "quote 1.0.33",
+ "syn 2.0.39",
 ]

 [[package]]
@ -145,8 +145,8 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "b9ccdd8f2a161be9bd5c023df56f1b2a0bd1d83872ae53b71a84a12c9bf6e842"
 dependencies = [
 "proc-macro2 1.0.67",
- "quote 1.0.26",
- "syn 2.0.16",
+ "quote 1.0.33",
+ "syn 2.0.39",
 ]

 [[package]]
@ -232,6 +232,12 @@ version = "0.21.4"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "9ba43ea6f343b788c8764558649e08df62f86c6ef251fdaeb1ffd010a9ae50a2"

+[[package]]
+name = "base64ct"
+version = "1.6.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "8c3c1a368f70d6cf7302d78f8f7093da241fb8e8807c05cc9e51a125895a6d5b"
+
 [[package]]
 name = "bit-set"
 version = "0.5.3"
@ -420,8 +426,8 @@ checksum = "3f9644cd56d6b87dbe899ef8b053e331c0637664e9e21a33dfcdc36093f5c5c4"
 dependencies = [
 "heck",
 "proc-macro2 1.0.67",
- "quote 1.0.26",
- "syn 2.0.16",
+ "quote 1.0.33",
+ "syn 2.0.39",
 ]

 [[package]]
@ -473,6 +479,12 @@ version = "1.0.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "acbf1af155f9b9ef647e42cdc158db4b64a1b61f743629225fde6f3e0be2a7c7"

+[[package]]
+name = "const-oid"
+version = "0.9.5"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "28c122c3980598d243d63d9a704629a2d748d101f278052ff068be5a4423ab6f"
+
 [[package]]
 name = "constant_time_eq"
 version = "0.2.5"
@ -614,12 +626,50 @@ dependencies = [
 "typenum",
 ]

+[[package]]
+name = "curve25519-dalek"
+version = "4.1.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "e89b8c6a2e4b1f45971ad09761aafb85514a84744b67a95e32c3cc1352d1f65c"
+dependencies = [
+ "cfg-if",
+ "cpufeatures",
+ "curve25519-dalek-derive",
+ "digest",
+ "fiat-crypto",
+ "platforms",
+ "rustc_version",
+ "subtle",
+ "zeroize",
+]
+
+[[package]]
+name = "curve25519-dalek-derive"
+version = "0.1.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "f46882e17999c6cc590af592290432be3bce0428cb0d5f8b6715e4dc7b383eb3"
+dependencies = [
+ "proc-macro2 1.0.67",
+ "quote 1.0.33",
+ "syn 2.0.39",
+]
+
 [[package]]
 name = "data-encoding"
 version = "2.3.3"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "23d8666cb01533c39dde32bcbab8e227b4ed6679b2c925eba05feabea39508fb"

+[[package]]
+name = "der"
+version = "0.7.8"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "fffa369a668c8af7dbf8b5e56c9f744fbd399949ed171606040001947de40b1c"
+dependencies = [
+ "const-oid",
+ "zeroize",
+]
+
 [[package]]
 name = "diff"
 version = "0.1.13"
@ -687,6 +737,30 @@ dependencies = [
 "litrs",
 ]

+[[package]]
+name = "ed25519"
+version = "2.2.3"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "115531babc129696a58c64a4fef0a8bf9e9698629fb97e9e40767d235cfbcd53"
+dependencies = [
+ "pkcs8",
+ "signature",
+]
+
+[[package]]
+name = "ed25519-dalek"
+version = "2.1.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "1f628eaec48bfd21b865dc2950cfa014450c01d2fa2b69a86c2fd5844ec523c0"
+dependencies = [
+ "curve25519-dalek",
+ "ed25519",
+ "serde",
+ "sha2",
+ "subtle",
+ "zeroize",
+]
+
 [[package]]
 name = "either"
 version = "1.8.1"
@ -759,6 +833,12 @@ dependencies = [
 "windows-sys 0.48.0",
 ]

+[[package]]
+name = "fiat-crypto"
+version = "0.2.5"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "27573eac26f4dd11e2b1916c3fe1baa56407c83c71a773a8ba17ec0bca03b6b7"
+
 [[package]]
 name = "fixedbitset"
 version = "0.4.2"
@ -860,8 +940,8 @@ version = "0.3.29"
 source = "git+https://github.com/edef1c/futures-rs?rev=23e25061f2261794d6d611675a6372c96b70fa85#23e25061f2261794d6d611675a6372c96b70fa85"
 dependencies = [
 "proc-macro2 1.0.67",
- "quote 1.0.26",
- "syn 2.0.16",
+ "quote 1.0.33",
+ "syn 2.0.39",
 ]

 [[package]]
@ -1467,6 +1547,8 @@ dependencies = [
 "bstr",
 "criterion",
 "data-encoding",
+ "ed25519",
+ "ed25519-dalek",
 "futures",
 "futures-util",
 "glob",
@ -1657,8 +1739,8 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "4359fd9c9171ec6e8c62926d6faaf553a8dc3f64e1507e76da7911b4f6a04405"
 dependencies = [
 "proc-macro2 1.0.67",
- "quote 1.0.26",
- "syn 2.0.16",
+ "quote 1.0.33",
+ "syn 2.0.39",
 ]

 [[package]]
@ -1673,12 +1755,28 @@ version = "0.1.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "8b870d8c151b6f2fb93e84a13146138f05d02ed11c7e7c54f8826aaaf7c9f184"

+[[package]]
+name = "pkcs8"
+version = "0.10.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "f950b2377845cebe5cf8b5165cb3cc1a5e0fa5cfa3e1f7f55707d8fd82e0a7b7"
+dependencies = [
+ "der",
+ "spki",
+]
+
 [[package]]
 name = "pkg-config"
 version = "0.3.27"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "26072860ba924cbfa98ea39c8c19b4dd6a4a25423dbdf219c1eca91aa0cf6964"

+[[package]]
+name = "platforms"
+version = "3.2.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "14e6ab3f592e6fb464fc9712d8d6e6912de6473954635fd76a589d832cffcbb0"
+
 [[package]]
 name = "plotters"
 version = "0.3.4"
@ -1730,7 +1828,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "9825a04601d60621feed79c4e6b56d65db77cdca55cef43b46b0de1096d1c282"
 dependencies = [
 "proc-macro2 1.0.67",
- "syn 2.0.16",
+ "syn 2.0.39",
 ]

 [[package]]
@ -1741,7 +1839,7 @@ checksum = "da25490ff9892aab3fcf7c36f08cfb902dd3e71ca0f9f9517bea02a73a5ce38c"
 dependencies = [
 "proc-macro-error-attr",
 "proc-macro2 1.0.67",
- "quote 1.0.26",
+ "quote 1.0.33",
 "syn 1.0.109",
 "version_check",
 ]
@ -1753,7 +1851,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "a1be40180e52ecc98ad80b184934baf3d0d29f979574e439af5a55274b35f869"
 dependencies = [
 "proc-macro2 1.0.67",
- "quote 1.0.26",
+ "quote 1.0.33",
 "version_check",
 ]

@ -1822,7 +1920,7 @@ dependencies = [
 "prost",
 "prost-types",
 "regex",
- "syn 2.0.16",
+ "syn 2.0.39",
 "tempfile",
 "which",
 ]
@ -1836,8 +1934,8 @@ dependencies = [
 "anyhow",
 "itertools",
 "proc-macro2 1.0.67",
- "quote 1.0.26",
- "syn 2.0.16",
+ "quote 1.0.33",
+ "syn 2.0.39",
 ]

 [[package]]
@ -1866,9 +1964,9 @@ dependencies = [

 [[package]]
 name = "quote"
-version = "1.0.26"
+version = "1.0.33"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "4424af4bf778aae2051a77b60283332f386554255d722233d09fbfc7e30da2fc"
+checksum = "5267fca4496028628a95160fc423a33e8b2e6af8a5302579e322e4b520293cae"
 dependencies = [
 "proc-macro2 1.0.67",
 ]
@ -2096,6 +2194,15 @@ version = "1.1.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "08d43f7aa6b08d49f382cde6a7982047c3426db949b1424bc4b7ec9ae12c6ce2"

+[[package]]
+name = "rustc_version"
+version = "0.4.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "bfa0f585226d2e68097d4f95d113b15b83a82e819ab25717ec0590d9584ef366"
+dependencies = [
+ "semver",
+]
+
 [[package]]
 name = "rustix"
 version = "0.37.19"
@ -2257,6 +2364,12 @@ dependencies = [
 "libc",
 ]

+[[package]]
+name = "semver"
+version = "1.0.20"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "836fa6a3e1e547f9a2c4040802ec865b5d85f4014efe00555d7090a3dcaa1090"
+
 [[package]]
 name = "serde"
 version = "1.0.162"
@ -2273,8 +2386,8 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "a2a0814352fd64b58489904a44ea8d90cb1a91dcb6b4f5ebabc32c8318e93cb6"
 dependencies = [
 "proc-macro2 1.0.67",
- "quote 1.0.26",
- "syn 2.0.16",
+ "quote 1.0.33",
+ "syn 2.0.39",
 ]

 [[package]]
@ -2338,6 +2451,15 @@ dependencies = [
 "libc",
 ]

+[[package]]
+name = "signature"
+version = "2.2.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "77549399552de45a898a580c1b41d445bf730df867cc44e6c0233bbc4b8329de"
+dependencies = [
+ "rand_core",
+]
+
 [[package]]
 name = "slab"
 version = "0.4.8"
@ -2405,6 +2527,16 @@ version = "0.5.2"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "6e63cff320ae2c57904679ba7cb63280a3dc4613885beafb148ee7bf9aa9042d"

+[[package]]
+name = "spki"
+version = "0.7.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "9d1e996ef02c474957d681f1b05213dfb0abab947b446a62d37770b23500184a"
+dependencies = [
+ "base64ct",
+ "der",
+]
+
 [[package]]
 name = "static_assertions"
 version = "1.1.0"
@ -2430,7 +2562,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "104842d6278bf64aa9d2f182ba4bde31e8aec7a131d29b7f444bb9b344a09e2a"
 dependencies = [
 "proc-macro2 1.0.67",
- "quote 1.0.26",
+ "quote 1.0.33",
 "structmeta-derive",
 "syn 1.0.109",
 ]
@ -2442,7 +2574,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "24420be405b590e2d746d83b01f09af673270cf80e9b003a5fa7b651c58c7d93"
 dependencies = [
 "proc-macro2 1.0.67",
- "quote 1.0.26",
+ "quote 1.0.33",
 "syn 1.0.109",
 ]

@ -2470,18 +2602,18 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "72b64191b275b66ffe2469e8af2c1cfe3bafa67b529ead792a6d0160888b4237"
 dependencies = [
 "proc-macro2 1.0.67",
- "quote 1.0.26",
+ "quote 1.0.33",
 "unicode-ident",
 ]

 [[package]]
 name = "syn"
-version = "2.0.16"
+version = "2.0.39"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "a6f671d4b5ffdb8eadec19c0ae67fe2639df8684bd7bc4b83d986b8db549cf01"
+checksum = "23e78b90f2fcf45d3e842032ce32e3f2d1545ba6636271dcbf24fa306d87be7a"
 dependencies = [
 "proc-macro2 1.0.67",
- "quote 1.0.26",
+ "quote 1.0.33",
 "unicode-ident",
 ]

@ -2561,7 +2693,7 @@ dependencies = [
 "cfg-if",
 "proc-macro-error",
 "proc-macro2 1.0.67",
- "quote 1.0.26",
+ "quote 1.0.33",
 "syn 1.0.109",
 ]

@ -2583,7 +2715,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "62d6408d1406657be2f9d1701fbae379331d30d2f6e92050710edb0d34eeb480"
 dependencies = [
 "proc-macro2 1.0.67",
- "quote 1.0.26",
+ "quote 1.0.33",
 "structmeta",
 "syn 1.0.109",
 ]
@ -2616,8 +2748,8 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "f9456a42c5b0d803c8cd86e73dd7cc9edd429499f37a3550d286d5e86720569f"
 dependencies = [
 "proc-macro2 1.0.67",
- "quote 1.0.26",
- "syn 2.0.16",
+ "quote 1.0.33",
+ "syn 2.0.39",
 ]

 [[package]]
@ -2707,8 +2839,8 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "630bdcf245f78637c13ec01ffae6187cca34625e8c63150d424b59e55af2675e"
 dependencies = [
 "proc-macro2 1.0.67",
- "quote 1.0.26",
- "syn 2.0.16",
+ "quote 1.0.33",
+ "syn 2.0.39",
 ]

 [[package]]
@ -2832,8 +2964,8 @@ dependencies = [
 "prettyplease",
 "proc-macro2 1.0.67",
 "prost-build",
- "quote 1.0.26",
- "syn 2.0.16",
+ "quote 1.0.33",
+ "syn 2.0.39",
 ]

 [[package]]
@ -2901,8 +3033,8 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "0f57e3ca2a01450b1a921183a9c9cbfda207fd822cef4ccb00a65402cbba7a74"
 dependencies = [
 "proc-macro2 1.0.67",
- "quote 1.0.26",
- "syn 2.0.16",
+ "quote 1.0.33",
+ "syn 2.0.39",
 ]

 [[package]]
@ -3048,7 +3180,7 @@ name = "tvix-eval-builtin-macros"
 version = "0.0.1"
 dependencies = [
 "proc-macro2 1.0.67",
- "quote 1.0.26",
+ "quote 1.0.33",
 "syn 1.0.109",
 "tvix-eval",
 ]
@ -3340,7 +3472,7 @@ dependencies = [
 "log",
 "once_cell",
 "proc-macro2 1.0.67",
- "quote 1.0.26",
+ "quote 1.0.33",
 "syn 1.0.109",
 "wasm-bindgen-shared",
 ]
@ -3363,7 +3495,7 @@ version = "0.2.84"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "4c21f77c0bedc37fd5dc21f897894a5ca01e7bb159884559461862ae90c0b4c5"
 dependencies = [
- "quote 1.0.26",
+ "quote 1.0.33",
 "wasm-bindgen-macro-support",
 ]

@ -3374,7 +3506,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "2aff81306fcac3c7515ad4e177f521b5c9a15f2b08f4e32d823066102f35a5f6"
 dependencies = [
 "proc-macro2 1.0.67",
- "quote 1.0.26",
+ "quote 1.0.33",
 "syn 1.0.109",
 "wasm-bindgen-backend",
 "wasm-bindgen-shared",
@ -3625,6 +3757,12 @@ version = "0.5.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "09041cd90cf85f7f8b2df60c646f853b7f535ce68f85244eb6731cf89fa498ec"

+[[package]]
+name = "zeroize"
+version = "1.7.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "525b4ec142c6b68a2d10f01f7bbf6755599ca3f81ea53b8431b7dd348f5fdb2d"
+
 [[package]]
 name = "zstd"
 version = "0.9.2+zstd.1.5.1"