* `nix-store --import' now also works in remote mode. The worker

always requires a signature on the archive. This is to ensure that unprivileged users cannot add Trojan horses to the Nix store.
2007-02-21 17:34:02 +00:00 · 2007-02-21 17:34:02 +00:00 · bdadb98de8
commit bdadb98de8
parent 0f5da8a83c
4 changed files with 62 additions and 9 deletions
--- a/src/nix-worker/nix-worker.cc
+++ b/src/nix-worker/nix-worker.cc
@ -187,12 +187,37 @@ struct TunnelSink : Sink
    virtual void operator ()
        (const unsigned char * data, unsigned int len)
    {
-        writeInt(STDERR_DATA, to);
+        writeInt(STDERR_WRITE, to);
        writeString(string((const char *) data, len), to);
    }
 };


+struct TunnelSource : Source
+{
+    Source & from;
+    TunnelSource(Source & from) : from(from)
+    {
+    }
+    virtual void operator ()
+        (unsigned char * data, unsigned int len)
+    {
+        /* Careful: we're going to receive data from the client now,
+           so we have to disable the SIGPOLL handler. */
+        setSigPollAction(false);
+        canSendStderr = false;
+        
+        writeInt(STDERR_READ, to);
+        writeInt(len, to);
+        string s = readString(from);
+        if (s.size() != len) throw Error("not enough data");
+        memcpy(data, (const unsigned char *) s.c_str(), len);
+
+        startWork();
+    }
+};
+
+
 static void performOp(Source & from, Sink & to, unsigned int op)
 {
    switch (op) {
@ -289,6 +314,15 @@ static void performOp(Source & from, Sink & to, unsigned int op)
        break;
    }

+    case wopImportPath: {
+        startWork();
+        TunnelSource source(from);
+        Path path = store->importPath(true, source);
+        stopWork();
+        writeString(path, to);
+        break;
+    }
+
    case wopBuildDerivations: {
        PathSet drvs = readStorePaths(from);
        startWork();