Add C++ functions for .narinfo processing / signing

This is currently only used by the Hydra queue runner rework, but like eff5021eaa it presumably will be useful for the C++ rewrite of nix-push and download-from-binary-cache. (@shlevy)
2016-02-16 16:38:44 +01:00 · 2016-02-16 16:38:44 +01:00 · c4d22997f3
commit c4d22997f3
parent 5ac27053e9
7 changed files with 304 additions and 17 deletions
--- a/src/libstore/nar-info.hh
+++ b/src/libstore/nar-info.hh
@ -0,0 +1,43 @@
+#pragma once
+
+#include "types.hh"
+#include "hash.hh"
+#include "store-api.hh"
+
+namespace nix {
+
+struct NarInfo : ValidPathInfo
+{
+    std::string url;
+    std::string compression;
+    Hash fileHash;
+    uint64_t fileSize = 0;
+    std::string system;
+    std::string sig; // FIXME: support multiple signatures
+
+    NarInfo() { }
+    NarInfo(const ValidPathInfo & info) : ValidPathInfo(info) { }
+    NarInfo(const std::string & s, const std::string & whence);
+
+    std::string to_string() const;
+
+    /*  Return a fingerprint of the store path to be used in binary
+        cache signatures. It contains the store path, the base-32
+        SHA-256 hash of the NAR serialisation of the path, the size of
+        the NAR, and the sorted references. The size field is strictly
+        speaking superfluous, but might prevent endless/excessive data
+        attacks. */
+    std::string fingerprint() const;
+
+    void sign(const SecretKey & secretKey);
+
+    /* Return true iff this .narinfo is signed by one of the specified
+       keys. */
+    bool checkSignature(const PublicKeys & publicKeys) const;
+
+private:
+
+    Strings shortRefs() const;
+};
+
+}