Add "nix copy-sigs" command

This imports signatures from one store into another. E.g. $ nix copy-sigs -r /run/current-system -s https://cache.nixos.org/ imported 595 signatures
2016-04-05 15:30:22 +02:00 · 2016-04-05 15:30:22 +02:00 · d0f5719c2a
commit d0f5719c2a
parent 80da7a6375
9 changed files with 185 additions and 3 deletions
--- a/src/libstore/binary-cache-store.hh
+++ b/src/libstore/binary-cache-store.hh
@ -170,6 +170,9 @@ public:

    ref<FSAccessor> getFSAccessor() override;

+    void addSignatures(const Path & storePath, const StringSet & sigs)
+    { notImpl(); }
+
 };

 }
--- a/src/libstore/local-store.cc
+++ b/src/libstore/local-store.cc
@ -312,7 +312,7 @@ void LocalStore::openDB(bool create)
    stmtRegisterValidPath.create(db,
        "insert into ValidPaths (path, hash, registrationTime, deriver, narSize, ultimate) values (?, ?, ?, ?, ?, ?);");
    stmtUpdatePathInfo.create(db,
-        "update ValidPaths set narSize = ?, hash = ?, ultimate = ? where path = ?;");
+        "update ValidPaths set narSize = ?, hash = ?, ultimate = ?, sigs = ? where path = ?;");
    stmtAddReference.create(db,
        "insert or replace into Refs (referrer, reference) values (?, ?);");
    stmtQueryPathInfo.create(db,
@ -683,14 +683,14 @@ ValidPathInfo LocalStore::queryPathInfo(const Path & path)
 }


-/* Update path info in the database.  Currently only updates the
-   narSize field. */
+/* Update path info in the database. */
 void LocalStore::updatePathInfo(const ValidPathInfo & info)
 {
    stmtUpdatePathInfo.use()
        (info.narSize, info.narSize != 0)
        ("sha256:" + printHash(info.narHash))
        (info.ultimate ? 1 : 0, info.ultimate)
+        (concatStringsSep(" ", info.sigs), !info.sigs.empty())
        (info.path)
        .exec();
 }
@ -1694,4 +1694,20 @@ void LocalStore::vacuumDB()
 }


+void LocalStore::addSignatures(const Path & storePath, const StringSet & sigs)
+{
+    retrySQLite<void>([&]() {
+        SQLiteTxn txn(db);
+
+        auto info = queryPathInfo(storePath);
+
+        info.sigs.insert(sigs.begin(), sigs.end());
+
+        updatePathInfo(info);
+
+        txn.commit();
+    });
+}
+
+
 }
--- a/src/libstore/local-store.hh
+++ b/src/libstore/local-store.hh
@ -182,6 +182,8 @@ public:

    void setSubstituterEnv();

+    void addSignatures(const Path & storePath, const StringSet & sigs) override;
+
 private:

    Path schemaPath;
--- a/src/libstore/remote-store.cc
+++ b/src/libstore/remote-store.cc
@ -554,6 +554,15 @@ bool RemoteStore::verifyStore(bool checkContents, bool repair)
 }


+void RemoteStore::addSignatures(const Path & storePath, const StringSet & sigs)
+{
+    auto conn(connections->get());
+    conn->to << wopAddSignatures << storePath << sigs;
+    conn->processStderr();
+    readInt(conn->from);
+}
+
+
 RemoteStore::Connection::~Connection()
 {
    try {
--- a/src/libstore/remote-store.hh
+++ b/src/libstore/remote-store.hh
@ -93,6 +93,8 @@ public:

    bool verifyStore(bool checkContents, bool repair) override;

+    void addSignatures(const Path & storePath, const StringSet & sigs) override;
+
 private:

    struct Connection
--- a/src/libstore/store-api.hh
+++ b/src/libstore/store-api.hh
@ -346,6 +346,10 @@ public:
    /* Return an object to access files in the Nix store. */
    virtual ref<FSAccessor> getFSAccessor() = 0;

+    /* Add signatures to the specified store path. The signatures are
+       not verified. */
+    virtual void addSignatures(const Path & storePath, const StringSet & sigs) = 0;
+
    /* Utility functions. */

    /* Read a derivation, after ensuring its existence through
--- a/src/libstore/worker-protocol.hh
+++ b/src/libstore/worker-protocol.hh
@ -45,6 +45,7 @@ typedef enum {
    wopOptimiseStore = 34,
    wopVerifyStore = 35,
    wopBuildDerivation = 36,
+    wopAddSignatures = 37,
 } WorkerOp;