Mark content-addressed paths in the Nix database and in .narinfo

This allows such paths to be imported without signatures.
2016-08-03 13:17:11 +02:00 · 2016-08-03 13:17:11 +02:00 · d961c29c9c
commit d961c29c9c
parent 36a51ecab3
11 changed files with 146 additions and 43 deletions
--- a/src/libstore/store-api.hh
+++ b/src/libstore/store-api.hh
@ -16,6 +16,13 @@
 namespace nix {


+struct BasicDerivation;
+struct Derivation;
+class FSAccessor;
+class NarInfoDiskCache;
+class Store;
+
+
 /* Size of the hash part of store paths, in base-32 characters. */
 const size_t storePathHashLen = 32; // i.e. 160 bits

@ -109,6 +116,34 @@ struct ValidPathInfo

    StringSet sigs; // note: not necessarily verified

+    /* If non-empty, an assertion that the path is content-addressed,
+       i.e., that the store path is computed from a cryptographic hash
+       of the contents of the path, plus some other bits of data like
+       the "name" part of the path. Such a path doesn't need
+       signatures, since we don't have to trust anybody's claim that
+       the path is the output of a particular derivation. (In the
+       extensional store model, we have to trust that the *contents*
+       of an output path of a derivation were actually produced by
+       that derivation. In the intensional model, we have to trust
+       that a particular output path was produced by a derivation; the
+       path name then implies the contents.)
+
+       Ideally, the content-addressability assertion would just be a
+       Boolean, and the store path would be computed from
+       ‘storePathToName(path)’, ‘narHash’ and ‘references’. However,
+       1) we've accumulated several types of content-addressed paths
+       over the years; and 2) fixed-output derivations support
+       multiple hash algorithms and serialisation methods (flat file
+       vs NAR). Thus, ‘ca’ has one of the following forms:
+
+       * ‘text:sha256:<sha256 hash of file contents>’: For paths
+         computed by makeTextPath() / addTextToStore().
+
+       * ‘fixed:<r?>:<ht>:<h>’: For paths computed by
+         makeFixedOutputPath() / addToStore().
+    */
+    std::string ca;
+
    bool operator == (const ValidPathInfo & i) const
    {
        return
@ -117,19 +152,25 @@ struct ValidPathInfo
            && references == i.references;
    }

-    /*  Return a fingerprint of the store path to be used in binary
-        cache signatures. It contains the store path, the base-32
-        SHA-256 hash of the NAR serialisation of the path, the size of
-        the NAR, and the sorted references. The size field is strictly
-        speaking superfluous, but might prevent endless/excessive data
-        attacks. */
+    /* Return a fingerprint of the store path to be used in binary
+       cache signatures. It contains the store path, the base-32
+       SHA-256 hash of the NAR serialisation of the path, the size of
+       the NAR, and the sorted references. The size field is strictly
+       speaking superfluous, but might prevent endless/excessive data
+       attacks. */
    std::string fingerprint() const;

    void sign(const SecretKey & secretKey);

+    /* Return true iff the path is verifiably content-addressed. */
+    bool isContentAddressed(const Store & store) const;
+
+    static const size_t maxSigs = std::numeric_limits<size_t>::max();
+
    /* Return the number of signatures on this .narinfo that were
-       produced by one of the specified keys. */
-    unsigned int checkSignatures(const PublicKeys & publicKeys) const;
+       produced by one of the specified keys, or maxSigs if the path
+       is content-addressed. */
+    size_t checkSignatures(const Store & store, const PublicKeys & publicKeys) const;

    /* Verify a single signature. */
    bool checkSignature(const PublicKeys & publicKeys, const std::string & sig) const;
@ -169,12 +210,6 @@ struct BuildResult
 };


-struct BasicDerivation;
-struct Derivation;
-class FSAccessor;
-class NarInfoDiskCache;
-
-
 class Store : public std::enable_shared_from_this<Store>
 {
 public:
@ -234,10 +269,12 @@ public:
    Path makeFixedOutputPath(bool recursive,
        const Hash & hash, const string & name) const;

-    /* This is the preparatory part of addToStore() and
-       addToStoreFixed(); it computes the store path to which srcPath
-       is to be copied.  Returns the store path and the cryptographic
-       hash of the contents of srcPath. */
+    Path makeTextPath(const string & name, const Hash & hash,
+        const PathSet & references) const;
+
+    /* This is the preparatory part of addToStore(); it computes the
+       store path to which srcPath is to be copied.  Returns the store
+       path and the cryptographic hash of the contents of srcPath. */
    std::pair<Path, Hash> computeStorePathForPath(const Path & srcPath,
        bool recursive = true, HashType hashAlgo = htSHA256,
        PathFilter & filter = defaultPathFilter) const;