Skip to content
Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: NixOS/nix
Failed to load repositories. Confirm that selected base ref is valid, then try again.
Loading
base: 1fd59447d56a
Choose a base ref
...
head repository: NixOS/nix
Failed to load repositories. Confirm that selected head ref is valid, then try again.
Loading
compare: 62d476c7ee5d
Choose a head ref
  • 5 commits
  • 5 files changed
  • 1 contributor

Commits on May 11, 2017

  1. LocalStore::addToStore(): Check info.narSize 

    It allowed the client to specify bogus narSize values. In particular,
Downloader::downloadCached wasn't setting narSize at all.
    @edolstra
    edolstra committed May 11, 2017
    Copy the full SHA
    45d7b1a View commit details

  2. Change the meaning of info.ultimate 

    It now means "paths that were built locally". It no longer includes
paths that were added locally. For those we don't need info.ultimate,
since we have the content-addressability assertion (info.ca).
    @edolstra
    edolstra committed May 11, 2017
    Copy the full SHA
    6f245bf View commit details

  3. Don't allow untrusted users to set info.ultimate 

    Note that a trusted signature was still required in this case so it
was not a huge deal.
    @edolstra
    edolstra committed May 11, 2017
    Copy the full SHA
    1a8e150 View commit details

  4. Tweak error message

    @edolstra
    edolstra committed May 11, 2017
    Copy the full SHA
    ea65ae0 View commit details

  5. Fix typo

    @edolstra
    edolstra committed May 11, 2017
    Copy the full SHA
    62d476c View commit details
Showing with 13 additions and 9 deletions.
  1. +2 −1 src/libstore/download.cc
  2. +6 −4 src/libstore/local-store.cc
  3. +1 −1 src/libstore/store-api.cc
  4. +2 −3 src/libstore/store-api.hh
  5. +2 −0 src/nix-daemon/nix-daemon.cc
3 changes: 2 additions & 1 deletion src/libstore/download.cc
View file
Original file line number Diff line number Diff line change
@@ -652,6 +652,7 @@ Path Downloader::downloadCached(ref<Store> store, const string & url_, bool unpa
Hash hash = hashString(expectedHash ? expectedHash.type : htSHA256, *res.data);
info.path = store->makeFixedOutputPath(false, hash, name);
info.narHash = hashString(htSHA256, *sink.s);
info.narSize = sink.s->size();
info.ca = makeFixedOutputCA(false, hash);
store->addToStore(info, sink.s, false, true);
storePath = info.path;
@@ -689,7 +690,7 @@ Path Downloader::downloadCached(ref<Store> store, const string & url_, bool unpa
}

if (expectedStorePath != "" && storePath != expectedStorePath)
throw nix::Error(format("hash mismatch in file downloaded from ‘%s’") % url);
throw nix::Error("store path mismatch in file downloaded from ‘%s’", url);

return storePath;
}
10 changes: 6 additions & 4 deletions src/libstore/local-store.cc
View file
Original file line number Diff line number Diff line change
@@ -919,8 +919,12 @@ void LocalStore::addToStore(const ValidPathInfo & info, const ref<std::string> &

Hash h = hashString(htSHA256, *nar);
if (h != info.narHash)
throw Error(format("hash mismatch importing path ‘%s’; expected hash ‘%s’, got ‘%s’") %
info.path % info.narHash.to_string() % h.to_string());
throw Error("hash mismatch importing path ‘%s’; expected hash ‘%s’, got ‘%s’",
info.path, info.narHash.to_string(), h.to_string());

if (nar->size() != info.narSize)
throw Error("szie mismatch importing path ‘%s’; expected %s, got %s",
info.path, info.narSize, nar->size());

if (requireSigs && !dontCheckSigs && !info.checkSignatures(*this, publicKeys))
throw Error("cannot add path ‘%s’ because it lacks a valid signature", info.path);
@@ -1006,7 +1010,6 @@ Path LocalStore::addToStoreFromDump(const string & dump, const string & name,
info.path = dstPath;
info.narHash = hash.first;
info.narSize = hash.second;
info.ultimate = true;
info.ca = makeFixedOutputCA(recursive, h);
registerValidPath(info);
}
@@ -1069,7 +1072,6 @@ Path LocalStore::addTextToStore(const string & name, const string & s,
info.narHash = narHash;
info.narSize = sink.s->size();
info.references = references;
info.ultimate = true;
info.ca = "text:" + hash.to_string();
registerValidPath(info);
}
2 changes: 1 addition & 1 deletion src/libstore/store-api.cc
View file
Original file line number Diff line number Diff line change
@@ -167,7 +167,7 @@ void checkStoreName(const string & name)
collisions (for security). For instance, it shouldn't be feasible
to come up with a derivation whose output path collides with the
path for a copied source. The former would have a <s> starting with
"output:out:", while the latter would have a <2> starting with
"output:out:", while the latter would have a <s> starting with
"source:".
*/

5 changes: 2 additions & 3 deletions src/libstore/store-api.hh
View file
Original file line number Diff line number Diff line change
@@ -113,9 +113,8 @@ struct ValidPathInfo
uint64_t narSize = 0; // 0 = unknown
uint64_t id; // internal use only

/* Whether the path is ultimately trusted, that is, it was built
locally or is content-addressable (e.g. added via addToStore()
or the result of a fixed-output derivation). */
/* Whether the path is ultimately trusted, that is, it's a
derivation output that was built locally. */
bool ultimate = false;

StringSet sigs; // note: not necessarily verified
2 changes: 2 additions & 0 deletions src/nix-daemon/nix-daemon.cc
View file
Original file line number Diff line number Diff line change
@@ -621,6 +621,8 @@ static void performOp(ref<LocalStore> store, bool trusted, unsigned int clientVe
from >> info.ca >> repair >> dontCheckSigs;
if (!trusted && dontCheckSigs)
dontCheckSigs = false;
if (!trusted)
info.ultimate = false;

TeeSink tee(from);
parseDump(tee, tee.source);