Let build.cc verify the expected hash of a substituter's output

Since SubstitutionGoal::finished() in build.cc computes the hash anyway, we can prevent the inefficiency of computing the hash twice by letting the substituter tell Nix about the expected hash, which can then verify it.
author: Eelco Dolstra <eelco.dolstra@logicblox.com> 2012-07-27 12:16:02 -0400
committer: Eelco Dolstra <eelco.dolstra@logicblox.com> 2012-07-27 12:16:02 -0400
commit: 73acb8b836affe5dfade9dd6e3339ad2f9191add (patch)
tree: 756e59c48da948362ba4371f4fe2b5bbdb1c35fe /scripts/download-from-binary-cache.pl.in
parent: fbf59d95f66012349fdcd2b60f34b9efb32e6319 (diff)
1 files changed, 4 insertions, 7 deletions
diff --git a/scripts/download-from-binary-cache.pl.in b/scripts/download-from-binary-cache.pl.in
index 9e1c774a5..823ecd9d9 100644
--- a/scripts/download-from-binary-cache.pl.in
+++ b/scripts/download-from-binary-cache.pl.in
@@ -432,13 +432,10 @@ sub downloadBinary {
             die "download of `$info->{url}' failed" . ($! ? ": $!" : "") . "\n" unless $? == 0;
             next;
         }
-        # The hash in the manifest can be either in base-16 or
-        # base-32.  Handle both.
-        $info->{narHash} =~ /^sha256:(.*)$/ or die "invalid hash";
-        my $hash = $1;
-        my $hash2 = hashPath("sha256", 1, $storePath);
-        die "hash mismatch in downloaded path ‘$storePath’; expected $hash, got $hash2\n"
-            if $hash ne $hash2;
+
+        # Tell Nix about the expected hash so it can verify it.
+        print "$info->{narHash}\n";
+
         print STDERR "\n";
         return 1;
     }
author	Eelco Dolstra <eelco.dolstra@logicblox.com>	2012-07-27 12:16:02 -0400
committer	Eelco Dolstra <eelco.dolstra@logicblox.com>	2012-07-27 12:16:02 -0400
commit	73acb8b836affe5dfade9dd6e3339ad2f9191add (patch)
tree	756e59c48da948362ba4371f4fe2b5bbdb1c35fe /scripts/download-from-binary-cache.pl.in
parent	fbf59d95f66012349fdcd2b60f34b9efb32e6319 (diff)