diff options
author | Eelco Dolstra <e.dolstra@tudelft.nl> | 2007-02-21 14:31:42 +0000 |
---|---|---|
committer | Eelco Dolstra <e.dolstra@tudelft.nl> | 2007-02-21 14:31:42 +0000 |
commit | 46e0919ced4646004cc0701b188d0a68e24e8924 (patch) | |
tree | 3262f8068c38489029753c528a123b2c685aea68 /src/libstore | |
parent | 6c9fdb17fbda181fc09a9ce1f49662ef522d006b (diff) |
* `nix-store --export --sign': sign the Nix archive using the RSA key
in /nix/etc/nix/signing-key.sec
Diffstat (limited to 'src/libstore')
-rw-r--r-- | src/libstore/build.cc | 3 | ||||
-rw-r--r-- | src/libstore/local-store.cc | 62 |
2 files changed, 59 insertions, 6 deletions
diff --git a/src/libstore/build.cc b/src/libstore/build.cc index 1789eeda2..bee046655 100644 --- a/src/libstore/build.cc +++ b/src/libstore/build.cc @@ -477,8 +477,7 @@ static void runSetuidHelper(const string & command, case 0: /* child */ try { - std::vector<const char *> args; /* careful with c_str()! - */ + std::vector<const char *> args; /* careful with c_str()! */ args.push_back(program.c_str()); args.push_back(command.c_str()); args.push_back(arg.c_str()); diff --git a/src/libstore/local-store.cc b/src/libstore/local-store.cc index dcb430a0f..991f28e8d 100644 --- a/src/libstore/local-store.cc +++ b/src/libstore/local-store.cc @@ -696,21 +696,75 @@ Path LocalStore::addTextToStore(const string & suffix, const string & s, } +struct HashAndWriteSink : Sink +{ + Sink & writeSink; + HashSink hashSink; + bool hashing; + HashAndWriteSink(Sink & writeSink) : writeSink(writeSink), hashSink(htSHA256) + { + hashing = true; + } + virtual void operator () + (const unsigned char * data, unsigned int len) + { + writeSink(data, len); + if (hashing) hashSink(data, len); + } +}; + + +#define EXPORT_MAGIC 0x4558494e + + void LocalStore::exportPath(const Path & path, bool sign, Sink & sink) { assertStorePath(path); + + HashAndWriteSink hashAndWriteSink(sink); - dumpPath(path, sink); + dumpPath(path, hashAndWriteSink); - writeString(path, sink); + writeInt(EXPORT_MAGIC, hashAndWriteSink); + + writeString(path, hashAndWriteSink); PathSet references; queryReferences(path, references); - writeStringSet(references, sink); + writeStringSet(references, hashAndWriteSink); Path deriver = queryDeriver(noTxn, path); - writeString(deriver, sink); + writeString(deriver, hashAndWriteSink); + + if (sign) { + Hash hash = hashAndWriteSink.hashSink.finish(); + hashAndWriteSink.hashing = false; + + writeInt(1, hashAndWriteSink); + + //printMsg(lvlError, format("HASH = %1%") % printHash(hash)); + + Path tmpDir = createTempDir(); + AutoDelete delTmp(tmpDir); + Path hashFile = tmpDir + "/hash"; + writeStringToFile(hashFile, printHash(hash)); + + Strings args; + args.push_back("rsautl"); + args.push_back("-sign"); + args.push_back("-inkey"); + args.push_back(nixConfDir + "/signing-key.sec"); + args.push_back("-in"); + args.push_back(hashFile); + string signature = runProgram("openssl", true, args); + + //printMsg(lvlError, format("SIGNATURE = %1%") % signature); + + writeString(signature, hashAndWriteSink); + + } else + writeInt(0, hashAndWriteSink); } |