aboutsummaryrefslogtreecommitdiff
path: root/src/libstore
diff options
context:
space:
mode:
authorEelco Dolstra <e.dolstra@tudelft.nl>2007-02-21 14:31:42 +0000
committerEelco Dolstra <e.dolstra@tudelft.nl>2007-02-21 14:31:42 +0000
commit46e0919ced4646004cc0701b188d0a68e24e8924 (patch)
tree3262f8068c38489029753c528a123b2c685aea68 /src/libstore
parent6c9fdb17fbda181fc09a9ce1f49662ef522d006b (diff)
* `nix-store --export --sign': sign the Nix archive using the RSA key
in /nix/etc/nix/signing-key.sec
Diffstat (limited to 'src/libstore')
-rw-r--r--src/libstore/build.cc3
-rw-r--r--src/libstore/local-store.cc62
2 files changed, 59 insertions, 6 deletions
diff --git a/src/libstore/build.cc b/src/libstore/build.cc
index 1789eeda2..bee046655 100644
--- a/src/libstore/build.cc
+++ b/src/libstore/build.cc
@@ -477,8 +477,7 @@ static void runSetuidHelper(const string & command,
case 0: /* child */
try {
- std::vector<const char *> args; /* careful with c_str()!
- */
+ std::vector<const char *> args; /* careful with c_str()! */
args.push_back(program.c_str());
args.push_back(command.c_str());
args.push_back(arg.c_str());
diff --git a/src/libstore/local-store.cc b/src/libstore/local-store.cc
index dcb430a0f..991f28e8d 100644
--- a/src/libstore/local-store.cc
+++ b/src/libstore/local-store.cc
@@ -696,21 +696,75 @@ Path LocalStore::addTextToStore(const string & suffix, const string & s,
}
+struct HashAndWriteSink : Sink
+{
+ Sink & writeSink;
+ HashSink hashSink;
+ bool hashing;
+ HashAndWriteSink(Sink & writeSink) : writeSink(writeSink), hashSink(htSHA256)
+ {
+ hashing = true;
+ }
+ virtual void operator ()
+ (const unsigned char * data, unsigned int len)
+ {
+ writeSink(data, len);
+ if (hashing) hashSink(data, len);
+ }
+};
+
+
+#define EXPORT_MAGIC 0x4558494e
+
+
void LocalStore::exportPath(const Path & path, bool sign,
Sink & sink)
{
assertStorePath(path);
+
+ HashAndWriteSink hashAndWriteSink(sink);
- dumpPath(path, sink);
+ dumpPath(path, hashAndWriteSink);
- writeString(path, sink);
+ writeInt(EXPORT_MAGIC, hashAndWriteSink);
+
+ writeString(path, hashAndWriteSink);
PathSet references;
queryReferences(path, references);
- writeStringSet(references, sink);
+ writeStringSet(references, hashAndWriteSink);
Path deriver = queryDeriver(noTxn, path);
- writeString(deriver, sink);
+ writeString(deriver, hashAndWriteSink);
+
+ if (sign) {
+ Hash hash = hashAndWriteSink.hashSink.finish();
+ hashAndWriteSink.hashing = false;
+
+ writeInt(1, hashAndWriteSink);
+
+ //printMsg(lvlError, format("HASH = %1%") % printHash(hash));
+
+ Path tmpDir = createTempDir();
+ AutoDelete delTmp(tmpDir);
+ Path hashFile = tmpDir + "/hash";
+ writeStringToFile(hashFile, printHash(hash));
+
+ Strings args;
+ args.push_back("rsautl");
+ args.push_back("-sign");
+ args.push_back("-inkey");
+ args.push_back(nixConfDir + "/signing-key.sec");
+ args.push_back("-in");
+ args.push_back(hashFile);
+ string signature = runProgram("openssl", true, args);
+
+ //printMsg(lvlError, format("SIGNATURE = %1%") % signature);
+
+ writeString(signature, hashAndWriteSink);
+
+ } else
+ writeInt(0, hashAndWriteSink);
}