aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--src/libstore/binary-cache-store.cc9
-rw-r--r--src/libstore/binary-cache-store.hh3
-rw-r--r--src/libstore/crypto.cc11
-rw-r--r--src/libstore/crypto.hh12
-rw-r--r--src/libstore/http-binary-cache-store.cc7
-rw-r--r--src/libstore/local-binary-cache-store.cc19
-rw-r--r--src/libstore/store-api.hh3
7 files changed, 39 insertions, 25 deletions
diff --git a/src/libstore/binary-cache-store.cc b/src/libstore/binary-cache-store.cc
index 01d937f2e..5ded16d02 100644
--- a/src/libstore/binary-cache-store.cc
+++ b/src/libstore/binary-cache-store.cc
@@ -14,16 +14,13 @@
namespace nix {
BinaryCacheStore::BinaryCacheStore(std::shared_ptr<Store> localStore,
- const Path & secretKeyFile, const Path & publicKeyFile)
+ const Path & secretKeyFile)
: localStore(localStore)
{
- if (secretKeyFile != "")
+ if (secretKeyFile != "") {
secretKey = std::unique_ptr<SecretKey>(new SecretKey(readFile(secretKeyFile)));
-
- if (publicKeyFile != "") {
publicKeys = std::unique_ptr<PublicKeys>(new PublicKeys);
- auto key = PublicKey(readFile(publicKeyFile));
- publicKeys->emplace(key.name, key);
+ publicKeys->emplace(secretKey->name, secretKey->toPublicKey());
}
StringSink sink;
diff --git a/src/libstore/binary-cache-store.hh b/src/libstore/binary-cache-store.hh
index 6feb84cd2..c99556f33 100644
--- a/src/libstore/binary-cache-store.hh
+++ b/src/libstore/binary-cache-store.hh
@@ -31,8 +31,7 @@ private:
protected:
- BinaryCacheStore(std::shared_ptr<Store> localStore,
- const Path & secretKeyFile, const Path & publicKeyFile);
+ BinaryCacheStore(std::shared_ptr<Store> localStore, const Path & secretKeyFile);
[[noreturn]] void notImpl();
diff --git a/src/libstore/crypto.cc b/src/libstore/crypto.cc
index c1b57e51d..53e94e1f5 100644
--- a/src/libstore/crypto.cc
+++ b/src/libstore/crypto.cc
@@ -55,6 +55,17 @@ std::string SecretKey::signDetached(const std::string & data) const
#endif
}
+PublicKey SecretKey::toPublicKey() const
+{
+#if HAVE_SODIUM
+ unsigned char pk[crypto_sign_PUBLICKEYBYTES];
+ crypto_sign_ed25519_sk_to_pk(pk, (unsigned char *) key.data());
+ return PublicKey(name, std::string((char *) pk, crypto_sign_PUBLICKEYBYTES));
+#else
+ noSodium();
+#endif
+}
+
PublicKey::PublicKey(const string & s)
: Key(s)
{
diff --git a/src/libstore/crypto.hh b/src/libstore/crypto.hh
index a1489e753..33b79cb2e 100644
--- a/src/libstore/crypto.hh
+++ b/src/libstore/crypto.hh
@@ -15,19 +15,31 @@ struct Key
‘<name>:<key-in-base64>’. */
Key(const std::string & s);
+protected:
+ Key(const std::string & name, const std::string & key)
+ : name(name), key(key) { }
};
+struct PublicKey;
+
struct SecretKey : Key
{
SecretKey(const std::string & s);
/* Return a detached signature of the given string. */
std::string signDetached(const std::string & s) const;
+
+ PublicKey toPublicKey() const;
};
struct PublicKey : Key
{
PublicKey(const std::string & data);
+
+private:
+ PublicKey(const std::string & name, const std::string & key)
+ : Key(name, key) { }
+ friend class SecretKey;
};
typedef std::map<std::string, PublicKey> PublicKeys;
diff --git a/src/libstore/http-binary-cache-store.cc b/src/libstore/http-binary-cache-store.cc
index 78f4497e7..861e13c7f 100644
--- a/src/libstore/http-binary-cache-store.cc
+++ b/src/libstore/http-binary-cache-store.cc
@@ -14,9 +14,8 @@ private:
public:
HttpBinaryCacheStore(std::shared_ptr<Store> localStore,
- const Path & secretKeyFile, const Path & publicKeyFile,
- const Path & _cacheUri)
- : BinaryCacheStore(localStore, secretKeyFile, publicKeyFile)
+ const Path & secretKeyFile, const Path & _cacheUri)
+ : BinaryCacheStore(localStore, secretKeyFile)
, cacheUri(_cacheUri)
, downloader(makeDownloader())
{
@@ -66,7 +65,7 @@ static RegisterStoreImplementation regStore([](const std::string & uri) -> std::
if (std::string(uri, 0, 7) != "http://" &&
std::string(uri, 0, 8) != "https://") return 0;
auto store = std::make_shared<HttpBinaryCacheStore>(std::shared_ptr<Store>(0),
- "", "", // FIXME: allow the signing key to be set
+ "", // FIXME: allow the signing key to be set
uri);
store->init();
return store;
diff --git a/src/libstore/local-binary-cache-store.cc b/src/libstore/local-binary-cache-store.cc
index 8590aea18..6adabaf9f 100644
--- a/src/libstore/local-binary-cache-store.cc
+++ b/src/libstore/local-binary-cache-store.cc
@@ -11,8 +11,7 @@ private:
public:
LocalBinaryCacheStore(std::shared_ptr<Store> localStore,
- const Path & secretKeyFile, const Path & publicKeyFile,
- const Path & binaryCacheDir);
+ const Path & secretKeyFile, const Path & binaryCacheDir);
void init() override;
@@ -27,9 +26,8 @@ protected:
};
LocalBinaryCacheStore::LocalBinaryCacheStore(std::shared_ptr<Store> localStore,
- const Path & secretKeyFile, const Path & publicKeyFile,
- const Path & binaryCacheDir)
- : BinaryCacheStore(localStore, secretKeyFile, publicKeyFile)
+ const Path & secretKeyFile, const Path & binaryCacheDir)
+ : BinaryCacheStore(localStore, secretKeyFile)
, binaryCacheDir(binaryCacheDir)
{
}
@@ -66,19 +64,18 @@ std::string LocalBinaryCacheStore::getFile(const std::string & path)
}
ref<Store> openLocalBinaryCacheStore(std::shared_ptr<Store> localStore,
- const Path & secretKeyFile, const Path & publicKeyFile,
- const Path & binaryCacheDir)
+ const Path & secretKeyFile, const Path & binaryCacheDir)
{
- auto store = std::make_shared<LocalBinaryCacheStore>(
- localStore, secretKeyFile, publicKeyFile, binaryCacheDir);
+ auto store = make_ref<LocalBinaryCacheStore>(
+ localStore, secretKeyFile, binaryCacheDir);
store->init();
- return ref<Store>(std::shared_ptr<Store>(store));
+ return store;
}
static RegisterStoreImplementation regStore([](const std::string & uri) -> std::shared_ptr<Store> {
if (std::string(uri, 0, 7) != "file://") return 0;
return openLocalBinaryCacheStore(std::shared_ptr<Store>(0),
- "", "", // FIXME: allow the signing key to be set
+ "", // FIXME: allow the signing key to be set
std::string(uri, 7));
});
diff --git a/src/libstore/store-api.hh b/src/libstore/store-api.hh
index 9825d45db..adec0fb78 100644
--- a/src/libstore/store-api.hh
+++ b/src/libstore/store-api.hh
@@ -454,8 +454,7 @@ ref<Store> openStore();
ref<Store> openLocalBinaryCacheStore(std::shared_ptr<Store> localStore,
- const Path & secretKeyFile, const Path & publicKeyFile,
- const Path & binaryCacheDir);
+ const Path & secretKeyFile, const Path & binaryCacheDir);
/* Store implementation registration. */