aboutsummaryrefslogtreecommitdiff
path: root/src/nix/verify.cc
AgeCommit message (Collapse)Author
2020-08-05Remove optionality in ValidPathInfo::narInfoCarlo Nucera
2020-07-15Merge branch 'master' of github.com:NixOS/nix into hash-always-has-typeCarlo Nucera
2020-07-13nix verify: Show correct path when using --all on a binary cacheEelco Dolstra
2020-06-23Merge remote-tracking branch 'upstream/master' into hash-always-has-typeJohn Ericson
2020-06-19WIP bug fixingCarlo Nucera
2020-06-18Merge branch 'validPathInfo-temp' into validPathInfo-ca-proper-datatypeJohn Ericson
2020-06-18Revert the `enum struct` changeJohn Ericson
Not a regular git revert as there have been many merges and things.
2020-06-18Merge branch 'enum-class' into no-hash-type-unknownJohn Ericson
2020-06-18Merge remote-tracking branch 'upstream/master' into enum-classJohn Ericson
2020-06-16StorePath: Rewrite in C++Eelco Dolstra
On nix-env -qa -f '<nixpkgs>', this reduces maximum RSS by 20970 KiB and runtime by 0.8%. This is mostly because we're not parsing the hash part as a hash anymore (just validating that it consists of base-32 characters). Also, replace storePathToHash() by StorePath::hashPart().
2020-06-15Remove trailing whitespaceEelco Dolstra
2020-06-11Merge remote-tracking branch 'upstream/master' into errors-phase-2Ben Burdette
2020-06-03libutils/hash: remove default encodingzimbatm
This will make it easier to reason about the hash encoding and switch to SRI everywhere where possible.
2020-06-03Merge remote-tracking branch 'obsidian/no-hash-type-unknown' into ↵John Ericson
validPathInfo-ca-proper-datatype
2020-06-02Apply suggestions from code reviewJohn Ericson
Co-authored-by: Matthew Bauer <mjbauer95@gmail.com>
2020-06-02Remove `HashType::Unknown`John Ericson
Instead, `Hash` uses `std::optional<HashType>`. In the future, we may also make `Hash` itself require a known hash type, encoraging people to use `std::optional<Hash>` instead.
2020-06-02elide the 'ErrorInfo' in logError and logWarning callsBen Burdette
2020-06-02WIPJohn Ericson
2020-05-28Merge branch 'master' of github.com:NixOS/nix into enum-classCarlo Nucera
2020-05-11Merge branch 'master' into errors-phase-2Ben Burdette
2020-05-05nix --help: Group commandsEelco Dolstra
2020-05-04Flag: Use designated initializersEelco Dolstra
2020-05-03convert some printError calls to logErrorBen Burdette
2020-04-30logErrorBen Burdette
2020-03-29Use `enum struct` and drop prefixesJohn Ericson
This does a few enums; the rest will be gotten in subsequent commits.
2019-12-10Make the Store API more type-safeEelco Dolstra
Most functions now take a StorePath argument rather than a Path (which is just an alias for std::string). The StorePath constructor ensures that the path is syntactically correct (i.e. it looks like <store-dir>/<base32-hash>-<name>). Similarly, functions like buildPaths() now take a StorePathWithOutputs, rather than abusing Path by adding a '!<outputs>' suffix. Note that the StorePath type is implemented in Rust. This involves some hackery to allow Rust values to be used directly in C++, via a helper type whose destructor calls the Rust type's drop() function. The main issue is the dynamic nature of C++ move semantics: after we have moved a Rust value, we should not call the drop function on the original value. So when we move a value, we set the original value to bitwise zero, and the destructor only calls drop() if the value is not bitwise zero. This should be sufficient for most types. Also lots of minor cleanups to the C++ API to make it more modern (e.g. using std::optional and std::string_view in some places).
2019-12-05Make subcommand construction in MultiCommand lazyEelco Dolstra
(cherry picked from commit a0de58f471c9087d8e6cc60a6078f9940a125b15)
2019-10-21Allow content-addressable paths to have referencesEelco Dolstra
This adds a command 'nix make-content-addressable' that rewrites the specified store paths into content-addressable paths. The advantage of such paths is that 1) they can be imported without signatures; 2) they can enable deduplication in cases where derivation changes do not cause output changes (apart from store path hashes). For example, $ nix make-content-addressable -r nixpkgs.cowsay rewrote '/nix/store/g1g31ah55xdia1jdqabv1imf6mcw0nb1-glibc-2.25-49' to '/nix/store/48jfj7bg78a8n4f2nhg269rgw1936vj4-glibc-2.25-49' ... rewrote '/nix/store/qbi6rzpk0bxjw8lw6azn2mc7ynnn455q-cowsay-3.03+dfsg1-16' to '/nix/store/iq6g2x4q62xp7y7493bibx0qn5w7xz67-cowsay-3.03+dfsg1-16' We can then copy the resulting closure to another store without signatures: $ nix copy --trusted-public-keys '' ---to ~/my-nix /nix/store/iq6g2x4q62xp7y7493bibx0qn5w7xz67-cowsay-3.03+dfsg1-16 In order to support self-references in content-addressable paths, these paths are hashed "modulo" self-references, meaning that self-references are zeroed out during hashing. Somewhat annoyingly, this means that the NAR hash stored in the Nix database is no longer necessarily equal to the output of "nix hash-path"; for content-addressable paths, you need to pass the --modulo flag: $ nix path-info --json /nix/store/iq6g2x4q62xp7y7493bibx0qn5w7xz67-cowsay-3.03+dfsg1-16 | jq -r .[].narHash sha256:0ri611gdilz2c9rsibqhsipbfs9vwcqvs811a52i2bnkhv7w9mgw $ nix hash-path --type sha256 --base32 /nix/store/iq6g2x4q62xp7y7493bibx0qn5w7xz67-cowsay-3.03+dfsg1-16 1ggznh07khq0hz6id09pqws3a8q9pn03ya3c03nwck1kwq8rclzs $ nix hash-path --type sha256 --base32 /nix/store/iq6g2x4q62xp7y7493bibx0qn5w7xz67-cowsay-3.03+dfsg1-16 --modulo iq6g2x4q62xp7y7493bibx0qn5w7xz67 0ri611gdilz2c9rsibqhsipbfs9vwcqvs811a52i2bnkhv7w9mgw
2019-10-10nix verify: Fix uninitialized variableEelco Dolstra
2019-10-09OCD performance fix: {find,count}+insert => insertEelco Dolstra
2018-09-25Fix overflow when verifying signatures of content addressable pathsWill Fancher
2017-10-24nix: Respect -I, --arg, --argstrEelco Dolstra
Also, random cleanup to argument handling.
2017-08-28Give activities a verbosity level againEelco Dolstra
And print them (separately from the progress bar) given sufficient -v flags.
2017-08-16nix verify: Restore the progress indicatorEelco Dolstra
2017-07-30Replace Unicode quotes in user-facing strings by ASCIIJörg Thalheim
Relevant RFC: NixOS/rfcs#4 $ ag -l | xargs sed -i -e "/\"/s/’/'/g;/\"/s/‘/'/g"
2017-07-04Support base-64 hashesEelco Dolstra
Also simplify the Hash API. Fixes #1437.
2017-06-07Don't show flags from config settings in "nix --help"Eelco Dolstra
2017-05-16Improve progress indicatorEelco Dolstra
2016-11-26Revert "Get rid of unicode quotes (#1140)"Eelco Dolstra
This reverts commit f78126bfd6b6c8477fcdbc09b2f98772dbe9a1e7. There really is no need for such a massive change...
2016-11-25Get rid of unicode quotes (#1140)Guillaume Maudoux
2016-11-09Merge branch 'ssh-store' of https://github.com/shlevy/nixEelco Dolstra
2016-09-21printMsg(lvlError, ...) -> printError(...) etc.Eelco Dolstra
2016-09-02Merge openStore and openStoreAt with default argumentsShea Levy
2016-08-10Mark content-addressed paths in the Nix database and in .narinfoEelco Dolstra
This allows such paths to be imported without signatures.
2016-04-25Improved logging abstractionEelco Dolstra
This also gets rid of --log-type, since the nested log type isn't useful in a multi-threaded situation, and nobody cares about the "pretty" log type.
2016-04-22nix copy: ParalleliseEelco Dolstra
2016-04-21Implement S3BinaryCacheStore::queryAllValidPaths()Eelco Dolstra
This allows commands like "nix verify --all" or "nix path-info --all" to work on S3 caches. Unfortunately, this requires some ugly hackery: when querying the contents of the bucket, we don't want to have to read every .narinfo file. But the S3 bucket keys only include the hash part of each store path, not the name part. So as a special exception queryAllValidPaths() can now return store paths *without* the name part, and queryPathInfo() accepts such store paths (returning a ValidPathInfo object containing the full name).
2016-04-21nix --help: Show usage examplesEelco Dolstra
2016-04-19Move path info caching from BinaryCacheStore to StoreEelco Dolstra
Caching path info is generally useful. For instance, it speeds up "nix path-info -rS /run/current-system" (i.e. showing the closure sizes of all paths in the closure of the current system) from 5.6s to 0.15s. This also eliminates some APIs like Store::queryDeriver() and Store::queryReferences().
2016-04-15Unify "nix verify-paths" and "nix verify-store"Eelco Dolstra
"verify-store" is now simply an "--all" flag to "nix verify". This flag can be used for any other store path command as well (e.g. "nix path-info", "nix copy-sigs", ...).