From 073e134de6260de7d90b135b7e173157741d4853 Mon Sep 17 00:00:00 2001 From: John Ericson Date: Tue, 8 Mar 2022 17:45:19 +0000 Subject: Rename `requireGcStore` to `GcStore::require` I should have done this to begin with. This will be nicer once more Store sub-interfaces exist too, to illustrate the pattern. --- src/libstore/daemon.cc | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'src/libstore/daemon.cc') diff --git a/src/libstore/daemon.cc b/src/libstore/daemon.cc index e6760664c..ffc605410 100644 --- a/src/libstore/daemon.cc +++ b/src/libstore/daemon.cc @@ -645,7 +645,7 @@ static void performOp(TunnelLogger * logger, ref store, Path path = absPath(readString(from)); logger->startWork(); - auto & gcStore = requireGcStore(*store); + auto & gcStore = GcStore::require(*store); gcStore.addIndirectRoot(path); logger->stopWork(); @@ -663,7 +663,7 @@ static void performOp(TunnelLogger * logger, ref store, case wopFindRoots: { logger->startWork(); - auto & gcStore = requireGcStore(*store); + auto & gcStore = GcStore::require(*store); Roots roots = gcStore.findRoots(!trusted); logger->stopWork(); @@ -695,7 +695,7 @@ static void performOp(TunnelLogger * logger, ref store, logger->startWork(); if (options.ignoreLiveness) throw Error("you are not allowed to ignore liveness"); - auto & gcStore = requireGcStore(*store); + auto & gcStore = GcStore::require(*store); gcStore.collectGarbage(options, results); logger->stopWork(); -- cgit v1.2.3 From 678d1c2aa0f499466c723d3461277dc197515f57 Mon Sep 17 00:00:00 2001 From: John Ericson Date: Tue, 8 Mar 2022 18:20:39 +0000 Subject: Factor out a `LogStore` interface Continue progress on #5729. Just as I hoped, this uncovered an issue: the daemon protocol is missing a way to query build logs. This doesn't effect `unix://`, but does effect `ssh://`. A FIXME is left for this, so we come back to it later. --- src/libstore/daemon.cc | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) (limited to 'src/libstore/daemon.cc') diff --git a/src/libstore/daemon.cc b/src/libstore/daemon.cc index ffc605410..1e24a1c79 100644 --- a/src/libstore/daemon.cc +++ b/src/libstore/daemon.cc @@ -4,6 +4,7 @@ #include "build-result.hh" #include "store-api.hh" #include "gc-store.hh" +#include "log-store.hh" #include "path-with-outputs.hh" #include "finally.hh" #include "archive.hh" @@ -953,11 +954,12 @@ static void performOp(TunnelLogger * logger, ref store, logger->startWork(); if (!trusted) throw Error("you are not privileged to add logs"); + auto & logStore = LogStore::require(*store); { FramedSource source(from); StringSink sink; source.drainInto(sink); - store->addBuildLog(path, sink.s); + logStore.addBuildLog(path, sink.s); } logger->stopWork(); to << 1; -- cgit v1.2.3 From a03b1fd7f60788304f358d5f4dc063c7c9e650a9 Mon Sep 17 00:00:00 2001 From: John Ericson Date: Wed, 9 Mar 2022 15:27:48 +0000 Subject: Deduplicate the Store downcasting with a template --- src/libstore/daemon.cc | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) (limited to 'src/libstore/daemon.cc') diff --git a/src/libstore/daemon.cc b/src/libstore/daemon.cc index 1e24a1c79..9f21ecf36 100644 --- a/src/libstore/daemon.cc +++ b/src/libstore/daemon.cc @@ -3,6 +3,7 @@ #include "worker-protocol.hh" #include "build-result.hh" #include "store-api.hh" +#include "store-cast.hh" #include "gc-store.hh" #include "log-store.hh" #include "path-with-outputs.hh" @@ -646,7 +647,7 @@ static void performOp(TunnelLogger * logger, ref store, Path path = absPath(readString(from)); logger->startWork(); - auto & gcStore = GcStore::require(*store); + auto & gcStore = require(*store); gcStore.addIndirectRoot(path); logger->stopWork(); @@ -664,7 +665,7 @@ static void performOp(TunnelLogger * logger, ref store, case wopFindRoots: { logger->startWork(); - auto & gcStore = GcStore::require(*store); + auto & gcStore = require(*store); Roots roots = gcStore.findRoots(!trusted); logger->stopWork(); @@ -696,7 +697,7 @@ static void performOp(TunnelLogger * logger, ref store, logger->startWork(); if (options.ignoreLiveness) throw Error("you are not allowed to ignore liveness"); - auto & gcStore = GcStore::require(*store); + auto & gcStore = require(*store); gcStore.collectGarbage(options, results); logger->stopWork(); @@ -954,7 +955,7 @@ static void performOp(TunnelLogger * logger, ref store, logger->startWork(); if (!trusted) throw Error("you are not privileged to add logs"); - auto & logStore = LogStore::require(*store); + auto & logStore = require(*store); { FramedSource source(from); StringSink sink; -- cgit v1.2.3 From a544ed7684bdf5fa3c0b78d40913f5be3f73f5a7 Mon Sep 17 00:00:00 2001 From: John Ericson Date: Fri, 18 Mar 2022 00:36:52 +0000 Subject: Generalize `DerivationType` in preparation for impure derivations --- src/libstore/daemon.cc | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) (limited to 'src/libstore/daemon.cc') diff --git a/src/libstore/daemon.cc b/src/libstore/daemon.cc index 9f21ecf36..de69b50ee 100644 --- a/src/libstore/daemon.cc +++ b/src/libstore/daemon.cc @@ -560,6 +560,8 @@ static void performOp(TunnelLogger * logger, ref store, BuildMode buildMode = (BuildMode) readInt(from); logger->startWork(); + auto drvType = drv.type(); + /* Content-addressed derivations are trustless because their output paths are verified by their content alone, so any derivation is free to try to produce such a path. @@ -592,12 +594,12 @@ static void performOp(TunnelLogger * logger, ref store, derivations, we throw out the precomputed output paths and just store the hashes, so there aren't two competing sources of truth an attacker could exploit. */ - if (drv.type() == DerivationType::InputAddressed && !trusted) + if (!(drvType.isCA() || trusted)) throw Error("you are not privileged to build input-addressed derivations"); /* Make sure that the non-input-addressed derivations that got this far are in fact content-addressed if we don't trust them. */ - assert(derivationIsCA(drv.type()) || trusted); + assert(drvType.isCA() || trusted); /* Recompute the derivation path when we cannot trust the original. */ if (!trusted) { @@ -606,7 +608,7 @@ static void performOp(TunnelLogger * logger, ref store, original not-necessarily-resolved derivation to verify the drv derivation as adequate claim to the input-addressed output paths. */ - assert(derivationIsCA(drv.type())); + assert(drvType.isCA()); Derivation drv2; static_cast(drv2) = drv; -- cgit v1.2.3