#include "command.hh" #include "shared.hh" #include "store-api.hh" #include "sync.hh" #include "thread-pool.hh" #include using namespace nix; struct CmdVerify : StorePathsCommand { bool noContents = false; bool noTrust = false; Strings substituterUris; size_t sigsNeeded; CmdVerify() { mkFlag(0, "no-contents", "do not verify the contents of each store path", &noContents); mkFlag(0, "no-trust", "do not verify whether each store path is trusted", &noTrust); mkFlag() .longName("substituter") .shortName('s') .labels({"store-uri"}) .description("use signatures from specified store") .arity(1) .handler([&](std::vector ss) { substituterUris.push_back(ss[0]); }); mkIntFlag('n', "sigs-needed", "require that each path has at least N valid signatures", &sigsNeeded); } std::string description() override { return "verify the integrity of store paths"; } Examples examples() override { return { Example{ "To verify the entire Nix store:", "nix verify --all" }, Example{ "To check whether each path in the closure of Firefox has at least 2 signatures:", "nix verify -r -n2 --no-contents $(type -p firefox)" }, }; } void run(ref store, Paths storePaths) override { std::vector> substituters; for (auto & s : substituterUris) substituters.push_back(openStore(s)); auto publicKeys = getDefaultPublicKeys(); Activity act(*logger, actVerifyPaths); std::atomic done{0}; std::atomic untrusted{0}; std::atomic corrupted{0}; std::atomic failed{0}; std::atomic active{0}; auto update = [&]() { act.progress(done, storePaths.size(), active, failed); }; ThreadPool pool; auto doPath = [&](const Path & storePath) { try { checkInterrupt(); Activity act2(*logger, lvlInfo, actUnknown, fmt("checking '%s'", storePath)); MaintainCount> mcActive(active); update(); auto info = store->queryPathInfo(storePath); if (!noContents) { HashSink sink(info->narHash.type); store->narFromPath(info->path, sink); auto hash = sink.finish(); if (hash.first != info->narHash) { corrupted++; act2.result(resCorruptedPath, info->path); printError( format("path '%s' was modified! expected hash '%s', got '%s'") % info->path % info->narHash.to_string() % hash.first.to_string()); } } if (!noTrust) { bool good = false; if (info->ultimate && !sigsNeeded) good = true; else { StringSet sigsSeen; size_t actualSigsNeeded = sigsNeeded ? sigsNeeded : 1; size_t validSigs = 0; auto doSigs = [&](StringSet sigs) { for (auto sig : sigs) { if (!sigsSeen.insert(sig).second) continue; if (validSigs < ValidPathInfo::maxSigs && info->checkSignature(publicKeys, sig)) validSigs++; } }; if (info->isContentAddressed(*store)) validSigs = ValidPathInfo::maxSigs; doSigs(info->sigs); for (auto & store2 : substituters) { if (validSigs >= actualSigsNeeded) break; try { auto info2 = store2->queryPathInfo(info->path); if (info2->isContentAddressed(*store)) validSigs = ValidPathInfo::maxSigs; doSigs(info2->sigs); } catch (InvalidPath &) { } catch (Error & e) { printError(format(ANSI_RED "error:" ANSI_NORMAL " %s") % e.what()); } } if (validSigs >= actualSigsNeeded) good = true; } if (!good) { untrusted++; act2.result(resUntrustedPath, info->path); printError(format("path '%s' is untrusted") % info->path); } } done++; } catch (Error & e) { printError(format(ANSI_RED "error:" ANSI_NORMAL " %s") % e.what()); failed++; } update(); }; for (auto & storePath : storePaths) pool.enqueue(std::bind(doPath, storePath)); pool.process(); throw Exit( (corrupted ? 1 : 0) | (untrusted ? 2 : 0) | (failed ? 4 : 0)); } }; static auto r1 = registerCommand("verify");