mirror of
https://github.com/privatevoid-net/nix-super.git
synced 2024-11-30 01:26:15 +02:00
BinaryCacheStore: Remove publicKeyFile argument
The public key can be derived from the secret key, so there's no need for the user to supply it separately.
This commit is contained in:
parent
42bc395b63
commit
af7cdb1096
7 changed files with 39 additions and 25 deletions
|
@ -14,16 +14,13 @@
|
||||||
namespace nix {
|
namespace nix {
|
||||||
|
|
||||||
BinaryCacheStore::BinaryCacheStore(std::shared_ptr<Store> localStore,
|
BinaryCacheStore::BinaryCacheStore(std::shared_ptr<Store> localStore,
|
||||||
const Path & secretKeyFile, const Path & publicKeyFile)
|
const Path & secretKeyFile)
|
||||||
: localStore(localStore)
|
: localStore(localStore)
|
||||||
{
|
{
|
||||||
if (secretKeyFile != "")
|
if (secretKeyFile != "") {
|
||||||
secretKey = std::unique_ptr<SecretKey>(new SecretKey(readFile(secretKeyFile)));
|
secretKey = std::unique_ptr<SecretKey>(new SecretKey(readFile(secretKeyFile)));
|
||||||
|
|
||||||
if (publicKeyFile != "") {
|
|
||||||
publicKeys = std::unique_ptr<PublicKeys>(new PublicKeys);
|
publicKeys = std::unique_ptr<PublicKeys>(new PublicKeys);
|
||||||
auto key = PublicKey(readFile(publicKeyFile));
|
publicKeys->emplace(secretKey->name, secretKey->toPublicKey());
|
||||||
publicKeys->emplace(key.name, key);
|
|
||||||
}
|
}
|
||||||
|
|
||||||
StringSink sink;
|
StringSink sink;
|
||||||
|
|
|
@ -31,8 +31,7 @@ private:
|
||||||
|
|
||||||
protected:
|
protected:
|
||||||
|
|
||||||
BinaryCacheStore(std::shared_ptr<Store> localStore,
|
BinaryCacheStore(std::shared_ptr<Store> localStore, const Path & secretKeyFile);
|
||||||
const Path & secretKeyFile, const Path & publicKeyFile);
|
|
||||||
|
|
||||||
[[noreturn]] void notImpl();
|
[[noreturn]] void notImpl();
|
||||||
|
|
||||||
|
|
|
@ -55,6 +55,17 @@ std::string SecretKey::signDetached(const std::string & data) const
|
||||||
#endif
|
#endif
|
||||||
}
|
}
|
||||||
|
|
||||||
|
PublicKey SecretKey::toPublicKey() const
|
||||||
|
{
|
||||||
|
#if HAVE_SODIUM
|
||||||
|
unsigned char pk[crypto_sign_PUBLICKEYBYTES];
|
||||||
|
crypto_sign_ed25519_sk_to_pk(pk, (unsigned char *) key.data());
|
||||||
|
return PublicKey(name, std::string((char *) pk, crypto_sign_PUBLICKEYBYTES));
|
||||||
|
#else
|
||||||
|
noSodium();
|
||||||
|
#endif
|
||||||
|
}
|
||||||
|
|
||||||
PublicKey::PublicKey(const string & s)
|
PublicKey::PublicKey(const string & s)
|
||||||
: Key(s)
|
: Key(s)
|
||||||
{
|
{
|
||||||
|
|
|
@ -15,19 +15,31 @@ struct Key
|
||||||
‘<name>:<key-in-base64>’. */
|
‘<name>:<key-in-base64>’. */
|
||||||
Key(const std::string & s);
|
Key(const std::string & s);
|
||||||
|
|
||||||
|
protected:
|
||||||
|
Key(const std::string & name, const std::string & key)
|
||||||
|
: name(name), key(key) { }
|
||||||
};
|
};
|
||||||
|
|
||||||
|
struct PublicKey;
|
||||||
|
|
||||||
struct SecretKey : Key
|
struct SecretKey : Key
|
||||||
{
|
{
|
||||||
SecretKey(const std::string & s);
|
SecretKey(const std::string & s);
|
||||||
|
|
||||||
/* Return a detached signature of the given string. */
|
/* Return a detached signature of the given string. */
|
||||||
std::string signDetached(const std::string & s) const;
|
std::string signDetached(const std::string & s) const;
|
||||||
|
|
||||||
|
PublicKey toPublicKey() const;
|
||||||
};
|
};
|
||||||
|
|
||||||
struct PublicKey : Key
|
struct PublicKey : Key
|
||||||
{
|
{
|
||||||
PublicKey(const std::string & data);
|
PublicKey(const std::string & data);
|
||||||
|
|
||||||
|
private:
|
||||||
|
PublicKey(const std::string & name, const std::string & key)
|
||||||
|
: Key(name, key) { }
|
||||||
|
friend class SecretKey;
|
||||||
};
|
};
|
||||||
|
|
||||||
typedef std::map<std::string, PublicKey> PublicKeys;
|
typedef std::map<std::string, PublicKey> PublicKeys;
|
||||||
|
|
|
@ -14,9 +14,8 @@ private:
|
||||||
public:
|
public:
|
||||||
|
|
||||||
HttpBinaryCacheStore(std::shared_ptr<Store> localStore,
|
HttpBinaryCacheStore(std::shared_ptr<Store> localStore,
|
||||||
const Path & secretKeyFile, const Path & publicKeyFile,
|
const Path & secretKeyFile, const Path & _cacheUri)
|
||||||
const Path & _cacheUri)
|
: BinaryCacheStore(localStore, secretKeyFile)
|
||||||
: BinaryCacheStore(localStore, secretKeyFile, publicKeyFile)
|
|
||||||
, cacheUri(_cacheUri)
|
, cacheUri(_cacheUri)
|
||||||
, downloader(makeDownloader())
|
, downloader(makeDownloader())
|
||||||
{
|
{
|
||||||
|
@ -66,7 +65,7 @@ static RegisterStoreImplementation regStore([](const std::string & uri) -> std::
|
||||||
if (std::string(uri, 0, 7) != "http://" &&
|
if (std::string(uri, 0, 7) != "http://" &&
|
||||||
std::string(uri, 0, 8) != "https://") return 0;
|
std::string(uri, 0, 8) != "https://") return 0;
|
||||||
auto store = std::make_shared<HttpBinaryCacheStore>(std::shared_ptr<Store>(0),
|
auto store = std::make_shared<HttpBinaryCacheStore>(std::shared_ptr<Store>(0),
|
||||||
"", "", // FIXME: allow the signing key to be set
|
"", // FIXME: allow the signing key to be set
|
||||||
uri);
|
uri);
|
||||||
store->init();
|
store->init();
|
||||||
return store;
|
return store;
|
||||||
|
|
|
@ -11,8 +11,7 @@ private:
|
||||||
public:
|
public:
|
||||||
|
|
||||||
LocalBinaryCacheStore(std::shared_ptr<Store> localStore,
|
LocalBinaryCacheStore(std::shared_ptr<Store> localStore,
|
||||||
const Path & secretKeyFile, const Path & publicKeyFile,
|
const Path & secretKeyFile, const Path & binaryCacheDir);
|
||||||
const Path & binaryCacheDir);
|
|
||||||
|
|
||||||
void init() override;
|
void init() override;
|
||||||
|
|
||||||
|
@ -27,9 +26,8 @@ protected:
|
||||||
};
|
};
|
||||||
|
|
||||||
LocalBinaryCacheStore::LocalBinaryCacheStore(std::shared_ptr<Store> localStore,
|
LocalBinaryCacheStore::LocalBinaryCacheStore(std::shared_ptr<Store> localStore,
|
||||||
const Path & secretKeyFile, const Path & publicKeyFile,
|
const Path & secretKeyFile, const Path & binaryCacheDir)
|
||||||
const Path & binaryCacheDir)
|
: BinaryCacheStore(localStore, secretKeyFile)
|
||||||
: BinaryCacheStore(localStore, secretKeyFile, publicKeyFile)
|
|
||||||
, binaryCacheDir(binaryCacheDir)
|
, binaryCacheDir(binaryCacheDir)
|
||||||
{
|
{
|
||||||
}
|
}
|
||||||
|
@ -66,19 +64,18 @@ std::string LocalBinaryCacheStore::getFile(const std::string & path)
|
||||||
}
|
}
|
||||||
|
|
||||||
ref<Store> openLocalBinaryCacheStore(std::shared_ptr<Store> localStore,
|
ref<Store> openLocalBinaryCacheStore(std::shared_ptr<Store> localStore,
|
||||||
const Path & secretKeyFile, const Path & publicKeyFile,
|
const Path & secretKeyFile, const Path & binaryCacheDir)
|
||||||
const Path & binaryCacheDir)
|
|
||||||
{
|
{
|
||||||
auto store = std::make_shared<LocalBinaryCacheStore>(
|
auto store = make_ref<LocalBinaryCacheStore>(
|
||||||
localStore, secretKeyFile, publicKeyFile, binaryCacheDir);
|
localStore, secretKeyFile, binaryCacheDir);
|
||||||
store->init();
|
store->init();
|
||||||
return ref<Store>(std::shared_ptr<Store>(store));
|
return store;
|
||||||
}
|
}
|
||||||
|
|
||||||
static RegisterStoreImplementation regStore([](const std::string & uri) -> std::shared_ptr<Store> {
|
static RegisterStoreImplementation regStore([](const std::string & uri) -> std::shared_ptr<Store> {
|
||||||
if (std::string(uri, 0, 7) != "file://") return 0;
|
if (std::string(uri, 0, 7) != "file://") return 0;
|
||||||
return openLocalBinaryCacheStore(std::shared_ptr<Store>(0),
|
return openLocalBinaryCacheStore(std::shared_ptr<Store>(0),
|
||||||
"", "", // FIXME: allow the signing key to be set
|
"", // FIXME: allow the signing key to be set
|
||||||
std::string(uri, 7));
|
std::string(uri, 7));
|
||||||
});
|
});
|
||||||
|
|
||||||
|
|
|
@ -454,8 +454,7 @@ ref<Store> openStore();
|
||||||
|
|
||||||
|
|
||||||
ref<Store> openLocalBinaryCacheStore(std::shared_ptr<Store> localStore,
|
ref<Store> openLocalBinaryCacheStore(std::shared_ptr<Store> localStore,
|
||||||
const Path & secretKeyFile, const Path & publicKeyFile,
|
const Path & secretKeyFile, const Path & binaryCacheDir);
|
||||||
const Path & binaryCacheDir);
|
|
||||||
|
|
||||||
|
|
||||||
/* Store implementation registration. */
|
/* Store implementation registration. */
|
||||||
|
|
Loading…
Reference in a new issue