max/nix-super
1
0
Fork 0
mirror of https://github.com/privatevoid-net/nix-super.git synced 2025-02-07 18:57:19 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions
nix-super/src/libstore
History
Adam Joseph e43bb655fe libstore/daemon.cc: note trust model difference in readDerivation()s 
Below the comment added by this commit is a much longer comment
followed by a trust check, both of which have confused me on at
least two occasions.  I figured it out once, forgot it, then had to
ask @Ericson2314 to explain it, at which point I understood it
again.  I think this might confuse other people too, or maybe I will
just forget it a third time.  So let's add a comment.

Farther down in the function is the following check:

```
if (!(drvType.isCA() || trusted))
  throw Error("you are not privileged to build input-addressed derivations");
```

This seems really strange at first.  A key property of Nix is that
you can compute the outpath of a derivation using the derivation
(and its references-closure) without trusting anybody!

The missing insight is that at this point in the code the builder
doesn't necessarily have the references-closure of the derivation
being built, and therefore needs to trust that the derivation's
outPath is honest.  It's incredibly easy to overlook this, because
the only difference between these two cases is which of these
identically-named functions we used:

- `readDerivation(Source,Store)`
- `Store::readDerivation()`

These functions have different trust models (except in the special
case where the first function is used on the local store).  We
should call the reader's attention to this fact.

Co-authored-by: Cole Helbling <cole.e.helbling@outlook.com>
2023-12-10 17:47:07 -08:00
..
build Give Derivation::tryResolve an evalStore argument 2023-12-08 10:01:05 -05:00
builtins HashType: Rename to HashAlgorithm 2023-12-06 23:43:42 +01:00
binary-cache-store.cc Renamed HashFormat::Base32 to HashFormat::Nix32 2023-12-06 23:43:42 +01:00
binary-cache-store.hh HashType: Rename to HashAlgorithm 2023-12-06 23:43:42 +01:00
build-result.cc Test the rest of the worker protocol serializers 2023-10-04 15:31:52 -04:00
build-result.hh Test the rest of the worker protocol serializers 2023-10-04 15:31:52 -04:00
builtins.hh Ensure all headers have #pragma once and are in API docs 2023-03-31 23:19:44 -04:00
ca-specific-schema.sql ca: add sqlite index on RealisationsRefs(realisationReference) 2022-04-21 10:06:39 +02:00
common-protocol-impl.hh Restrict some code to StoreDirConfig 2023-11-04 19:05:36 -04:00
common-protocol.cc Merge pull request #6236 from obsidiansystems/store-dir-config 2023-12-01 15:38:14 +01:00
common-protocol.hh Restrict some code to StoreDirConfig 2023-11-04 19:05:36 -04:00
content-address.cc Renamed HashFormat::Base32 to HashFormat::Nix32 2023-12-06 23:43:42 +01:00
content-address.hh HashType: Rename to HashAlgorithm 2023-12-06 23:43:42 +01:00
crypto.cc Split up util.{hh,cc} 2023-11-05 12:20:02 -05:00
crypto.hh Finish converting existing comments for internal API docs (#8146) 2023-04-07 13:55:28 +00:00
daemon.cc libstore/daemon.cc: note trust model difference in readDerivation()s 2023-12-10 17:47:07 -08:00
daemon.hh Add Store::isTrustedClient() 2023-04-06 19:59:57 -04:00
derivations.cc Give Derivation::tryResolve an evalStore argument 2023-12-08 10:01:05 -05:00
derivations.hh Give Derivation::tryResolve an evalStore argument 2023-12-08 10:01:05 -05:00
derived-path-map.cc Split up util.{hh,cc} 2023-11-05 12:20:02 -05:00
derived-path-map.hh Split up util.{hh,cc} 2023-11-05 12:20:02 -05:00
derived-path.cc Restrict some code to StoreDirConfig 2023-11-04 19:05:36 -04:00
derived-path.hh Merge pull request #6236 from obsidiansystems/store-dir-config 2023-12-01 15:38:14 +01:00
downstream-placeholder.cc Renamed HashFormat::Base32 to HashFormat::Nix32 2023-12-06 23:43:42 +01:00
downstream-placeholder.hh Introduce OutputName and OutputNameView type aliases 2023-08-25 09:55:07 -04:00
dummy-store.cc Merge FSAccessor into SourceAccessor 2023-11-01 17:09:28 +01:00
dummy-store.md Support per-store Markdown documentation 2023-03-21 14:03:40 +01:00
export-import.cc Renamed HashFormat::Base32 to HashFormat::Nix32 2023-12-06 23:43:42 +01:00
filetransfer.cc Split up util.{hh,cc} 2023-11-05 12:20:02 -05:00
filetransfer.hh Allow tarball URLs to redirect to a lockable immutable URL 2023-06-13 14:17:45 +02:00
gc-store.hh Clean up store hierarchy with IndirectRootStore 2023-07-24 09:19:44 -04:00
gc.cc Renamed HashFormat::Base32 to HashFormat::Nix32 2023-12-06 23:43:42 +01:00
globals.cc Merge pull request #9233 from bouk/bouk/apply-config-inner 2023-12-01 08:23:32 -05:00
globals.hh fix random docs errors 2023-12-02 03:02:59 +01:00
http-binary-cache-store.cc Add Store::isTrustedClient() 2023-04-06 19:59:57 -04:00
http-binary-cache-store.md Support per-store Markdown documentation 2023-03-21 14:03:40 +01:00
indirect-root-store.hh MountedSSHStore: stores on shared filesystems 2023-11-21 13:34:01 -05:00
legacy-ssh-store.cc Create ServeProto::BuildOptions and a serializer for it 2023-12-09 11:35:13 -05:00
legacy-ssh-store.md Support per-store Markdown documentation 2023-03-21 14:03:40 +01:00
length-prefixed-protocol-helper.hh Restrict some code to StoreDirConfig 2023-11-04 19:05:36 -04:00
local-binary-cache-store.cc Add Store::isTrustedClient() 2023-04-06 19:59:57 -04:00
local-binary-cache-store.md Support per-store Markdown documentation 2023-03-21 14:03:40 +01:00
local-fs-store.cc LocalStoreAccessor: Reuse PosixSourceAccessor 2023-11-01 17:22:25 +01:00
local-fs-store.hh Merge FSAccessor into SourceAccessor 2023-11-01 17:09:28 +01:00
local-store.cc Renamed HashFormat::Base32 to HashFormat::Nix32 2023-12-06 23:43:42 +01:00
local-store.hh HashType: Rename to HashAlgorithm 2023-12-06 23:43:42 +01:00
local-store.md Tweaks 2023-03-23 15:32:59 +01:00
local.mk Use buildprefix in a few more places 2023-11-29 19:49:07 -05:00
lock.cc Split up util.{hh,cc} 2023-11-05 12:20:02 -05:00
lock.hh Finish converting existing comments for internal API docs (#8146) 2023-04-07 13:55:28 +00:00
log-store.cc Move the getBuildLog implementation to its own implementation file 2023-01-13 11:05:44 +01:00
log-store.hh Finish converting existing comments for internal API docs (#8146) 2023-04-07 13:55:28 +00:00
machines.cc Split up util.{hh,cc} 2023-11-05 12:20:02 -05:00
machines.hh Ensure all headers have #pragma once and are in API docs 2023-03-31 23:19:44 -04:00
make-content-addressed.cc HashType: Rename to HashAlgorithm 2023-12-06 23:43:42 +01:00
make-content-addressed.hh makeContentAddressed: Add single path helper 2023-06-30 18:22:47 +02:00
misc.cc Restrict some code to StoreDirConfig 2023-11-04 19:05:36 -04:00
mounted-ssh-store.md MountedSSHStore: stores on shared filesystems 2023-11-21 13:34:01 -05:00
names.cc return string_views from forceString* 2022-01-27 17:15:43 +01:00
names.hh Ensure all headers have #pragma once and are in API docs 2023-03-31 23:19:44 -04:00
nar-accessor.cc Fix consts and casts 2023-11-08 17:29:55 +01:00
nar-accessor.hh Fix consts and casts 2023-11-08 17:29:55 +01:00
nar-info-disk-cache.cc Renamed HashFormat::Base32 to HashFormat::Nix32 2023-12-06 23:43:42 +01:00
nar-info-disk-cache.hh Finish converting existing comments for internal API docs (#8146) 2023-04-07 13:55:28 +00:00
nar-info.cc Renamed HashFormat::Base32 to HashFormat::Nix32 2023-12-06 23:43:42 +01:00
nar-info.hh Fix consts and casts 2023-11-08 17:29:55 +01:00
nix-store.pc.in Fix building with GCC 9 2023-02-10 18:38:57 +01:00
optimise-store.cc Renamed HashFormat::Base32 to HashFormat::Nix32 2023-12-06 23:43:42 +01:00
outputs-spec.cc Fix moves that accidentally copy anyway 2023-10-16 21:48:35 +01:00
outputs-spec.hh Introduce OutputName and OutputNameView type aliases 2023-08-25 09:55:07 -04:00
parsed-derivations.cc Renamed HashFormat::Base32 to HashFormat::Nix32 2023-12-06 23:43:42 +01:00
parsed-derivations.hh Ensure all headers have #pragma once and are in API docs 2023-03-31 23:19:44 -04:00
path-info.cc Renamed HashFormat::Base32 to HashFormat::Nix32 2023-12-06 23:43:42 +01:00
path-info.hh Make nix path-info --json return an object not array 2023-11-06 11:06:31 -05:00
path-references.cc HashType: Rename to HashAlgorithm 2023-12-06 23:43:42 +01:00
path-references.hh Split up util.{hh,cc} 2023-11-05 12:20:02 -05:00
path-regex.hh StorePath: reject names starting with '.' 2023-10-04 22:10:52 +00:00
path-with-outputs.cc Restrict some code to StoreDirConfig 2023-11-04 19:05:36 -04:00
path-with-outputs.hh Restrict some code to StoreDirConfig 2023-11-04 19:05:36 -04:00
path.cc Renamed HashFormat::Base32 to HashFormat::Nix32 2023-12-06 23:43:42 +01:00
path.hh Ensure all headers have #pragma once and are in API docs 2023-03-31 23:19:44 -04:00
pathlocks.cc Split up util.{hh,cc} 2023-11-05 12:20:02 -05:00
pathlocks.hh Split up util.{hh,cc} 2023-11-05 12:20:02 -05:00
posix-fs-canonicalise.cc Improve ACL clearing support (fixing FreeBSD build) 2023-11-29 21:09:19 -05:00
posix-fs-canonicalise.hh Put canonicaliseTimestampAndPermissions in its own header/file 2023-11-21 12:57:59 -05:00
profiles.cc Split up util.{hh,cc} 2023-11-05 12:20:02 -05:00
profiles.hh Clean up a few things related to profiles (#8526) 2023-06-19 04:04:59 +00:00
realisation.cc libstore: also pass unwanted outputs to the post-build-hook 2023-05-08 12:58:59 +02:00
realisation.hh treewide: Reference HashFormat members with scope 2023-10-19 00:56:41 +08:00
remote-fs-accessor.cc Merge FSAccessor into SourceAccessor 2023-11-01 17:09:28 +01:00
remote-fs-accessor.hh Merge FSAccessor into SourceAccessor 2023-11-01 17:09:28 +01:00
remote-store-connection.hh Split up util.{hh,cc} 2023-11-05 12:20:02 -05:00
remote-store.cc HashType: Rename to HashAlgorithm 2023-12-06 23:43:42 +01:00
remote-store.hh HashType: Rename to HashAlgorithm 2023-12-06 23:43:42 +01:00
repair-flag.hh Ensure all headers have #pragma once and are in API docs 2023-03-31 23:19:44 -04:00
s3-binary-cache-store.cc Remove bug-avoiding StoreConfig * casts for settings 2023-10-31 12:09:46 -04:00
s3-binary-cache-store.hh Ensure all headers have #pragma once and are in API docs 2023-03-31 23:19:44 -04:00
s3-binary-cache-store.md Merge how-to section on S3 buckets into S3 store docs (#7972) 2023-10-23 13:22:33 -04:00
s3.hh Ensure all headers have #pragma once and are in API docs 2023-03-31 23:19:44 -04:00
schema.sql schema.sql: add comment about hash being in base16 2022-06-01 14:59:57 +02:00
serve-protocol-impl.hh Restrict some code to StoreDirConfig 2023-11-04 19:05:36 -04:00
serve-protocol.cc Create ServeProto::BuildOptions and a serializer for it 2023-12-09 11:35:13 -05:00
serve-protocol.hh Create ServeProto::BuildOptions and a serializer for it 2023-12-09 11:35:13 -05:00
sqlite.cc Split up util.{hh,cc} 2023-11-05 12:20:02 -05:00
sqlite.hh Support opening local store with database on read-only filesystem (#8356) 2023-06-20 11:34:09 +02:00
ssh-store-config.hh Document each store type on its own page 2023-12-01 01:27:52 +01:00
ssh-store.cc MountedSSHStore: stores on shared filesystems 2023-11-21 13:34:01 -05:00
ssh-store.md Support per-store Markdown documentation 2023-03-21 14:03:40 +01:00
ssh.cc fix(ssh): log first line of stdout 2023-11-06 08:46:19 -05:00
ssh.hh Split up util.{hh,cc} 2023-11-05 12:20:02 -05:00
store-api.cc HashType: Rename to HashAlgorithm 2023-12-06 23:43:42 +01:00
store-api.hh HashType: Rename to HashAlgorithm 2023-12-06 23:43:42 +01:00
store-cast.hh Ensure all headers have #pragma once and are in API docs 2023-03-31 23:19:44 -04:00
store-dir-config.hh HashType: Rename to HashAlgorithm 2023-12-06 23:43:42 +01:00
uds-remote-store.cc Split up util.{hh,cc} 2023-11-05 12:20:02 -05:00
uds-remote-store.hh Merge FSAccessor into SourceAccessor 2023-11-01 17:09:28 +01:00
uds-remote-store.md Support per-store Markdown documentation 2023-03-21 14:03:40 +01:00
worker-protocol-impl.hh Restrict some code to StoreDirConfig 2023-11-04 19:05:36 -04:00
worker-protocol.cc HashType: Rename to HashAlgorithm 2023-12-06 23:43:42 +01:00
worker-protocol.hh Merge pull request #6236 from obsidiansystems/store-dir-config 2023-12-01 15:38:14 +01:00