mirror of
https://github.com/privatevoid-net/nix-super.git
synced 2024-11-22 14:06:16 +02:00
215b70f51e
This reverts commit f78126bfd6
. There
really is no need for such a massive change...
325 lines
10 KiB
Perl
325 lines
10 KiB
Perl
package Nix::Manifest;
|
||
|
||
use utf8;
|
||
use strict;
|
||
use DBI;
|
||
use DBD::SQLite;
|
||
use Cwd;
|
||
use File::stat;
|
||
use File::Path;
|
||
use Fcntl ':flock';
|
||
use MIME::Base64;
|
||
use Nix::Config;
|
||
use Nix::Store;
|
||
|
||
our @ISA = qw(Exporter);
|
||
our @EXPORT = qw(readManifest writeManifest addPatch parseNARInfo fingerprintPath);
|
||
|
||
|
||
sub addNAR {
|
||
my ($narFiles, $storePath, $info) = @_;
|
||
|
||
$$narFiles{$storePath} = []
|
||
unless defined $$narFiles{$storePath};
|
||
|
||
my $narFileList = $$narFiles{$storePath};
|
||
|
||
my $found = 0;
|
||
foreach my $narFile (@{$narFileList}) {
|
||
$found = 1 if $narFile->{url} eq $info->{url};
|
||
}
|
||
|
||
push @{$narFileList}, $info if !$found;
|
||
}
|
||
|
||
|
||
sub addPatch {
|
||
my ($patches, $storePath, $patch) = @_;
|
||
|
||
$$patches{$storePath} = []
|
||
unless defined $$patches{$storePath};
|
||
|
||
my $patchList = $$patches{$storePath};
|
||
|
||
my $found = 0;
|
||
foreach my $patch2 (@{$patchList}) {
|
||
$found = 1 if
|
||
$patch2->{url} eq $patch->{url} &&
|
||
$patch2->{basePath} eq $patch->{basePath};
|
||
}
|
||
|
||
push @{$patchList}, $patch if !$found;
|
||
|
||
return !$found;
|
||
}
|
||
|
||
|
||
sub readManifest_ {
|
||
my ($manifest, $addNAR, $addPatch) = @_;
|
||
|
||
# Decompress the manifest if necessary.
|
||
if ($manifest =~ /\.bz2$/) {
|
||
open MANIFEST, "$Nix::Config::bzip2 -d < $manifest |"
|
||
or die "cannot decompress ‘$manifest’: $!";
|
||
} else {
|
||
open MANIFEST, "<$manifest"
|
||
or die "cannot open ‘$manifest’: $!";
|
||
}
|
||
|
||
my $inside = 0;
|
||
my $type;
|
||
|
||
my $manifestVersion = 2;
|
||
|
||
my ($storePath, $url, $hash, $size, $basePath, $baseHash, $patchType);
|
||
my ($narHash, $narSize, $references, $deriver, $copyFrom, $system, $compressionType);
|
||
|
||
while (<MANIFEST>) {
|
||
chomp;
|
||
s/\#.*$//g;
|
||
next if (/^$/);
|
||
|
||
if (!$inside) {
|
||
|
||
if (/^\s*(\w*)\s*\{$/) {
|
||
$type = $1;
|
||
$type = "narfile" if $type eq "";
|
||
$inside = 1;
|
||
undef $storePath;
|
||
undef $url;
|
||
undef $hash;
|
||
undef $size;
|
||
undef $narHash;
|
||
undef $narSize;
|
||
undef $basePath;
|
||
undef $baseHash;
|
||
undef $patchType;
|
||
undef $system;
|
||
$references = "";
|
||
$deriver = "";
|
||
$compressionType = "bzip2";
|
||
}
|
||
|
||
} else {
|
||
|
||
if (/^\}$/) {
|
||
$inside = 0;
|
||
|
||
if ($type eq "narfile") {
|
||
&$addNAR($storePath,
|
||
{ url => $url, hash => $hash, size => $size
|
||
, narHash => $narHash, narSize => $narSize
|
||
, references => $references
|
||
, deriver => $deriver
|
||
, system => $system
|
||
, compressionType => $compressionType
|
||
});
|
||
}
|
||
|
||
elsif ($type eq "patch") {
|
||
&$addPatch($storePath,
|
||
{ url => $url, hash => $hash, size => $size
|
||
, basePath => $basePath, baseHash => $baseHash
|
||
, narHash => $narHash, narSize => $narSize
|
||
, patchType => $patchType
|
||
});
|
||
}
|
||
|
||
}
|
||
|
||
elsif (/^\s*StorePath:\s*(\/\S+)\s*$/) { $storePath = $1; }
|
||
elsif (/^\s*CopyFrom:\s*(\/\S+)\s*$/) { $copyFrom = $1; }
|
||
elsif (/^\s*Hash:\s*(\S+)\s*$/) { $hash = $1; }
|
||
elsif (/^\s*URL:\s*(\S+)\s*$/) { $url = $1; }
|
||
elsif (/^\s*Compression:\s*(\S+)\s*$/) { $compressionType = $1; }
|
||
elsif (/^\s*Size:\s*(\d+)\s*$/) { $size = $1; }
|
||
elsif (/^\s*BasePath:\s*(\/\S+)\s*$/) { $basePath = $1; }
|
||
elsif (/^\s*BaseHash:\s*(\S+)\s*$/) { $baseHash = $1; }
|
||
elsif (/^\s*Type:\s*(\S+)\s*$/) { $patchType = $1; }
|
||
elsif (/^\s*NarHash:\s*(\S+)\s*$/) { $narHash = $1; }
|
||
elsif (/^\s*NarSize:\s*(\d+)\s*$/) { $narSize = $1; }
|
||
elsif (/^\s*References:\s*(.*)\s*$/) { $references = $1; }
|
||
elsif (/^\s*Deriver:\s*(\S+)\s*$/) { $deriver = $1; }
|
||
elsif (/^\s*ManifestVersion:\s*(\d+)\s*$/) { $manifestVersion = $1; }
|
||
elsif (/^\s*System:\s*(\S+)\s*$/) { $system = $1; }
|
||
|
||
# Compatibility;
|
||
elsif (/^\s*NarURL:\s*(\S+)\s*$/) { $url = $1; }
|
||
elsif (/^\s*MD5:\s*(\S+)\s*$/) { $hash = "md5:$1"; }
|
||
|
||
}
|
||
}
|
||
|
||
close MANIFEST;
|
||
|
||
return $manifestVersion;
|
||
}
|
||
|
||
|
||
sub readManifest {
|
||
my ($manifest, $narFiles, $patches) = @_;
|
||
readManifest_($manifest,
|
||
sub { addNAR($narFiles, @_); },
|
||
sub { addPatch($patches, @_); } );
|
||
}
|
||
|
||
|
||
sub writeManifest {
|
||
my ($manifest, $narFiles, $patches, $noCompress) = @_;
|
||
|
||
open MANIFEST, ">$manifest.tmp"; # !!! check exclusive
|
||
|
||
print MANIFEST "version {\n";
|
||
print MANIFEST " ManifestVersion: 3\n";
|
||
print MANIFEST "}\n";
|
||
|
||
foreach my $storePath (sort (keys %{$narFiles})) {
|
||
my $narFileList = $$narFiles{$storePath};
|
||
foreach my $narFile (@{$narFileList}) {
|
||
print MANIFEST "{\n";
|
||
print MANIFEST " StorePath: $storePath\n";
|
||
print MANIFEST " NarURL: $narFile->{url}\n";
|
||
print MANIFEST " Compression: $narFile->{compressionType}\n";
|
||
print MANIFEST " Hash: $narFile->{hash}\n" if defined $narFile->{hash};
|
||
print MANIFEST " Size: $narFile->{size}\n" if defined $narFile->{size};
|
||
print MANIFEST " NarHash: $narFile->{narHash}\n";
|
||
print MANIFEST " NarSize: $narFile->{narSize}\n" if $narFile->{narSize};
|
||
print MANIFEST " References: $narFile->{references}\n"
|
||
if defined $narFile->{references} && $narFile->{references} ne "";
|
||
print MANIFEST " Deriver: $narFile->{deriver}\n"
|
||
if defined $narFile->{deriver} && $narFile->{deriver} ne "";
|
||
print MANIFEST " System: $narFile->{system}\n" if defined $narFile->{system};
|
||
print MANIFEST "}\n";
|
||
}
|
||
}
|
||
|
||
foreach my $storePath (sort (keys %{$patches})) {
|
||
my $patchList = $$patches{$storePath};
|
||
foreach my $patch (@{$patchList}) {
|
||
print MANIFEST "patch {\n";
|
||
print MANIFEST " StorePath: $storePath\n";
|
||
print MANIFEST " NarURL: $patch->{url}\n";
|
||
print MANIFEST " Hash: $patch->{hash}\n";
|
||
print MANIFEST " Size: $patch->{size}\n";
|
||
print MANIFEST " NarHash: $patch->{narHash}\n";
|
||
print MANIFEST " NarSize: $patch->{narSize}\n" if $patch->{narSize};
|
||
print MANIFEST " BasePath: $patch->{basePath}\n";
|
||
print MANIFEST " BaseHash: $patch->{baseHash}\n";
|
||
print MANIFEST " Type: $patch->{patchType}\n";
|
||
print MANIFEST "}\n";
|
||
}
|
||
}
|
||
|
||
|
||
close MANIFEST;
|
||
|
||
rename("$manifest.tmp", $manifest)
|
||
or die "cannot rename $manifest.tmp: $!";
|
||
|
||
|
||
# Create a bzipped manifest.
|
||
unless (defined $noCompress) {
|
||
system("$Nix::Config::bzip2 < $manifest > $manifest.bz2.tmp") == 0
|
||
or die "cannot compress manifest";
|
||
|
||
rename("$manifest.bz2.tmp", "$manifest.bz2")
|
||
or die "cannot rename $manifest.bz2.tmp: $!";
|
||
}
|
||
}
|
||
|
||
|
||
# Return a fingerprint of a store path to be used in binary cache
|
||
# signatures. It contains the store path, the base-32 SHA-256 hash of
|
||
# the contents of the path, and the references.
|
||
sub fingerprintPath {
|
||
my ($storePath, $narHash, $narSize, $references) = @_;
|
||
die if substr($storePath, 0, length($Nix::Config::storeDir)) ne $Nix::Config::storeDir;
|
||
die if substr($narHash, 0, 7) ne "sha256:";
|
||
# Convert hash from base-16 to base-32, if necessary.
|
||
$narHash = "sha256:" . convertHash("sha256", substr($narHash, 7), 1)
|
||
if length($narHash) == 71;
|
||
die if length($narHash) != 59;
|
||
foreach my $ref (@{$references}) {
|
||
die if substr($ref, 0, length($Nix::Config::storeDir)) ne $Nix::Config::storeDir;
|
||
}
|
||
return "1;" . $storePath . ";" . $narHash . ";" . $narSize . ";" . join(",", @{$references});
|
||
}
|
||
|
||
|
||
# Parse a NAR info file.
|
||
sub parseNARInfo {
|
||
my ($storePath, $content, $requireValidSig, $location) = @_;
|
||
|
||
my ($storePath2, $url, $fileHash, $fileSize, $narHash, $narSize, $deriver, $system, $sig);
|
||
my $compression = "bzip2";
|
||
my @refs;
|
||
|
||
foreach my $line (split "\n", $content) {
|
||
return undef unless $line =~ /^(.*): (.*)$/;
|
||
if ($1 eq "StorePath") { $storePath2 = $2; }
|
||
elsif ($1 eq "URL") { $url = $2; }
|
||
elsif ($1 eq "Compression") { $compression = $2; }
|
||
elsif ($1 eq "FileHash") { $fileHash = $2; }
|
||
elsif ($1 eq "FileSize") { $fileSize = int($2); }
|
||
elsif ($1 eq "NarHash") { $narHash = $2; }
|
||
elsif ($1 eq "NarSize") { $narSize = int($2); }
|
||
elsif ($1 eq "References") { @refs = split / /, $2; }
|
||
elsif ($1 eq "Deriver") { $deriver = $2; }
|
||
elsif ($1 eq "System") { $system = $2; }
|
||
elsif ($1 eq "Sig") { $sig = $2; }
|
||
}
|
||
|
||
return undef if $storePath ne $storePath2 || !defined $url || !defined $narHash;
|
||
|
||
my $res =
|
||
{ url => $url
|
||
, compression => $compression
|
||
, fileHash => $fileHash
|
||
, fileSize => $fileSize
|
||
, narHash => $narHash
|
||
, narSize => $narSize
|
||
, refs => [ @refs ]
|
||
, deriver => $deriver
|
||
, system => $system
|
||
};
|
||
|
||
if ($requireValidSig) {
|
||
# FIXME: might be useful to support multiple signatures per .narinfo.
|
||
|
||
if (!defined $sig) {
|
||
warn "NAR info file ‘$location’ lacks a signature; ignoring\n";
|
||
return undef;
|
||
}
|
||
my ($keyName, $sig64) = split ":", $sig;
|
||
return undef unless defined $keyName && defined $sig64;
|
||
|
||
my $publicKey = $Nix::Config::binaryCachePublicKeys{$keyName};
|
||
if (!defined $publicKey) {
|
||
warn "NAR info file ‘$location’ is signed by unknown key ‘$keyName’; ignoring\n";
|
||
return undef;
|
||
}
|
||
|
||
my $fingerprint;
|
||
eval {
|
||
$fingerprint = fingerprintPath(
|
||
$storePath, $narHash, $narSize,
|
||
[ map { "$Nix::Config::storeDir/$_" } @refs ]);
|
||
};
|
||
if ($@) {
|
||
warn "cannot compute fingerprint of ‘$location’; ignoring\n";
|
||
return undef;
|
||
}
|
||
|
||
if (!checkSignature($publicKey, decode_base64($sig64), $fingerprint)) {
|
||
warn "NAR info file ‘$location’ has an incorrect signature; ignoring\n";
|
||
return undef;
|
||
}
|
||
|
||
$res->{signedBy} = $keyName;
|
||
}
|
||
|
||
return $res;
|
||
}
|
||
|
||
|
||
return 1;
|