NixOS/nix
NixOS/nix
1
0
Fork 0
mirror of https://github.com/NixOS/nix synced 2024-09-19 23:03:53 -04:00
Code Activity

Properly sign the unresolved drvs

Browse source 
Don't let them inherit the signature from the parent one (because it
makes no sense to do so), but re-sign them after they have been built
This commit is contained in:
regnat 2021-03-08 17:32:20 +01:00
parent 54ced9072b
commit 703c98c6cb
4 changed files with 13 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
src/libstore/build/derivation-goal.cc
View file

@ -925,6 +925,8 @@ void DerivationGoal::resolvedFinished() {
if (realisation) { if (realisation) {
auto newRealisation = *realisation; auto newRealisation = *realisation;
newRealisation.id = DrvOutput{initialOutputs.at(wantedOutput).outputHash, wantedOutput}; newRealisation.id = DrvOutput{initialOutputs.at(wantedOutput).outputHash, wantedOutput};
newRealisation.signatures.clear();
signRealisation(newRealisation);
worker.store.registerDrvOutput(newRealisation); worker.store.registerDrvOutput(newRealisation);
} else { } else {
// If we don't have a realisation, then it must mean that something // If we don't have a realisation, then it must mean that something

3
src/libstore/build/derivation-goal.hh
View file

@ -180,6 +180,9 @@ struct DerivationGoal : public Goal
/* Open a log file and a pipe to it. */ /* Open a log file and a pipe to it. */
Path openLogFile(); Path openLogFile();
/* Sign the newly built realisation if the store allows it */
virtual void signRealisation(Realisation&) {}
/* Close the log file. */ /* Close the log file. */
void closeLogFile(); void closeLogFile();

7
src/libstore/build/local-derivation-goal.cc
View file

@ -2620,12 +2620,17 @@ void LocalDerivationGoal::registerOutputs()
.id = DrvOutput{initialOutputs.at(outputName).outputHash, .id = DrvOutput{initialOutputs.at(outputName).outputHash,
outputName}, outputName},
.outPath = newInfo.path}; .outPath = newInfo.path};
getLocalStore().signRealisation(thisRealisation); signRealisation(thisRealisation);
worker.store.registerDrvOutput(thisRealisation); worker.store.registerDrvOutput(thisRealisation);
} }
} }
} }
void LocalDerivationGoal::signRealisation(Realisation & realisation)
{
getLocalStore().signRealisation(realisation);
}
void LocalDerivationGoal::checkOutputs(const std::map<Path, ValidPathInfo> & outputs) void LocalDerivationGoal::checkOutputs(const std::map<Path, ValidPathInfo> & outputs)
{ {

2
src/libstore/build/local-derivation-goal.hh
View file

@ -161,6 +161,8 @@ struct LocalDerivationGoal : public DerivationGoal
as valid. */ as valid. */
void registerOutputs() override; void registerOutputs() override;
void signRealisation(Realisation &) override;
/* Check that an output meets the requirements specified by the /* Check that an output meets the requirements specified by the
'outputChecks' attribute (or the legacy 'outputChecks' attribute (or the legacy
'{allowed,disallowed}{References,Requisites}' attributes). */ '{allowed,disallowed}{References,Requisites}' attributes). */