Make sodium a required dependency

src/libmain/shared.cc

@@ -18,9 +18,7 @@
 
 #include <openssl/crypto.h>
 
-#if HAVE_SODIUM
 #include <sodium.h>
-#endif
 
 
 namespace nix {
@@ -130,10 +128,8 @@ void initNix()
     CRYPTO_set_locking_callback(opensslLockCallback);
 #endif
 
-#if HAVE_SODIUM
     if (sodium_init() == -1)
         throw Error("could not initialise libsodium");
-#endif
 
     loadConfFile();
 
@@ -283,9 +279,7 @@ void printVersion(const string & programName)
 #if HAVE_BOEHMGC
         cfg.push_back("gc");
 #endif
-#if HAVE_SODIUM
         cfg.push_back("signed-caches");
-#endif
         std::cout << "System type: " << settings.thisSystem << "\n";
         std::cout << "Additional system types: " << concatStringsSep(", ", settings.extraPlatforms.get()) << "\n";
         std::cout << "Features: " << concatStringsSep(", ", cfg) << "\n";

src/libstore/crypto.cc

@@ -2,9 +2,7 @@
 #include "util.hh"
 #include "globals.hh"
 
-#if HAVE_SODIUM
 #include <sodium.h>
-#endif
 
 namespace nix {
 
@@ -37,70 +35,46 @@ std::string Key::to_string() const
 SecretKey::SecretKey(std::string_view s)
     : Key(s)
 {
-#if HAVE_SODIUM
     if (key.size() != crypto_sign_SECRETKEYBYTES)
         throw Error("secret key is not valid");
-#endif
 }
 
-#if !HAVE_SODIUM
-[[noreturn]] static void noSodium()
-{
-    throw Error("Nix was not compiled with libsodium, required for signed binary cache support");
-}
-#endif
-
 std::string SecretKey::signDetached(std::string_view data) const
 {
-#if HAVE_SODIUM
     unsigned char sig[crypto_sign_BYTES];
     unsigned long long sigLen;
     crypto_sign_detached(sig, &sigLen, (unsigned char *) data.data(), data.size(),
         (unsigned char *) key.data());
     return name + ":" + base64Encode(std::string((char *) sig, sigLen));
-#else
-    noSodium();
-#endif
 }
 
 PublicKey SecretKey::toPublicKey() const
 {
-#if HAVE_SODIUM
     unsigned char pk[crypto_sign_PUBLICKEYBYTES];
     crypto_sign_ed25519_sk_to_pk(pk, (unsigned char *) key.data());
     return PublicKey(name, std::string((char *) pk, crypto_sign_PUBLICKEYBYTES));
-#else
-    noSodium();
-#endif
 }
 
 SecretKey SecretKey::generate(std::string_view name)
 {
-#if HAVE_SODIUM
     unsigned char pk[crypto_sign_PUBLICKEYBYTES];
     unsigned char sk[crypto_sign_SECRETKEYBYTES];
     if (crypto_sign_keypair(pk, sk) != 0)
         throw Error("key generation failed");
 
     return SecretKey(name, std::string((char *) sk, crypto_sign_SECRETKEYBYTES));
-#else
-    noSodium();
-#endif
 }
 
 PublicKey::PublicKey(std::string_view s)
     : Key(s)
 {
-#if HAVE_SODIUM
     if (key.size() != crypto_sign_PUBLICKEYBYTES)
         throw Error("public key is not valid");
-#endif
 }
 
 bool verifyDetached(const std::string & data, const std::string & sig,
     const PublicKeys & publicKeys)
 {
-#if HAVE_SODIUM
     auto ss = split(sig);
 
     auto key = publicKeys.find(std::string(ss.first));
@@ -113,9 +87,6 @@ bool verifyDetached(const std::string & data, const std::string & sig,
     return crypto_sign_verify_detached((unsigned char *) sig2.data(),
         (unsigned char *) data.data(), data.size(),
         (unsigned char *) key->second.key.data()) == 0;
-#else
-    noSodium();
-#endif
 }
 
 PublicKeys getDefaultPublicKeys()

src/nix/sigs.cc

@@ -142,7 +142,6 @@ struct CmdSignPaths : StorePathsCommand
 
 static auto rCmdSignPaths = registerCommand2<CmdSignPaths>({"store", "sign-paths"});
 
-#if HAVE_SODIUM
 struct CmdKeyGenerateSecret : Command
 {
     std::optional<std::string> keyName;
@@ -227,4 +226,3 @@ struct CmdKey : NixMultiCommand
 };
 
 static auto rCmdKey = registerCommand<CmdKey>("key");
-#endif