From 7ea536fe84d2fad2ce2f291910f51c159531273e Mon Sep 17 00:00:00 2001
From: Picnoir <picnoir@alternativebit.fr>
Date: Mon, 14 Apr 2025 10:30:47 +0200
Subject: [PATCH] Narinfo sign: multiple signatures variant

This is a small optimization used when we're signing a narinfo for
multiple keys in one go. Using this sign variant, we only compute the
NAR fingerprint once, then sign it with all the keys.
---
 src/libstore/binary-cache-store.cc          | 4 +---
 src/libstore/include/nix/store/path-info.hh | 1 +
 src/libstore/path-info.cc                   | 8 ++++++++
 3 files changed, 10 insertions(+), 3 deletions(-)

diff --git a/src/libstore/binary-cache-store.cc b/src/libstore/binary-cache-store.cc
index 744bccef0..bdc281044 100644
--- a/src/libstore/binary-cache-store.cc
+++ b/src/libstore/binary-cache-store.cc
@@ -279,9 +279,7 @@ ref<const ValidPathInfo> BinaryCacheStore::addToStoreCommon(
     stats.narWriteCompressedBytes += fileSize;
     stats.narWriteCompressionTimeMs += duration;
 
-    for (auto &signer: signers) {
-        narInfo->sign(*this, *signer);
-    }
+    narInfo->sign(*this, signers);
 
     /* Atomically write the NAR info file.*/
     writeNarInfo(narInfo);
diff --git a/src/libstore/include/nix/store/path-info.hh b/src/libstore/include/nix/store/path-info.hh
index 9bd493422..4691bfa95 100644
--- a/src/libstore/include/nix/store/path-info.hh
+++ b/src/libstore/include/nix/store/path-info.hh
@@ -144,6 +144,7 @@ struct ValidPathInfo : UnkeyedValidPathInfo {
     std::string fingerprint(const Store & store) const;
 
     void sign(const Store & store, const Signer & signer);
+    void sign(const Store & store, const std::vector<std::unique_ptr<Signer>> & signers);
 
     /**
      * @return The `ContentAddressWithReferences` that determines the
diff --git a/src/libstore/path-info.cc b/src/libstore/path-info.cc
index df20edb3b..5400a9da1 100644
--- a/src/libstore/path-info.cc
+++ b/src/libstore/path-info.cc
@@ -40,6 +40,14 @@ void ValidPathInfo::sign(const Store & store, const Signer & signer)
     sigs.insert(signer.signDetached(fingerprint(store)));
 }
 
+void ValidPathInfo::sign(const Store & store, const std::vector<std::unique_ptr<Signer>> & signers)
+{
+    auto fingerprint = this->fingerprint(store);
+    for (auto & signer: signers) {
+        sigs.insert(signer->signDetached(fingerprint));
+    }
+}
+
 std::optional<ContentAddressWithReferences> ValidPathInfo::contentAddressWithReferences() const
 {
     if (! ca)