wroclaw-git-backups/nix
1
0
Fork 0
mirror of https://github.com/NixOS/nix synced 2025-06-26 20:01:15 +02:00
Code Activity

Remove signRealisation from drv goal

Browse source 
We can move this method from `LocalStore` to `Store` --- even if we only
want the actual builder to sign things in many cases, there is no reason
to try to enforce this policy by spurious moving the method to a
subclass.

Now, we might technically sign class, but CA derivations is
experimental, and @Ericson2314 is going to revisit all this stuff with
issue #11896 anyways.
This commit is contained in:
Las 2025-03-10 23:21:03 +00:00 committed by John Ericson
parent 0e7e1f5b57
commit db8439c328
8 changed files with 17 additions and 28 deletions
Download patch file Download diff file Expand all files Collapse all files

2
src/libstore/build/derivation-goal.cc
View file

@ -1047,7 +1047,7 @@ Goal::Co DerivationGoal::resolvedFinished()
: worker.store; : worker.store;
newRealisation.dependentRealisations = drvOutputReferences(worker.store, *drv, realisation.outPath, &drvStore); newRealisation.dependentRealisations = drvOutputReferences(worker.store, *drv, realisation.outPath, &drvStore);
} }
signRealisation(newRealisation); worker.store.signRealisation(newRealisation);
worker.store.registerDrvOutput(newRealisation); worker.store.registerDrvOutput(newRealisation);
} }
outputPaths.insert(realisation.outPath); outputPaths.insert(realisation.outPath);

5
src/libstore/build/derivation-goal.hh
View file

@ -267,11 +267,6 @@ struct DerivationGoal : public Goal
*/ */
Path openLogFile(); Path openLogFile();
/**
* Sign the newly built realisation if the store allows it
*/
virtual void signRealisation(Realisation&) {}
/** /**
* Close the log file. * Close the log file.
*/ */

13
src/libstore/local-store.cc
View file

@ -1585,19 +1585,6 @@ void LocalStore::addSignatures(const StorePath & storePath, const StringSet & si
} }
void LocalStore::signRealisation(Realisation & realisation)
{
// FIXME: keep secret keys in memory.
auto secretKeyFiles = settings.secretKeyFiles;
for (auto & secretKeyFile : secretKeyFiles.get()) {
SecretKey secretKey(readFile(secretKeyFile));
LocalSigner signer(std::move(secretKey));
realisation.sign(signer);
}
}
void LocalStore::signPathInfo(ValidPathInfo & info) void LocalStore::signPathInfo(ValidPathInfo & info)
{ {
// FIXME: keep secret keys in memory. // FIXME: keep secret keys in memory.

1
src/libstore/local-store.hh
View file

@ -401,7 +401,6 @@ private:
* specified by the secret-key-files option. * specified by the secret-key-files option.
*/ */
void signPathInfo(ValidPathInfo & info); void signPathInfo(ValidPathInfo & info);
void signRealisation(Realisation &);
void addBuildLog(const StorePath & drvPath, std::string_view log) override; void addBuildLog(const StorePath & drvPath, std::string_view log) override;

13
src/libstore/store-api.cc
View file

@ -1274,6 +1274,19 @@ Derivation Store::readDerivation(const StorePath & drvPath)
Derivation Store::readInvalidDerivation(const StorePath & drvPath) Derivation Store::readInvalidDerivation(const StorePath & drvPath)
{ return readDerivationCommon(*this, drvPath, false); } { return readDerivationCommon(*this, drvPath, false); }
void Store::signRealisation(Realisation & realisation)
{
// FIXME: keep secret keys in memory.
auto secretKeyFiles = settings.secretKeyFiles;
for (auto & secretKeyFile : secretKeyFiles.get()) {
SecretKey secretKey(readFile(secretKeyFile));
LocalSigner signer(std::move(secretKey));
realisation.sign(signer);
}
}
} }

2
src/libstore/store-api.hh
View file

@ -622,6 +622,8 @@ public:
virtual void addSignatures(const StorePath & storePath, const StringSet & sigs) virtual void addSignatures(const StorePath & storePath, const StringSet & sigs)
{ unsupported("addSignatures"); } { unsupported("addSignatures"); }
void signRealisation(Realisation &);
/* Utility functions. */ /* Utility functions. */
/** /**

7
src/libstore/unix/build/local-derivation-goal.cc
View file

@ -2872,7 +2872,7 @@ SingleDrvOutputs LocalDerivationGoal::registerOutputs()
if (experimentalFeatureSettings.isEnabled(Xp::CaDerivations) if (experimentalFeatureSettings.isEnabled(Xp::CaDerivations)
&& !drv->type().isImpure()) && !drv->type().isImpure())
{ {
signRealisation(thisRealisation); worker.store.signRealisation(thisRealisation);
worker.store.registerDrvOutput(thisRealisation); worker.store.registerDrvOutput(thisRealisation);
} }
builtOutputs.emplace(outputName, thisRealisation); builtOutputs.emplace(outputName, thisRealisation);
@ -2881,11 +2881,6 @@ SingleDrvOutputs LocalDerivationGoal::registerOutputs()
return builtOutputs; return builtOutputs;
} }
void LocalDerivationGoal::signRealisation(Realisation & realisation)
{
getLocalStore().signRealisation(realisation);
}
void LocalDerivationGoal::checkOutputs(const std::map<std::string, ValidPathInfo> & outputs) void LocalDerivationGoal::checkOutputs(const std::map<std::string, ValidPathInfo> & outputs)
{ {

2
src/libstore/unix/build/local-derivation-goal.hh
View file

@ -241,8 +241,6 @@ struct LocalDerivationGoal : public DerivationGoal
*/ */
SingleDrvOutputs registerOutputs(); SingleDrvOutputs registerOutputs();
void signRealisation(Realisation &) override;
/** /**
* Check that an output meets the requirements specified by the * Check that an output meets the requirements specified by the
* 'outputChecks' attribute (or the legacy * 'outputChecks' attribute (or the legacy