diff options
Diffstat (limited to 'nix')
| -rw-r--r-- | nix/libstore/local-store.cc | 87 | 
1 files changed, 70 insertions, 17 deletions
| diff --git a/nix/libstore/local-store.cc b/nix/libstore/local-store.cc index cbbd8e901d..8c479002ec 100644 --- a/nix/libstore/local-store.cc +++ b/nix/libstore/local-store.cc @@ -21,6 +21,7 @@  #include <stdio.h>  #include <time.h>  #include <grp.h> +#include <ctype.h>  #if HAVE_UNSHARE && HAVE_STATVFS && HAVE_SYS_MOUNT_H  #include <sched.h> @@ -1231,39 +1232,91 @@ static void checkSecrecy(const Path & path)  } -static std::string runAuthenticationProgram(const Strings & args) +/* Return the authentication agent, a "guix authenticate" process started +   lazily.  */ +static std::shared_ptr<Agent> authenticationAgent()  { -    Strings fullArgs = { "authenticate" }; -    fullArgs.insert(fullArgs.end(), args.begin(), args.end()); // append -    return runProgram(settings.guixProgram, false, fullArgs); +    static std::shared_ptr<Agent> agent; + +    if (!agent) { +	Strings args = { "authenticate" }; +	agent = std::make_shared<Agent>(settings.guixProgram, args); +    } + +    return agent; +} + +/* Read an integer and the byte that immediately follows it from FD.  Return +   the integer.  */ +static int readInteger(int fd) +{ +    string str; + +    while (1) { +        char ch; +        ssize_t rd = read(fd, &ch, 1); +        if (rd == -1) { +            if (errno != EINTR) +                throw SysError("reading an integer"); +        } else if (rd == 0) +            throw EndOfFile("unexpected EOF reading an integer"); +        else { +	    if (isdigit(ch)) { +		str += ch; +	    } else { +		break; +	    } +        } +    } + +    return stoi(str); +} + +/* Read from FD a reply coming from 'guix authenticate'.  The reply has the +   form "CODE LEN:STR".  CODE is an integer, where zero indicates success. +   LEN specifies the length in bytes of the string that immediately +   follows.  */ +static std::string readAuthenticateReply(int fd) +{ +    int code = readInteger(fd); +    int len = readInteger(fd); + +    string str; +    str.resize(len); +    readFull(fd, (unsigned char *) &str[0], len); + +    if (code == 0) +	return str; +    else +	throw Error(str);  }  /* Sign HASH with the key stored in file SECRETKEY.  Return the signature as a     string, or raise an exception upon error.  */  static std::string signHash(const string &secretKey, const Hash &hash)  { -    Strings args; -    args.push_back("sign"); -    args.push_back(secretKey); -    args.push_back(printHash(hash)); +    auto agent = authenticationAgent(); +    auto hexHash = printHash(hash); -    return runAuthenticationProgram(args); +    writeLine(agent->toAgent.writeSide, +	      (format("sign %1%:%2% %3%:%4%") +	       % secretKey.size() % secretKey +	       % hexHash.size() % hexHash).str()); + +    return readAuthenticateReply(agent->fromAgent.readSide);  }  /* Verify SIGNATURE and return the base16-encoded hash over which it was     computed.  */  static std::string verifySignature(const string &signature)  { -    Path tmpDir = createTempDir("", "guix", true, true, 0700); -    AutoDelete delTmp(tmpDir); +    auto agent = authenticationAgent(); -    Path sigFile = tmpDir + "/sig"; -    writeFile(sigFile, signature); +    writeLine(agent->toAgent.writeSide, +	      (format("verify %1%:%2%") +	       % signature.size() % signature).str()); -    Strings args; -    args.push_back("verify"); -    args.push_back(sigFile); -    return runAuthenticationProgram(args); +    return readAuthenticateReply(agent->fromAgent.readSide);  }  void LocalStore::exportPath(const Path & path, bool sign, |