summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--config-daemon.ac4
-rw-r--r--nix/libstore/local-store.cc17
-rw-r--r--nix/local.mk7
-rw-r--r--nix/nix-daemon/guix-daemon.cc12
-rw-r--r--nix/scripts/authenticate.in (renamed from nix/scripts/guix-authenticate.in)0
5 files changed, 19 insertions, 21 deletions
diff --git a/config-daemon.ac b/config-daemon.ac
index 04f0fde3b2..aac46817f5 100644
--- a/config-daemon.ac
+++ b/config-daemon.ac
@@ -163,8 +163,8 @@ if test "x$guix_build_daemon" = "xyes"; then
[chmod +x nix/scripts/download])
AC_CONFIG_FILES([nix/scripts/substitute],
[chmod +x nix/scripts/substitute])
- AC_CONFIG_FILES([nix/scripts/guix-authenticate],
- [chmod +x nix/scripts/guix-authenticate])
+ AC_CONFIG_FILES([nix/scripts/authenticate],
+ [chmod +x nix/scripts/authenticate])
AC_CONFIG_FILES([nix/scripts/offload],
[chmod +x nix/scripts/offload])
fi
diff --git a/nix/libstore/local-store.cc b/nix/libstore/local-store.cc
index 4c55c6ea0d..0aed59710f 100644
--- a/nix/libstore/local-store.cc
+++ b/nix/libstore/local-store.cc
@@ -1222,6 +1222,18 @@ static void checkSecrecy(const Path & path)
}
+static std::string runAuthenticationProgram(const Strings & args)
+{
+ /* Use the 'authenticate' script from 'LIBEXECDIR/guix' or just
+ 'LIBEXECDIR', depending on whether we're uninstalled or not. */
+ const bool installed = getenv("GUIX_UNINSTALLED") == NULL;
+ const string program = settings.nixLibexecDir
+ + (installed ? "/guix" : "")
+ + "/authenticate";
+
+ return runProgram(program, false, args);
+}
+
void LocalStore::exportPath(const Path & path, bool sign,
Sink & sink)
{
@@ -1276,7 +1288,8 @@ void LocalStore::exportPath(const Path & path, bool sign,
args.push_back(secretKey);
args.push_back("-in");
args.push_back(hashFile);
- string signature = runProgram(OPENSSL_PATH, true, args);
+
+ string signature = runAuthenticationProgram(args);
writeString(signature, hashAndWriteSink);
@@ -1366,7 +1379,7 @@ Path LocalStore::importPath(bool requireSignature, Source & source)
args.push_back("-pubin");
args.push_back("-in");
args.push_back(sigFile);
- string hash2 = runProgram(OPENSSL_PATH, true, args);
+ string hash2 = runAuthenticationProgram(args);
/* Note: runProgram() throws an exception if the signature
is invalid. */
diff --git a/nix/local.mk b/nix/local.mk
index 7d45f200b8..fe45c344f0 100644
--- a/nix/local.mk
+++ b/nix/local.mk
@@ -113,7 +113,6 @@ libstore_a_CPPFLAGS = \
-DGUIX_CONFIGURATION_DIRECTORY=\"$(sysconfdir)/guix\" \
-DNIX_LIBEXEC_DIR=\"$(libexecdir)\" \
-DNIX_BIN_DIR=\"$(bindir)\" \
- -DOPENSSL_PATH="\"guix-authenticate\"" \
-DDEFAULT_CHROOT_DIRS="\"\""
libstore_a_CXXFLAGS = $(AM_CXXFLAGS) \
@@ -168,10 +167,8 @@ nodist_pkglibexec_SCRIPTS += \
endif BUILD_DAEMON_OFFLOAD
-
-# XXX: It'd be better to hide it in $(pkglibexecdir).
-nodist_libexec_SCRIPTS = \
- %D%/scripts/guix-authenticate
+nodist_pkglibexec_SCRIPTS += \
+ %D%/scripts/authenticate
# The '.service' files for systemd.
systemdservicedir = $(libdir)/systemd/system
diff --git a/nix/nix-daemon/guix-daemon.cc b/nix/nix-daemon/guix-daemon.cc
index b71b100f6c..8fdab2d116 100644
--- a/nix/nix-daemon/guix-daemon.cc
+++ b/nix/nix-daemon/guix-daemon.cc
@@ -466,18 +466,6 @@ main (int argc, char *argv[])
{
settings.processEnvironment ();
- /* Hackily help 'local-store.cc' find our 'guix-authenticate' program, which
- is known as 'OPENSSL_PATH' here. */
- std::string search_path;
- search_path = settings.nixLibexecDir;
- if (getenv ("PATH") != NULL)
- {
- search_path += ":";
- search_path += getenv ("PATH");
- }
-
- setenv ("PATH", search_path.c_str (), 1);
-
/* Use our substituter by default. */
settings.substituters.clear ();
settings.set ("build-use-substitutes", "true");
diff --git a/nix/scripts/guix-authenticate.in b/nix/scripts/authenticate.in
index 5ce57915f0..5ce57915f0 100644
--- a/nix/scripts/guix-authenticate.in
+++ b/nix/scripts/authenticate.in