5 files changed, 44 insertions, 3 deletions

diff --git a/nix/libutil/gcrypt-hash.cc b/nix/libutil/gcrypt-hash.cc
index 553f633b93..c4ae7bfcc2 100644
--- a/nix/libutil/gcrypt-hash.cc
+++ b/nix/libutil/gcrypt-hash.cc
@@ -45,6 +45,7 @@ guix_hash_final (void *resbuf, struct guix_hash_context *ctx,
   memcpy (resbuf, gcry_md_read (ctx->md_handle, algo),
 	  gcry_md_get_algo_dlen (algo));
   gcry_md_close (ctx->md_handle);
+  ctx->md_handle = NULL;
 }
 
 }
diff --git a/nix/libutil/gcrypt-hash.hh b/nix/libutil/gcrypt-hash.hh
index d93a6eb881..11f061159f 100644
--- a/nix/libutil/gcrypt-hash.hh
+++ b/nix/libutil/gcrypt-hash.hh
@@ -23,17 +23,28 @@
 #include <gcrypt.h>
 #include <unistd.h>
 
-extern "C" {
-
 struct guix_hash_context
 {
+  /* This copy constructor is needed in 'HashSink::currentHash()' where we
+     expect the copy of a 'Ctx' object to yield a truly different context.  */
+  guix_hash_context (guix_hash_context &ref)
+  {
+    if (ref.md_handle == NULL)
+      md_handle = NULL;
+    else
+      gcry_md_copy (&md_handle, ref.md_handle);
+  }
+
+  /* Make sure 'md_handle' is always initialized.  */
+  guix_hash_context (): md_handle (NULL) { };
+
   gcry_md_hd_t md_handle;
 };
 
+extern "C" {
 extern void guix_hash_init (struct guix_hash_context *ctx, int algo);
 extern void guix_hash_update (struct guix_hash_context *ctx, const void *buffer,
 			      size_t len);
 extern void guix_hash_final (void *resbuf, struct guix_hash_context *ctx,
 			     int algo);
-
 }
diff --git a/nix/nix-daemon/guix-daemon.cc b/nix/nix-daemon/guix-daemon.cc
index 4f9fa4c525..cf87e39354 100644
--- a/nix/nix-daemon/guix-daemon.cc
+++ b/nix/nix-daemon/guix-daemon.cc
@@ -195,6 +195,10 @@ main (int argc, char *argv[])
       exit (EXIT_FAILURE);
     }
 
+  /* Tell Libgcrypt that initialization has completed, as per the Libgcrypt
+     1.6.0 manual (although this does not appear to be strictly needed.)  */
+  gcry_control (GCRYCTL_INITIALIZATION_FINISHED, 0);
+
   /* Set the umask so that the daemon does not end up creating group-writable
      files, which would lead to "suspicious ownership or permission" errors.
      See <http://lists.gnu.org/archive/html/bug-guix/2013-07/msg00033.html>.  */
@@ -212,6 +216,12 @@ main (int argc, char *argv[])
     {
       settings.processEnvironment ();
 
+      /* Hackily help 'local-store.cc' find our 'guix-authenticate' program, which
+	 is known as 'OPENSSL_PATH' here.  */
+      std::string search_path (getenv ("PATH"));
+      search_path = settings.nixLibexecDir + ":" + search_path;
+      setenv ("PATH", search_path.c_str (), 1);
+
       /* Use our substituter by default.  */
       settings.substituters.clear ();
       settings.useSubstitutes = true;
diff --git a/nix/scripts/guix-authenticate.in b/nix/scripts/guix-authenticate.in
new file mode 100644
index 0000000000..5ce57915f0
--- /dev/null
+++ b/nix/scripts/guix-authenticate.in
@@ -0,0 +1,11 @@
+#!@SHELL@
+# A shorthand for "guix authenticate", for use by the daemon.
+
+if test "x$GUIX_UNINSTALLED" = "x"
+then
+    prefix="@prefix@"
+    exec_prefix="@exec_prefix@"
+    exec "@bindir@/guix" authenticate "$@"
+else
+    exec guix authenticate "$@"
+fi
diff --git a/nix/sync-with-upstream b/nix/sync-with-upstream
index 535763d602..720fae132e 100755
--- a/nix/sync-with-upstream
+++ b/nix/sync-with-upstream
@@ -70,3 +70,11 @@ cp -v "$top_srcdir/nix-upstream/AUTHORS" "$top_srcdir/nix"
 # Substitutions.
 sed -i "$top_srcdir/nix/libstore/gc.cc"					\
     -e 's|/nix/find-runtime-roots\.pl|/guix/list-runtime-roots|g'
+
+# Our 'guix_hash_context' structure has a copy constructor, specifically to
+# handle the use case in 'HashSink::currentHash()' where the copy of the
+# context is expected to truly copy the underlying hash context.  The copy
+# constructor cannot be used in 'Ctx' if that's a union, so turn it into a
+# structure (we can afford to two wasted words.)
+sed -i "$top_srcdir/nix/libutil/hash.cc" "$top_srcdir/nix/libutil/hash.hh" \
+    -e 's|union Ctx|struct Ctx|g'