about summary refs log tree commit diff
path: root/tvix/store-go/pathinfo.go
package storev1

import (
	"bytes"
	"crypto/sha256"
	"encoding/base64"
	"fmt"

	"github.com/nix-community/go-nix/pkg/storepath"
)

// Validate performs some checks on the PathInfo struct, returning either the
// StorePath of the root node, or an error.
func (p *PathInfo) Validate() (*storepath.StorePath, error) {
	// ensure References has the right number of bytes.
	for i, reference := range p.GetReferences() {
		if len(reference) != storepath.PathHashSize {
			return nil, fmt.Errorf("invalid length of digest at position %d, expected %d, got %d", i, storepath.PathHashSize, len(reference))
		}
	}

	// If there's a Narinfo field populated..
	if narInfo := p.GetNarinfo(); narInfo != nil {
		// ensure the NarSha256 digest has the correct length.
		if len(narInfo.GetNarSha256()) != sha256.Size {
			return nil, fmt.Errorf("invalid number of bytes for NarSha256: expected %d, got %d", sha256.Size, len(narInfo.GetNarSha256()))
		}

		// ensure the number of references matches len(References).
		if len(narInfo.GetReferenceNames()) != len(p.GetReferences()) {
			return nil, fmt.Errorf("inconsistent number of references: %d (references) vs %d (narinfo)", len(narInfo.GetReferenceNames()), len(p.GetReferences()))
		}

		// for each ReferenceName…
		for i, referenceName := range narInfo.GetReferenceNames() {
			// ensure it parses to a store path
			storePath, err := storepath.FromString(referenceName)
			if err != nil {
				return nil, fmt.Errorf("invalid ReferenceName at position %d: %w", i, err)
			}

			// ensure the digest matches the one at References[i]
			if !bytes.Equal(p.GetReferences()[i], storePath.Digest) {
				return nil, fmt.Errorf(
					"digest in ReferenceName at position %d does not match digest in PathInfo, expected %s, got %s",
					i,
					base64.StdEncoding.EncodeToString(p.GetReferences()[i]),
					base64.StdEncoding.EncodeToString(storePath.Digest),
				)
			}
		}
	}

	// ensure there is a (root) node present
	rootNode := p.GetNode()
	if rootNode == nil {
		return nil, fmt.Errorf("root node must be set")
	}

	if err := rootNode.Validate(); err != nil {
		return nil, fmt.Errorf("root node failed validation: %w", err)
	}

	// for all three node types, ensure the name properly parses to a store path.
	// This is a stricter check as the ones already performed in the rootNode.Validate() call.
	var rootNodeName []byte

	if node := rootNode.GetDirectory(); node != nil {
		rootNodeName = node.GetName()
	} else if node := rootNode.GetFile(); node != nil {
		rootNodeName = node.GetName()
	} else if node := rootNode.GetSymlink(); node != nil {
		rootNodeName = node.GetName()
	} else {
		// already caught by rootNode.Validate()
		panic("unreachable")
	}

	storePath, err := storepath.FromString(string(rootNodeName))
	if err != nil {
		return nil, fmt.Errorf("unable to parse root node name %s as StorePath: %w", rootNodeName, err)
	}

	// If the Deriver field is populated, ensure it parses to a StorePath.
	// We can't check for it to *not* end with .drv, as the .drv files produced by
	// recursive Nix end with multiple .drv suffixes, and only one is popped when
	// converting to this field.
	if p.Deriver != nil {
		deriverStorePath := storepath.StorePath{
			Name:   string(p.Deriver.GetName()),
			Digest: p.Deriver.GetDigest(),
		}
		if err := deriverStorePath.Validate(); err != nil {
			return nil, fmt.Errorf("invalid deriver field: %w", err)
		}
	}

	return storePath, nil
}