about summary refs log tree commit diff
diff options
context:
space:
mode:
authorEelco Dolstra <e.dolstra@tudelft.nl>2005-04-07T14·01+0000
committerEelco Dolstra <e.dolstra@tudelft.nl>2005-04-07T14·01+0000
commitc815aff21b668f5fe7bbd04086a988df51281840 (patch)
tree8532d7fab1ab916c99d9034cfa2167b73726aba4
parent57d023a184bdc2f30cd7052c157e43ba1bca8288 (diff)
* `nix-store --add-fixed' to preload the outputs of fixed-output
  derivations.  This is mostly to simplify the implementation of
  nix-prefetch-{url, svn}, which now work properly in setuid
  installations.

* Enforce valid store names in `nix-store --add / --add-fixed'.

-rw-r--r--NEWS6
-rw-r--r--corepkgs/fetchurl/builder.sh.in8
-rw-r--r--scripts/nix-prefetch-url.in63
-rw-r--r--src/libexpr/primops.cc12
-rw-r--r--src/libstore/store.cc61
-rw-r--r--src/libstore/store.hh9
-rw-r--r--src/nix-store/main.cc50
7 files changed, 152 insertions, 57 deletions
diff --git a/NEWS b/NEWS
index 21aed89558d6..8f65315a69d5 100644
--- a/NEWS
+++ b/NEWS
@@ -1,4 +1,4 @@
-Version 0.8
+Version 0.8 
 
 NOTE: the hashing scheme in Nix 0.8 changed (as detailed below).  As a
 result, `nix-pull' manifests and channels built for Nix 0.7 and below
@@ -161,7 +161,7 @@ Nix 0.8 has the following improvements:
   all unsafe, really ;-)
 
   
-Version 0.7
+Version 0.7 (January 12, 2005)
 
 * Binary patching.  When upgrading components using pre-built binaries
   (through nix-pull / nix-channel), Nix can automatically download and
@@ -183,7 +183,7 @@ Version 0.7
   dependencies are revealed.
 
 
-Version 0.6
+Version 0.6 (November 14, 2004)
 
 Major changes include the following:
 
diff --git a/corepkgs/fetchurl/builder.sh.in b/corepkgs/fetchurl/builder.sh.in
index 92b87465261d..02abb18b4b77 100644
--- a/corepkgs/fetchurl/builder.sh.in
+++ b/corepkgs/fetchurl/builder.sh.in
@@ -2,10 +2,4 @@
 
 echo "downloading $url into $out"
 
-prefetch=@storedir@/nix-prefetch-url-$outputHash
-if test -f "$prefetch"; then
-    echo "using prefetched $prefetch";
-    @coreutils@/mv $prefetch $out
-else
-    @curl@ --fail --location --max-redirs 20 "$url" > "$out"
-fi
+@curl@ --fail --location --max-redirs 20 "$url" > "$out"
diff --git a/scripts/nix-prefetch-url.in b/scripts/nix-prefetch-url.in
index 6153838335ed..5f6ea4c0d37a 100644
--- a/scripts/nix-prefetch-url.in
+++ b/scripts/nix-prefetch-url.in
@@ -1,7 +1,7 @@
 #! @shell@ -e
 
 url=$1
-hash=$2
+expHash=$2
 
 hashType=$NIX_HASH_ALGO
 if test -z "$hashType"; then
@@ -14,55 +14,54 @@ if test "$hashType" != "md5"; then
 fi
 
 if test -z "$url"; then
-    echo "syntax: nix-prefetch-url URL" >&2
+    echo "syntax: nix-prefetch-url URL [EXPECTED-HASH]" >&2
     exit 1
 fi
 
-# Determine the hash, unless it was given.
-if test -z "$hash"; then
+name=$(basename "$url")
+if test -z "$name"; then echo "invalid url"; exit 1; fi
 
-    # !!! race
-    tmpPath1=@storedir@/nix-prefetch-url-$$
 
-    # Test whether we have write permission in the store.  If not,
-    # fetch to /tmp and don't copy to the store.  This is a hack to
-    # make this script at least work somewhat in setuid installations.
-    if ! touch $tmpPath1 2> /dev/null; then
-        echo "(cannot write to the store, result won't be cached)" >&2
-        dummyMode=1
-        tmpPath1=/tmp/nix-prefetch-url-$$ # !!! security?
+# If the hash was given, a file with that hash may already be in the
+# store.
+if test -n "$expHash"; then
+    finalPath=$(@bindir@/nix-store --print-fixed-path "$hashType" "$expHash" "$name")
+    if ! @bindir@/nix-store --check-validity "$finalPath" 2> /dev/null; then
+        finalPath=
     fi
+    hash=$expHash
+fi
+
+
+# If we don't know the hash or a file with that hash doesn't exist,
+# download the file and add it to the store.
+if test -z "$finalPath"; then
+
+    tmpPath=/tmp/nix-prefetch-url-$$ # !!! security?
+    tmpFile=$tmpPath/$name
+    mkdir $tmpPath
 
     # Perform the download.
-    @curl@ --fail --location --max-redirs 20 "$url" > $tmpPath1
+    @curl@ --fail --location --max-redirs 20 "$url" > $tmpFile
 
     # Compute the hash.
-    hash=$(@bindir@/nix-hash --type "$hashType" $hashFormat --flat $tmpPath1)
+    hash=$(@bindir@/nix-hash --type "$hashType" $hashFormat --flat $tmpFile)
     if ! test -n "$QUIET"; then echo "hash is $hash" >&2; fi
 
-    # Rename it so that the fetchurl builder can find it.
-    if test "$dummyMode" != 1; then
-        tmpPath2=@storedir@/nix-prefetch-url-$hash
-        test -e $tmpPath2 || mv $tmpPath1 $tmpPath2 # !!! race
-    fi
+    # Add the downloaded file to the Nix store.
+    finalPath=$(@bindir@/nix-store --add-fixed "$hashType" $tmpFile)
 
+    if test -n "$tmpPath"; then rm -rf $tmpPath || true; fi
+
+    if test -n "$expHash" -a "$expHash" != "$hash"; then
+        echo "hash mismatch for URL \`$url'"
+        exit 1
+    fi
 fi
 
-# Create a Nix expression that does a fetchurl.
-storeExpr=$( \
-    echo "(import @datadir@/nix/corepkgs/fetchurl) \
-        {url = $url; outputHashAlgo = \"$hashType\"; outputHash = \"$hash\"; system = \"@system@\";}" \
-    | @bindir@/nix-instantiate -)
 
-# Realise it.
-finalPath=$(@bindir@/nix-store -r $storeExpr)
-    
 if ! test -n "$QUIET"; then echo "path is $finalPath" >&2; fi
 
-if test -n "$tmpPath1" -o -n "$tmpPath2"; then
-    rm -rf $tmpPath1 $tmpPath2 || true
-fi
-
 echo $hash
 
 if test -n "$PRINT_PATH"; then
diff --git a/src/libexpr/primops.cc b/src/libexpr/primops.cc
index a2f27b4dc87f..03d36638d4b4 100644
--- a/src/libexpr/primops.cc
+++ b/src/libexpr/primops.cc
@@ -267,17 +267,7 @@ static Expr primDerivation(EvalState & state, const ATermVector & _args)
     /* Check the derivation name.  It shouldn't contain whitespace,
        but we are conservative here: we check whether only
        alphanumerics and some other characters appear. */
-    string validChars = "+-._?=";
-    for (string::iterator i = drvName.begin(); i != drvName.end(); ++i)
-        if (!((*i >= 'A' && *i <= 'Z') ||
-              (*i >= 'a' && *i <= 'z') ||
-              (*i >= '0' && *i <= '9') ||
-              validChars.find(*i) != string::npos))
-        {
-            throw Error(format("invalid character `%1%' in derivation name `%2%'")
-                % *i % drvName);
-        }
-
+    checkStoreName(drvName);
     if (isDerivation(drvName))
         throw Error(format("derivation names are not allowed to end in `%1%'")
             % drvExtension);
diff --git a/src/libstore/store.cc b/src/libstore/store.cc
index 87425430a3eb..4e531bc4100f 100644
--- a/src/libstore/store.cc
+++ b/src/libstore/store.cc
@@ -202,6 +202,21 @@ Path toStorePath(const Path & path)
 }
 
 
+void checkStoreName(const string & name)
+{
+    string validChars = "+-._?=";
+    for (string::const_iterator i = name.begin(); i != name.end(); ++i)
+        if (!((*i >= 'A' && *i <= 'Z') ||
+              (*i >= 'a' && *i <= 'z') ||
+              (*i >= '0' && *i <= '9') ||
+              validChars.find(*i) != string::npos))
+        {
+            throw Error(format("invalid character `%1%' in name `%2%'")
+                % *i % name);
+        }
+}
+
+
 void canonicalisePathMetaData(const Path & path)
 {
     checkInterrupt();
@@ -579,13 +594,28 @@ Path makeStorePath(const string & type,
     string s = type + ":sha256:" + printHash(hash) + ":"
         + nixStore + ":" + suffix;
 
+    checkStoreName(suffix);
+
     return nixStore + "/"
         + printHash32(compressHash(hashString(htSHA256, s), 20))
         + "-" + suffix;
 }
 
 
-Path addToStore(const Path & _srcPath)
+Path makeFixedOutputPath(bool recursive,
+    string hashAlgo, Hash hash, string name)
+{
+    /* !!! copy/paste from primops.cc */
+    Hash h = hashString(htSHA256, "fixed:out:"
+        + (recursive ? (string) "r:" : "") + hashAlgo + ":"
+        + printHash(hash) + ":"
+        + "");
+    return makeStorePath("output:out", h, name);
+}
+
+
+static Path _addToStore(bool fixed, bool recursive,
+    string hashAlgo, const Path & _srcPath)
 {
     Path srcPath(absPath(_srcPath));
     debug(format("adding `%1%' to the store") % srcPath);
@@ -597,7 +627,22 @@ Path addToStore(const Path & _srcPath)
     }
 
     string baseName = baseNameOf(srcPath);
-    Path dstPath = makeStorePath("source", h, baseName);
+
+    Path dstPath;
+    
+    if (fixed) {
+
+        HashType ht(parseHashType(hashAlgo));
+        Hash h2(ht);
+        {
+            SwitchToOriginalUser sw;
+            h2 = recursive ? hashPath(ht, srcPath) : hashFile(ht, srcPath);
+        }
+        
+        dstPath = makeFixedOutputPath(recursive, hashAlgo, h2, baseName);
+    }
+        
+    else dstPath = makeStorePath("source", h, baseName);
 
     addTempRoot(dstPath);
 
@@ -635,6 +680,18 @@ Path addToStore(const Path & _srcPath)
 }
 
 
+Path addToStore(const Path & srcPath)
+{
+    return _addToStore(false, false, "", srcPath);
+}
+
+
+Path addToStoreFixed(bool recursive, string hashAlgo, const Path & srcPath)
+{
+    return _addToStore(true, recursive, hashAlgo, srcPath);
+}
+
+
 Path addTextToStore(const string & suffix, const string & s,
     const PathSet & references)
 {
diff --git a/src/libstore/store.hh b/src/libstore/store.hh
index 01a971404c5c..bcaea401e260 100644
--- a/src/libstore/store.hh
+++ b/src/libstore/store.hh
@@ -85,6 +85,8 @@ void assertStorePath(const Path & path);
 bool isInStore(const Path & path);
 bool isStorePath(const Path & path);
 
+void checkStoreName(const string & name);
+
 /* Chop off the parts after the top-level store name, e.g.,
    /nix/store/abcd-foo/bar => /nix/store/abcd-foo. */
 Path toStorePath(const Path & path);
@@ -137,6 +139,13 @@ Path makeStorePath(const string & type,
    the resulting path.  The resulting path is returned. */
 Path addToStore(const Path & srcPath);
 
+/* Like addToStore(), but for pre-adding the outputs of fixed-output
+   derivations. */
+Path addToStoreFixed(bool recursive, string hashAlgo, const Path & srcPath);
+
+Path makeFixedOutputPath(bool recursive,
+    string hashAlgo, Hash hash, string name);
+
 /* Like addToStore, but the contents written to the output path is a
    regular file containing the given string. */
 Path addTextToStore(const string & suffix, const string & s,
diff --git a/src/nix-store/main.cc b/src/nix-store/main.cc
index ff226f986387..a8720ce6fbd7 100644
--- a/src/nix-store/main.cc
+++ b/src/nix-store/main.cc
@@ -85,8 +85,7 @@ static void opRealise(Strings opFlags, Strings opArgs)
 }
 
 
-/* Add files to the Nix values directory and print the resulting
-   paths. */
+/* Add files to the Nix store and print the resulting paths. */
 static void opAdd(Strings opFlags, Strings opArgs)
 {
     if (!opFlags.empty()) throw UsageError("unknown flag");
@@ -96,6 +95,49 @@ static void opAdd(Strings opFlags, Strings opArgs)
 }
 
 
+/* Preload the output of a fixed-output derivation into the Nix
+   store. */
+static void opAddFixed(Strings opFlags, Strings opArgs)
+{
+    bool recursive = false;
+    
+    for (Strings::iterator i = opFlags.begin();
+         i != opFlags.end(); ++i)
+        if (*i == "--recursive") recursive = true;
+        else throw UsageError(format("unknown flag `%1%'") % *i);
+
+    if (opArgs.empty())
+        throw UsageError("first argument must be hash algorithm");
+    
+    string hashAlgo = opArgs.front();
+    opArgs.pop_front();
+
+    for (Strings::iterator i = opArgs.begin(); i != opArgs.end(); ++i)
+        cout << format("%1%\n") % addToStoreFixed(recursive, hashAlgo, *i);
+}
+
+
+/* Hack to support caching in `nix-prefetch-url'. */
+static void opPrintFixedPath(Strings opFlags, Strings opArgs)
+{
+    bool recursive = false;
+    
+    for (Strings::iterator i = opFlags.begin();
+         i != opFlags.end(); ++i)
+        if (*i == "--recursive") recursive = true;
+        else throw UsageError(format("unknown flag `%1%'") % *i);
+
+    Strings::iterator i = opArgs.begin();
+    string hashAlgo = *i++;
+    string hash = *i++;
+    string name = *i++;
+
+    cout << format("%1%\n") %
+        makeFixedOutputPath(recursive, hashAlgo,
+            parseHash(parseHashType(hashAlgo), hash), name);
+}
+
+
 /* Place in `paths' the set of paths that are required to `realise'
    the given store path, i.e., all paths necessary for valid
    deployment of the path.  For a derivation, this is the union of
@@ -557,6 +599,10 @@ void run(Strings args)
             op = opRealise;
         else if (arg == "--add" || arg == "-A")
             op = opAdd;
+        else if (arg == "--add-fixed")
+            op = opAddFixed;
+        else if (arg == "--print-fixed-path")
+            op = opPrintFixedPath;
         else if (arg == "--query" || arg == "-q")
             op = opQuery;
         else if (arg == "--substitute")