diff options
author | Eelco Dolstra <e.dolstra@tudelft.nl> | 2007-01-29T15·51+0000 |
---|---|---|
committer | Eelco Dolstra <e.dolstra@tudelft.nl> | 2007-01-29T15·51+0000 |
commit | b618fa6eb6aa4cc128286ab748bfb100fa46a888 (patch) | |
tree | cbc903a32f4b1fa2570904e4e4768839b2e64a1e | |
parent | c558b1583c0e23bf4e19e916ef0ba223b61405a3 (diff) |
* computeStorePathForText: take the references into account when
computing the store path (NIX-77). This is an important security property in multi-user Nix stores. Note that this changes the store paths of derivations (since the derivation aterms are added using addTextToStore), but not most outputs (unless they use builtins.toFile).
-rw-r--r-- | src/libexpr/primops.cc | 2 | ||||
-rw-r--r-- | src/libstore/derivations.cc | 2 | ||||
-rw-r--r-- | src/libstore/local-store.cc | 2 | ||||
-rw-r--r-- | src/libstore/store-api.cc | 15 | ||||
-rw-r--r-- | src/libstore/store-api.hh | 3 |
5 files changed, 18 insertions, 6 deletions
diff --git a/src/libexpr/primops.cc b/src/libexpr/primops.cc index 589faf48ae25..aca5f5856de8 100644 --- a/src/libexpr/primops.cc +++ b/src/libexpr/primops.cc @@ -624,7 +624,7 @@ static Expr prim_toFile(EvalState & state, const ATermVector & args) } Path storePath = readOnlyMode - ? computeStorePathForText(name, contents) + ? computeStorePathForText(name, contents, refs) : store->addTextToStore(name, contents, refs); /* Note: we don't need to add `context' to the context of the diff --git a/src/libstore/derivations.cc b/src/libstore/derivations.cc index aea95ef31477..3456a5f714a0 100644 --- a/src/libstore/derivations.cc +++ b/src/libstore/derivations.cc @@ -29,7 +29,7 @@ Path writeDerivation(const Derivation & drv, const string & name) string suffix = name + drvExtension; string contents = atPrint(unparseDerivation(drv)); return readOnlyMode - ? computeStorePathForText(suffix, contents) + ? computeStorePathForText(suffix, contents, references) : store->addTextToStore(suffix, contents, references); } diff --git a/src/libstore/local-store.cc b/src/libstore/local-store.cc index 34fe33461f20..56d97a048aad 100644 --- a/src/libstore/local-store.cc +++ b/src/libstore/local-store.cc @@ -667,7 +667,7 @@ Path LocalStore::addToStore(const Path & _srcPath, bool fixed, Path LocalStore::addTextToStore(const string & suffix, const string & s, const PathSet & references) { - Path dstPath = computeStorePathForText(suffix, s); + Path dstPath = computeStorePathForText(suffix, s, references); addTempRoot(dstPath); diff --git a/src/libstore/store-api.cc b/src/libstore/store-api.cc index be9ea788bc20..6ffbaf1ebf1e 100644 --- a/src/libstore/store-api.cc +++ b/src/libstore/store-api.cc @@ -73,6 +73,8 @@ Path makeStorePath(const string & type, string s = type + ":sha256:" + printHash(hash) + ":" + nixStore + ":" + suffix; + printMsg(lvlError, s); + checkStoreName(suffix); return nixStore + "/" @@ -114,10 +116,19 @@ std::pair<Path, Hash> computeStorePathForPath(const Path & srcPath, } -Path computeStorePathForText(const string & suffix, const string & s) +Path computeStorePathForText(const string & suffix, const string & s, + const PathSet & references) { Hash hash = hashString(htSHA256, s); - return makeStorePath("text", hash, suffix); + /* Stuff the references (if any) into the type. This is a bit + hacky, but we can't put them in `s' since that would be + ambiguous. */ + string type = "text"; + for (PathSet::const_iterator i = references.begin(); i != references.end(); ++i) { + type += ":"; + type += *i; + } + return makeStorePath(type, hash, suffix); } diff --git a/src/libstore/store-api.hh b/src/libstore/store-api.hh index d92b03df0621..361e7aaa1aee 100644 --- a/src/libstore/store-api.hh +++ b/src/libstore/store-api.hh @@ -215,7 +215,8 @@ std::pair<Path, Hash> computeStorePathForPath(const Path & srcPath, simply yield a different store path, so other users wouldn't be affected), but it has some backwards compatibility issues (the hashing scheme changes), so I'm not doing that for now. */ -Path computeStorePathForText(const string & suffix, const string & s); +Path computeStorePathForText(const string & suffix, const string & s, + const PathSet & references); /* Remove the temporary roots file for this process. Any temporary |