refactor(tvix/nix-compat): rename PubKey to VerifyingKey r/8394

Align these with the way it's called in the ed25519 crates. Change-Id: Ia52d3bb9bf831dc6b5f7d5356f5ac62135672883 Reviewed-on: https://cl.tvl.fyi/c/depot/+/12013 Tested-by: BuildkiteCI Reviewed-by: raitobezarius <tvl@lahfa.xyz> Autosubmit: flokli <flokli@flokli.de>
author: Florian Klink <flokli@flokli.de> 2024-07-21T20·49+0200
committer: clbot <clbot@tvl.fyi> 2024-07-21T21·41+0000
commit: 05b4e805eeda9dc827e1464d5fd5f672b8daf26e (patch)
tree: fe5d04f594085532790bd680c572b7be4338099f
parent: 62184ee35acac69666ba26c7db852a4059fa5723 (diff)
4 files changed, 25 insertions, 25 deletions
diff --git a/tvix/nix-compat/src/narinfo/mod.rs b/tvix/nix-compat/src/narinfo/mod.rs
index b1c10bceb200..1b657d0b1792 100644
--- a/tvix/nix-compat/src/narinfo/mod.rs
+++ b/tvix/nix-compat/src/narinfo/mod.rs
@@ -27,13 +27,12 @@ use std::{
 use crate::{nixbase32, nixhash::CAHash, store_path::StorePathRef};
 
 mod fingerprint;
-mod public_keys;
 mod signature;
+mod verifying_keys;
 
 pub use fingerprint::fingerprint;
-
-pub use public_keys::{Error as PubKeyError, PubKey};
 pub use signature::{Error as SignatureError, Signature};
+pub use verifying_keys::{Error as VerifyingKeyError, VerifyingKey};
 
 #[derive(Debug)]
 pub struct NarInfo<'a> {
diff --git a/tvix/nix-compat/src/narinfo/public_keys.rs b/tvix/nix-compat/src/narinfo/verifying_keys.rs
index 4739f4fc9212..b8ed2b9531c1 100644
--- a/tvix/nix-compat/src/narinfo/public_keys.rs
+++ b/tvix/nix-compat/src/narinfo/verifying_keys.rs
@@ -4,7 +4,7 @@
 use std::fmt::Display;
 
 use data_encoding::BASE64;
-use ed25519_dalek::{VerifyingKey, PUBLIC_KEY_LENGTH};
+use ed25519_dalek::PUBLIC_KEY_LENGTH;
 
 use super::Signature;
 
@@ -12,13 +12,13 @@ use super::Signature;
 /// These are normally passed in the `trusted-public-keys` Nix config option,
 /// and consist of a name and base64-encoded ed25519 pubkey, separated by a `:`.
 #[derive(Clone, Debug, PartialEq, Eq)]
-pub struct PubKey {
+pub struct VerifyingKey {
     name: String,
-    verifying_key: VerifyingKey,
+    verifying_key: ed25519_dalek::VerifyingKey,
 }
 
-impl PubKey {
-    pub fn new(name: String, verifying_key: VerifyingKey) -> Self {
+impl VerifyingKey {
+    pub fn new(name: String, verifying_key: ed25519_dalek::VerifyingKey) -> Self {
         Self {
             name,
             verifying_key,
@@ -37,7 +37,7 @@ impl PubKey {
         }
 
         if bytes64.len() != BASE64.encode_len(PUBLIC_KEY_LENGTH) {
-            return Err(Error::InvalidPubKeyLen(bytes64.len()));
+            return Err(Error::InvalidVerifyingKeyLen(bytes64.len()));
         }
 
         let mut buf = [0; PUBLIC_KEY_LENGTH + 1];
@@ -51,7 +51,8 @@ impl PubKey {
             Err(_) => return Err(Error::DecodeError(input.to_string())),
         }
 
-        let verifying_key = VerifyingKey::from_bytes(&bytes).map_err(Error::InvalidVerifyingKey)?;
+        let verifying_key =
+            ed25519_dalek::VerifyingKey::from_bytes(&bytes).map_err(Error::InvalidVerifyingKey)?;
 
         Ok(Self {
             name: name.to_string(),
@@ -84,14 +85,14 @@ pub enum Error {
     #[error("Missing separator")]
     MissingSeparator,
     #[error("Invalid pubkey len: {0}")]
-    InvalidPubKeyLen(usize),
+    InvalidVerifyingKeyLen(usize),
     #[error("VerifyingKey error: {0}")]
     InvalidVerifyingKey(ed25519_dalek::SignatureError),
     #[error("Unable to base64-decode pubkey: {0}")]
     DecodeError(String),
 }
 
-impl Display for PubKey {
+impl Display for VerifyingKey {
     fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
         write!(
             f,
@@ -110,7 +111,7 @@ mod test {
 
     use crate::narinfo::Signature;
 
-    use super::PubKey;
+    use super::VerifyingKey;
     const FINGERPRINT: &str = "1;/nix/store/syd87l2rxw8cbsxmxl853h0r6pdwhwjr-curl-7.82.0-bin;sha256:1b4sb93wp679q4zx9k1ignby1yna3z7c4c2ri3wphylbc2dwsys0;196040;/nix/store/0jqd0rlxzra1rs38rdxl43yh6rxchgc6-curl-7.82.0,/nix/store/6w8g7njm4mck5dmjxws0z1xnrxvl81xa-glibc-2.34-115,/nix/store/j5jxw3iy7bbz4a57fh9g2xm2gxmyal8h-zlib-1.2.12,/nix/store/yxvjs9drzsphm9pcf42a4byzj1kb9m7k-openssl-1.1.1n";
 
     #[rstest]
@@ -122,7 +123,7 @@ mod test {
         #[case] exp_name: &'static str,
         #[case] exp_verifying_key_bytes: &[u8; PUBLIC_KEY_LENGTH],
     ) {
-        let pubkey = PubKey::parse(input).expect("must parse");
+        let pubkey = VerifyingKey::parse(input).expect("must parse");
         assert_eq!(exp_name, pubkey.name());
         assert_eq!(exp_verifying_key_bytes, pubkey.verifying_key.as_bytes());
     }
@@ -132,7 +133,7 @@ mod test {
     #[case::missing_padding("cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY")]
     #[case::wrong_length("cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDS")]
     fn parse_fail(#[case] input: &'static str) {
-        PubKey::parse(input).expect_err("must fail");
+        VerifyingKey::parse(input).expect_err("must fail");
     }
 
     #[rstest]
@@ -144,7 +145,7 @@ mod test {
         #[case] signature_str: &'static str,
         #[case] expected: bool,
     ) {
-        let pubkey = PubKey::parse(pubkey_str).expect("must parse");
+        let pubkey = VerifyingKey::parse(pubkey_str).expect("must parse");
         let signature = Signature::parse(signature_str).expect("must parse");
 
         assert_eq!(expected, pubkey.verify(fingerprint, &signature));
diff --git a/tvix/nix-compat/src/nixcpp/conf.rs b/tvix/nix-compat/src/nixcpp/conf.rs
index 909b3c9eb4a6..68308115f988 100644
--- a/tvix/nix-compat/src/nixcpp/conf.rs
+++ b/tvix/nix-compat/src/nixcpp/conf.rs
@@ -13,7 +13,7 @@ pub struct NixConfig<'a> {
     pub sandbox_fallback: Option<bool>,
     pub substituters: Option<Vec<&'a str>>,
     pub system_features: Option<Vec<&'a str>>,
-    pub trusted_public_keys: Option<Vec<crate::narinfo::PubKey>>,
+    pub trusted_public_keys: Option<Vec<crate::narinfo::VerifyingKey>>,
     pub trusted_substituters: Option<Vec<&'a str>>,
     pub trusted_users: Option<Vec<&'a str>>,
     pub extra_platforms: Option<Vec<&'a str>>,
@@ -78,8 +78,8 @@ impl<'a> NixConfig<'a> {
                     "trusted-public-keys" => {
                         this.trusted_public_keys = Some(
                             val.split_whitespace()
-                                .map(crate::narinfo::PubKey::parse)
-                                .collect::<Result<Vec<crate::narinfo::PubKey>, _>>()
+                                .map(crate::narinfo::VerifyingKey::parse)
+                                .collect::<Result<Vec<crate::narinfo::VerifyingKey>, _>>()
                                 .ok()?,
                         )
                     }
@@ -155,7 +155,7 @@ impl FromStr for SandboxSetting {
 
 #[cfg(test)]
 mod tests {
-    use crate::{narinfo::PubKey, nixcpp::conf::SandboxSetting};
+    use crate::{narinfo::VerifyingKey, nixcpp::conf::SandboxSetting};
 
     use super::NixConfig;
 
@@ -175,9 +175,9 @@ mod tests {
                 substituters: Some(vec!["https://nix-community.cachix.org", "https://cache.nixos.org/"]),
                 system_features: Some(vec!["nixos-test", "benchmark", "big-parallel", "kvm"]),
                 trusted_public_keys: Some(vec![
-                    PubKey::parse("cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY=")
+                    VerifyingKey::parse("cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY=")
                         .expect("failed to parse pubkey"),
-                    PubKey::parse("nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=")
+                    VerifyingKey::parse("nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=")
                         .expect("failed to parse pubkey")
                 ]),
                 trusted_substituters: Some(vec![]),
diff --git a/tvix/store/src/pathinfoservice/nix_http.rs b/tvix/store/src/pathinfoservice/nix_http.rs
index af9234bc0337..b74385c637ac 100644
--- a/tvix/store/src/pathinfoservice/nix_http.rs
+++ b/tvix/store/src/pathinfoservice/nix_http.rs
@@ -41,7 +41,7 @@ pub struct NixHTTPPathInfoService<BS, DS> {
 
     /// An optional list of [narinfo::PubKey].
     /// If set, the .narinfo files received need to have correct signature by at least one of these.
-    public_keys: Option<Vec<narinfo::PubKey>>,
+    public_keys: Option<Vec<narinfo::VerifyingKey>>,
 }
 
 impl<BS, DS> NixHTTPPathInfoService<BS, DS> {
@@ -59,7 +59,7 @@ impl<BS, DS> NixHTTPPathInfoService<BS, DS> {
     }
 
     /// Configures [Self] to validate NARInfo fingerprints with the public keys passed.
-    pub fn set_public_keys(&mut self, public_keys: Vec<narinfo::PubKey>) {
+    pub fn set_public_keys(&mut self, public_keys: Vec<narinfo::VerifyingKey>) {
         self.public_keys = Some(public_keys);
     }
 }
@@ -311,7 +311,7 @@ impl ServiceBuilder for NixHTTPPathInfoServiceConfig {
                 public_keys
                     .iter()
                     .map(|pubkey_str| {
-                        narinfo::PubKey::parse(pubkey_str)
+                        narinfo::VerifyingKey::parse(pubkey_str)
                             .map_err(|e| Error::StorageError(format!("invalid public key: {e}")))
                     })
                     .collect::<Result<Vec<_>, Error>>()?,
author	Florian Klink <flokli@flokli.de>	2024-07-21T20·49+0200
committer	clbot <clbot@tvl.fyi>	2024-07-21T21·41+0000
commit	05b4e805eeda9dc827e1464d5fd5f672b8daf26e (patch)
tree	fe5d04f594085532790bd680c572b7be4338099f
parent	62184ee35acac69666ba26c7db852a4059fa5723 (diff)