about summary refs log tree commit diff
path: root/src/libstore
diff options
context:
space:
mode:
authorEelco Dolstra <e.dolstra@tudelft.nl>2007-02-21T14·31+0000
committerEelco Dolstra <e.dolstra@tudelft.nl>2007-02-21T14·31+0000
commit46e0919ced4646004cc0701b188d0a68e24e8924 (patch)
tree3262f8068c38489029753c528a123b2c685aea68 /src/libstore
parent6c9fdb17fbda181fc09a9ce1f49662ef522d006b (diff)
* `nix-store --export --sign': sign the Nix archive using the RSA key
  in /nix/etc/nix/signing-key.sec

Diffstat (limited to 'src/libstore')
-rw-r--r--src/libstore/build.cc3
-rw-r--r--src/libstore/local-store.cc62
2 files changed, 59 insertions, 6 deletions
diff --git a/src/libstore/build.cc b/src/libstore/build.cc
index 1789eeda2f50..bee046655071 100644
--- a/src/libstore/build.cc
+++ b/src/libstore/build.cc
@@ -477,8 +477,7 @@ static void runSetuidHelper(const string & command,
 
     case 0: /* child */
         try {
-            std::vector<const char *> args; /* careful with c_str()!
-                                               */
+            std::vector<const char *> args; /* careful with c_str()! */
             args.push_back(program.c_str());
             args.push_back(command.c_str());
             args.push_back(arg.c_str());
diff --git a/src/libstore/local-store.cc b/src/libstore/local-store.cc
index dcb430a0fcfd..991f28e8da0c 100644
--- a/src/libstore/local-store.cc
+++ b/src/libstore/local-store.cc
@@ -696,21 +696,75 @@ Path LocalStore::addTextToStore(const string & suffix, const string & s,
 }
 
 
+struct HashAndWriteSink : Sink
+{
+    Sink & writeSink;
+    HashSink hashSink;
+    bool hashing;
+    HashAndWriteSink(Sink & writeSink) : writeSink(writeSink), hashSink(htSHA256)
+    {
+        hashing = true;
+    }
+    virtual void operator ()
+        (const unsigned char * data, unsigned int len)
+    {
+        writeSink(data, len);
+        if (hashing) hashSink(data, len);
+    }
+};
+
+
+#define EXPORT_MAGIC 0x4558494e
+
+
 void LocalStore::exportPath(const Path & path, bool sign,
     Sink & sink)
 {
     assertStorePath(path);
+
+    HashAndWriteSink hashAndWriteSink(sink);
     
-    dumpPath(path, sink);
+    dumpPath(path, hashAndWriteSink);
 
-    writeString(path, sink);
+    writeInt(EXPORT_MAGIC, hashAndWriteSink);
+
+    writeString(path, hashAndWriteSink);
     
     PathSet references;
     queryReferences(path, references);
-    writeStringSet(references, sink);
+    writeStringSet(references, hashAndWriteSink);
 
     Path deriver = queryDeriver(noTxn, path);
-    writeString(deriver, sink);
+    writeString(deriver, hashAndWriteSink);
+
+    if (sign) {
+        Hash hash = hashAndWriteSink.hashSink.finish();
+        hashAndWriteSink.hashing = false;
+
+        writeInt(1, hashAndWriteSink);
+        
+        //printMsg(lvlError, format("HASH = %1%") % printHash(hash));
+
+        Path tmpDir = createTempDir();
+        AutoDelete delTmp(tmpDir);
+        Path hashFile = tmpDir + "/hash";
+        writeStringToFile(hashFile, printHash(hash));
+
+        Strings args;
+        args.push_back("rsautl");
+        args.push_back("-sign");
+        args.push_back("-inkey");
+        args.push_back(nixConfDir + "/signing-key.sec");
+        args.push_back("-in");
+        args.push_back(hashFile);
+        string signature = runProgram("openssl", true, args);
+
+        //printMsg(lvlError, format("SIGNATURE = %1%") % signature);
+
+        writeString(signature, hashAndWriteSink);
+        
+    } else
+        writeInt(0, hashAndWriteSink);
 }