nix verify: Support checking against signatures in other stores

Typical usage is to check local paths using the signatures from a binary cache: $ nix verify-paths -r /run/current-system -s https://cache.nixos.org path ‘/nix/store/c1k4zqfb74wba5sn4yflb044gvap0x6k-nixos-system-mandark-16.03.git.fc2d7a5M’ is untrusted ... checked 844 paths, 119 untrusted
author: Eelco Dolstra <eelco.dolstra@logicblox.com> 2016-03-30T09·18+0200
committer: Eelco Dolstra <eelco.dolstra@logicblox.com> 2016-03-30T09·39+0200
commit: 39a6abc0bc2f1986f29e52de15ccbdde9586bc08 (patch)
tree: b1a52de72593225ef3601ad5ceab5aa494704bf3 /src
parent: 88541569a2acded0e4999368a4724c96d6ed37e7 (diff)
1 files changed, 33 insertions, 2 deletions
diff --git a/src/nix/verify.cc b/src/nix/verify.cc
index 1bd2a000a3ee..0c05f450a493 100644
--- a/src/nix/verify.cc
+++ b/src/nix/verify.cc
@@ -14,17 +14,24 @@ struct MixVerify : virtual Args
 {
     bool noContents = false;
     bool noSigs = false;
+    Strings substituterUris;
 
     MixVerify()
     {
         mkFlag(0, "no-contents", "do not verify the contents of each store path", &noContents);
         mkFlag(0, "no-sigs", "do not verify whether each store path has a valid signature", &noSigs);
+        mkFlag('s', "substituter", {"store-uri"}, "use signatures from specified store", 1,
+            [&](Strings ss) { substituterUris.push_back(ss.front()); });
     }
 
     void verifyPaths(ref<Store> store, const Paths & storePaths)
     {
         restoreAffinity(); // FIXME
 
+        std::vector<ref<Store>> substituters;
+        for (auto & s : substituterUris)
+            substituters.push_back(openStoreAt(s));
+
         auto publicKeys = getDefaultPublicKeys();
 
         std::atomic<size_t> untrusted{0};
@@ -56,7 +63,9 @@ struct MixVerify : virtual Args
 
         auto doPath = [&](const Path & storePath) {
             try {
-                progressBar.startActivity(format("checking ‘%s’") % storePath);
+                checkInterrupt();
+
+                auto activity(progressBar.startActivity(format("checking ‘%s’") % storePath));
 
                 auto info = store->queryPathInfo(storePath);
 
@@ -78,7 +87,29 @@ struct MixVerify : virtual Args
 
                 if (!noSigs) {
 
-                    if (!info.ultimate && !info.checkSignatures(publicKeys)) {
+                    bool good = false;
+
+                    if (info.ultimate)
+                        good = true;
+
+                    if (!good && info.checkSignatures(publicKeys))
+                        good = true;
+
+                    if (!good) {
+                        for (auto & store2 : substituters) {
+                            // FIXME: catch errors?
+                            if (!store2->isValidPath(storePath)) continue;
+                            auto info2 = store2->queryPathInfo(storePath);
+                            auto info3(info);
+                            info3.sigs = info2.sigs;
+                            if (info3.checkSignatures(publicKeys)) {
+                                good = true;
+                                break;
+                            }
+                        }
+                    }
+
+                    if (!good) {
                         untrusted++;
                         printMsg(lvlError, format("path ‘%s’ is untrusted") % storePath);
                     }
author	Eelco Dolstra <eelco.dolstra@logicblox.com>	2016-03-30T09·18+0200
committer	Eelco Dolstra <eelco.dolstra@logicblox.com>	2016-03-30T09·39+0200
commit	39a6abc0bc2f1986f29e52de15ccbdde9586bc08 (patch)
tree	b1a52de72593225ef3601ad5ceab5aa494704bf3 /src
parent	88541569a2acded0e4999368a4724c96d6ed37e7 (diff)