about summary refs log tree commit diff
path: root/tvix/nar-bridge/pkg/http
diff options
context:
space:
mode:
authorFlorian Klink <flokli@flokli.de>2023-10-11T10·52+0200
committerflokli <flokli@flokli.de>2023-10-11T11·41+0000
commit673f5febbb0fe08a8465d1f12854b603935bb15f (patch)
tree4952e59d5cccfe31ac7de317fd7b00aa3683de10 /tvix/nar-bridge/pkg/http
parent98c17147c64f9898b656f56ab139d4d52248743e (diff)
feat(tvix/nar-bridge): stop parsing nixbase32 manually, validate r/6781
We have nixhash.FromHashTypeAndDigest now.

Also, run Validate() on the PathInfo received from the remote
PathInfoService.

Change-Id: I14db0d9356c539c084afc9dd712314b56da2587e
Reviewed-on: https://cl.tvl.fyi/c/depot/+/9652
Tested-by: BuildkiteCI
Reviewed-by: Brian McGee <brian@bmcgee.ie>
Diffstat (limited to 'tvix/nar-bridge/pkg/http')
-rw-r--r--tvix/nar-bridge/pkg/http/nar_put.go8
-rw-r--r--tvix/nar-bridge/pkg/http/narinfo_get.go26
2 files changed, 24 insertions, 10 deletions
diff --git a/tvix/nar-bridge/pkg/http/nar_put.go b/tvix/nar-bridge/pkg/http/nar_put.go
index 16e257537898..d074fcb20f00 100644
--- a/tvix/nar-bridge/pkg/http/nar_put.go
+++ b/tvix/nar-bridge/pkg/http/nar_put.go
@@ -10,7 +10,6 @@ import (
 	"code.tvl.fyi/tvix/nar-bridge/pkg/importer"
 	"github.com/go-chi/chi/v5"
 	nixhash "github.com/nix-community/go-nix/pkg/hash"
-	"github.com/nix-community/go-nix/pkg/nixbase32"
 	"github.com/sirupsen/logrus"
 	log "github.com/sirupsen/logrus"
 )
@@ -101,11 +100,8 @@ func registerNarPut(s *Server) {
 		}
 
 		// Compare the nar hash specified in the URL with the one that has been
-		// calculated while processing the NAR file
-		// TODO: bump go-nix and remove the parsing
-		narHash, err := nixhash.ParseNixBase32(
-			"sha256:" + nixbase32.EncodeToString(narSha256),
-		)
+		// calculated while processing the NAR file.
+		narHash, err := nixhash.FromHashTypeAndDigest(0x12, narSha256)
 		if err != nil {
 			panic("must parse nixbase32")
 		}
diff --git a/tvix/nar-bridge/pkg/http/narinfo_get.go b/tvix/nar-bridge/pkg/http/narinfo_get.go
index 6a537237a88b..d46125f58528 100644
--- a/tvix/nar-bridge/pkg/http/narinfo_get.go
+++ b/tvix/nar-bridge/pkg/http/narinfo_get.go
@@ -51,11 +51,29 @@ func renderNarinfo(
 		return fmt.Errorf("unable to get pathinfo: %w", err)
 	}
 
-	// TODO: don't parse
-	narHash, err := nixhash.ParseNixBase32("sha256:" + nixbase32.EncodeToString(pathInfo.GetNarinfo().GetNarSha256()))
+	log = log.WithField("pathInfo", pathInfo)
+
+	// The PathInfo received needs to be valid, and contain a NARInfo field.
+	if _, err := pathInfo.Validate(); err != nil {
+		log.WithError(err).Error("unable to validate PathInfo")
+
+		return fmt.Errorf("unable to validate PathInfo: %w", err)
+	}
+
+	// Ensure the PathInfo contains a NARInfo field
+	if pathInfo.GetNarinfo() == nil {
+		log.Error("PathInfo doesn't contain Narinfo field")
+
+		return fmt.Errorf("PathInfo doesn't contain Narinfo field")
+	}
+
+	// extract the NARHash
+	narHash, err := nixhash.FromHashTypeAndDigest(0x12, pathInfo.GetNarinfo().GetNarSha256())
 	if err != nil {
-		// TODO: return proper error
-		return fmt.Errorf("No usable NarHash found in PathInfo")
+		// TODO: replace with panic once we use cl/9649
+
+		log.WithError(err).Error("invalid NarHash in PathInfo")
+		return fmt.Errorf("invalid NarHash in PathInfo")
 	}
 
 	// add things to the lookup table, in case the same process didn't handle the NAR hash yet.