diff options
| author | Florian Klink <flokli@flokli.de> | 2023-10-11T10·52+0200 |
|---|---|---|
| committer | flokli <flokli@flokli.de> | 2023-10-11T11·41+0000 |
| commit | 673f5febbb0fe08a8465d1f12854b603935bb15f (patch) | |
| tree | 4952e59d5cccfe31ac7de317fd7b00aa3683de10 /tvix/nar-bridge | |
| parent | 98c17147c64f9898b656f56ab139d4d52248743e (diff) | |
feat(tvix/nar-bridge): stop parsing nixbase32 manually, validate r/6781
We have nixhash.FromHashTypeAndDigest now. Also, run Validate() on the PathInfo received from the remote PathInfoService. Change-Id: I14db0d9356c539c084afc9dd712314b56da2587e Reviewed-on: https://cl.tvl.fyi/c/depot/+/9652 Tested-by: BuildkiteCI Reviewed-by: Brian McGee <brian@bmcgee.ie>
Diffstat (limited to 'tvix/nar-bridge')
| -rw-r--r-- | tvix/nar-bridge/pkg/http/nar_put.go | 8 | ||||
| -rw-r--r-- | tvix/nar-bridge/pkg/http/narinfo_get.go | 26 |
2 files changed, 24 insertions, 10 deletions
diff --git a/tvix/nar-bridge/pkg/http/nar_put.go b/tvix/nar-bridge/pkg/http/nar_put.go index 16e2575378..d074fcb20f 100644 --- a/tvix/nar-bridge/pkg/http/nar_put.go +++ b/tvix/nar-bridge/pkg/http/nar_put.go @@ -10,7 +10,6 @@ import ( "code.tvl.fyi/tvix/nar-bridge/pkg/importer" "github.com/go-chi/chi/v5" nixhash "github.com/nix-community/go-nix/pkg/hash" - "github.com/nix-community/go-nix/pkg/nixbase32" "github.com/sirupsen/logrus" log "github.com/sirupsen/logrus" ) @@ -101,11 +100,8 @@ func registerNarPut(s *Server) { } // Compare the nar hash specified in the URL with the one that has been - // calculated while processing the NAR file - // TODO: bump go-nix and remove the parsing - narHash, err := nixhash.ParseNixBase32( - "sha256:" + nixbase32.EncodeToString(narSha256), - ) + // calculated while processing the NAR file. + narHash, err := nixhash.FromHashTypeAndDigest(0x12, narSha256) if err != nil { panic("must parse nixbase32") } diff --git a/tvix/nar-bridge/pkg/http/narinfo_get.go b/tvix/nar-bridge/pkg/http/narinfo_get.go index 6a537237a8..d46125f585 100644 --- a/tvix/nar-bridge/pkg/http/narinfo_get.go +++ b/tvix/nar-bridge/pkg/http/narinfo_get.go @@ -51,11 +51,29 @@ func renderNarinfo( return fmt.Errorf("unable to get pathinfo: %w", err) } - // TODO: don't parse - narHash, err := nixhash.ParseNixBase32("sha256:" + nixbase32.EncodeToString(pathInfo.GetNarinfo().GetNarSha256())) + log = log.WithField("pathInfo", pathInfo) + + // The PathInfo received needs to be valid, and contain a NARInfo field. + if _, err := pathInfo.Validate(); err != nil { + log.WithError(err).Error("unable to validate PathInfo") + + return fmt.Errorf("unable to validate PathInfo: %w", err) + } + + // Ensure the PathInfo contains a NARInfo field + if pathInfo.GetNarinfo() == nil { + log.Error("PathInfo doesn't contain Narinfo field") + + return fmt.Errorf("PathInfo doesn't contain Narinfo field") + } + + // extract the NARHash + narHash, err := nixhash.FromHashTypeAndDigest(0x12, pathInfo.GetNarinfo().GetNarSha256()) if err != nil { - // TODO: return proper error - return fmt.Errorf("No usable NarHash found in PathInfo") + // TODO: replace with panic once we use cl/9649 + + log.WithError(err).Error("invalid NarHash in PathInfo") + return fmt.Errorf("invalid NarHash in PathInfo") } // add things to the lookup table, in case the same process didn't handle the NAR hash yet. |