diff options
| -rw-r--r-- | Makefile.config.in | 1 | ||||
| -rw-r--r-- | configure.ac | 8 | ||||
| -rw-r--r-- | perl/lib/Nix/Store.xs | 10 | ||||
| -rw-r--r-- | src/nix-store/nix-store.cc | 6 | ||||
| -rw-r--r-- | tests/binary-cache.sh | 4 | ||||
| -rw-r--r-- | tests/common.sh.in | 1 |
6 files changed, 28 insertions, 2 deletions
diff --git a/Makefile.config.in b/Makefile.config.in index 5b7bf297e928..29ccc1b146f1 100644 --- a/Makefile.config.in +++ b/Makefile.config.in @@ -4,6 +4,7 @@ CFLAGS = @CFLAGS@ CXX = @CXX@ CXXFLAGS = @CXXFLAGS@ HAVE_OPENSSL = @HAVE_OPENSSL@ +HAVE_SODIUM = @HAVE_SODIUM@ OPENSSL_LIBS = @OPENSSL_LIBS@ PACKAGE_NAME = @PACKAGE_NAME@ PACKAGE_VERSION = @PACKAGE_VERSION@ diff --git a/configure.ac b/configure.ac index 00bffd8b4c27..be77975bd3ab 100644 --- a/configure.ac +++ b/configure.ac @@ -205,8 +205,12 @@ AC_CHECK_HEADERS([bzlib.h], [true], PKG_CHECK_MODULES([SQLITE3], [sqlite3 >= 3.6.19], [CXXFLAGS="$SQLITE3_CFLAGS $CXXFLAGS"]) -# Look for libsodium, a required dependency. -PKG_CHECK_MODULES([SODIUM], [libsodium], [CXXFLAGS="$SODIUM_CFLAGS $CXXFLAGS"]) +# Look for libsodium, an optional dependency. +PKG_CHECK_MODULES([SODIUM], [libsodium], + [AC_DEFINE([HAVE_SODIUM], [1], [Whether to use libsodium for cryptography.]) + CXXFLAGS="$SODIUM_CFLAGS $CXXFLAGS" + have_sodium=1], [have_sodium=]) +AC_SUBST(HAVE_SODIUM, [$have_sodium]) # Whether to use the Boehm garbage collector. diff --git a/perl/lib/Nix/Store.xs b/perl/lib/Nix/Store.xs index 792d2f649935..4c550cdb752c 100644 --- a/perl/lib/Nix/Store.xs +++ b/perl/lib/Nix/Store.xs @@ -11,7 +11,9 @@ #include <misc.hh> #include <util.hh> +#if HAVE_SODIUM #include <sodium.h> +#endif using namespace nix; @@ -228,6 +230,7 @@ SV * hashString(char * algo, int base32, char * s) SV * signString(SV * secretKey_, char * msg) PPCODE: try { +#if HAVE_SODIUM STRLEN secretKeyLen; unsigned char * secretKey = (unsigned char *) SvPV(secretKey_, secretKeyLen); if (secretKeyLen != crypto_sign_SECRETKEYBYTES) @@ -237,6 +240,9 @@ SV * signString(SV * secretKey_, char * msg) unsigned long long sigLen; crypto_sign_detached(sig, &sigLen, (unsigned char *) msg, strlen(msg), secretKey); XPUSHs(sv_2mortal(newSVpv((char *) sig, sigLen))); +#else + throw Error("Nix was not compiled with libsodium, required for signed binary cache support"); +#endif } catch (Error & e) { croak(e.what()); } @@ -245,6 +251,7 @@ SV * signString(SV * secretKey_, char * msg) int checkSignature(SV * publicKey_, SV * sig_, char * msg) CODE: try { +#if HAVE_SODIUM STRLEN publicKeyLen; unsigned char * publicKey = (unsigned char *) SvPV(publicKey_, publicKeyLen); if (publicKeyLen != crypto_sign_PUBLICKEYBYTES) @@ -256,6 +263,9 @@ int checkSignature(SV * publicKey_, SV * sig_, char * msg) throw Error("signature is not valid"); RETVAL = crypto_sign_verify_detached(sig, (unsigned char *) msg, strlen(msg), publicKey) == 0; +#else + throw Error("Nix was not compiled with libsodium, required for signed binary cache support"); +#endif } catch (Error & e) { croak(e.what()); } diff --git a/src/nix-store/nix-store.cc b/src/nix-store/nix-store.cc index c59eb21fb456..c16adf049628 100644 --- a/src/nix-store/nix-store.cc +++ b/src/nix-store/nix-store.cc @@ -20,7 +20,9 @@ #include <bzlib.h> +#if HAVE_SODIUM #include <sodium.h> +#endif using namespace nix; @@ -1016,6 +1018,7 @@ static void opGenerateBinaryCacheKey(Strings opFlags, Strings opArgs) if (opArgs.size() != 1) throw UsageError("one argument expected"); string keyName = opArgs.front(); +#if HAVE_SODIUM sodium_init(); unsigned char pk[crypto_sign_PUBLICKEYBYTES]; @@ -1025,6 +1028,9 @@ static void opGenerateBinaryCacheKey(Strings opFlags, Strings opArgs) std::cout << keyName << ":" << base64Encode(string((char *) pk, crypto_sign_PUBLICKEYBYTES)) << std::endl; std::cout << keyName << ":" << base64Encode(string((char *) sk, crypto_sign_SECRETKEYBYTES)) << std::endl; +#else + throw Error("Nix was not compiled with libsodium, required for signed binary cache support"); +#endif } diff --git a/tests/binary-cache.sh b/tests/binary-cache.sh index b0e7f63ae0b6..753c2c466e6d 100644 --- a/tests/binary-cache.sh +++ b/tests/binary-cache.sh @@ -89,6 +89,8 @@ nix-build --option binary-caches "file://$cacheDir" dependencies.nix -o $TEST_RO grep -q "Downloading" $TEST_ROOT/log +if [ -n "$HAVE_SODIUM" ]; then + # Create a signed binary cache. clearCache @@ -137,3 +139,5 @@ done rm -f $NIX_STATE_DIR/binary-cache* (! nix-store -r $outPath --option binary-caches "file://$cacheDir" --option signed-binary-caches '*' --option binary-cache-public-keys "$publicKey") + +fi # HAVE_LIBSODIUM diff --git a/tests/common.sh.in b/tests/common.sh.in index 8c265d1a8de0..eb9798a27b45 100644 --- a/tests/common.sh.in +++ b/tests/common.sh.in @@ -25,6 +25,7 @@ export dot=@dot@ export xmllint="@xmllint@" export SHELL="@bash@" export PAGER=cat +export HAVE_SODIUM="@HAVE_SODIUM@" export version=@PACKAGE_VERSION@ export system=@system@ |