about summary refs log tree commit diff
diff options
context:
space:
mode:
-rw-r--r--Makefile.config.in1
-rw-r--r--configure.ac8
-rw-r--r--perl/lib/Nix/Store.xs10
-rw-r--r--src/nix-store/nix-store.cc6
-rw-r--r--tests/binary-cache.sh4
-rw-r--r--tests/common.sh.in1
6 files changed, 28 insertions, 2 deletions
diff --git a/Makefile.config.in b/Makefile.config.in
index 5b7bf297e928..29ccc1b146f1 100644
--- a/Makefile.config.in
+++ b/Makefile.config.in
@@ -4,6 +4,7 @@ CFLAGS = @CFLAGS@
 CXX = @CXX@
 CXXFLAGS = @CXXFLAGS@
 HAVE_OPENSSL = @HAVE_OPENSSL@
+HAVE_SODIUM = @HAVE_SODIUM@
 OPENSSL_LIBS = @OPENSSL_LIBS@
 PACKAGE_NAME = @PACKAGE_NAME@
 PACKAGE_VERSION = @PACKAGE_VERSION@
diff --git a/configure.ac b/configure.ac
index 00bffd8b4c27..be77975bd3ab 100644
--- a/configure.ac
+++ b/configure.ac
@@ -205,8 +205,12 @@ AC_CHECK_HEADERS([bzlib.h], [true],
 PKG_CHECK_MODULES([SQLITE3], [sqlite3 >= 3.6.19], [CXXFLAGS="$SQLITE3_CFLAGS $CXXFLAGS"])
 
 
-# Look for libsodium, a required dependency.
-PKG_CHECK_MODULES([SODIUM], [libsodium], [CXXFLAGS="$SODIUM_CFLAGS $CXXFLAGS"])
+# Look for libsodium, an optional dependency.
+PKG_CHECK_MODULES([SODIUM], [libsodium],
+  [AC_DEFINE([HAVE_SODIUM], [1], [Whether to use libsodium for cryptography.])
+   CXXFLAGS="$SODIUM_CFLAGS $CXXFLAGS"
+   have_sodium=1], [have_sodium=])
+AC_SUBST(HAVE_SODIUM, [$have_sodium])
 
 
 # Whether to use the Boehm garbage collector.
diff --git a/perl/lib/Nix/Store.xs b/perl/lib/Nix/Store.xs
index 792d2f649935..4c550cdb752c 100644
--- a/perl/lib/Nix/Store.xs
+++ b/perl/lib/Nix/Store.xs
@@ -11,7 +11,9 @@
 #include <misc.hh>
 #include <util.hh>
 
+#if HAVE_SODIUM
 #include <sodium.h>
+#endif
 
 
 using namespace nix;
@@ -228,6 +230,7 @@ SV * hashString(char * algo, int base32, char * s)
 SV * signString(SV * secretKey_, char * msg)
     PPCODE:
         try {
+#if HAVE_SODIUM
             STRLEN secretKeyLen;
             unsigned char * secretKey = (unsigned char *) SvPV(secretKey_, secretKeyLen);
             if (secretKeyLen != crypto_sign_SECRETKEYBYTES)
@@ -237,6 +240,9 @@ SV * signString(SV * secretKey_, char * msg)
             unsigned long long sigLen;
             crypto_sign_detached(sig, &sigLen, (unsigned char *) msg, strlen(msg), secretKey);
             XPUSHs(sv_2mortal(newSVpv((char *) sig, sigLen)));
+#else
+            throw Error("Nix was not compiled with libsodium, required for signed binary cache support");
+#endif
         } catch (Error & e) {
             croak(e.what());
         }
@@ -245,6 +251,7 @@ SV * signString(SV * secretKey_, char * msg)
 int checkSignature(SV * publicKey_, SV * sig_, char * msg)
     CODE:
         try {
+#if HAVE_SODIUM
             STRLEN publicKeyLen;
             unsigned char * publicKey = (unsigned char *) SvPV(publicKey_, publicKeyLen);
             if (publicKeyLen != crypto_sign_PUBLICKEYBYTES)
@@ -256,6 +263,9 @@ int checkSignature(SV * publicKey_, SV * sig_, char * msg)
                 throw Error("signature is not valid");
 
             RETVAL = crypto_sign_verify_detached(sig, (unsigned char *) msg, strlen(msg), publicKey) == 0;
+#else
+            throw Error("Nix was not compiled with libsodium, required for signed binary cache support");
+#endif
         } catch (Error & e) {
             croak(e.what());
         }
diff --git a/src/nix-store/nix-store.cc b/src/nix-store/nix-store.cc
index c59eb21fb456..c16adf049628 100644
--- a/src/nix-store/nix-store.cc
+++ b/src/nix-store/nix-store.cc
@@ -20,7 +20,9 @@
 
 #include <bzlib.h>
 
+#if HAVE_SODIUM
 #include <sodium.h>
+#endif
 
 
 using namespace nix;
@@ -1016,6 +1018,7 @@ static void opGenerateBinaryCacheKey(Strings opFlags, Strings opArgs)
     if (opArgs.size() != 1) throw UsageError("one argument expected");
     string keyName = opArgs.front();
 
+#if HAVE_SODIUM
     sodium_init();
 
     unsigned char pk[crypto_sign_PUBLICKEYBYTES];
@@ -1025,6 +1028,9 @@ static void opGenerateBinaryCacheKey(Strings opFlags, Strings opArgs)
 
     std::cout << keyName << ":" << base64Encode(string((char *) pk, crypto_sign_PUBLICKEYBYTES)) << std::endl;
     std::cout << keyName << ":" << base64Encode(string((char *) sk, crypto_sign_SECRETKEYBYTES)) << std::endl;
+#else
+    throw Error("Nix was not compiled with libsodium, required for signed binary cache support");
+#endif
 }
 
 
diff --git a/tests/binary-cache.sh b/tests/binary-cache.sh
index b0e7f63ae0b6..753c2c466e6d 100644
--- a/tests/binary-cache.sh
+++ b/tests/binary-cache.sh
@@ -89,6 +89,8 @@ nix-build --option binary-caches "file://$cacheDir" dependencies.nix -o $TEST_RO
 grep -q "Downloading" $TEST_ROOT/log
 
 
+if [ -n "$HAVE_SODIUM" ]; then
+
 # Create a signed binary cache.
 clearCache
 
@@ -137,3 +139,5 @@ done
 rm -f $NIX_STATE_DIR/binary-cache*
 
 (! nix-store -r $outPath --option binary-caches "file://$cacheDir" --option signed-binary-caches '*' --option binary-cache-public-keys "$publicKey")
+
+fi # HAVE_LIBSODIUM
diff --git a/tests/common.sh.in b/tests/common.sh.in
index 8c265d1a8de0..eb9798a27b45 100644
--- a/tests/common.sh.in
+++ b/tests/common.sh.in
@@ -25,6 +25,7 @@ export dot=@dot@
 export xmllint="@xmllint@"
 export SHELL="@bash@"
 export PAGER=cat
+export HAVE_SODIUM="@HAVE_SODIUM@"
 
 export version=@PACKAGE_VERSION@
 export system=@system@