diff options
Diffstat (limited to 'src')
| -rw-r--r-- | src/libmain/shared.cc | 1 | ||||
| -rw-r--r-- | src/libstore/binary-cache-store.cc | 2 | ||||
| -rw-r--r-- | src/libstore/build.cc | 4 | ||||
| -rw-r--r-- | src/libstore/download.cc | 43 | ||||
| -rw-r--r-- | src/libstore/download.hh | 11 | ||||
| -rw-r--r-- | src/libstore/globals.cc | 1 | ||||
| -rw-r--r-- | src/libstore/globals.hh | 3 | ||||
| -rw-r--r-- | src/libstore/http-binary-cache-store.cc | 2 | ||||
| -rw-r--r-- | src/libstore/local-fs-store.cc | 8 | ||||
| -rw-r--r-- | src/libstore/local-store.cc | 54 | ||||
| -rw-r--r-- | src/libstore/local-store.hh | 4 | ||||
| -rw-r--r-- | src/libstore/nar-accessor.cc | 2 | ||||
| -rw-r--r-- | src/libstore/nar-info-disk-cache.cc | 13 | ||||
| -rw-r--r-- | src/libstore/nar-info.cc | 7 | ||||
| -rw-r--r-- | src/libstore/remote-store.cc | 35 | ||||
| -rw-r--r-- | src/libstore/schema.sql | 3 | ||||
| -rw-r--r-- | src/libstore/sqlite.cc | 13 | ||||
| -rw-r--r-- | src/libstore/sqlite.hh | 10 | ||||
| -rw-r--r-- | src/libstore/store-api.cc | 60 | ||||
| -rw-r--r-- | src/libstore/store-api.hh | 75 | ||||
| -rw-r--r-- | src/nix-daemon/nix-daemon.cc | 46 | ||||
| -rw-r--r-- | src/nix-store/nix-store.cc | 8 | ||||
| -rw-r--r-- | src/nix/path-info.cc | 1 | ||||
| -rw-r--r-- | src/nix/verify.cc | 6 |
24 files changed, 268 insertions, 144 deletions
diff --git a/src/libmain/shared.cc b/src/libmain/shared.cc index 515d80091de3..5af7c46e86da 100644 --- a/src/libmain/shared.cc +++ b/src/libmain/shared.cc @@ -252,7 +252,6 @@ void printVersion(const string & programName) std::cout << "Configuration file: " << settings.nixConfDir + "/nix.conf" << "\n"; std::cout << "Store directory: " << settings.nixStore << "\n"; std::cout << "State directory: " << settings.nixStateDir << "\n"; - std::cout << "Database directory: " << settings.nixDBPath << "\n"; } throw Exit(); } diff --git a/src/libstore/binary-cache-store.cc b/src/libstore/binary-cache-store.cc index 801ecd368a6b..e71ea6a57a34 100644 --- a/src/libstore/binary-cache-store.cc +++ b/src/libstore/binary-cache-store.cc @@ -254,7 +254,7 @@ struct BinaryCacheStoreAccessor : public FSAccessor std::string restPath = std::string(path, storePath.size()); if (!store->isValidPath(storePath)) - throw Error(format("path ‘%1%’ is not a valid store path") % storePath); + throw InvalidPath(format("path ‘%1%’ is not a valid store path") % storePath); auto i = nars.find(storePath); if (i != nars.end()) return {i->second, restPath}; diff --git a/src/libstore/build.cc b/src/libstore/build.cc index 10ae574f9e49..cfab0b0dc32c 100644 --- a/src/libstore/build.cc +++ b/src/libstore/build.cc @@ -2910,7 +2910,7 @@ Path DerivationGoal::openLogFile() string baseName = baseNameOf(drvPath); /* Create a log file. */ - Path dir = (format("%1%/%2%/%3%/") % settings.nixLogDir % drvsLogDir % string(baseName, 0, 2)).str(); + Path dir = (format("%1%/%2%/%3%/") % worker.store.logDir % drvsLogDir % string(baseName, 0, 2)).str(); createDirs(dir); Path logFileName = (format("%1%/%2%%3%") @@ -3213,7 +3213,7 @@ void SubstitutionGoal::tryNext() /* Bail out early if this substituter lacks a valid signature. LocalStore::addToStore() also checks for this, but only after we've downloaded the path. */ - if (worker.store.requireSigs && !info->checkSignatures(worker.store.publicKeys)) { + if (worker.store.requireSigs && !info->checkSignatures(worker.store, worker.store.publicKeys)) { printMsg(lvlInfo, format("warning: substituter ‘%s’ does not have a valid signature for path ‘%s’") % sub->getUri() % storePath); tryNext(); diff --git a/src/libstore/download.cc b/src/libstore/download.cc index cf3929cadd65..95c7d2255afc 100644 --- a/src/libstore/download.cc +++ b/src/libstore/download.cc @@ -8,6 +8,7 @@ #include <curl/curl.h> #include <iostream> +#include <thread> namespace nix { @@ -194,9 +195,17 @@ struct CurlDownloader : public Downloader if (res != CURLE_OK) { Error err = httpStatus == 404 ? NotFound : - httpStatus == 403 ? Forbidden : Misc; - throw DownloadError(err, format("unable to download ‘%1%’: %2% (%3%)") - % url % curl_easy_strerror(res) % res); + httpStatus == 403 ? Forbidden : + (httpStatus == 408 || httpStatus == 500 || httpStatus == 503 + || httpStatus == 504 || httpStatus == 522 || httpStatus == 524 + || res == CURLE_COULDNT_RESOLVE_HOST) ? Transient : + Misc; + if (res == CURLE_HTTP_RETURNED_ERROR && httpStatus != -1) + throw DownloadError(err, format("unable to download ‘%s’: HTTP error %d") + % url % httpStatus); + else + throw DownloadError(err, format("unable to download ‘%s’: %s (%d)") + % url % curl_easy_strerror(res) % res); } if (httpStatus == 304) return false; @@ -206,14 +215,26 @@ struct CurlDownloader : public Downloader DownloadResult download(string url, const DownloadOptions & options) override { - DownloadResult res; - if (fetch(resolveUri(url), options)) { - res.cached = false; - res.data = data; - } else - res.cached = true; - res.etag = etag; - return res; + size_t attempt = 0; + + while (true) { + try { + DownloadResult res; + if (fetch(resolveUri(url), options)) { + res.cached = false; + res.data = data; + } else + res.cached = true; + res.etag = etag; + return res; + } catch (DownloadError & e) { + attempt++; + if (e.error != Transient || attempt >= options.tries) throw; + auto ms = 25 * (1 << (attempt - 1)); + printMsg(lvlError, format("warning: %s; retrying in %d ms") % e.what() % ms); + std::this_thread::sleep_for(std::chrono::milliseconds(ms)); + } + } } }; diff --git a/src/libstore/download.hh b/src/libstore/download.hh index efddc55281fe..1f6098759a2d 100644 --- a/src/libstore/download.hh +++ b/src/libstore/download.hh @@ -9,10 +9,11 @@ namespace nix { struct DownloadOptions { - string expectedETag; - bool verifyTLS{true}; - enum { yes, no, automatic } showProgress{yes}; - bool head{false}; + std::string expectedETag; + bool verifyTLS = true; + enum { yes, no, automatic } showProgress = yes; + bool head = false; + size_t tries = 1; }; struct DownloadResult @@ -31,7 +32,7 @@ struct Downloader Path downloadCached(ref<Store> store, const string & url, bool unpack, const Hash & expectedHash = Hash()); - enum Error { NotFound, Forbidden, Misc }; + enum Error { NotFound, Forbidden, Misc, Transient }; }; ref<Downloader> makeDownloader(); diff --git a/src/libstore/globals.cc b/src/libstore/globals.cc index c12178e4028a..7bf48be378f8 100644 --- a/src/libstore/globals.cc +++ b/src/libstore/globals.cc @@ -69,7 +69,6 @@ void Settings::processEnvironment() nixDataDir = canonPath(getEnv("NIX_DATA_DIR", NIX_DATA_DIR)); nixLogDir = canonPath(getEnv("NIX_LOG_DIR", NIX_LOG_DIR)); nixStateDir = canonPath(getEnv("NIX_STATE_DIR", NIX_STATE_DIR)); - nixDBPath = getEnv("NIX_DB_DIR", nixStateDir + "/db"); nixConfDir = canonPath(getEnv("NIX_CONF_DIR", NIX_CONF_DIR)); nixLibexecDir = canonPath(getEnv("NIX_LIBEXEC_DIR", NIX_LIBEXEC_DIR)); nixBinDir = canonPath(getEnv("NIX_BIN_DIR", NIX_BIN_DIR)); diff --git a/src/libstore/globals.hh b/src/libstore/globals.hh index 65f763ace3c7..3194193bc842 100644 --- a/src/libstore/globals.hh +++ b/src/libstore/globals.hh @@ -51,9 +51,6 @@ struct Settings { /* The directory where state is stored. */ Path nixStateDir; - /* The directory where we keep the SQLite database. */ - Path nixDBPath; - /* The directory where configuration files are stored. */ Path nixConfDir; diff --git a/src/libstore/http-binary-cache-store.cc b/src/libstore/http-binary-cache-store.cc index da80b636c76c..42e9099b8e20 100644 --- a/src/libstore/http-binary-cache-store.cc +++ b/src/libstore/http-binary-cache-store.cc @@ -58,6 +58,7 @@ protected: DownloadOptions options; options.showProgress = DownloadOptions::no; options.head = true; + options.tries = 5; downloader->download(cacheUri + "/" + path, options); return true; } catch (DownloadError & e) { @@ -79,6 +80,7 @@ protected: auto downloader(downloaders.get()); DownloadOptions options; options.showProgress = DownloadOptions::no; + options.tries = 3; try { return downloader->download(cacheUri + "/" + path, options).data; } catch (DownloadError & e) { diff --git a/src/libstore/local-fs-store.cc b/src/libstore/local-fs-store.cc index b1b9dc29e40d..4571a2211cd2 100644 --- a/src/libstore/local-fs-store.cc +++ b/src/libstore/local-fs-store.cc @@ -7,7 +7,9 @@ namespace nix { LocalFSStore::LocalFSStore(const Params & params) : Store(params) - , stateDir(get(params, "state", settings.nixStateDir)) + , rootDir(get(params, "root")) + , stateDir(canonPath(get(params, "state", rootDir != "" ? rootDir + "/nix/var/nix" : settings.nixStateDir))) + , logDir(canonPath(get(params, "log", rootDir != "" ? rootDir + "/nix/var/log/nix" : settings.nixLogDir))) { } @@ -21,7 +23,7 @@ struct LocalStoreAccessor : public FSAccessor { Path storePath = store->toStorePath(path); if (!store->isValidPath(storePath)) - throw Error(format("path ‘%1%’ is not a valid store path") % storePath); + throw InvalidPath(format("path ‘%1%’ is not a valid store path") % storePath); return store->getRealStoreDir() + std::string(path, store->storeDir.size()); } @@ -79,7 +81,7 @@ void LocalFSStore::narFromPath(const Path & path, Sink & sink) { if (!isValidPath(path)) throw Error(format("path ‘%s’ is not valid") % path); - dumpPath(path, sink); + dumpPath(getRealStoreDir() + std::string(path, storeDir.size()), sink); } } diff --git a/src/libstore/local-store.cc b/src/libstore/local-store.cc index 96ce6a0d893b..d3f0c4787e17 100644 --- a/src/libstore/local-store.cc +++ b/src/libstore/local-store.cc @@ -38,8 +38,8 @@ namespace nix { LocalStore::LocalStore(const Params & params) : LocalFSStore(params) - , realStoreDir(get(params, "real", storeDir)) - , dbDir(get(params, "state", "") != "" ? get(params, "state", "") + "/db" : settings.nixDBPath) + , realStoreDir(get(params, "real", rootDir != "" ? rootDir + "/nix/store" : storeDir)) + , dbDir(stateDir + "/db") , linksDir(realStoreDir + "/.links") , reservedPath(dbDir + "/reserved") , schemaPath(dbDir + "/schema") @@ -181,17 +181,20 @@ LocalStore::LocalStore(const Params & params) if (curSchema < 8) { SQLiteTxn txn(state->db); - if (sqlite3_exec(state->db, "alter table ValidPaths add column ultimate integer", 0, 0, 0) != SQLITE_OK) - throwSQLiteError(state->db, "upgrading database schema"); - if (sqlite3_exec(state->db, "alter table ValidPaths add column sigs text", 0, 0, 0) != SQLITE_OK) - throwSQLiteError(state->db, "upgrading database schema"); + state->db.exec("alter table ValidPaths add column ultimate integer"); + state->db.exec("alter table ValidPaths add column sigs text"); txn.commit(); } if (curSchema < 9) { SQLiteTxn txn(state->db); - if (sqlite3_exec(state->db, "drop table FailedPaths", 0, 0, 0) != SQLITE_OK) - throwSQLiteError(state->db, "upgrading database schema"); + state->db.exec("drop table FailedPaths"); + txn.commit(); + } + + if (curSchema < 10) { + SQLiteTxn txn(state->db); + state->db.exec("alter table ValidPaths add column ca text"); txn.commit(); } @@ -204,13 +207,13 @@ LocalStore::LocalStore(const Params & params) /* Prepare SQL statements. */ state->stmtRegisterValidPath.create(state->db, - "insert into ValidPaths (path, hash, registrationTime, deriver, narSize, ultimate, sigs) values (?, ?, ?, ?, ?, ?, ?);"); + "insert into ValidPaths (path, hash, registrationTime, deriver, narSize, ultimate, sigs, ca) values (?, ?, ?, ?, ?, ?, ?, ?);"); state->stmtUpdatePathInfo.create(state->db, - "update ValidPaths set narSize = ?, hash = ?, ultimate = ?, sigs = ? where path = ?;"); + "update ValidPaths set narSize = ?, hash = ?, ultimate = ?, sigs = ?, ca = ? where path = ?;"); state->stmtAddReference.create(state->db, "insert or replace into Refs (referrer, reference) values (?, ?);"); state->stmtQueryPathInfo.create(state->db, - "select id, hash, registrationTime, deriver, narSize, ultimate, sigs from ValidPaths where path = ?;"); + "select id, hash, registrationTime, deriver, narSize, ultimate, sigs, ca from ValidPaths where path = ?;"); state->stmtQueryReferences.create(state->db, "select path from Refs join ValidPaths on reference = id where referrer = ?;"); state->stmtQueryReferrers.create(state->db, @@ -279,8 +282,7 @@ void LocalStore::openDB(State & state, bool create) if (sqlite3_busy_timeout(db, 60 * 60 * 1000) != SQLITE_OK) throwSQLiteError(db, "setting timeout"); - if (sqlite3_exec(db, "pragma foreign_keys = 1;", 0, 0, 0) != SQLITE_OK) - throwSQLiteError(db, "enabling foreign keys"); + db.exec("pragma foreign_keys = 1"); /* !!! check whether sqlite has been built with foreign key support */ @@ -290,8 +292,7 @@ void LocalStore::openDB(State & state, bool create) all. This can cause database corruption if the system crashes. */ string syncMode = settings.fsyncMetadata ? "normal" : "off"; - if (sqlite3_exec(db, ("pragma synchronous = " + syncMode + ";").c_str(), 0, 0, 0) != SQLITE_OK) - throwSQLiteError(db, "setting synchronous mode"); + db.exec("pragma synchronous = " + syncMode); /* Set the SQLite journal mode. WAL mode is fastest, so it's the default. */ @@ -319,8 +320,7 @@ void LocalStore::openDB(State & state, bool create) const char * schema = #include "schema.sql.hh" ; - if (sqlite3_exec(db, (const char *) schema, 0, 0, 0) != SQLITE_OK) - throwSQLiteError(db, "initialising database schema"); + db.exec(schema); } } @@ -527,6 +527,7 @@ uint64_t LocalStore::addValidPath(State & state, (info.narSize, info.narSize != 0) (info.ultimate ? 1 : 0, info.ultimate) (concatStringsSep(" ", info.sigs), !info.sigs.empty()) + (info.ca, !info.ca.empty()) .exec(); uint64_t id = sqlite3_last_insert_rowid(state.db); @@ -609,6 +610,9 @@ std::shared_ptr<ValidPathInfo> LocalStore::queryPathInfoUncached(const Path & pa s = (const char *) sqlite3_column_text(state->stmtQueryPathInfo, 6); if (s) info->sigs = tokenizeString<StringSet>(s, " "); + s = (const char *) sqlite3_column_text(state->stmtQueryPathInfo, 7); + if (s) info->ca = s; + /* Get the references. */ auto useQueryReferences(state->stmtQueryReferences.use()(info->id)); @@ -628,6 +632,7 @@ void LocalStore::updatePathInfo(State & state, const ValidPathInfo & info) ("sha256:" + printHash(info.narHash)) (info.ultimate ? 1 : 0, info.ultimate) (concatStringsSep(" ", info.sigs), !info.sigs.empty()) + (info.ca, !info.ca.empty()) (info.path) .exec(); } @@ -898,7 +903,7 @@ void LocalStore::addToStore(const ValidPathInfo & info, const std::string & nar, throw Error(format("hash mismatch importing path ‘%s’; expected hash ‘%s’, got ‘%s’") % info.path % info.narHash.to_string() % h.to_string()); - if (requireSigs && !dontCheckSigs && !info.checkSignatures(publicKeys)) + if (requireSigs && !dontCheckSigs && !info.checkSignatures(*this, publicKeys)) throw Error(format("cannot import path ‘%s’ because it lacks a valid signature") % info.path); addTempRoot(info.path); @@ -983,6 +988,7 @@ Path LocalStore::addToStoreFromDump(const string & dump, const string & name, info.narHash = hash.first; info.narSize = hash.second; info.ultimate = true; + info.ca = "fixed:" + (recursive ? (std::string) "r:" : "") + h.to_string(); registerValidPath(info); } @@ -1014,7 +1020,8 @@ Path LocalStore::addToStore(const string & name, const Path & _srcPath, Path LocalStore::addTextToStore(const string & name, const string & s, const PathSet & references, bool repair) { - Path dstPath = computeStorePathForText(name, s, references); + auto hash = hashString(htSHA256, s); + auto dstPath = makeTextPath(name, hash, references); addTempRoot(dstPath); @@ -1034,16 +1041,17 @@ Path LocalStore::addTextToStore(const string & name, const string & s, StringSink sink; dumpString(s, sink); - auto hash = hashString(htSHA256, *sink.s); + auto narHash = hashString(htSHA256, *sink.s); optimisePath(realPath); ValidPathInfo info; info.path = dstPath; - info.narHash = hash; + info.narHash = narHash; info.narSize = sink.s->size(); info.references = references; info.ultimate = true; + info.ca = "text:" + hash.to_string(); registerValidPath(info); } @@ -1282,9 +1290,7 @@ void LocalStore::upgradeStore7() void LocalStore::vacuumDB() { auto state(_state.lock()); - - if (sqlite3_exec(state->db, "vacuum;", 0, 0, 0) != SQLITE_OK) - throwSQLiteError(state->db, "vacuuming SQLite database"); + state->db.exec("vacuum"); } diff --git a/src/libstore/local-store.hh b/src/libstore/local-store.hh index 7bfc4ad34c3f..5b5960cf245f 100644 --- a/src/libstore/local-store.hh +++ b/src/libstore/local-store.hh @@ -17,8 +17,8 @@ namespace nix { /* Nix store and database schema version. Version 1 (or 0) was Nix <= 0.7. Version 2 was Nix 0.8 and 0.9. Version 3 is Nix 0.10. Version 4 is Nix 0.11. Version 5 is Nix 0.12-0.16. Version 6 is - Nix 1.0. Version 7 is Nix 1.3. Version 9 is 1.12. */ -const int nixSchemaVersion = 9; + Nix 1.0. Version 7 is Nix 1.3. Version 10 is 1.12. */ +const int nixSchemaVersion = 10; extern string drvsLogDir; diff --git a/src/libstore/nar-accessor.cc b/src/libstore/nar-accessor.cc index 8896862be149..ded19c05d2cd 100644 --- a/src/libstore/nar-accessor.cc +++ b/src/libstore/nar-accessor.cc @@ -27,7 +27,7 @@ struct NarIndexer : ParseSink, StringSource Path currentPath; std::string currentStart; - bool isExec; + bool isExec = false; NarIndexer(const std::string & nar) : StringSource(nar) { diff --git a/src/libstore/nar-info-disk-cache.cc b/src/libstore/nar-info-disk-cache.cc index 172a918ff453..d28ff42c7f23 100644 --- a/src/libstore/nar-info-disk-cache.cc +++ b/src/libstore/nar-info-disk-cache.cc @@ -78,21 +78,16 @@ public: Path dbPath = getCacheDir() + "/nix/binary-cache-v5.sqlite"; createDirs(dirOf(dbPath)); - if (sqlite3_open_v2(dbPath.c_str(), &state->db.db, - SQLITE_OPEN_READWRITE | SQLITE_OPEN_CREATE, 0) != SQLITE_OK) - throw Error(format("cannot open store cache ‘%s’") % dbPath); + state->db = SQLite(dbPath); if (sqlite3_busy_timeout(state->db, 60 * 60 * 1000) != SQLITE_OK) throwSQLiteError(state->db, "setting timeout"); // We can always reproduce the cache. - if (sqlite3_exec(state->db, "pragma synchronous = off", 0, 0, 0) != SQLITE_OK) - throwSQLiteError(state->db, "making database asynchronous"); - if (sqlite3_exec(state->db, "pragma main.journal_mode = truncate", 0, 0, 0) != SQLITE_OK) - throwSQLiteError(state->db, "setting journal mode"); + state->db.exec("pragma synchronous = off"); + state->db.exec("pragma main.journal_mode = truncate"); - if (sqlite3_exec(state->db, schema, 0, 0, 0) != SQLITE_OK) - throwSQLiteError(state->db, "initialising database schema"); + state->db.exec(schema); state->insertCache.create(state->db, "insert or replace into BinaryCaches(url, timestamp, storeDir, wantMassQuery, priority) values (?, ?, ?, ?, ?)"); diff --git a/src/libstore/nar-info.cc b/src/libstore/nar-info.cc index b0a8d77c2fba..201cac671a55 100644 --- a/src/libstore/nar-info.cc +++ b/src/libstore/nar-info.cc @@ -67,6 +67,10 @@ NarInfo::NarInfo(const Store & store, const std::string & s, const std::string & system = value; else if (name == "Sig") sigs.insert(value); + else if (name == "CA") { + if (!ca.empty()) corrupt(); + ca = value; + } pos = eol + 1; } @@ -101,6 +105,9 @@ std::string NarInfo::to_string() const for (auto sig : sigs) res += "Sig: " + sig + "\n"; + if (!ca.empty()) + res += "CA: " + ca + "\n"; + return res; } diff --git a/src/libstore/remote-store.cc b/src/libstore/remote-store.cc index ab05c3844289..94075f3b9b39 100644 --- a/src/libstore/remote-store.cc +++ b/src/libstore/remote-store.cc @@ -94,6 +94,8 @@ ref<RemoteStore::Connection> RemoteStore::openConnection() conn->daemonVersion = readInt(conn->from); if (GET_PROTOCOL_MAJOR(conn->daemonVersion) != GET_PROTOCOL_MAJOR(PROTOCOL_VERSION)) throw Error("Nix daemon protocol version not supported"); + if (GET_PROTOCOL_MINOR(conn->daemonVersion) < 10) + throw Error("the Nix daemon version is too old"); conn->to << PROTOCOL_VERSION; if (GET_PROTOCOL_MINOR(conn->daemonVersion) >= 14) { @@ -127,17 +129,13 @@ void RemoteStore::setOptions(ref<Connection> conn) << settings.tryFallback << verbosity << settings.maxBuildJobs - << settings.maxSilentTime; - if (GET_PROTOCOL_MINOR(conn->daemonVersion) >= 2) - conn->to << settings.useBuildHook; - if (GET_PROTOCOL_MINOR(conn->daemonVersion) >= 4) - conn->to << (settings.verboseBuild ? lvlError : lvlVomit) - << 0 // obsolete log type - << 0 /* obsolete print build trace */; - if (GET_PROTOCOL_MINOR(conn->daemonVersion) >= 6) - conn->to << settings.buildCores; - if (GET_PROTOCOL_MINOR(conn->daemonVersion) >= 10) - conn->to << settings.useSubstitutes; + << settings.maxSilentTime + << settings.useBuildHook + << (settings.verboseBuild ? lvlError : lvlVomit) + << 0 // obsolete log type + << 0 /* obsolete print build trace */ + << settings.buildCores + << settings.useSubstitutes; if (GET_PROTOCOL_MINOR(conn->daemonVersion) >= 12) { Settings::SettingsMap overrides = settings.getOverrides(); @@ -213,8 +211,6 @@ void RemoteStore::querySubstitutablePathInfos(const PathSet & paths, auto conn(connections->get()); - if (GET_PROTOCOL_MINOR(conn->daemonVersion) < 3) return; - if (GET_PROTOCOL_MINOR(conn->daemonVersion) < 12) { for (auto & i : paths) { @@ -227,7 +223,7 @@ void RemoteStore::querySubstitutablePathInfos(const PathSet & paths, if (info.deriver != "") assertStorePath(info.deriver); info.references = readStorePaths<PathSet>(*this, conn->from); info.downloadSize = readLongLong(conn->from); - info.narSize = GET_PROTOCOL_MINOR(conn->daemonVersion) >= 7 ? readLongLong(conn->from) : 0; + info.narSize = readLongLong(conn->from); infos[i] = info; } @@ -277,6 +273,7 @@ std::shared_ptr<ValidPathInfo> RemoteStore::queryPathInfoUncached(const Path & p if (GET_PROTOCOL_MINOR(conn->daemonVersion) >= 16) { info->ultimate = readInt(conn->from) != 0; info->sigs = readStrings<StringSet>(conn->from); + info->ca = readString(conn->from); } return info; } @@ -481,11 +478,11 @@ void RemoteStore::collectGarbage(const GCOptions & options, GCResults & results) { auto conn(connections->get()); - conn->to << wopCollectGarbage << options.action << options.pathsToDelete << options.ignoreLiveness - << options.maxFreed << 0; - if (GET_PROTOCOL_MINOR(conn->daemonVersion) >= 5) + conn->to + << wopCollectGarbage << options.action << options.pathsToDelete << options.ignoreLiveness + << options.maxFreed /* removed options */ - conn->to << 0 << 0; + << 0 << 0 << 0; conn->processStderr(); @@ -562,7 +559,7 @@ void RemoteStore::Connection::processStderr(Sink * sink, Source * source) } if (msg == STDERR_ERROR) { string error = readString(from); - unsigned int status = GET_PROTOCOL_MINOR(daemonVersion) >= 8 ? readInt(from) : 1; + unsigned int status = readInt(from); throw Error(format("%1%") % error, status); } else if (msg != STDERR_LAST) diff --git a/src/libstore/schema.sql b/src/libstore/schema.sql index 91878af1580d..09c71a2b8dd7 100644 --- a/src/libstore/schema.sql +++ b/src/libstore/schema.sql @@ -6,7 +6,8 @@ create table if not exists ValidPaths ( deriver text, narSize integer, ultimate integer, -- null implies "false" - sigs text -- space-separated + sigs text, -- space-separated + ca text -- if not null, an assertion that the path is content-addressed; see ValidPathInfo ); create table if not exists Refs ( diff --git a/src/libstore/sqlite.cc b/src/libstore/sqlite.cc index 816f9984d6eb..ea0b843f5752 100644 --- a/src/libstore/sqlite.cc +++ b/src/libstore/sqlite.cc @@ -35,6 +35,13 @@ namespace nix { throw SQLiteError(format("%1%: %2%") % f.str() % sqlite3_errmsg(db)); } +SQLite::SQLite(const Path & path) +{ + if (sqlite3_open_v2(path.c_str(), &db, + SQLITE_OPEN_READWRITE | SQLITE_OPEN_CREATE, 0) != SQLITE_OK) + throw Error(format("cannot open SQLite database ‘%s’") % path); +} + SQLite::~SQLite() { try { @@ -45,6 +52,12 @@ SQLite::~SQLite() } } +void SQLite::exec(const std::string & stmt) +{ + if (sqlite3_exec(db, stmt.c_str(), 0, 0, 0) != SQLITE_OK) + throwSQLiteError(db, format("executing SQLite statement ‘%s’") % stmt); +} + void SQLiteStmt::create(sqlite3 * db, const string & s) { checkInterrupt(); diff --git a/src/libstore/sqlite.hh b/src/libstore/sqlite.hh index d6b4a8d9117b..7c1ed538215c 100644 --- a/src/libstore/sqlite.hh +++ b/src/libstore/sqlite.hh @@ -13,10 +13,16 @@ namespace nix { /* RAII wrapper to close a SQLite database automatically. */ struct SQLite { - sqlite3 * db; - SQLite() { db = 0; } + sqlite3 * db = 0; + SQLite() { } + SQLite(const Path & path); + SQLite(const SQLite & from) = delete; + SQLite& operator = (const SQLite & from) = delete; + SQLite& operator = (SQLite && from) { db = from.db; from.db = 0; return *this; } ~SQLite(); operator sqlite3 * () { return db; } + + void exec(const std::string & stmt); }; /* RAII wrapper to create and destroy SQLite prepared statements. */ diff --git a/src/libstore/store-api.cc b/src/libstore/store-api.cc index af002dcc8c33..5dd56f905d57 100644 --- a/src/libstore/store-api.cc +++ b/src/libstore/store-api.cc @@ -202,6 +202,22 @@ Path Store::makeFixedOutputPath(bool recursive, } +Path Store::makeTextPath(const string & name, const Hash & hash, + const PathSet & references) const +{ + assert(hash.type == htSHA256); + /* Stuff the references (if any) into the type. This is a bit + hacky, but we can't put them in `s' since that would be + ambiguous. */ + string type = "text"; + for (auto & i : references) { + type += ":"; + type += i; + } + return makeStorePath(type, hash, name); +} + + std::pair<Path, Hash> Store::computeStorePathForPath(const Path & srcPath, bool recursive, HashType hashAlgo, PathFilter & filter) const { @@ -215,16 +231,7 @@ std::pair<Path, Hash> Store::computeStorePathForPath(const Path & srcPath, Path Store::computeStorePathForText(const string & name, const string & s, const PathSet & references) const { - Hash hash = hashString(htSHA256, s); - /* Stuff the references (if any) into the type. This is a bit - hacky, but we can't put them in `s' since that would be - ambiguous. */ - string type = "text"; - for (auto & i : references) { - type += ":"; - type += i; - } - return makeStorePath(type, hash, name); + return makeTextPath(name, hashString(htSHA256, s), references); } @@ -432,9 +439,38 @@ void ValidPathInfo::sign(const SecretKey & secretKey) } -unsigned int ValidPathInfo::checkSignatures(const PublicKeys & publicKeys) const +bool ValidPathInfo::isContentAddressed(const Store & store) const +{ + auto warn = [&]() { + printMsg(lvlError, format("warning: path ‘%s’ claims to be content-addressed but isn't") % path); + }; + + if (hasPrefix(ca, "text:")) { + auto hash = parseHash(std::string(ca, 5)); + if (store.makeTextPath(storePathToName(path), hash, references) == path) + return true; + else + warn(); + } + + else if (hasPrefix(ca, "fixed:")) { + bool recursive = ca.compare(6, 2, "r:") == 0; + auto hash = parseHash(std::string(ca, recursive ? 8 : 6)); + if (store.makeFixedOutputPath(recursive, hash, storePathToName(path)) == path) + return true; + else + warn(); + } + + return false; +} + + +size_t ValidPathInfo::checkSignatures(const Store & store, const PublicKeys & publicKeys) const { - unsigned int good = 0; + if (isContentAddressed(store)) return maxSigs; + + size_t good = 0; for (auto & sig : sigs) if (checkSignature(publicKeys, sig)) good++; diff --git a/src/libstore/store-api.hh b/src/libstore/store-api.hh index 0b80312d6307..41fc58fc48e2 100644 --- a/src/libstore/store-api.hh +++ b/src/libstore/store-api.hh @@ -16,6 +16,13 @@ namespace nix { +struct BasicDerivation; +struct Derivation; +class FSAccessor; +class NarInfoDiskCache; +class Store; + + /* Size of the hash part of store paths, in base-32 characters. */ const size_t storePathHashLen = 32; // i.e. 160 bits @@ -109,6 +116,34 @@ struct ValidPathInfo StringSet sigs; // note: not necessarily verified + /* If non-empty, an assertion that the path is content-addressed, + i.e., that the store path is computed from a cryptographic hash + of the contents of the path, plus some other bits of data like + the "name" part of the path. Such a path doesn't need + signatures, since we don't have to trust anybody's claim that + the path is the output of a particular derivation. (In the + extensional store model, we have to trust that the *contents* + of an output path of a derivation were actually produced by + that derivation. In the intensional model, we have to trust + that a particular output path was produced by a derivation; the + path name then implies the contents.) + + Ideally, the content-addressability assertion would just be a + Boolean, and the store path would be computed from + ‘storePathToName(path)’, ‘narHash’ and ‘references’. However, + 1) we've accumulated several types of content-addressed paths + over the years; and 2) fixed-output derivations support + multiple hash algorithms and serialisation methods (flat file + vs NAR). Thus, ‘ca’ has one of the following forms: + + * ‘text:sha256:<sha256 hash of file contents>’: For paths + computed by makeTextPath() / addTextToStore(). + + * ‘fixed:<r?>:<ht>:<h>’: For paths computed by + makeFixedOutputPath() / addToStore(). + */ + std::string ca; + bool operator == (const ValidPathInfo & i) const { return @@ -117,19 +152,25 @@ struct ValidPathInfo && references == i.references; } - /* Return a fingerprint of the store path to be used in binary - cache signatures. It contains the store path, the base-32 - SHA-256 hash of the NAR serialisation of the path, the size of - the NAR, and the sorted references. The size field is strictly - speaking superfluous, but might prevent endless/excessive data - attacks. */ + /* Return a fingerprint of the store path to be used in binary + cache signatures. It contains the store path, the base-32 + SHA-256 hash of the NAR serialisation of the path, the size of + the NAR, and the sorted references. The size field is strictly + speaking superfluous, but might prevent endless/excessive data + attacks. */ std::string fingerprint() const; void sign(const SecretKey & secretKey); + /* Return true iff the path is verifiably content-addressed. */ + bool isContentAddressed(const Store & store) const; + + static const size_t maxSigs = std::numeric_limits<size_t>::max(); + /* Return the number of signatures on this .narinfo that were - produced by one of the specified keys. */ - unsigned int checkSignatures(const PublicKeys & publicKeys) const; + produced by one of the specified keys, or maxSigs if the path + is content-addressed. */ + size_t checkSignatures(const Store & store, const PublicKeys & publicKeys) const; /* Verify a single signature. */ bool checkSignature(const PublicKeys & publicKeys, const std::string & sig) const; @@ -169,12 +210,6 @@ struct BuildResult }; -struct BasicDerivation; -struct Derivation; -class FSAccessor; -class NarInfoDiskCache; - - class Store : public std::enable_shared_from_this<Store> { public: @@ -234,10 +269,12 @@ public: Path makeFixedOutputPath(bool recursive, const Hash & hash, const string & name) const; - /* This is the preparatory part of addToStore() and - addToStoreFixed(); it computes the store path to which srcPath - is to be copied. Returns the store path and the cryptographic - hash of the contents of srcPath. */ + Path makeTextPath(const string & name, const Hash & hash, + const PathSet & references) const; + + /* This is the preparatory part of addToStore(); it computes the + store path to which srcPath is to be copied. Returns the store + path and the cryptographic hash of the contents of srcPath. */ std::pair<Path, Hash> computeStorePathForPath(const Path & srcPath, bool recursive = true, HashType hashAlgo = htSHA256, PathFilter & filter = defaultPathFilter) const; @@ -491,7 +528,9 @@ protected: class LocalFSStore : public Store { public: + const Path rootDir; const Path stateDir; + const Path logDir; LocalFSStore(const Params & params); diff --git a/src/nix-daemon/nix-daemon.cc b/src/nix-daemon/nix-daemon.cc index 6e0d869f4c87..f2b59c84a858 100644 --- a/src/nix-daemon/nix-daemon.cc +++ b/src/nix-daemon/nix-daemon.cc @@ -413,12 +413,10 @@ static void performOp(ref<LocalStore> store, bool trusted, unsigned int clientVe options.pathsToDelete = readStorePaths<PathSet>(*store, from); options.ignoreLiveness = readInt(from); options.maxFreed = readLongLong(from); - readInt(from); // obsolete field - if (GET_PROTOCOL_MINOR(clientVersion) >= 5) { - /* removed options */ - readInt(from); - readInt(from); - } + // obsolete fields + readInt(from); + readInt(from); + readInt(from); GCResults results; @@ -440,17 +438,12 @@ static void performOp(ref<LocalStore> store, bool trusted, unsigned int clientVe verbosity = (Verbosity) readInt(from); settings.set("build-max-jobs", std::to_string(readInt(from))); settings.set("build-max-silent-time", std::to_string(readInt(from))); - if (GET_PROTOCOL_MINOR(clientVersion) >= 2) - settings.useBuildHook = readInt(from) != 0; - if (GET_PROTOCOL_MINOR(clientVersion) >= 4) { - settings.verboseBuild = lvlError == (Verbosity) readInt(from); - readInt(from); // obsolete logType - readInt(from); // obsolete printBuildTrace - } - if (GET_PROTOCOL_MINOR(clientVersion) >= 6) - settings.set("build-cores", std::to_string(readInt(from))); - if (GET_PROTOCOL_MINOR(clientVersion) >= 10) - settings.set("build-use-substitutes", readInt(from) ? "true" : "false"); + settings.useBuildHook = readInt(from) != 0; + settings.verboseBuild = lvlError == (Verbosity) readInt(from); + readInt(from); // obsolete logType + readInt(from); // obsolete printBuildTrace + settings.set("build-cores", std::to_string(readInt(from))); + settings.set("build-use-substitutes", readInt(from) ? "true" : "false"); if (GET_PROTOCOL_MINOR(clientVersion) >= 12) { unsigned int n = readInt(from); for (unsigned int i = 0; i < n; i++) { @@ -478,9 +471,7 @@ static void performOp(ref<LocalStore> store, bool trusted, unsigned int clientVe if (i == infos.end()) to << 0; else { - to << 1 << i->second.deriver << i->second.references << i->second.downloadSize; - if (GET_PROTOCOL_MINOR(clientVersion) >= 7) - to << i->second.narSize; + to << 1 << i->second.deriver << i->second.references << i->second.downloadSize << i->second.narSize; } break; } @@ -524,7 +515,8 @@ static void performOp(ref<LocalStore> store, bool trusted, unsigned int clientVe << info->registrationTime << info->narSize; if (GET_PROTOCOL_MINOR(clientVersion) >= 16) { to << info->ultimate - << info->sigs; + << info->sigs + << info->ca; } } else { assert(GET_PROTOCOL_MINOR(clientVersion) >= 17); @@ -585,11 +577,13 @@ static void processConnection(bool trusted) to.flush(); unsigned int clientVersion = readInt(from); + if (clientVersion < 0x10a) + throw Error("the Nix client version is too old"); + if (GET_PROTOCOL_MINOR(clientVersion) >= 14 && readInt(from)) setAffinityTo(readInt(from)); - if (GET_PROTOCOL_MINOR(clientVersion) >= 11) - readInt(from); // obsolete reserveSpace + readInt(from); // obsolete reserveSpace /* Send startup error messages to the client. */ startWork(); @@ -636,10 +630,10 @@ static void processConnection(bool trusted) during addTextToStore() / importPath(). If that happens, just send the error message and exit. */ bool errorAllowed = canSendStderr; - stopWork(false, e.msg(), GET_PROTOCOL_MINOR(clientVersion) >= 8 ? e.status : 0); + stopWork(false, e.msg(), e.status); if (!errorAllowed) throw; } catch (std::bad_alloc & e) { - stopWork(false, "Nix daemon out of memory", GET_PROTOCOL_MINOR(clientVersion) >= 8 ? 1 : 0); + stopWork(false, "Nix daemon out of memory", 1); throw; } @@ -653,7 +647,7 @@ static void processConnection(bool trusted) printMsg(lvlDebug, format("%1% operations") % opCount); } catch (Error & e) { - stopWork(false, e.msg(), GET_PROTOCOL_MINOR(clientVersion) >= 8 ? 1 : 0); + stopWork(false, e.msg(), 1); to.flush(); return; } diff --git a/src/nix-store/nix-store.cc b/src/nix-store/nix-store.cc index 8532101a174d..e8b56f929b13 100644 --- a/src/nix-store/nix-store.cc +++ b/src/nix-store/nix-store.cc @@ -483,6 +483,10 @@ static void opReadLog(Strings opFlags, Strings opArgs) RunPager pager; + // FIXME: move getting logs into Store. + auto store2 = std::dynamic_pointer_cast<LocalFSStore>(store); + if (!store2) throw Error(format("store ‘%s’ does not support reading logs") % store->getUri()); + for (auto & i : opArgs) { Path path = useDeriver(store->followLinksToStorePath(i)); @@ -493,8 +497,8 @@ static void opReadLog(Strings opFlags, Strings opArgs) Path logPath = j == 0 - ? (format("%1%/%2%/%3%/%4%") % settings.nixLogDir % drvsLogDir % string(baseName, 0, 2) % string(baseName, 2)).str() - : (format("%1%/%2%/%3%") % settings.nixLogDir % drvsLogDir % baseName).str(); + ? (format("%1%/%2%/%3%/%4%") % store2->logDir % drvsLogDir % string(baseName, 0, 2) % string(baseName, 2)).str() + : (format("%1%/%2%/%3%") % store2->logDir % drvsLogDir % baseName).str(); Path logBz2Path = logPath + ".bz2"; if (pathExists(logPath)) { diff --git a/src/nix/path-info.cc b/src/nix/path-info.cc index c61fe7ff1e00..dca22240b1cb 100644 --- a/src/nix/path-info.cc +++ b/src/nix/path-info.cc @@ -73,6 +73,7 @@ struct CmdPathInfo : StorePathsCommand std::cout << '\t'; Strings ss; if (info->ultimate) ss.push_back("ultimate"); + if (info->ca != "") ss.push_back("ca:" + info->ca); for (auto & sig : info->sigs) ss.push_back(sig); std::cout << concatStringsSep(" ", ss); } diff --git a/src/nix/verify.cc b/src/nix/verify.cc index fd904f465687..f2b6acdfbf0b 100644 --- a/src/nix/verify.cc +++ b/src/nix/verify.cc @@ -116,12 +116,16 @@ struct CmdVerify : StorePathsCommand } }; + if (info->isContentAddressed(*store)) validSigs = ValidPathInfo::maxSigs; + doSigs(info->sigs); for (auto & store2 : substituters) { if (validSigs >= actualSigsNeeded) break; try { - doSigs(store2->queryPathInfo(info->path)->sigs); + auto info2 = store2->queryPathInfo(info->path); + if (info2->isContentAddressed(*store)) validSigs = ValidPathInfo::maxSigs; + doSigs(info2->sigs); } catch (InvalidPath &) { } catch (Error & e) { printMsg(lvlError, format(ANSI_RED "error:" ANSI_NORMAL " %s") % e.what()); |