about summary refs log tree commit diff
path: root/third_party/nix/src/nix/verify.cc
diff options
context:
space:
mode:
Diffstat (limited to 'third_party/nix/src/nix/verify.cc')
-rw-r--r--third_party/nix/src/nix/verify.cc171
1 files changed, 0 insertions, 171 deletions
diff --git a/third_party/nix/src/nix/verify.cc b/third_party/nix/src/nix/verify.cc
deleted file mode 100644
index 7de46f2a9c..0000000000
--- a/third_party/nix/src/nix/verify.cc
+++ /dev/null
@@ -1,171 +0,0 @@
-#include <atomic>
-
-#include <glog/logging.h>
-
-#include "libmain/shared.hh"
-#include "libstore/store-api.hh"
-#include "libutil/sync.hh"
-#include "libutil/thread-pool.hh"
-#include "nix/command.hh"
-
-namespace nix {
-struct CmdVerify final : StorePathsCommand {
-  bool noContents = false;
-  bool noTrust = false;
-  Strings substituterUris;
-  size_t sigsNeeded = 0;
-
-  CmdVerify() {
-    mkFlag(0, "no-contents", "do not verify the contents of each store path",
-           &noContents);
-    mkFlag(0, "no-trust", "do not verify whether each store path is trusted",
-           &noTrust);
-    mkFlag()
-        .longName("substituter")
-        .shortName('s')
-        .labels({"store-uri"})
-        .description("use signatures from specified store")
-        .arity(1)
-        .handler([&](std::vector<std::string> ss) {
-          substituterUris.push_back(ss[0]);
-        });
-    mkIntFlag('n', "sigs-needed",
-              "require that each path has at least N valid signatures",
-              &sigsNeeded);
-  }
-
-  std::string name() override { return "verify"; }
-
-  std::string description() override {
-    return "verify the integrity of store paths";
-  }
-
-  Examples examples() override {
-    return {
-        Example{"To verify the entire Nix store:", "nix verify --all"},
-        Example{"To check whether each path in the closure of Firefox has at "
-                "least 2 signatures:",
-                "nix verify -r -n2 --no-contents $(type -p firefox)"},
-    };
-  }
-
-  void run(ref<Store> store, Paths storePaths) override {
-    std::vector<ref<Store>> substituters;
-    for (auto& s : substituterUris) {
-      substituters.push_back(openStore(s));
-    }
-
-    auto publicKeys = getDefaultPublicKeys();
-
-    std::atomic<size_t> done{0};
-    std::atomic<size_t> untrusted{0};
-    std::atomic<size_t> corrupted{0};
-    std::atomic<size_t> failed{0};
-    std::atomic<size_t> active{0};
-
-    ThreadPool pool;
-
-    auto doPath = [&](const Path& storePath) {
-      try {
-        checkInterrupt();
-
-        LOG(INFO) << "checking '" << storePath << "'";
-
-        MaintainCount<std::atomic<size_t>> mcActive(active);
-
-        auto info = store->queryPathInfo(storePath);
-
-        if (!noContents) {
-          HashSink sink(info->narHash.type);
-          store->narFromPath(info->path, sink);
-
-          auto hash = sink.finish();
-
-          if (hash.first != info->narHash) {
-            corrupted++;
-            LOG(WARNING) << "path '" << info->path
-                         << "' was modified! expected hash '"
-                         << info->narHash.to_string() << "', got '"
-                         << hash.first.to_string() << "'";
-          }
-        }
-
-        if (!noTrust) {
-          bool good = false;
-
-          if (info->ultimate && (sigsNeeded == 0u)) {
-            good = true;
-
-          } else {
-            StringSet sigsSeen;
-            size_t actualSigsNeeded =
-                std::max(sigsNeeded, static_cast<size_t>(1));
-            size_t validSigs = 0;
-
-            auto doSigs = [&](const StringSet& sigs) {
-              for (const auto& sig : sigs) {
-                if (sigsSeen.count(sig) != 0u) {
-                  continue;
-                }
-                sigsSeen.insert(sig);
-                if (validSigs < ValidPathInfo::maxSigs &&
-                    info->checkSignature(publicKeys, sig)) {
-                  validSigs++;
-                }
-              }
-            };
-
-            if (info->isContentAddressed(*store)) {
-              validSigs = ValidPathInfo::maxSigs;
-            }
-
-            doSigs(info->sigs);
-
-            for (auto& store2 : substituters) {
-              if (validSigs >= actualSigsNeeded) {
-                break;
-              }
-              try {
-                auto info2 = store2->queryPathInfo(info->path);
-                if (info2->isContentAddressed(*store)) {
-                  validSigs = ValidPathInfo::maxSigs;
-                }
-                doSigs(info2->sigs);
-              } catch (InvalidPath&) {
-              } catch (Error& e) {
-                LOG(ERROR) << e.what();
-              }
-            }
-
-            if (validSigs >= actualSigsNeeded) {
-              good = true;
-            }
-          }
-
-          if (!good) {
-            untrusted++;
-            LOG(WARNING) << "path '" << info->path << "' is untrusted";
-          }
-        }
-
-        done++;
-
-      } catch (Error& e) {
-        LOG(ERROR) << e.what();
-        failed++;
-      }
-    };
-
-    for (auto& storePath : storePaths) {
-      pool.enqueue(std::bind(doPath, storePath));
-    }
-
-    pool.process();
-
-    throw Exit((corrupted != 0u ? 1 : 0) | (untrusted != 0u ? 2 : 0) |
-               (failed != 0u ? 4 : 0));
-  }
-};
-}  // namespace nix
-
-static nix::RegisterCommand r1(nix::make_ref<nix::CmdVerify>());
generated by cgit-pink 1.4.1 (git 2.44.0) at 2024-05-03T12ยท20+0000