diff options
Diffstat (limited to 'tvix/nix-compat')
-rw-r--r-- | tvix/nix-compat/src/store_path/mod.rs | 13 | ||||
-rw-r--r-- | tvix/nix-compat/src/store_path/utils.rs | 9 |
2 files changed, 17 insertions, 5 deletions
diff --git a/tvix/nix-compat/src/store_path/mod.rs b/tvix/nix-compat/src/store_path/mod.rs index c744f1a46afe..3638ce6e87df 100644 --- a/tvix/nix-compat/src/store_path/mod.rs +++ b/tvix/nix-compat/src/store_path/mod.rs @@ -215,10 +215,21 @@ impl<'a> StorePathRef<'a> { } /// Construct a [StorePathRef] from a name and digest. + /// The name is validated, and the digest checked for size. pub fn from_name_and_digest(name: &'a str, digest: &[u8]) -> Result<Self, Error> { + let digest_fixed = digest.try_into().map_err(|_| Error::InvalidLength)?; + Self::from_name_and_digest_fixed(name, digest_fixed) + } + + /// Construct a [StorePathRef] from a name and digest of correct length. + /// The name is validated. + pub fn from_name_and_digest_fixed( + name: &'a str, + digest: [u8; DIGEST_SIZE], + ) -> Result<Self, Error> { Ok(Self { name: validate_name(name.as_bytes())?, - digest: digest.try_into().map_err(|_| Error::InvalidLength)?, + digest, }) } diff --git a/tvix/nix-compat/src/store_path/utils.rs b/tvix/nix-compat/src/store_path/utils.rs index d060e0eac925..d6f390db85c2 100644 --- a/tvix/nix-compat/src/store_path/utils.rs +++ b/tvix/nix-compat/src/store_path/utils.rs @@ -1,6 +1,6 @@ use crate::nixbase32; use crate::nixhash::{CAHash, NixHash}; -use crate::store_path::{Error, StorePathRef, DIGEST_SIZE, STORE_DIR}; +use crate::store_path::{Error, StorePathRef, STORE_DIR}; use data_encoding::HEXLOWER; use sha2::{Digest, Sha256}; use thiserror; @@ -154,10 +154,11 @@ fn build_store_path_from_fingerprint_parts<'a>( "{ty}:sha256:{}:{STORE_DIR}:{name}", HEXLOWER.encode(inner_digest) ); - let digest: [u8; DIGEST_SIZE] = compress_hash(&Sha256::new_with_prefix(fingerprint).finalize()); - // name validation happens in here. - StorePathRef::from_name_and_digest(name, &digest) + StorePathRef::from_name_and_digest_fixed( + name, + compress_hash(&Sha256::new_with_prefix(fingerprint).finalize()), + ) } /// This contains the Nix logic to create "text hash strings", which are used |