about summary refs log tree commit diff
path: root/tvix/nix-compat/src/narinfo
AgeCommit message (Collapse)AuthorFilesLines
2024-10-11 r/8787 refactor(tvix/store): use strictly typed PathInfo structMarijan Petričević1-1/+1
This switches the PathInfoService trait from using the proto-derived PathInfo struct to a more restrictive struct, and updates all implementations to use it. It removes a lot of the previous conversion and checks, as invalid states became nonrepresentable, and validations are expressed on the type level. PathInfoService implementations consuming protobuf need to convert and do the verification internally, and can only return the strongly typed variant. The nix_compat::narinfo::NarInfo conversions for the proto PathInfo are removed, we only keep a version showing a NarInfo representation for the strong struct. Converting back to a PathInfo requires the root node now, but is otherwise trivial, so left to the users. Co-Authored-By: Florian Klink <flokli@flokli.de> Change-Id: I6fdfdb44063efebb44a8f0097b6b81a828717e03 Reviewed-on: https://cl.tvl.fyi/c/depot/+/12588 Reviewed-by: flokli <flokli@flokli.de> Tested-by: BuildkiteCI
2024-08-19 r/8540 feat(nix-compat/narinfo/signature): generalize name fieldFlorian Klink4-35/+101
Requiring `name` to be a `&str` means it'll get annoying to pass around `Signature`, but being able to pass them around in an owned fashion is kinda a requirement for a stronger typed `PathInfo` struct, where we want to have full ownership. Rework the `Signature` struct to become generic over the type of the `name` field. This means, it becomes possible to have owned versions of it. We don't want to impose `String` or `SmolStr` for example, but want to leave it up to the nix-compat user to decide. Provide a type alias for the existing `&str` variant (`SignatureRef`), and use it where we previously used the non-generic `Signature` one. Add some tests to ensure it's possible to *use* `Signature` with both `String` and `SmolStr` (but only pull in `smol_str` as dev dependency for the tests). Also, add some more docstrings, these were a bit sparse. Change-Id: I3f75691498c6bda9cd072d2d9dac83c4f6c57287 Reviewed-on: https://cl.tvl.fyi/c/depot/+/12253 Autosubmit: flokli <flokli@flokli.de> Tested-by: BuildkiteCI Reviewed-by: raitobezarius <tvl@lahfa.xyz>
2024-08-19 r/8536 refactor(nix-compat/narinfo/signature): use ed25519::SignatureBytesFlorian Klink1-4/+5
It's a `[u8; SIGNATURE_LENGTH]` type alias, and conveys what we're accepting or returning a bit nicer. Change-Id: I974cd97d56d383e51417eb0f26e1431a05711922 Reviewed-on: https://cl.tvl.fyi/c/depot/+/12252 Tested-by: BuildkiteCI Autosubmit: flokli <flokli@flokli.de> Reviewed-by: raitobezarius <tvl@lahfa.xyz>
2024-07-21 r/8395 feat(tvix/nix-compat): add SigningKey, NARInfo::add_signatureFlorian Klink2-0/+185
This adds a generic `SigningKey` struct that can be used to sign NARInfos with signers. It also includes tooling to parse keypairs from bytes generated by Nix, returning a specialized ed25519_dalek variant. Change-Id: Ic9780c370939af54e7177c93cde3321adf189fc3 Reviewed-on: https://cl.tvl.fyi/c/depot/+/12014 Reviewed-by: raitobezarius <tvl@lahfa.xyz> Autosubmit: flokli <flokli@flokli.de> Tested-by: BuildkiteCI
2024-07-21 r/8394 refactor(tvix/nix-compat): rename PubKey to VerifyingKeyFlorian Klink2-16/+16
Align these with the way it's called in the ed25519 crates. Change-Id: Ia52d3bb9bf831dc6b5f7d5356f5ac62135672883 Reviewed-on: https://cl.tvl.fyi/c/depot/+/12013 Tested-by: BuildkiteCI Reviewed-by: raitobezarius <tvl@lahfa.xyz> Autosubmit: flokli <flokli@flokli.de>
2024-06-28 r/8318 feat(nix-compat/narinfo/pubkey): derive Clone, [Partial]EqFlorian Klink1-1/+1
We want to use this in another struct that we want to compare and clone. Change-Id: I5c11d589a4922d85e190e1a9199468411016ff1e Reviewed-on: https://cl.tvl.fyi/c/depot/+/11887 Autosubmit: flokli <flokli@flokli.de> Reviewed-by: Brian Olsen <me@griff.name> Tested-by: BuildkiteCI
2024-04-19 r/7968 chore(nix-compat/narinfo): migrate from test_case to rstestFlorian Klink2-33/+42
Change-Id: Ibd3cd1bc0d9deaf018a66748cea56af51451703c Reviewed-on: https://cl.tvl.fyi/c/depot/+/11467 Autosubmit: flokli <flokli@flokli.de> Reviewed-by: Connor Brewster <cbrewster@hey.com> Tested-by: BuildkiteCI
2024-04-13 r/7891 feat(tvix/nix-compat): impl Deserialize, Serialize for SignatureFlorian Klink1-1/+47
Change-Id: I30294079129b0e5b4faa3272e09df982d3ef2178 Reviewed-on: https://cl.tvl.fyi/c/depot/+/11394 Reviewed-by: raitobezarius <tvl@lahfa.xyz> Tested-by: BuildkiteCI
2023-12-21 r/7241 docs(nix-compat/narinfo): fix referenceFlorian Klink1-1/+1
Change-Id: Ib3a5414afed738ba6178ec69d38a4169c9b24714 Reviewed-on: https://cl.tvl.fyi/c/depot/+/10395 Autosubmit: flokli <flokli@flokli.de> Tested-by: BuildkiteCI Reviewed-by: edef <edef@edef.eu>
2023-12-21 r/7240 docs(nix-compat/narinfo/fingerprint): fix referenceFlorian Klink1-1/+1
Change-Id: Icc56aa178247b3985a406421b7d8d449c63f8231 Reviewed-on: https://cl.tvl.fyi/c/depot/+/10394 Tested-by: BuildkiteCI Reviewed-by: edef <edef@edef.eu> Autosubmit: flokli <flokli@flokli.de>
2023-12-21 r/7235 refactor(nix-compat/narinfo/fingerprint): move to StorePathRefFlorian Klink1-2/+2
With the introduction of StorePathRef::to_absolute_path(), there's no need to convert this StorePathRef to a StorePath first. Change-Id: I634c977c4b63858e4f329fd21726e0611b99da4a Reviewed-on: https://cl.tvl.fyi/c/depot/+/10388 Tested-by: BuildkiteCI Reviewed-by: edef <edef@edef.eu> Autosubmit: flokli <flokli@flokli.de>
2023-12-09 r/7136 refactor(nix-compat/narinfo): address clippy lintsFlorian Klink3-3/+3
Change-Id: I00f28624ec0469525e52f408f00caa20d3b701b8 Reviewed-on: https://cl.tvl.fyi/c/depot/+/10229 Autosubmit: flokli <flokli@flokli.de> Tested-by: BuildkiteCI Reviewed-by: tazjin <tazjin@tvl.su>
2023-11-28 r/7084 feat(nix-compat/narinfo): add PubKey::verify(fp, sig)Florian Klink1-0/+32
This makes it easy for each PubKey to check if a given Signature is correct for a given fingerprint. Change-Id: I56e6211d133f74f390fd1ae3ae799eef12221904 Reviewed-on: https://cl.tvl.fyi/c/depot/+/10151 Reviewed-by: tazjin <tazjin@tvl.su> Autosubmit: flokli <flokli@flokli.de> Tested-by: BuildkiteCI
2023-11-28 r/7083 feat(nix-compat/narinfo): add PubKeyFlorian Klink2-0/+119
This represents a ed25519 public key and "name". These are normally passed in the `trusted-public-keys` Nix config option, and consist of a name and base64-encoded ed25519 pubkey, separated by a `:`. Change-Id: I9ab4b3e0e5821805ea6faf2499626630fc5a3f0a Reviewed-on: https://cl.tvl.fyi/c/depot/+/10150 Autosubmit: flokli <flokli@flokli.de> Reviewed-by: tazjin <tazjin@tvl.su> Tested-by: BuildkiteCI
2023-11-28 r/7082 refactor(nix-compat/narinfo/signature): rename Error typeFlorian Klink2-9/+7
Just call this Error, we can infer from the package what error this is. Change-Id: I5df25d2873ec739c49c08804f35562c84c222e06 Reviewed-on: https://cl.tvl.fyi/c/depot/+/10149 Reviewed-by: tazjin <tazjin@tvl.su> Tested-by: BuildkiteCI
2023-11-27 r/7075 fix(nix-compat/narinfo/signature): validate name fieldFlorian Klink1-2/+15
We should restrict this to alphanumeric mostly, and we definitely don't want newlines. Not entirely sure about the exact additionally allowed characters outside of alphanumeric, but this can always be extended further. Change-Id: I1357e79e553f2df2fa97792889f63f0f35d50ed5 Reviewed-on: https://cl.tvl.fyi/c/depot/+/10147 Reviewed-by: edef <edef@edef.eu> Tested-by: BuildkiteCI Autosubmit: flokli <flokli@flokli.de>
2023-11-27 r/7074 fix(nix-compat/narinfo): don't panic trying to parse signaturesFlorian Klink1-6/+13
BASE64.decode_mut panics if we're passing data that has the wrong size. Do the size check first and error out there. Also update the error, and talk about b64-encoded sizes. Change-Id: I290f80a37d48526a30bf1df9d1d9fe34865008eb Reviewed-on: https://cl.tvl.fyi/c/depot/+/10146 Tested-by: BuildkiteCI Reviewed-by: edef <edef@edef.eu> Autosubmit: flokli <flokli@flokli.de>
2023-11-27 r/7073 refactor(nix-compat): use ed25519_dalek::SIGNATURE_LENGTHFlorian Klink1-8/+9
No need to hardcode magic numbers here, we have a constant for that. Change-Id: I67b671c0c4bb7c3bfb001e9c36499f31873ee717 Reviewed-on: https://cl.tvl.fyi/c/depot/+/10145 Reviewed-by: edef <edef@edef.eu> Autosubmit: flokli <flokli@flokli.de> Tested-by: BuildkiteCI
2023-11-22 r/7050 feat(nix-compat/narinfo/signature): add new() constructorFlorian Klink1-0/+5
This is useful when creating a new Signature struct where the individual elements are already parsed. Change-Id: Ie33c66287641951e7a030aaa1e7ff0a86b2628ac Reviewed-on: https://cl.tvl.fyi/c/depot/+/10111 Reviewed-by: edef <edef@edef.eu> Autosubmit: flokli <flokli@flokli.de> Tested-by: BuildkiteCI
2023-11-22 r/7046 feat(nix-compat/narinfo): drop .drv from Narinfo.deriver fieldFlorian Klink1-12/+15
We always know this needs to end with a .drv, and fail parsing if it doesn't, so there's no need to hang onto these 4 bytes. This will make it much easier to synthesize a NarInfo<'_> later on from a PathInfo proto, because we don't have to make this ".drv" appear out of thin air. Change-Id: Id95e7fd937d7c9a420a39b5a4bab73985640ca3b Reviewed-on: https://cl.tvl.fyi/c/depot/+/10084 Tested-by: BuildkiteCI Reviewed-by: edef <edef@edef.eu> Reviewed-by: raitobezarius <tvl@lahfa.xyz> Autosubmit: flokli <flokli@flokli.de>
2023-11-22 r/7045 refactor(tvix/nix-compat): cleanup parse_{ca,hash} and fmt structsFlorian Klink1-80/+6
These were used to format to and parse from strings. Move this to the CAHash and NixHash structs directly, and be explicit in the name about which encoding for digests is used. For output path calculation, nix encodes the nixpaths in hex, but for writing out NARInfos, it's using nixbase32. Change-Id: Ia585a76a3811b2609e7ce259fda66a29403b7e07 Reviewed-on: https://cl.tvl.fyi/c/depot/+/10079 Reviewed-by: raitobezarius <tvl@lahfa.xyz> Tested-by: BuildkiteCI Autosubmit: flokli <flokli@flokli.de>
2023-11-19 r/7043 feat(tvix/nix-compat/narinfo): add fingerprintFlorian Klink2-0/+64
This adds support to compute the fingerprint string, which is what's ed25519-signed in binary caches. Change-Id: I8947239c609896acfd7261f110450014bedf465a Reviewed-on: https://cl.tvl.fyi/c/depot/+/10080 Reviewed-by: raitobezarius <tvl@lahfa.xyz> Autosubmit: flokli <flokli@flokli.de> Tested-by: BuildkiteCI
2023-11-19 r/7042 feat(tvix/nix-compat): add narinfo::Signature::verifyFlorian Klink1-0/+54
This adds support for verifying signatures found in NARInfo files. This still needs to be hooked together with the nix+http[s] backend. Change-Id: Ic1c8ddbdecfb05cefca2492808388b0f7f3f2637 Reviewed-on: https://cl.tvl.fyi/c/depot/+/10081 Autosubmit: flokli <flokli@flokli.de> Reviewed-by: raitobezarius <tvl@lahfa.xyz> Tested-by: BuildkiteCI
2023-11-19 r/7040 refactor(nix-compat/narinfo): move signature into separate fileFlorian Klink2-52/+59
Change-Id: Ic257475e2afebf059c5317c1cc5b04ba63d5d318 Reviewed-on: https://cl.tvl.fyi/c/depot/+/10078 Tested-by: BuildkiteCI Autosubmit: flokli <flokli@flokli.de> Reviewed-by: raitobezarius <tvl@lahfa.xyz>
2023-11-19 r/7039 refactor(tvix/nix-compat): move narinfo into separate modFlorian Klink1-0/+629
Change-Id: Id85f979e46946da0345483cbbc6de3dd29c94c63 Reviewed-on: https://cl.tvl.fyi/c/depot/+/10077 Tested-by: BuildkiteCI Autosubmit: flokli <flokli@flokli.de> Reviewed-by: raitobezarius <tvl@lahfa.xyz>