From 673f5febbb0fe08a8465d1f12854b603935bb15f Mon Sep 17 00:00:00 2001 From: Florian Klink Date: Wed, 11 Oct 2023 12:52:33 +0200 Subject: feat(tvix/nar-bridge): stop parsing nixbase32 manually, validate We have nixhash.FromHashTypeAndDigest now. Also, run Validate() on the PathInfo received from the remote PathInfoService. Change-Id: I14db0d9356c539c084afc9dd712314b56da2587e Reviewed-on: https://cl.tvl.fyi/c/depot/+/9652 Tested-by: BuildkiteCI Reviewed-by: Brian McGee --- tvix/nar-bridge/pkg/http/nar_put.go | 8 ++------ tvix/nar-bridge/pkg/http/narinfo_get.go | 26 ++++++++++++++++++++++---- 2 files changed, 24 insertions(+), 10 deletions(-) diff --git a/tvix/nar-bridge/pkg/http/nar_put.go b/tvix/nar-bridge/pkg/http/nar_put.go index 16e257537898..d074fcb20f00 100644 --- a/tvix/nar-bridge/pkg/http/nar_put.go +++ b/tvix/nar-bridge/pkg/http/nar_put.go @@ -10,7 +10,6 @@ import ( "code.tvl.fyi/tvix/nar-bridge/pkg/importer" "github.com/go-chi/chi/v5" nixhash "github.com/nix-community/go-nix/pkg/hash" - "github.com/nix-community/go-nix/pkg/nixbase32" "github.com/sirupsen/logrus" log "github.com/sirupsen/logrus" ) @@ -101,11 +100,8 @@ func registerNarPut(s *Server) { } // Compare the nar hash specified in the URL with the one that has been - // calculated while processing the NAR file - // TODO: bump go-nix and remove the parsing - narHash, err := nixhash.ParseNixBase32( - "sha256:" + nixbase32.EncodeToString(narSha256), - ) + // calculated while processing the NAR file. + narHash, err := nixhash.FromHashTypeAndDigest(0x12, narSha256) if err != nil { panic("must parse nixbase32") } diff --git a/tvix/nar-bridge/pkg/http/narinfo_get.go b/tvix/nar-bridge/pkg/http/narinfo_get.go index 6a537237a88b..d46125f58528 100644 --- a/tvix/nar-bridge/pkg/http/narinfo_get.go +++ b/tvix/nar-bridge/pkg/http/narinfo_get.go @@ -51,11 +51,29 @@ func renderNarinfo( return fmt.Errorf("unable to get pathinfo: %w", err) } - // TODO: don't parse - narHash, err := nixhash.ParseNixBase32("sha256:" + nixbase32.EncodeToString(pathInfo.GetNarinfo().GetNarSha256())) + log = log.WithField("pathInfo", pathInfo) + + // The PathInfo received needs to be valid, and contain a NARInfo field. + if _, err := pathInfo.Validate(); err != nil { + log.WithError(err).Error("unable to validate PathInfo") + + return fmt.Errorf("unable to validate PathInfo: %w", err) + } + + // Ensure the PathInfo contains a NARInfo field + if pathInfo.GetNarinfo() == nil { + log.Error("PathInfo doesn't contain Narinfo field") + + return fmt.Errorf("PathInfo doesn't contain Narinfo field") + } + + // extract the NARHash + narHash, err := nixhash.FromHashTypeAndDigest(0x12, pathInfo.GetNarinfo().GetNarSha256()) if err != nil { - // TODO: return proper error - return fmt.Errorf("No usable NarHash found in PathInfo") + // TODO: replace with panic once we use cl/9649 + + log.WithError(err).Error("invalid NarHash in PathInfo") + return fmt.Errorf("invalid NarHash in PathInfo") } // add things to the lookup table, in case the same process didn't handle the NAR hash yet. -- cgit 1.4.1