From b618fa6eb6aa4cc128286ab748bfb100fa46a888 Mon Sep 17 00:00:00 2001 From: Eelco Dolstra Date: Mon, 29 Jan 2007 15:51:37 +0000 Subject: * computeStorePathForText: take the references into account when computing the store path (NIX-77). This is an important security property in multi-user Nix stores. Note that this changes the store paths of derivations (since the derivation aterms are added using addTextToStore), but not most outputs (unless they use builtins.toFile). --- src/libstore/store-api.cc | 15 +++++++++++++-- 1 file changed, 13 insertions(+), 2 deletions(-) (limited to 'src/libstore/store-api.cc') diff --git a/src/libstore/store-api.cc b/src/libstore/store-api.cc index be9ea788bc20..6ffbaf1ebf1e 100644 --- a/src/libstore/store-api.cc +++ b/src/libstore/store-api.cc @@ -73,6 +73,8 @@ Path makeStorePath(const string & type, string s = type + ":sha256:" + printHash(hash) + ":" + nixStore + ":" + suffix; + printMsg(lvlError, s); + checkStoreName(suffix); return nixStore + "/" @@ -114,10 +116,19 @@ std::pair computeStorePathForPath(const Path & srcPath, } -Path computeStorePathForText(const string & suffix, const string & s) +Path computeStorePathForText(const string & suffix, const string & s, + const PathSet & references) { Hash hash = hashString(htSHA256, s); - return makeStorePath("text", hash, suffix); + /* Stuff the references (if any) into the type. This is a bit + hacky, but we can't put them in `s' since that would be + ambiguous. */ + string type = "text"; + for (PathSet::const_iterator i = references.begin(); i != references.end(); ++i) { + type += ":"; + type += *i; + } + return makeStorePath(type, hash, suffix); } -- cgit 1.4.1