From 833957b3749d4d31ccb7aeb96a8fb25ebb931e67 Mon Sep 17 00:00:00 2001
From: Florian Klink <flokli@flokli.de>
Date: Thu, 19 Oct 2023 13:50:05 +0100
Subject: feat(tvix/store/protos): add CA field

This adds support to represent the `CA` field found in some .narinfo
files. As `deriver`, it's also a subfield of the `narinfo` field.

Extending nix-compat with a more accessible data structure that can
take care of formatting, as well as writing validation functions in Rust
+ Golang, and integrating it into nar-bridge is something for a followup
CL.

Change-Id: I71e9c30957bcd03051a491aa54d7baac25b6dd2d
Reviewed-on: https://cl.tvl.fyi/c/depot/+/9795
Autosubmit: flokli <flokli@flokli.de>
Tested-by: BuildkiteCI
Reviewed-by: Connor Brewster <cbrewster@hey.com>
---
 tvix/store/protos/pathinfo.proto | 56 ++++++++++++++++++++++++++++++++++++++++
 tvix/store/src/bin/tvix-store.rs |  5 ++++
 tvix/store/src/tests/fixtures.rs |  3 ++-
 3 files changed, 63 insertions(+), 1 deletion(-)

(limited to 'tvix/store')

diff --git a/tvix/store/protos/pathinfo.proto b/tvix/store/protos/pathinfo.proto
index abddf31acd..556219e3d4 100644
--- a/tvix/store/protos/pathinfo.proto
+++ b/tvix/store/protos/pathinfo.proto
@@ -69,4 +69,60 @@ message NARInfo {
     // The StorePath of the .drv file producing this output.
     // The .drv suffix is omitted in its `name` field.
     StorePath deriver = 5;
+
+    // The CA field in the .narinfo.
+    // Its textual representations seen in the wild are one of the following:
+    //  - `fixed:r:sha256:1gcky5hlf5vqfzpyhihydmm54grhc94mcs8w7xr8613qsqb1v2j6`
+    //    fixed-output derivations using "recursive" `outputHashMode`.
+    //  - `fixed:sha256:19xqkh72crbcba7flwxyi3n293vav6d7qkzkh2v4zfyi4iia8vj8
+    //    fixed-output derivations using "flat" `outputHashMode`
+    //  - `text:sha256:19xqkh72crbcba7flwxyi3n293vav6d7qkzkh2v4zfyi4iia8vj8`
+    //    Text hashing, used for uploaded .drv files and outputs produced by
+    //    builtins.toFile.
+    //
+    // Semantically, they can be split into the following components:
+    //  - "content address prefix". Currently, "fixed" and "text" are supported.
+    //  - "hash mode". Currently, "flat" and "recursive" are supported.
+    //  - "hash type". The underlying hash function used.
+    //    Currently, sha1, md5, sha256, sha512.
+    //  - "digest". The digest itself.
+    //
+    // There are some restrictions on the possible combinations.
+    // For example, `text` and `fixed:recursive` always imply sha256.
+    //
+    // We use an enum to encode the possible combinations, and optimize
+    // for the common case, `fixed:recursive`, identified as `NAR_SHA256`.
+    CA ca = 6;
+
+    message CA {
+        enum Hash {
+            // produced when uploading fixed-output store paths using NAR-based
+            // hashing (`outputHashMode = "recursive"`).
+            NAR_SHA256 = 0;
+            NAR_SHA1 = 1;
+            NAR_SHA512 = 2;
+            NAR_MD5 = 3;
+
+            // Produced when uploading .drv files or outputs produced by
+            // builtins.toFile.
+            // Produces equivalent digests as FLAT_SHA256, but is a separate
+            // hashing type in Nix, affecting output path calculation.
+            TEXT_SHA256 = 4;
+
+            // Produced when using fixed-output derivations with
+            // `outputHashMode = "flat"`.
+            FLAT_SHA1 = 5;
+            FLAT_MD5 = 6;
+            FLAT_SHA256 = 7;
+            FLAT_SHA512 = 8;
+
+            // TODO: what happens in Rust if we introduce a new enum kind here?
+        }
+
+        // The hashing type used.
+        Hash type = 1;
+
+        // The digest, in raw bytes.
+        bytes digest = 2;
+    }
 }
diff --git a/tvix/store/src/bin/tvix-store.rs b/tvix/store/src/bin/tvix-store.rs
index 891b10da69..3f7d984cd0 100644
--- a/tvix/store/src/bin/tvix-store.rs
+++ b/tvix/store/src/bin/tvix-store.rs
@@ -21,6 +21,7 @@ use tvix_castore::proto::GRPCBlobServiceWrapper;
 use tvix_castore::proto::GRPCDirectoryServiceWrapper;
 use tvix_castore::proto::NamedNode;
 use tvix_store::pathinfoservice;
+use tvix_store::proto::nar_info;
 use tvix_store::proto::path_info_service_server::PathInfoServiceServer;
 use tvix_store::proto::GRPCPathInfoServiceWrapper;
 use tvix_store::proto::NarInfo;
@@ -303,6 +304,10 @@ async fn main() -> Result<(), Box<dyn std::error::Error>> {
                                 signatures: vec![],
                                 reference_names: vec![],
                                 deriver: None,
+                                ca: Some(nar_info::Ca {
+                                    r#type: tvix_store::proto::nar_info::ca::Hash::NarSha256.into(),
+                                    digest: nar_sha256.to_vec().into(),
+                                }),
                             }),
                         };
 
diff --git a/tvix/store/src/tests/fixtures.rs b/tvix/store/src/tests/fixtures.rs
index 95e77e3ba7..3f37d4a2a5 100644
--- a/tvix/store/src/tests/fixtures.rs
+++ b/tvix/store/src/tests/fixtures.rs
@@ -2,7 +2,7 @@ use lazy_static::lazy_static;
 pub use tvix_castore::fixtures::*;
 use tvix_castore::proto as castorepb;
 
-use crate::proto::{NarInfo, PathInfo};
+use crate::proto::{nar_info::ca, nar_info::Ca, NarInfo, PathInfo};
 
 pub const DUMMY_NAME: &str = "00000000000000000000000000000000-dummy";
 
@@ -121,6 +121,7 @@ lazy_static! {
             signatures: vec![],
             reference_names: vec![DUMMY_NAME.to_string()],
             deriver: None,
+            ca: Some(Ca { r#type: ca::Hash::NarSha256.into(), digest:  DUMMY_DIGEST.clone().into() })
         }),
       ..PATH_INFO_WITHOUT_NARINFO.clone()
     };
-- 
cgit 1.4.1