1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
|
// SPDX-License-Identifier: MIT
// Copyright © 2022 The Tvix Authors
syntax = "proto3";
package tvix.store.v1;
import "tvix/castore/protos/castore.proto";
option go_package = "code.tvl.fyi/tvix/store-go;storev1";
// PathInfo shows information about a Nix Store Path.
// That's a single element inside /nix/store.
message PathInfo {
// The path can be a directory, file or symlink.
tvix.castore.v1.Node node = 1;
// List of references (output path hashes)
// This really is the raw *bytes*, after decoding nixbase32, and not a
// base32-encoded string.
repeated bytes references = 2;
// see below.
NARInfo narinfo = 3;
}
// Represents a path in the Nix store (a direct child of STORE_DIR).
// It is commonly formatted by a nixbase32-encoding the digest, and
// concatenating the name, separated by a `-`.
message StorePath {
// The string after digest and `-`.
string name = 1;
// The digest (20 bytes).
bytes digest = 2;
}
// Nix C++ uses NAR (Nix Archive) as a format to transfer store paths,
// and stores metadata and signatures in NARInfo files.
// Store all these attributes in a separate message.
//
// This is useful to render .narinfo files to clients, or to preserve/validate
// these signatures.
// As verifying these signatures requires the whole NAR file to be synthesized,
// moving to another signature scheme is desired.
// Even then, it still makes sense to hold this data, for old clients.
message NARInfo {
// This represents a (parsed) signature line in a .narinfo file.
message Signature {
string name = 1;
bytes data = 2;
}
// This size of the NAR file, in bytes.
uint64 nar_size = 1;
// The sha256 of the NAR file representation.
bytes nar_sha256 = 2;
// The signatures in a .narinfo file.
repeated Signature signatures = 3;
// A list of references. To validate .narinfo signatures, a fingerprint needs
// to be constructed.
// This fingerprint doesn't just contain the hashes of the output paths of all
// references (like PathInfo.references), but their whole (base)names, so we
// need to keep them somewhere.
repeated string reference_names = 4;
// The StorePath of the .drv file producing this output.
// The .drv suffix is omitted in its `name` field.
StorePath deriver = 5;
// The CA field in the .narinfo.
// Its textual representations seen in the wild are one of the following:
// - `fixed:r:sha256:1gcky5hlf5vqfzpyhihydmm54grhc94mcs8w7xr8613qsqb1v2j6`
// fixed-output derivations using "recursive" `outputHashMode`.
// - `fixed:sha256:19xqkh72crbcba7flwxyi3n293vav6d7qkzkh2v4zfyi4iia8vj8
// fixed-output derivations using "flat" `outputHashMode`
// - `text:sha256:19xqkh72crbcba7flwxyi3n293vav6d7qkzkh2v4zfyi4iia8vj8`
// Text hashing, used for uploaded .drv files and outputs produced by
// builtins.toFile.
//
// Semantically, they can be split into the following components:
// - "content address prefix". Currently, "fixed" and "text" are supported.
// - "hash mode". Currently, "flat" and "recursive" are supported.
// - "hash type". The underlying hash function used.
// Currently, sha1, md5, sha256, sha512.
// - "digest". The digest itself.
//
// There are some restrictions on the possible combinations.
// For example, `text` and `fixed:recursive` always imply sha256.
//
// We use an enum to encode the possible combinations, and optimize for the
// common case, `fixed:recursive`, identified as `NAR_SHA256`.
CA ca = 6;
message CA {
enum Hash {
// produced when uploading fixed-output store paths using NAR-based
// hashing (`outputHashMode = "recursive"`).
NAR_SHA256 = 0;
NAR_SHA1 = 1;
NAR_SHA512 = 2;
NAR_MD5 = 3;
// Produced when uploading .drv files or outputs produced by
// builtins.toFile.
// Produces equivalent digests as FLAT_SHA256, but is a separate
// hashing type in Nix, affecting output path calculation.
TEXT_SHA256 = 4;
// Produced when using fixed-output derivations with
// `outputHashMode = "flat"`.
FLAT_SHA1 = 5;
FLAT_MD5 = 6;
FLAT_SHA256 = 7;
FLAT_SHA512 = 8;
// TODO: what happens in Rust if we introduce a new enum kind here?
}
// The hashing type used.
Hash type = 1;
// The digest, in raw bytes.
bytes digest = 2;
}
}
|