summary refs log tree commit diff
path: root/src
diff options
context:
space:
mode:
authorEelco Dolstra <e.dolstra@tudelft.nl>2007-01-29 15:51:37 +0000
committerEelco Dolstra <e.dolstra@tudelft.nl>2007-01-29 15:51:37 +0000
commitb618fa6eb6aa4cc128286ab748bfb100fa46a888 (patch)
treecbc903a32f4b1fa2570904e4e4768839b2e64a1e /src
parentc558b1583c0e23bf4e19e916ef0ba223b61405a3 (diff)
downloadguix-b618fa6eb6aa4cc128286ab748bfb100fa46a888.tar.gz
* computeStorePathForText: take the references into account when
  computing the store path (NIX-77).  This is an important security
  property in multi-user Nix stores.

  Note that this changes the store paths of derivations (since the
  derivation aterms are added using addTextToStore), but not most
  outputs (unless they use builtins.toFile).

Diffstat (limited to 'src')
-rw-r--r--src/libexpr/primops.cc2
-rw-r--r--src/libstore/derivations.cc2
-rw-r--r--src/libstore/local-store.cc2
-rw-r--r--src/libstore/store-api.cc15
-rw-r--r--src/libstore/store-api.hh3
5 files changed, 18 insertions, 6 deletions
diff --git a/src/libexpr/primops.cc b/src/libexpr/primops.cc
index 589faf48ae..aca5f5856d 100644
--- a/src/libexpr/primops.cc
+++ b/src/libexpr/primops.cc
@@ -624,7 +624,7 @@ static Expr prim_toFile(EvalState & state, const ATermVector & args)
     }
     
     Path storePath = readOnlyMode
-        ? computeStorePathForText(name, contents)
+        ? computeStorePathForText(name, contents, refs)
         : store->addTextToStore(name, contents, refs);
 
     /* Note: we don't need to add `context' to the context of the
diff --git a/src/libstore/derivations.cc b/src/libstore/derivations.cc
index aea95ef314..3456a5f714 100644
--- a/src/libstore/derivations.cc
+++ b/src/libstore/derivations.cc
@@ -29,7 +29,7 @@ Path writeDerivation(const Derivation & drv, const string & name)
     string suffix = name + drvExtension;
     string contents = atPrint(unparseDerivation(drv));
     return readOnlyMode
-        ? computeStorePathForText(suffix, contents)
+        ? computeStorePathForText(suffix, contents, references)
         : store->addTextToStore(suffix, contents, references);
 }
 
diff --git a/src/libstore/local-store.cc b/src/libstore/local-store.cc
index 34fe33461f..56d97a048a 100644
--- a/src/libstore/local-store.cc
+++ b/src/libstore/local-store.cc
@@ -667,7 +667,7 @@ Path LocalStore::addToStore(const Path & _srcPath, bool fixed,
 Path LocalStore::addTextToStore(const string & suffix, const string & s,
     const PathSet & references)
 {
-    Path dstPath = computeStorePathForText(suffix, s);
+    Path dstPath = computeStorePathForText(suffix, s, references);
     
     addTempRoot(dstPath);
 
diff --git a/src/libstore/store-api.cc b/src/libstore/store-api.cc
index be9ea788bc..6ffbaf1ebf 100644
--- a/src/libstore/store-api.cc
+++ b/src/libstore/store-api.cc
@@ -73,6 +73,8 @@ Path makeStorePath(const string & type,
     string s = type + ":sha256:" + printHash(hash) + ":"
         + nixStore + ":" + suffix;
 
+    printMsg(lvlError, s);
+    
     checkStoreName(suffix);
 
     return nixStore + "/"
@@ -114,10 +116,19 @@ std::pair<Path, Hash> computeStorePathForPath(const Path & srcPath,
 }
 
 
-Path computeStorePathForText(const string & suffix, const string & s)
+Path computeStorePathForText(const string & suffix, const string & s,
+    const PathSet & references)
 {
     Hash hash = hashString(htSHA256, s);
-    return makeStorePath("text", hash, suffix);
+    /* Stuff the references (if any) into the type.  This is a bit
+       hacky, but we can't put them in `s' since that would be
+       ambiguous. */
+    string type = "text";
+    for (PathSet::const_iterator i = references.begin(); i != references.end(); ++i) {
+        type += ":";
+        type += *i;
+    }
+    return makeStorePath(type, hash, suffix);
 }
 
 
diff --git a/src/libstore/store-api.hh b/src/libstore/store-api.hh
index d92b03df06..361e7aaa1a 100644
--- a/src/libstore/store-api.hh
+++ b/src/libstore/store-api.hh
@@ -215,7 +215,8 @@ std::pair<Path, Hash> computeStorePathForPath(const Path & srcPath,
    simply yield a different store path, so other users wouldn't be
    affected), but it has some backwards compatibility issues (the
    hashing scheme changes), so I'm not doing that for now. */
-Path computeStorePathForText(const string & suffix, const string & s);
+Path computeStorePathForText(const string & suffix, const string & s,
+    const PathSet & references);
 
 
 /* Remove the temporary roots file for this process.  Any temporary