nordic-dev.net/nix
nordic-dev.net/nix
2
0
Fork 0
mirror of https://github.com/NixOS/nix.git synced 2024-11-28 17:52:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

verify: add chatty output to explain why a path is trusted or not

Browse Source
This commit is contained in:
WxNzEMof 2024-04-06 09:07:07 +00:00
parent 5a365b0c89
commit 5cad3c4f69
1 changed files with 33 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

38
src/nix/verify.cc
View File

@ -69,6 +69,13 @@ struct CmdVerify : StorePathsCommand
auto publicKeys = getDefaultPublicKeys(); auto publicKeys = getDefaultPublicKeys();
if (publicKeys.empty()) {
printMsg(lvlChatty, "not using any public keys.");
} else {
for (auto & pk : publicKeys)
printMsg(lvlChatty, "using public key: %s:%s", pk.first, base64Encode(pk.second.key));
}
Activity act(*logger, actVerifyPaths); Activity act(*logger, actVerifyPaths);
std::atomic<size_t> done{0}; std::atomic<size_t> done{0};
@ -119,10 +126,11 @@ struct CmdVerify : StorePathsCommand
bool good = false; bool good = false;
if (info->ultimate && !sigsNeeded) if (info->ultimate && !sigsNeeded) {
printMsg(lvlChatty, "path is ultimately trusted");
good = true; good = true;
else { } else {
StringSet sigsSeen; StringSet sigsSeen;
size_t actualSigsNeeded = std::max(sigsNeeded, (size_t) 1); size_t actualSigsNeeded = std::max(sigsNeeded, (size_t) 1);
@ -131,12 +139,24 @@ struct CmdVerify : StorePathsCommand
auto doSigs = [&](StringSet sigs) { auto doSigs = [&](StringSet sigs) {
for (auto sig : sigs) { for (auto sig : sigs) {
if (!sigsSeen.insert(sig).second) continue; if (!sigsSeen.insert(sig).second) continue;
if (validSigs < ValidPathInfo::maxSigs && info->checkSignature(*store, publicKeys, sig))
if (verbosity >= lvlChatty) {
auto ss = BorrowedCryptoValue::parse(sig);
printMsg(lvlChatty, "path is signed with key: %s", ss.name);
}
if (validSigs < ValidPathInfo::maxSigs && info->checkSignature(*store, publicKeys, sig)) {
validSigs++; validSigs++;
if (validSigs == actualSigsNeeded)
printMsg(lvlChatty, "path has sufficient signatures");
}
} }
}; };
if (info->isContentAddressed(*store)) validSigs = ValidPathInfo::maxSigs; if (info->isContentAddressed(*store)) {
printMsg(lvlChatty, "path is content-addressed");
validSigs = ValidPathInfo::maxSigs;
}
doSigs(info->sigs); doSigs(info->sigs);
@ -144,7 +164,10 @@ struct CmdVerify : StorePathsCommand
if (validSigs >= actualSigsNeeded) break; if (validSigs >= actualSigsNeeded) break;
try { try {
auto info2 = store2->queryPathInfo(info->path); auto info2 = store2->queryPathInfo(info->path);
if (info2->isContentAddressed(*store)) validSigs = ValidPathInfo::maxSigs; if (info2->isContentAddressed(*store)) {
printMsg(lvlChatty, "path is content-addressed");
validSigs = ValidPathInfo::maxSigs;
}
doSigs(info2->sigs); doSigs(info2->sigs);
} catch (InvalidPath &) { } catch (InvalidPath &) {
} catch (Error & e) { } catch (Error & e) {
@ -152,6 +175,11 @@ struct CmdVerify : StorePathsCommand
} }
} }
if (sigsSeen.size() == 0)
printMsg(lvlChatty, "path does not have any signatures");
if (validSigs == 0)
printMsg(lvlChatty, "path does not have any valid signatures");
if (validSigs >= actualSigsNeeded) if (validSigs >= actualSigsNeeded)
good = true; good = true;
} }