From f435abcdb6b83f637a41810d6dbc946b72b9c6d7 Mon Sep 17 00:00:00 2001 From: Wouter den Breejen Date: Tue, 18 Sep 2007 17:01:17 +0000 Subject: [PATCH] Fixed recalculated drv path issue. --- src/libexpr/primops.cc | 4 ++-- src/libstore/store-api.cc | 23 +++++++++++------------ src/libstore/store-api.hh | 2 +- 3 files changed, 14 insertions(+), 15 deletions(-) diff --git a/src/libexpr/primops.cc b/src/libexpr/primops.cc index 819c0eac1..fdb77901f 100644 --- a/src/libexpr/primops.cc +++ b/src/libexpr/primops.cc @@ -629,8 +629,8 @@ static Expr prim_derivationStrict(EvalState & state, const ATermVector & args) * NOTE: we do not include the username into the hash calculation of the statepath yet, multiple different users can use the same dervation * but need different state paths. Thats why we keep a 'dummy' value e.g. global hash for everyone, and later at build time recalculate the real state path */ - stateOutPath = makeStatePath(printHash(componentHash), drvName, stateIdentifier); //State path - drv.env["statePath"] = stateOutPath; + stateOutPath = makeStatePath(printHash(componentHash), drvName, stateIdentifier, queryCurrentUsername()); //State path + drv.env["statePath"] = stateOutPath; string enableStateS = bool2string("true"); string createDirsBeforeInstallS = bool2string(createDirsBeforeInstall); diff --git a/src/libstore/store-api.cc b/src/libstore/store-api.cc index 13fc7dc86..16eaa0eee 100644 --- a/src/libstore/store-api.cc +++ b/src/libstore/store-api.cc @@ -117,13 +117,11 @@ Path makeStorePath(const string & type, const Hash & hash, const string & suffix + "-" + suffix; } -Path makeStatePath(const string & componentHash, const string & suffix, const string & stateIdentifier) +Path makeStatePath(const string & componentHash, const string & suffix, const string & stateIdentifier, const string & username) { string suffix_stateIdentifier = stateIdentifier; suffix_stateIdentifier = "-" + suffix_stateIdentifier; - string username = queryCallingUsername(); //Should NOT be fake-able - /* e.g., "source:sha256:1abc...:/nix/store:foo.tar.gz" */ string s = ":sha256:" + componentHash + ":" + nixStoreState + ":" + suffix + ":" + stateIdentifier + ":" + username; @@ -143,20 +141,21 @@ void checkStatePath(const Derivation & drv) string componentHash = drv.stateOutputs.find("state")->second.componentHash; string suffix = drv.env.find("name")->second; string stateIdentifier = drv.stateOutputs.find("state")->second.stateIdentifier; + string drvUser = drv.stateOutputs.find("state")->second.username; + string callingUser = queryCallingUsername(); + + //Check name (TODO how about sharing of drvs between users?) (user is filled in on the fly) + if(drvUser != callingUser) + throw Error(format("The calling user does not match the user specified in the drv '%1%'") % drvPath); - //TODO Name check - //if( user != callinguser - - - Path calculatedPath = makeStatePath(componentHash, suffix, stateIdentifier); //TODO INCLUDE USER !!!!!!!!!!!! - - //TODO !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! calculatedPath IS NOT CORRECT ANYMORE !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! + Path calculatedPath = makeStatePath(componentHash, suffix, stateIdentifier, callingUser); printMsg(lvlError, format("Checking statePath validity: %1% %2%") % drvPath % calculatedPath); - + + //Check Calculated path if(drvPath != calculatedPath) - Error(format("The statepath from the Derivation does not match the recalculated statepath, are u trying to spoof the statepath?")); + throw Error(format("The statepath from the Derivation does not match the recalculated statepath, are u trying to spoof the statepath?")); } Path makeFixedOutputPath(bool recursive, diff --git a/src/libstore/store-api.hh b/src/libstore/store-api.hh index 4a82c94a1..fdf7bb39e 100644 --- a/src/libstore/store-api.hh +++ b/src/libstore/store-api.hh @@ -279,7 +279,7 @@ Path makeFixedOutputPath(bool recursive, string hashAlgo, Hash hash, string name); /* TODO ... */ -Path makeStatePath(const string & componentHash, const string & suffix, const string & stateIdentifier); +Path makeStatePath(const string & componentHash, const string & suffix, const string & stateIdentifier, const string & user); /* TODO ... */ void checkStatePath(const Derivation & drv);