Fix NAR hash checking for fetchGit with lazy tees

If a NAR hash is specified, we should probably check it. Unfortunately, for now this has the side effect of forcing NAR hash checking of any input that has a NAR hash.
2025-11-25 03:39:36 +01:00 · 2025-06-12 16:00:29 +02:00 · 2025-06-12 16:00:29 +02:00 · fca291afc3
commit fca291afc3
parent b067e6566f
1 changed files with 19 additions and 16 deletions
--- a/src/libexpr/paths.cc
+++ b/src/libexpr/paths.cc
@ -77,25 +77,28 @@ StorePath EvalState::mountInput(

    allowPath(storePath); // FIXME: should just whitelist the entire virtual store

+    std::optional<Hash> _narHash;
+
+    auto getNarHash = [&]()
+    {
+        if (!_narHash)
+            // FIXME: use fetchToStore to make it cache this
+            _narHash = accessor->hashPath(CanonPath::root);
+        return _narHash;
+    };
+
    storeFS->mount(CanonPath(store->printStorePath(storePath)), accessor);

-    if (requireLockable && (!settings.lazyTrees || !input.isLocked()) && !input.getNarHash()) {
-        // FIXME: use fetchToStore to make it cache this
-        auto narHash = accessor->hashPath(CanonPath::root);
-        input.attrs.insert_or_assign("narHash", narHash.to_string(HashFormat::SRI, true));
-    }
+    if (requireLockable && (!settings.lazyTrees || !input.isLocked()) && !input.getNarHash())
+        input.attrs.insert_or_assign("narHash", getNarHash()->to_string(HashFormat::SRI, true));

-    // FIXME: what to do with the NAR hash in lazy mode?
-    if (!settings.lazyTrees && originalInput.getNarHash()) {
-        auto expected = originalInput.computeStorePath(*store);
-        if (storePath != expected)
-            throw Error(
-                (unsigned int) 102,
-                "NAR hash mismatch in input '%s', expected '%s' but got '%s'",
-                originalInput.to_string(),
-                store->printStorePath(storePath),
-                store->printStorePath(expected));
-    }
+    if (originalInput.getNarHash() && *getNarHash() != *originalInput.getNarHash())
+        throw Error(
+            (unsigned int) 102,
+            "NAR hash mismatch in input '%s', expected '%s' but got '%s'",
+            originalInput.to_string(),
+            getNarHash()->to_string(HashFormat::SRI, true),
+            originalInput.getNarHash()->to_string(HashFormat::SRI, true));

    return storePath;
 }