From b618fa6eb6aa4cc128286ab748bfb100fa46a888 Mon Sep 17 00:00:00 2001 From: Eelco Dolstra Date: Mon, 29 Jan 2007 15:51:37 +0000 Subject: [PATCH] * computeStorePathForText: take the references into account when computing the store path (NIX-77). This is an important security property in multi-user Nix stores. Note that this changes the store paths of derivations (since the derivation aterms are added using addTextToStore), but not most outputs (unless they use builtins.toFile). --- src/libexpr/primops.cc | 2 +- src/libstore/derivations.cc | 2 +- src/libstore/local-store.cc | 2 +- src/libstore/store-api.cc | 15 +++++++++++++-- src/libstore/store-api.hh | 3 ++- 5 files changed, 18 insertions(+), 6 deletions(-) diff --git a/src/libexpr/primops.cc b/src/libexpr/primops.cc index 589faf48ae..aca5f5856d 100644 --- a/src/libexpr/primops.cc +++ b/src/libexpr/primops.cc @@ -624,7 +624,7 @@ static Expr prim_toFile(EvalState & state, const ATermVector & args) } Path storePath = readOnlyMode - ? computeStorePathForText(name, contents) + ? computeStorePathForText(name, contents, refs) : store->addTextToStore(name, contents, refs); /* Note: we don't need to add `context' to the context of the diff --git a/src/libstore/derivations.cc b/src/libstore/derivations.cc index aea95ef314..3456a5f714 100644 --- a/src/libstore/derivations.cc +++ b/src/libstore/derivations.cc @@ -29,7 +29,7 @@ Path writeDerivation(const Derivation & drv, const string & name) string suffix = name + drvExtension; string contents = atPrint(unparseDerivation(drv)); return readOnlyMode - ? computeStorePathForText(suffix, contents) + ? computeStorePathForText(suffix, contents, references) : store->addTextToStore(suffix, contents, references); } diff --git a/src/libstore/local-store.cc b/src/libstore/local-store.cc index 34fe33461f..56d97a048a 100644 --- a/src/libstore/local-store.cc +++ b/src/libstore/local-store.cc @@ -667,7 +667,7 @@ Path LocalStore::addToStore(const Path & _srcPath, bool fixed, Path LocalStore::addTextToStore(const string & suffix, const string & s, const PathSet & references) { - Path dstPath = computeStorePathForText(suffix, s); + Path dstPath = computeStorePathForText(suffix, s, references); addTempRoot(dstPath); diff --git a/src/libstore/store-api.cc b/src/libstore/store-api.cc index be9ea788bc..6ffbaf1ebf 100644 --- a/src/libstore/store-api.cc +++ b/src/libstore/store-api.cc @@ -73,6 +73,8 @@ Path makeStorePath(const string & type, string s = type + ":sha256:" + printHash(hash) + ":" + nixStore + ":" + suffix; + printMsg(lvlError, s); + checkStoreName(suffix); return nixStore + "/" @@ -114,10 +116,19 @@ std::pair computeStorePathForPath(const Path & srcPath, } -Path computeStorePathForText(const string & suffix, const string & s) +Path computeStorePathForText(const string & suffix, const string & s, + const PathSet & references) { Hash hash = hashString(htSHA256, s); - return makeStorePath("text", hash, suffix); + /* Stuff the references (if any) into the type. This is a bit + hacky, but we can't put them in `s' since that would be + ambiguous. */ + string type = "text"; + for (PathSet::const_iterator i = references.begin(); i != references.end(); ++i) { + type += ":"; + type += *i; + } + return makeStorePath(type, hash, suffix); } diff --git a/src/libstore/store-api.hh b/src/libstore/store-api.hh index d92b03df06..361e7aaa1a 100644 --- a/src/libstore/store-api.hh +++ b/src/libstore/store-api.hh @@ -215,7 +215,8 @@ std::pair computeStorePathForPath(const Path & srcPath, simply yield a different store path, so other users wouldn't be affected), but it has some backwards compatibility issues (the hashing scheme changes), so I'm not doing that for now. */ -Path computeStorePathForText(const string & suffix, const string & s); +Path computeStorePathForText(const string & suffix, const string & s, + const PathSet & references); /* Remove the temporary roots file for this process. Any temporary