daemon: Install 'authenticate' script under LIBEXECDIR/guix.

That way it is handled in the same way as other helper scripts.

* nix/scripts/guix-authenticate.in: Rename to...
* nix/scripts/authenticate.in: ... this.
* config-daemon.ac: Adjust accordingly.
* nix/local.mk (libstore_a_CPPFLAGS): Remove -DOPENSSL_PATH.
(nodist_libexec_SCRIPTS): Remove.
(nodist_pkglibexec_SCRIPTS): New variable.
* nix/nix-daemon/guix-daemon.cc (main): Remove 'setenv' call for
"PATH".
* nix/libstore/local-store.cc (runAuthenticationProgram): New function.
(LocalStore::exportPath, LocalStore::importPath): Use it instead of
'runProgram' and OPENSSL_PATH.
This commit is contained in:
Ludovic Courtès 2018-11-14 18:11:58 +01:00
parent 7a54b2281d
commit 0fe1fba4af
No known key found for this signature in database
GPG key ID: 090B11993D9AEBB5
5 changed files with 19 additions and 21 deletions

View file

@ -163,8 +163,8 @@ if test "x$guix_build_daemon" = "xyes"; then
[chmod +x nix/scripts/download]) [chmod +x nix/scripts/download])
AC_CONFIG_FILES([nix/scripts/substitute], AC_CONFIG_FILES([nix/scripts/substitute],
[chmod +x nix/scripts/substitute]) [chmod +x nix/scripts/substitute])
AC_CONFIG_FILES([nix/scripts/guix-authenticate], AC_CONFIG_FILES([nix/scripts/authenticate],
[chmod +x nix/scripts/guix-authenticate]) [chmod +x nix/scripts/authenticate])
AC_CONFIG_FILES([nix/scripts/offload], AC_CONFIG_FILES([nix/scripts/offload],
[chmod +x nix/scripts/offload]) [chmod +x nix/scripts/offload])
fi fi

View file

@ -1222,6 +1222,18 @@ static void checkSecrecy(const Path & path)
} }
static std::string runAuthenticationProgram(const Strings & args)
{
/* Use the 'authenticate' script from 'LIBEXECDIR/guix' or just
'LIBEXECDIR', depending on whether we're uninstalled or not. */
const bool installed = getenv("GUIX_UNINSTALLED") == NULL;
const string program = settings.nixLibexecDir
+ (installed ? "/guix" : "")
+ "/authenticate";
return runProgram(program, false, args);
}
void LocalStore::exportPath(const Path & path, bool sign, void LocalStore::exportPath(const Path & path, bool sign,
Sink & sink) Sink & sink)
{ {
@ -1276,7 +1288,8 @@ void LocalStore::exportPath(const Path & path, bool sign,
args.push_back(secretKey); args.push_back(secretKey);
args.push_back("-in"); args.push_back("-in");
args.push_back(hashFile); args.push_back(hashFile);
string signature = runProgram(OPENSSL_PATH, true, args);
string signature = runAuthenticationProgram(args);
writeString(signature, hashAndWriteSink); writeString(signature, hashAndWriteSink);
@ -1366,7 +1379,7 @@ Path LocalStore::importPath(bool requireSignature, Source & source)
args.push_back("-pubin"); args.push_back("-pubin");
args.push_back("-in"); args.push_back("-in");
args.push_back(sigFile); args.push_back(sigFile);
string hash2 = runProgram(OPENSSL_PATH, true, args); string hash2 = runAuthenticationProgram(args);
/* Note: runProgram() throws an exception if the signature /* Note: runProgram() throws an exception if the signature
is invalid. */ is invalid. */

View file

@ -113,7 +113,6 @@ libstore_a_CPPFLAGS = \
-DGUIX_CONFIGURATION_DIRECTORY=\"$(sysconfdir)/guix\" \ -DGUIX_CONFIGURATION_DIRECTORY=\"$(sysconfdir)/guix\" \
-DNIX_LIBEXEC_DIR=\"$(libexecdir)\" \ -DNIX_LIBEXEC_DIR=\"$(libexecdir)\" \
-DNIX_BIN_DIR=\"$(bindir)\" \ -DNIX_BIN_DIR=\"$(bindir)\" \
-DOPENSSL_PATH="\"guix-authenticate\"" \
-DDEFAULT_CHROOT_DIRS="\"\"" -DDEFAULT_CHROOT_DIRS="\"\""
libstore_a_CXXFLAGS = $(AM_CXXFLAGS) \ libstore_a_CXXFLAGS = $(AM_CXXFLAGS) \
@ -168,10 +167,8 @@ nodist_pkglibexec_SCRIPTS += \
endif BUILD_DAEMON_OFFLOAD endif BUILD_DAEMON_OFFLOAD
nodist_pkglibexec_SCRIPTS += \
# XXX: It'd be better to hide it in $(pkglibexecdir). %D%/scripts/authenticate
nodist_libexec_SCRIPTS = \
%D%/scripts/guix-authenticate
# The '.service' files for systemd. # The '.service' files for systemd.
systemdservicedir = $(libdir)/systemd/system systemdservicedir = $(libdir)/systemd/system

View file

@ -466,18 +466,6 @@ main (int argc, char *argv[])
{ {
settings.processEnvironment (); settings.processEnvironment ();
/* Hackily help 'local-store.cc' find our 'guix-authenticate' program, which
is known as 'OPENSSL_PATH' here. */
std::string search_path;
search_path = settings.nixLibexecDir;
if (getenv ("PATH") != NULL)
{
search_path += ":";
search_path += getenv ("PATH");
}
setenv ("PATH", search_path.c_str (), 1);
/* Use our substituter by default. */ /* Use our substituter by default. */
settings.substituters.clear (); settings.substituters.clear ();
settings.set ("build-use-substitutes", "true"); settings.set ("build-use-substitutes", "true");