publish: Do not publish nars for invalid store items.
Before that, /nar requests could succeed if the requested store item exists but is invalid (although such requests were unlikely because the corresponding narinfo request would have failed.) * guix/scripts/publish.scm (render-nar): Add 'store' parameter. Use 'valid-path?' instead of 'file-exists?'. (make-request-handler): Adjust 'render-nar' call accordingly. * tests/publish.scm ("/nar/invalid"): New test.master
parent
a65e2a02fc
commit
0043558082
|
@ -208,13 +208,13 @@ References: ~a~%"
|
||||||
(narinfo-string store store-path (force %private-key))
|
(narinfo-string store store-path (force %private-key))
|
||||||
<>)))))
|
<>)))))
|
||||||
|
|
||||||
(define (render-nar request store-item)
|
(define (render-nar store request store-item)
|
||||||
"Render archive of the store path corresponding to STORE-ITEM."
|
"Render archive of the store path corresponding to STORE-ITEM."
|
||||||
(let ((store-path (string-append %store-directory "/" store-item)))
|
(let ((store-path (string-append %store-directory "/" store-item)))
|
||||||
;; The ISO-8859-1 charset *must* be used otherwise HTTP clients will
|
;; The ISO-8859-1 charset *must* be used otherwise HTTP clients will
|
||||||
;; interpret the byte stream as UTF-8 and arbitrarily change invalid byte
|
;; interpret the byte stream as UTF-8 and arbitrarily change invalid byte
|
||||||
;; sequences.
|
;; sequences.
|
||||||
(if (file-exists? store-path)
|
(if (valid-path? store store-path)
|
||||||
(values '((content-type . (application/x-nix-archive
|
(values '((content-type . (application/x-nix-archive
|
||||||
(charset . "ISO-8859-1"))))
|
(charset . "ISO-8859-1"))))
|
||||||
;; XXX: We're not returning the actual contents, deferring
|
;; XXX: We're not returning the actual contents, deferring
|
||||||
|
@ -314,7 +314,7 @@ blocking."
|
||||||
(render-narinfo store request hash))
|
(render-narinfo store request hash))
|
||||||
;; /nar/<store-item>
|
;; /nar/<store-item>
|
||||||
(("nar" store-item)
|
(("nar" store-item)
|
||||||
(render-nar request store-item))
|
(render-nar store request store-item))
|
||||||
(_ (not-found request)))
|
(_ (not-found request)))
|
||||||
(not-found request))))
|
(not-found request))))
|
||||||
|
|
||||||
|
|
|
@ -112,6 +112,14 @@ References: ~a~%"
|
||||||
(call-with-input-string nar (cut restore-file <> temp)))
|
(call-with-input-string nar (cut restore-file <> temp)))
|
||||||
(call-with-input-file temp read-string))))
|
(call-with-input-file temp read-string))))
|
||||||
|
|
||||||
|
(test-equal "/nar/invalid"
|
||||||
|
404
|
||||||
|
(begin
|
||||||
|
(call-with-output-file (string-append (%store-prefix) "/invalid")
|
||||||
|
(lambda (port)
|
||||||
|
(display "This file is not a valid store item." port)))
|
||||||
|
(response-code (http-get (publish-uri (string-append "/nar/invalid"))))))
|
||||||
|
|
||||||
(test-end "publish")
|
(test-end "publish")
|
||||||
|
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue