diff --git a/config-daemon.ac b/config-daemon.ac index 04f0fde3b2..aac46817f5 100644 --- a/config-daemon.ac +++ b/config-daemon.ac @@ -163,8 +163,8 @@ if test "x$guix_build_daemon" = "xyes"; then [chmod +x nix/scripts/download]) AC_CONFIG_FILES([nix/scripts/substitute], [chmod +x nix/scripts/substitute]) - AC_CONFIG_FILES([nix/scripts/guix-authenticate], - [chmod +x nix/scripts/guix-authenticate]) + AC_CONFIG_FILES([nix/scripts/authenticate], + [chmod +x nix/scripts/authenticate]) AC_CONFIG_FILES([nix/scripts/offload], [chmod +x nix/scripts/offload]) fi diff --git a/nix/libstore/local-store.cc b/nix/libstore/local-store.cc index 4c55c6ea0d..0aed59710f 100644 --- a/nix/libstore/local-store.cc +++ b/nix/libstore/local-store.cc @@ -1222,6 +1222,18 @@ static void checkSecrecy(const Path & path) } +static std::string runAuthenticationProgram(const Strings & args) +{ + /* Use the 'authenticate' script from 'LIBEXECDIR/guix' or just + 'LIBEXECDIR', depending on whether we're uninstalled or not. */ + const bool installed = getenv("GUIX_UNINSTALLED") == NULL; + const string program = settings.nixLibexecDir + + (installed ? "/guix" : "") + + "/authenticate"; + + return runProgram(program, false, args); +} + void LocalStore::exportPath(const Path & path, bool sign, Sink & sink) { @@ -1276,7 +1288,8 @@ void LocalStore::exportPath(const Path & path, bool sign, args.push_back(secretKey); args.push_back("-in"); args.push_back(hashFile); - string signature = runProgram(OPENSSL_PATH, true, args); + + string signature = runAuthenticationProgram(args); writeString(signature, hashAndWriteSink); @@ -1366,7 +1379,7 @@ Path LocalStore::importPath(bool requireSignature, Source & source) args.push_back("-pubin"); args.push_back("-in"); args.push_back(sigFile); - string hash2 = runProgram(OPENSSL_PATH, true, args); + string hash2 = runAuthenticationProgram(args); /* Note: runProgram() throws an exception if the signature is invalid. */ diff --git a/nix/local.mk b/nix/local.mk index 7d45f200b8..fe45c344f0 100644 --- a/nix/local.mk +++ b/nix/local.mk @@ -113,7 +113,6 @@ libstore_a_CPPFLAGS = \ -DGUIX_CONFIGURATION_DIRECTORY=\"$(sysconfdir)/guix\" \ -DNIX_LIBEXEC_DIR=\"$(libexecdir)\" \ -DNIX_BIN_DIR=\"$(bindir)\" \ - -DOPENSSL_PATH="\"guix-authenticate\"" \ -DDEFAULT_CHROOT_DIRS="\"\"" libstore_a_CXXFLAGS = $(AM_CXXFLAGS) \ @@ -168,10 +167,8 @@ nodist_pkglibexec_SCRIPTS += \ endif BUILD_DAEMON_OFFLOAD - -# XXX: It'd be better to hide it in $(pkglibexecdir). -nodist_libexec_SCRIPTS = \ - %D%/scripts/guix-authenticate +nodist_pkglibexec_SCRIPTS += \ + %D%/scripts/authenticate # The '.service' files for systemd. systemdservicedir = $(libdir)/systemd/system diff --git a/nix/nix-daemon/guix-daemon.cc b/nix/nix-daemon/guix-daemon.cc index b71b100f6c..8fdab2d116 100644 --- a/nix/nix-daemon/guix-daemon.cc +++ b/nix/nix-daemon/guix-daemon.cc @@ -466,18 +466,6 @@ main (int argc, char *argv[]) { settings.processEnvironment (); - /* Hackily help 'local-store.cc' find our 'guix-authenticate' program, which - is known as 'OPENSSL_PATH' here. */ - std::string search_path; - search_path = settings.nixLibexecDir; - if (getenv ("PATH") != NULL) - { - search_path += ":"; - search_path += getenv ("PATH"); - } - - setenv ("PATH", search_path.c_str (), 1); - /* Use our substituter by default. */ settings.substituters.clear (); settings.set ("build-use-substitutes", "true"); diff --git a/nix/scripts/guix-authenticate.in b/nix/scripts/authenticate.in similarity index 100% rename from nix/scripts/guix-authenticate.in rename to nix/scripts/authenticate.in