daemon: Install 'authenticate' script under LIBEXECDIR/guix.
That way it is handled in the same way as other helper scripts. * nix/scripts/guix-authenticate.in: Rename to... * nix/scripts/authenticate.in: ... this. * config-daemon.ac: Adjust accordingly. * nix/local.mk (libstore_a_CPPFLAGS): Remove -DOPENSSL_PATH. (nodist_libexec_SCRIPTS): Remove. (nodist_pkglibexec_SCRIPTS): New variable. * nix/nix-daemon/guix-daemon.cc (main): Remove 'setenv' call for "PATH". * nix/libstore/local-store.cc (runAuthenticationProgram): New function. (LocalStore::exportPath, LocalStore::importPath): Use it instead of 'runProgram' and OPENSSL_PATH.
This commit is contained in:
parent
7a54b2281d
commit
0fe1fba4af
|
@ -163,8 +163,8 @@ if test "x$guix_build_daemon" = "xyes"; then
|
||||||
[chmod +x nix/scripts/download])
|
[chmod +x nix/scripts/download])
|
||||||
AC_CONFIG_FILES([nix/scripts/substitute],
|
AC_CONFIG_FILES([nix/scripts/substitute],
|
||||||
[chmod +x nix/scripts/substitute])
|
[chmod +x nix/scripts/substitute])
|
||||||
AC_CONFIG_FILES([nix/scripts/guix-authenticate],
|
AC_CONFIG_FILES([nix/scripts/authenticate],
|
||||||
[chmod +x nix/scripts/guix-authenticate])
|
[chmod +x nix/scripts/authenticate])
|
||||||
AC_CONFIG_FILES([nix/scripts/offload],
|
AC_CONFIG_FILES([nix/scripts/offload],
|
||||||
[chmod +x nix/scripts/offload])
|
[chmod +x nix/scripts/offload])
|
||||||
fi
|
fi
|
||||||
|
|
|
@ -1222,6 +1222,18 @@ static void checkSecrecy(const Path & path)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
static std::string runAuthenticationProgram(const Strings & args)
|
||||||
|
{
|
||||||
|
/* Use the 'authenticate' script from 'LIBEXECDIR/guix' or just
|
||||||
|
'LIBEXECDIR', depending on whether we're uninstalled or not. */
|
||||||
|
const bool installed = getenv("GUIX_UNINSTALLED") == NULL;
|
||||||
|
const string program = settings.nixLibexecDir
|
||||||
|
+ (installed ? "/guix" : "")
|
||||||
|
+ "/authenticate";
|
||||||
|
|
||||||
|
return runProgram(program, false, args);
|
||||||
|
}
|
||||||
|
|
||||||
void LocalStore::exportPath(const Path & path, bool sign,
|
void LocalStore::exportPath(const Path & path, bool sign,
|
||||||
Sink & sink)
|
Sink & sink)
|
||||||
{
|
{
|
||||||
|
@ -1276,7 +1288,8 @@ void LocalStore::exportPath(const Path & path, bool sign,
|
||||||
args.push_back(secretKey);
|
args.push_back(secretKey);
|
||||||
args.push_back("-in");
|
args.push_back("-in");
|
||||||
args.push_back(hashFile);
|
args.push_back(hashFile);
|
||||||
string signature = runProgram(OPENSSL_PATH, true, args);
|
|
||||||
|
string signature = runAuthenticationProgram(args);
|
||||||
|
|
||||||
writeString(signature, hashAndWriteSink);
|
writeString(signature, hashAndWriteSink);
|
||||||
|
|
||||||
|
@ -1366,7 +1379,7 @@ Path LocalStore::importPath(bool requireSignature, Source & source)
|
||||||
args.push_back("-pubin");
|
args.push_back("-pubin");
|
||||||
args.push_back("-in");
|
args.push_back("-in");
|
||||||
args.push_back(sigFile);
|
args.push_back(sigFile);
|
||||||
string hash2 = runProgram(OPENSSL_PATH, true, args);
|
string hash2 = runAuthenticationProgram(args);
|
||||||
|
|
||||||
/* Note: runProgram() throws an exception if the signature
|
/* Note: runProgram() throws an exception if the signature
|
||||||
is invalid. */
|
is invalid. */
|
||||||
|
|
|
@ -113,7 +113,6 @@ libstore_a_CPPFLAGS = \
|
||||||
-DGUIX_CONFIGURATION_DIRECTORY=\"$(sysconfdir)/guix\" \
|
-DGUIX_CONFIGURATION_DIRECTORY=\"$(sysconfdir)/guix\" \
|
||||||
-DNIX_LIBEXEC_DIR=\"$(libexecdir)\" \
|
-DNIX_LIBEXEC_DIR=\"$(libexecdir)\" \
|
||||||
-DNIX_BIN_DIR=\"$(bindir)\" \
|
-DNIX_BIN_DIR=\"$(bindir)\" \
|
||||||
-DOPENSSL_PATH="\"guix-authenticate\"" \
|
|
||||||
-DDEFAULT_CHROOT_DIRS="\"\""
|
-DDEFAULT_CHROOT_DIRS="\"\""
|
||||||
|
|
||||||
libstore_a_CXXFLAGS = $(AM_CXXFLAGS) \
|
libstore_a_CXXFLAGS = $(AM_CXXFLAGS) \
|
||||||
|
@ -168,10 +167,8 @@ nodist_pkglibexec_SCRIPTS += \
|
||||||
|
|
||||||
endif BUILD_DAEMON_OFFLOAD
|
endif BUILD_DAEMON_OFFLOAD
|
||||||
|
|
||||||
|
nodist_pkglibexec_SCRIPTS += \
|
||||||
# XXX: It'd be better to hide it in $(pkglibexecdir).
|
%D%/scripts/authenticate
|
||||||
nodist_libexec_SCRIPTS = \
|
|
||||||
%D%/scripts/guix-authenticate
|
|
||||||
|
|
||||||
# The '.service' files for systemd.
|
# The '.service' files for systemd.
|
||||||
systemdservicedir = $(libdir)/systemd/system
|
systemdservicedir = $(libdir)/systemd/system
|
||||||
|
|
|
@ -466,18 +466,6 @@ main (int argc, char *argv[])
|
||||||
{
|
{
|
||||||
settings.processEnvironment ();
|
settings.processEnvironment ();
|
||||||
|
|
||||||
/* Hackily help 'local-store.cc' find our 'guix-authenticate' program, which
|
|
||||||
is known as 'OPENSSL_PATH' here. */
|
|
||||||
std::string search_path;
|
|
||||||
search_path = settings.nixLibexecDir;
|
|
||||||
if (getenv ("PATH") != NULL)
|
|
||||||
{
|
|
||||||
search_path += ":";
|
|
||||||
search_path += getenv ("PATH");
|
|
||||||
}
|
|
||||||
|
|
||||||
setenv ("PATH", search_path.c_str (), 1);
|
|
||||||
|
|
||||||
/* Use our substituter by default. */
|
/* Use our substituter by default. */
|
||||||
settings.substituters.clear ();
|
settings.substituters.clear ();
|
||||||
settings.set ("build-use-substitutes", "true");
|
settings.set ("build-use-substitutes", "true");
|
||||||
|
|
Loading…
Reference in New Issue