From 0fe1fba4af41f267c4bb2c006fb37f42422ab703 Mon Sep 17 00:00:00 2001 From: Ludovic Courtès Date: Wed, 14 Nov 2018 18:11:58 +0100 Subject: daemon: Install 'authenticate' script under LIBEXECDIR/guix. That way it is handled in the same way as other helper scripts. * nix/scripts/guix-authenticate.in: Rename to... * nix/scripts/authenticate.in: ... this. * config-daemon.ac: Adjust accordingly. * nix/local.mk (libstore_a_CPPFLAGS): Remove -DOPENSSL_PATH. (nodist_libexec_SCRIPTS): Remove. (nodist_pkglibexec_SCRIPTS): New variable. * nix/nix-daemon/guix-daemon.cc (main): Remove 'setenv' call for "PATH". * nix/libstore/local-store.cc (runAuthenticationProgram): New function. (LocalStore::exportPath, LocalStore::importPath): Use it instead of 'runProgram' and OPENSSL_PATH. --- config-daemon.ac | 4 ++-- nix/libstore/local-store.cc | 17 +++++++++++++++-- nix/local.mk | 7 ++----- nix/nix-daemon/guix-daemon.cc | 12 ------------ nix/scripts/authenticate.in | 11 +++++++++++ nix/scripts/guix-authenticate.in | 11 ----------- 6 files changed, 30 insertions(+), 32 deletions(-) create mode 100644 nix/scripts/authenticate.in delete mode 100644 nix/scripts/guix-authenticate.in diff --git a/config-daemon.ac b/config-daemon.ac index 04f0fde3b2..aac46817f5 100644 --- a/config-daemon.ac +++ b/config-daemon.ac @@ -163,8 +163,8 @@ if test "x$guix_build_daemon" = "xyes"; then [chmod +x nix/scripts/download]) AC_CONFIG_FILES([nix/scripts/substitute], [chmod +x nix/scripts/substitute]) - AC_CONFIG_FILES([nix/scripts/guix-authenticate], - [chmod +x nix/scripts/guix-authenticate]) + AC_CONFIG_FILES([nix/scripts/authenticate], + [chmod +x nix/scripts/authenticate]) AC_CONFIG_FILES([nix/scripts/offload], [chmod +x nix/scripts/offload]) fi diff --git a/nix/libstore/local-store.cc b/nix/libstore/local-store.cc index 4c55c6ea0d..0aed59710f 100644 --- a/nix/libstore/local-store.cc +++ b/nix/libstore/local-store.cc @@ -1222,6 +1222,18 @@ static void checkSecrecy(const Path & path) } +static std::string runAuthenticationProgram(const Strings & args) +{ + /* Use the 'authenticate' script from 'LIBEXECDIR/guix' or just + 'LIBEXECDIR', depending on whether we're uninstalled or not. */ + const bool installed = getenv("GUIX_UNINSTALLED") == NULL; + const string program = settings.nixLibexecDir + + (installed ? "/guix" : "") + + "/authenticate"; + + return runProgram(program, false, args); +} + void LocalStore::exportPath(const Path & path, bool sign, Sink & sink) { @@ -1276,7 +1288,8 @@ void LocalStore::exportPath(const Path & path, bool sign, args.push_back(secretKey); args.push_back("-in"); args.push_back(hashFile); - string signature = runProgram(OPENSSL_PATH, true, args); + + string signature = runAuthenticationProgram(args); writeString(signature, hashAndWriteSink); @@ -1366,7 +1379,7 @@ Path LocalStore::importPath(bool requireSignature, Source & source) args.push_back("-pubin"); args.push_back("-in"); args.push_back(sigFile); - string hash2 = runProgram(OPENSSL_PATH, true, args); + string hash2 = runAuthenticationProgram(args); /* Note: runProgram() throws an exception if the signature is invalid. */ diff --git a/nix/local.mk b/nix/local.mk index 7d45f200b8..fe45c344f0 100644 --- a/nix/local.mk +++ b/nix/local.mk @@ -113,7 +113,6 @@ libstore_a_CPPFLAGS = \ -DGUIX_CONFIGURATION_DIRECTORY=\"$(sysconfdir)/guix\" \ -DNIX_LIBEXEC_DIR=\"$(libexecdir)\" \ -DNIX_BIN_DIR=\"$(bindir)\" \ - -DOPENSSL_PATH="\"guix-authenticate\"" \ -DDEFAULT_CHROOT_DIRS="\"\"" libstore_a_CXXFLAGS = $(AM_CXXFLAGS) \ @@ -168,10 +167,8 @@ nodist_pkglibexec_SCRIPTS += \ endif BUILD_DAEMON_OFFLOAD - -# XXX: It'd be better to hide it in $(pkglibexecdir). -nodist_libexec_SCRIPTS = \ - %D%/scripts/guix-authenticate +nodist_pkglibexec_SCRIPTS += \ + %D%/scripts/authenticate # The '.service' files for systemd. systemdservicedir = $(libdir)/systemd/system diff --git a/nix/nix-daemon/guix-daemon.cc b/nix/nix-daemon/guix-daemon.cc index b71b100f6c..8fdab2d116 100644 --- a/nix/nix-daemon/guix-daemon.cc +++ b/nix/nix-daemon/guix-daemon.cc @@ -466,18 +466,6 @@ main (int argc, char *argv[]) { settings.processEnvironment (); - /* Hackily help 'local-store.cc' find our 'guix-authenticate' program, which - is known as 'OPENSSL_PATH' here. */ - std::string search_path; - search_path = settings.nixLibexecDir; - if (getenv ("PATH") != NULL) - { - search_path += ":"; - search_path += getenv ("PATH"); - } - - setenv ("PATH", search_path.c_str (), 1); - /* Use our substituter by default. */ settings.substituters.clear (); settings.set ("build-use-substitutes", "true"); diff --git a/nix/scripts/authenticate.in b/nix/scripts/authenticate.in new file mode 100644 index 0000000000..5ce57915f0 --- /dev/null +++ b/nix/scripts/authenticate.in @@ -0,0 +1,11 @@ +#!@SHELL@ +# A shorthand for "guix authenticate", for use by the daemon. + +if test "x$GUIX_UNINSTALLED" = "x" +then + prefix="@prefix@" + exec_prefix="@exec_prefix@" + exec "@bindir@/guix" authenticate "$@" +else + exec guix authenticate "$@" +fi diff --git a/nix/scripts/guix-authenticate.in b/nix/scripts/guix-authenticate.in deleted file mode 100644 index 5ce57915f0..0000000000 --- a/nix/scripts/guix-authenticate.in +++ /dev/null @@ -1,11 +0,0 @@ -#!@SHELL@ -# A shorthand for "guix authenticate", for use by the daemon. - -if test "x$GUIX_UNINSTALLED" = "x" -then - prefix="@prefix@" - exec_prefix="@exec_prefix@" - exec "@bindir@/guix" authenticate "$@" -else - exec guix authenticate "$@" -fi -- cgit v1.2.3