refactor(tvix/nix-compat): rename PubKey to VerifyingKey

Align these with the way it's called in the ed25519 crates.

Change-Id: Ia52d3bb9bf831dc6b5f7d5356f5ac62135672883
Reviewed-on: https://cl.tvl.fyi/c/depot/+/12013
Tested-by: BuildkiteCI
Reviewed-by: raitobezarius <tvl@lahfa.xyz>
Autosubmit: flokli <flokli@flokli.de>
This commit is contained in:
Florian Klink 2024-07-21 22:49:05 +02:00 committed by clbot
parent 62184ee35a
commit 05b4e805ee
4 changed files with 25 additions and 25 deletions

View file

@ -27,13 +27,12 @@ use std::{
use crate::{nixbase32, nixhash::CAHash, store_path::StorePathRef};
mod fingerprint;
mod public_keys;
mod signature;
mod verifying_keys;
pub use fingerprint::fingerprint;
pub use public_keys::{Error as PubKeyError, PubKey};
pub use signature::{Error as SignatureError, Signature};
pub use verifying_keys::{Error as VerifyingKeyError, VerifyingKey};
#[derive(Debug)]
pub struct NarInfo<'a> {

View file

@ -4,7 +4,7 @@
use std::fmt::Display;
use data_encoding::BASE64;
use ed25519_dalek::{VerifyingKey, PUBLIC_KEY_LENGTH};
use ed25519_dalek::PUBLIC_KEY_LENGTH;
use super::Signature;
@ -12,13 +12,13 @@ use super::Signature;
/// These are normally passed in the `trusted-public-keys` Nix config option,
/// and consist of a name and base64-encoded ed25519 pubkey, separated by a `:`.
#[derive(Clone, Debug, PartialEq, Eq)]
pub struct PubKey {
pub struct VerifyingKey {
name: String,
verifying_key: VerifyingKey,
verifying_key: ed25519_dalek::VerifyingKey,
}
impl PubKey {
pub fn new(name: String, verifying_key: VerifyingKey) -> Self {
impl VerifyingKey {
pub fn new(name: String, verifying_key: ed25519_dalek::VerifyingKey) -> Self {
Self {
name,
verifying_key,
@ -37,7 +37,7 @@ impl PubKey {
}
if bytes64.len() != BASE64.encode_len(PUBLIC_KEY_LENGTH) {
return Err(Error::InvalidPubKeyLen(bytes64.len()));
return Err(Error::InvalidVerifyingKeyLen(bytes64.len()));
}
let mut buf = [0; PUBLIC_KEY_LENGTH + 1];
@ -51,7 +51,8 @@ impl PubKey {
Err(_) => return Err(Error::DecodeError(input.to_string())),
}
let verifying_key = VerifyingKey::from_bytes(&bytes).map_err(Error::InvalidVerifyingKey)?;
let verifying_key =
ed25519_dalek::VerifyingKey::from_bytes(&bytes).map_err(Error::InvalidVerifyingKey)?;
Ok(Self {
name: name.to_string(),
@ -84,14 +85,14 @@ pub enum Error {
#[error("Missing separator")]
MissingSeparator,
#[error("Invalid pubkey len: {0}")]
InvalidPubKeyLen(usize),
InvalidVerifyingKeyLen(usize),
#[error("VerifyingKey error: {0}")]
InvalidVerifyingKey(ed25519_dalek::SignatureError),
#[error("Unable to base64-decode pubkey: {0}")]
DecodeError(String),
}
impl Display for PubKey {
impl Display for VerifyingKey {
fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
write!(
f,
@ -110,7 +111,7 @@ mod test {
use crate::narinfo::Signature;
use super::PubKey;
use super::VerifyingKey;
const FINGERPRINT: &str = "1;/nix/store/syd87l2rxw8cbsxmxl853h0r6pdwhwjr-curl-7.82.0-bin;sha256:1b4sb93wp679q4zx9k1ignby1yna3z7c4c2ri3wphylbc2dwsys0;196040;/nix/store/0jqd0rlxzra1rs38rdxl43yh6rxchgc6-curl-7.82.0,/nix/store/6w8g7njm4mck5dmjxws0z1xnrxvl81xa-glibc-2.34-115,/nix/store/j5jxw3iy7bbz4a57fh9g2xm2gxmyal8h-zlib-1.2.12,/nix/store/yxvjs9drzsphm9pcf42a4byzj1kb9m7k-openssl-1.1.1n";
#[rstest]
@ -122,7 +123,7 @@ mod test {
#[case] exp_name: &'static str,
#[case] exp_verifying_key_bytes: &[u8; PUBLIC_KEY_LENGTH],
) {
let pubkey = PubKey::parse(input).expect("must parse");
let pubkey = VerifyingKey::parse(input).expect("must parse");
assert_eq!(exp_name, pubkey.name());
assert_eq!(exp_verifying_key_bytes, pubkey.verifying_key.as_bytes());
}
@ -132,7 +133,7 @@ mod test {
#[case::missing_padding("cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY")]
#[case::wrong_length("cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDS")]
fn parse_fail(#[case] input: &'static str) {
PubKey::parse(input).expect_err("must fail");
VerifyingKey::parse(input).expect_err("must fail");
}
#[rstest]
@ -144,7 +145,7 @@ mod test {
#[case] signature_str: &'static str,
#[case] expected: bool,
) {
let pubkey = PubKey::parse(pubkey_str).expect("must parse");
let pubkey = VerifyingKey::parse(pubkey_str).expect("must parse");
let signature = Signature::parse(signature_str).expect("must parse");
assert_eq!(expected, pubkey.verify(fingerprint, &signature));

View file

@ -13,7 +13,7 @@ pub struct NixConfig<'a> {
pub sandbox_fallback: Option<bool>,
pub substituters: Option<Vec<&'a str>>,
pub system_features: Option<Vec<&'a str>>,
pub trusted_public_keys: Option<Vec<crate::narinfo::PubKey>>,
pub trusted_public_keys: Option<Vec<crate::narinfo::VerifyingKey>>,
pub trusted_substituters: Option<Vec<&'a str>>,
pub trusted_users: Option<Vec<&'a str>>,
pub extra_platforms: Option<Vec<&'a str>>,
@ -78,8 +78,8 @@ impl<'a> NixConfig<'a> {
"trusted-public-keys" => {
this.trusted_public_keys = Some(
val.split_whitespace()
.map(crate::narinfo::PubKey::parse)
.collect::<Result<Vec<crate::narinfo::PubKey>, _>>()
.map(crate::narinfo::VerifyingKey::parse)
.collect::<Result<Vec<crate::narinfo::VerifyingKey>, _>>()
.ok()?,
)
}
@ -155,7 +155,7 @@ impl FromStr for SandboxSetting {
#[cfg(test)]
mod tests {
use crate::{narinfo::PubKey, nixcpp::conf::SandboxSetting};
use crate::{narinfo::VerifyingKey, nixcpp::conf::SandboxSetting};
use super::NixConfig;
@ -175,9 +175,9 @@ mod tests {
substituters: Some(vec!["https://nix-community.cachix.org", "https://cache.nixos.org/"]),
system_features: Some(vec!["nixos-test", "benchmark", "big-parallel", "kvm"]),
trusted_public_keys: Some(vec![
PubKey::parse("cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY=")
VerifyingKey::parse("cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY=")
.expect("failed to parse pubkey"),
PubKey::parse("nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=")
VerifyingKey::parse("nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=")
.expect("failed to parse pubkey")
]),
trusted_substituters: Some(vec![]),

View file

@ -41,7 +41,7 @@ pub struct NixHTTPPathInfoService<BS, DS> {
/// An optional list of [narinfo::PubKey].
/// If set, the .narinfo files received need to have correct signature by at least one of these.
public_keys: Option<Vec<narinfo::PubKey>>,
public_keys: Option<Vec<narinfo::VerifyingKey>>,
}
impl<BS, DS> NixHTTPPathInfoService<BS, DS> {
@ -59,7 +59,7 @@ impl<BS, DS> NixHTTPPathInfoService<BS, DS> {
}
/// Configures [Self] to validate NARInfo fingerprints with the public keys passed.
pub fn set_public_keys(&mut self, public_keys: Vec<narinfo::PubKey>) {
pub fn set_public_keys(&mut self, public_keys: Vec<narinfo::VerifyingKey>) {
self.public_keys = Some(public_keys);
}
}
@ -311,7 +311,7 @@ impl ServiceBuilder for NixHTTPPathInfoServiceConfig {
public_keys
.iter()
.map(|pubkey_str| {
narinfo::PubKey::parse(pubkey_str)
narinfo::VerifyingKey::parse(pubkey_str)
.map_err(|e| Error::StorageError(format!("invalid public key: {e}")))
})
.collect::<Result<Vec<_>, Error>>()?,