Make libsodium an optional dependency
This commit is contained in:
parent
5d9cd27dce
commit
1c972cba14
6 changed files with 28 additions and 2 deletions
|
@ -4,6 +4,7 @@ CFLAGS = @CFLAGS@
|
||||||
CXX = @CXX@
|
CXX = @CXX@
|
||||||
CXXFLAGS = @CXXFLAGS@
|
CXXFLAGS = @CXXFLAGS@
|
||||||
HAVE_OPENSSL = @HAVE_OPENSSL@
|
HAVE_OPENSSL = @HAVE_OPENSSL@
|
||||||
|
HAVE_SODIUM = @HAVE_SODIUM@
|
||||||
OPENSSL_LIBS = @OPENSSL_LIBS@
|
OPENSSL_LIBS = @OPENSSL_LIBS@
|
||||||
PACKAGE_NAME = @PACKAGE_NAME@
|
PACKAGE_NAME = @PACKAGE_NAME@
|
||||||
PACKAGE_VERSION = @PACKAGE_VERSION@
|
PACKAGE_VERSION = @PACKAGE_VERSION@
|
||||||
|
|
|
@ -205,8 +205,12 @@ AC_CHECK_HEADERS([bzlib.h], [true],
|
||||||
PKG_CHECK_MODULES([SQLITE3], [sqlite3 >= 3.6.19], [CXXFLAGS="$SQLITE3_CFLAGS $CXXFLAGS"])
|
PKG_CHECK_MODULES([SQLITE3], [sqlite3 >= 3.6.19], [CXXFLAGS="$SQLITE3_CFLAGS $CXXFLAGS"])
|
||||||
|
|
||||||
|
|
||||||
# Look for libsodium, a required dependency.
|
# Look for libsodium, an optional dependency.
|
||||||
PKG_CHECK_MODULES([SODIUM], [libsodium], [CXXFLAGS="$SODIUM_CFLAGS $CXXFLAGS"])
|
PKG_CHECK_MODULES([SODIUM], [libsodium],
|
||||||
|
[AC_DEFINE([HAVE_SODIUM], [1], [Whether to use libsodium for cryptography.])
|
||||||
|
CXXFLAGS="$SODIUM_CFLAGS $CXXFLAGS"
|
||||||
|
have_sodium=1], [have_sodium=])
|
||||||
|
AC_SUBST(HAVE_SODIUM, [$have_sodium])
|
||||||
|
|
||||||
|
|
||||||
# Whether to use the Boehm garbage collector.
|
# Whether to use the Boehm garbage collector.
|
||||||
|
|
|
@ -11,7 +11,9 @@
|
||||||
#include <misc.hh>
|
#include <misc.hh>
|
||||||
#include <util.hh>
|
#include <util.hh>
|
||||||
|
|
||||||
|
#if HAVE_SODIUM
|
||||||
#include <sodium.h>
|
#include <sodium.h>
|
||||||
|
#endif
|
||||||
|
|
||||||
|
|
||||||
using namespace nix;
|
using namespace nix;
|
||||||
|
@ -228,6 +230,7 @@ SV * hashString(char * algo, int base32, char * s)
|
||||||
SV * signString(SV * secretKey_, char * msg)
|
SV * signString(SV * secretKey_, char * msg)
|
||||||
PPCODE:
|
PPCODE:
|
||||||
try {
|
try {
|
||||||
|
#if HAVE_SODIUM
|
||||||
STRLEN secretKeyLen;
|
STRLEN secretKeyLen;
|
||||||
unsigned char * secretKey = (unsigned char *) SvPV(secretKey_, secretKeyLen);
|
unsigned char * secretKey = (unsigned char *) SvPV(secretKey_, secretKeyLen);
|
||||||
if (secretKeyLen != crypto_sign_SECRETKEYBYTES)
|
if (secretKeyLen != crypto_sign_SECRETKEYBYTES)
|
||||||
|
@ -237,6 +240,9 @@ SV * signString(SV * secretKey_, char * msg)
|
||||||
unsigned long long sigLen;
|
unsigned long long sigLen;
|
||||||
crypto_sign_detached(sig, &sigLen, (unsigned char *) msg, strlen(msg), secretKey);
|
crypto_sign_detached(sig, &sigLen, (unsigned char *) msg, strlen(msg), secretKey);
|
||||||
XPUSHs(sv_2mortal(newSVpv((char *) sig, sigLen)));
|
XPUSHs(sv_2mortal(newSVpv((char *) sig, sigLen)));
|
||||||
|
#else
|
||||||
|
throw Error("Nix was not compiled with libsodium, required for signed binary cache support");
|
||||||
|
#endif
|
||||||
} catch (Error & e) {
|
} catch (Error & e) {
|
||||||
croak(e.what());
|
croak(e.what());
|
||||||
}
|
}
|
||||||
|
@ -245,6 +251,7 @@ SV * signString(SV * secretKey_, char * msg)
|
||||||
int checkSignature(SV * publicKey_, SV * sig_, char * msg)
|
int checkSignature(SV * publicKey_, SV * sig_, char * msg)
|
||||||
CODE:
|
CODE:
|
||||||
try {
|
try {
|
||||||
|
#if HAVE_SODIUM
|
||||||
STRLEN publicKeyLen;
|
STRLEN publicKeyLen;
|
||||||
unsigned char * publicKey = (unsigned char *) SvPV(publicKey_, publicKeyLen);
|
unsigned char * publicKey = (unsigned char *) SvPV(publicKey_, publicKeyLen);
|
||||||
if (publicKeyLen != crypto_sign_PUBLICKEYBYTES)
|
if (publicKeyLen != crypto_sign_PUBLICKEYBYTES)
|
||||||
|
@ -256,6 +263,9 @@ int checkSignature(SV * publicKey_, SV * sig_, char * msg)
|
||||||
throw Error("signature is not valid");
|
throw Error("signature is not valid");
|
||||||
|
|
||||||
RETVAL = crypto_sign_verify_detached(sig, (unsigned char *) msg, strlen(msg), publicKey) == 0;
|
RETVAL = crypto_sign_verify_detached(sig, (unsigned char *) msg, strlen(msg), publicKey) == 0;
|
||||||
|
#else
|
||||||
|
throw Error("Nix was not compiled with libsodium, required for signed binary cache support");
|
||||||
|
#endif
|
||||||
} catch (Error & e) {
|
} catch (Error & e) {
|
||||||
croak(e.what());
|
croak(e.what());
|
||||||
}
|
}
|
||||||
|
|
|
@ -20,7 +20,9 @@
|
||||||
|
|
||||||
#include <bzlib.h>
|
#include <bzlib.h>
|
||||||
|
|
||||||
|
#if HAVE_SODIUM
|
||||||
#include <sodium.h>
|
#include <sodium.h>
|
||||||
|
#endif
|
||||||
|
|
||||||
|
|
||||||
using namespace nix;
|
using namespace nix;
|
||||||
|
@ -1016,6 +1018,7 @@ static void opGenerateBinaryCacheKey(Strings opFlags, Strings opArgs)
|
||||||
if (opArgs.size() != 1) throw UsageError("one argument expected");
|
if (opArgs.size() != 1) throw UsageError("one argument expected");
|
||||||
string keyName = opArgs.front();
|
string keyName = opArgs.front();
|
||||||
|
|
||||||
|
#if HAVE_SODIUM
|
||||||
sodium_init();
|
sodium_init();
|
||||||
|
|
||||||
unsigned char pk[crypto_sign_PUBLICKEYBYTES];
|
unsigned char pk[crypto_sign_PUBLICKEYBYTES];
|
||||||
|
@ -1025,6 +1028,9 @@ static void opGenerateBinaryCacheKey(Strings opFlags, Strings opArgs)
|
||||||
|
|
||||||
std::cout << keyName << ":" << base64Encode(string((char *) pk, crypto_sign_PUBLICKEYBYTES)) << std::endl;
|
std::cout << keyName << ":" << base64Encode(string((char *) pk, crypto_sign_PUBLICKEYBYTES)) << std::endl;
|
||||||
std::cout << keyName << ":" << base64Encode(string((char *) sk, crypto_sign_SECRETKEYBYTES)) << std::endl;
|
std::cout << keyName << ":" << base64Encode(string((char *) sk, crypto_sign_SECRETKEYBYTES)) << std::endl;
|
||||||
|
#else
|
||||||
|
throw Error("Nix was not compiled with libsodium, required for signed binary cache support");
|
||||||
|
#endif
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
|
|
@ -89,6 +89,8 @@ nix-build --option binary-caches "file://$cacheDir" dependencies.nix -o $TEST_RO
|
||||||
grep -q "Downloading" $TEST_ROOT/log
|
grep -q "Downloading" $TEST_ROOT/log
|
||||||
|
|
||||||
|
|
||||||
|
if [ -n "$HAVE_SODIUM" ]; then
|
||||||
|
|
||||||
# Create a signed binary cache.
|
# Create a signed binary cache.
|
||||||
clearCache
|
clearCache
|
||||||
|
|
||||||
|
@ -137,3 +139,5 @@ done
|
||||||
rm -f $NIX_STATE_DIR/binary-cache*
|
rm -f $NIX_STATE_DIR/binary-cache*
|
||||||
|
|
||||||
(! nix-store -r $outPath --option binary-caches "file://$cacheDir" --option signed-binary-caches '*' --option binary-cache-public-keys "$publicKey")
|
(! nix-store -r $outPath --option binary-caches "file://$cacheDir" --option signed-binary-caches '*' --option binary-cache-public-keys "$publicKey")
|
||||||
|
|
||||||
|
fi # HAVE_LIBSODIUM
|
||||||
|
|
|
@ -25,6 +25,7 @@ export dot=@dot@
|
||||||
export xmllint="@xmllint@"
|
export xmllint="@xmllint@"
|
||||||
export SHELL="@bash@"
|
export SHELL="@bash@"
|
||||||
export PAGER=cat
|
export PAGER=cat
|
||||||
|
export HAVE_SODIUM="@HAVE_SODIUM@"
|
||||||
|
|
||||||
export version=@PACKAGE_VERSION@
|
export version=@PACKAGE_VERSION@
|
||||||
export system=@system@
|
export system=@system@
|
||||||
|
|
Loading…
Reference in a new issue