feat(tvix/nar-bridge): stop parsing nixbase32 manually, validate

We have nixhash.FromHashTypeAndDigest now.

Also, run Validate() on the PathInfo received from the remote
PathInfoService.

Change-Id: I14db0d9356c539c084afc9dd712314b56da2587e
Reviewed-on: https://cl.tvl.fyi/c/depot/+/9652
Tested-by: BuildkiteCI
Reviewed-by: Brian McGee <brian@bmcgee.ie>
This commit is contained in:
Florian Klink 2023-10-11 12:52:33 +02:00 committed by flokli
parent 98c17147c6
commit 673f5febbb
2 changed files with 24 additions and 10 deletions

View file

@ -10,7 +10,6 @@ import (
"code.tvl.fyi/tvix/nar-bridge/pkg/importer" "code.tvl.fyi/tvix/nar-bridge/pkg/importer"
"github.com/go-chi/chi/v5" "github.com/go-chi/chi/v5"
nixhash "github.com/nix-community/go-nix/pkg/hash" nixhash "github.com/nix-community/go-nix/pkg/hash"
"github.com/nix-community/go-nix/pkg/nixbase32"
"github.com/sirupsen/logrus" "github.com/sirupsen/logrus"
log "github.com/sirupsen/logrus" log "github.com/sirupsen/logrus"
) )
@ -101,11 +100,8 @@ func registerNarPut(s *Server) {
} }
// Compare the nar hash specified in the URL with the one that has been // Compare the nar hash specified in the URL with the one that has been
// calculated while processing the NAR file // calculated while processing the NAR file.
// TODO: bump go-nix and remove the parsing narHash, err := nixhash.FromHashTypeAndDigest(0x12, narSha256)
narHash, err := nixhash.ParseNixBase32(
"sha256:" + nixbase32.EncodeToString(narSha256),
)
if err != nil { if err != nil {
panic("must parse nixbase32") panic("must parse nixbase32")
} }

View file

@ -51,11 +51,29 @@ func renderNarinfo(
return fmt.Errorf("unable to get pathinfo: %w", err) return fmt.Errorf("unable to get pathinfo: %w", err)
} }
// TODO: don't parse log = log.WithField("pathInfo", pathInfo)
narHash, err := nixhash.ParseNixBase32("sha256:" + nixbase32.EncodeToString(pathInfo.GetNarinfo().GetNarSha256()))
// The PathInfo received needs to be valid, and contain a NARInfo field.
if _, err := pathInfo.Validate(); err != nil {
log.WithError(err).Error("unable to validate PathInfo")
return fmt.Errorf("unable to validate PathInfo: %w", err)
}
// Ensure the PathInfo contains a NARInfo field
if pathInfo.GetNarinfo() == nil {
log.Error("PathInfo doesn't contain Narinfo field")
return fmt.Errorf("PathInfo doesn't contain Narinfo field")
}
// extract the NARHash
narHash, err := nixhash.FromHashTypeAndDigest(0x12, pathInfo.GetNarinfo().GetNarSha256())
if err != nil { if err != nil {
// TODO: return proper error // TODO: replace with panic once we use cl/9649
return fmt.Errorf("No usable NarHash found in PathInfo")
log.WithError(err).Error("invalid NarHash in PathInfo")
return fmt.Errorf("invalid NarHash in PathInfo")
} }
// add things to the lookup table, in case the same process didn't handle the NAR hash yet. // add things to the lookup table, in case the same process didn't handle the NAR hash yet.