daemon: Install 'authenticate' script under LIBEXECDIR/guix.
That way it is handled in the same way as other helper scripts. * nix/scripts/guix-authenticate.in: Rename to... * nix/scripts/authenticate.in: ... this. * config-daemon.ac: Adjust accordingly. * nix/local.mk (libstore_a_CPPFLAGS): Remove -DOPENSSL_PATH. (nodist_libexec_SCRIPTS): Remove. (nodist_pkglibexec_SCRIPTS): New variable. * nix/nix-daemon/guix-daemon.cc (main): Remove 'setenv' call for "PATH". * nix/libstore/local-store.cc (runAuthenticationProgram): New function. (LocalStore::exportPath, LocalStore::importPath): Use it instead of 'runProgram' and OPENSSL_PATH.
This commit is contained in:
parent
7a54b2281d
commit
0fe1fba4af
@ -163,8 +163,8 @@ if test "x$guix_build_daemon" = "xyes"; then
|
||||
[chmod +x nix/scripts/download])
|
||||
AC_CONFIG_FILES([nix/scripts/substitute],
|
||||
[chmod +x nix/scripts/substitute])
|
||||
AC_CONFIG_FILES([nix/scripts/guix-authenticate],
|
||||
[chmod +x nix/scripts/guix-authenticate])
|
||||
AC_CONFIG_FILES([nix/scripts/authenticate],
|
||||
[chmod +x nix/scripts/authenticate])
|
||||
AC_CONFIG_FILES([nix/scripts/offload],
|
||||
[chmod +x nix/scripts/offload])
|
||||
fi
|
||||
|
@ -1222,6 +1222,18 @@ static void checkSecrecy(const Path & path)
|
||||
}
|
||||
|
||||
|
||||
static std::string runAuthenticationProgram(const Strings & args)
|
||||
{
|
||||
/* Use the 'authenticate' script from 'LIBEXECDIR/guix' or just
|
||||
'LIBEXECDIR', depending on whether we're uninstalled or not. */
|
||||
const bool installed = getenv("GUIX_UNINSTALLED") == NULL;
|
||||
const string program = settings.nixLibexecDir
|
||||
+ (installed ? "/guix" : "")
|
||||
+ "/authenticate";
|
||||
|
||||
return runProgram(program, false, args);
|
||||
}
|
||||
|
||||
void LocalStore::exportPath(const Path & path, bool sign,
|
||||
Sink & sink)
|
||||
{
|
||||
@ -1276,7 +1288,8 @@ void LocalStore::exportPath(const Path & path, bool sign,
|
||||
args.push_back(secretKey);
|
||||
args.push_back("-in");
|
||||
args.push_back(hashFile);
|
||||
string signature = runProgram(OPENSSL_PATH, true, args);
|
||||
|
||||
string signature = runAuthenticationProgram(args);
|
||||
|
||||
writeString(signature, hashAndWriteSink);
|
||||
|
||||
@ -1366,7 +1379,7 @@ Path LocalStore::importPath(bool requireSignature, Source & source)
|
||||
args.push_back("-pubin");
|
||||
args.push_back("-in");
|
||||
args.push_back(sigFile);
|
||||
string hash2 = runProgram(OPENSSL_PATH, true, args);
|
||||
string hash2 = runAuthenticationProgram(args);
|
||||
|
||||
/* Note: runProgram() throws an exception if the signature
|
||||
is invalid. */
|
||||
|
@ -113,7 +113,6 @@ libstore_a_CPPFLAGS = \
|
||||
-DGUIX_CONFIGURATION_DIRECTORY=\"$(sysconfdir)/guix\" \
|
||||
-DNIX_LIBEXEC_DIR=\"$(libexecdir)\" \
|
||||
-DNIX_BIN_DIR=\"$(bindir)\" \
|
||||
-DOPENSSL_PATH="\"guix-authenticate\"" \
|
||||
-DDEFAULT_CHROOT_DIRS="\"\""
|
||||
|
||||
libstore_a_CXXFLAGS = $(AM_CXXFLAGS) \
|
||||
@ -168,10 +167,8 @@ nodist_pkglibexec_SCRIPTS += \
|
||||
|
||||
endif BUILD_DAEMON_OFFLOAD
|
||||
|
||||
|
||||
# XXX: It'd be better to hide it in $(pkglibexecdir).
|
||||
nodist_libexec_SCRIPTS = \
|
||||
%D%/scripts/guix-authenticate
|
||||
nodist_pkglibexec_SCRIPTS += \
|
||||
%D%/scripts/authenticate
|
||||
|
||||
# The '.service' files for systemd.
|
||||
systemdservicedir = $(libdir)/systemd/system
|
||||
|
@ -466,18 +466,6 @@ main (int argc, char *argv[])
|
||||
{
|
||||
settings.processEnvironment ();
|
||||
|
||||
/* Hackily help 'local-store.cc' find our 'guix-authenticate' program, which
|
||||
is known as 'OPENSSL_PATH' here. */
|
||||
std::string search_path;
|
||||
search_path = settings.nixLibexecDir;
|
||||
if (getenv ("PATH") != NULL)
|
||||
{
|
||||
search_path += ":";
|
||||
search_path += getenv ("PATH");
|
||||
}
|
||||
|
||||
setenv ("PATH", search_path.c_str (), 1);
|
||||
|
||||
/* Use our substituter by default. */
|
||||
settings.substituters.clear ();
|
||||
settings.set ("build-use-substitutes", "true");
|
||||
|
Loading…
Reference in New Issue
Block a user