daemon: Install 'authenticate' script under LIBEXECDIR/guix.

That way it is handled in the same way as other helper scripts.

* nix/scripts/guix-authenticate.in: Rename to...
* nix/scripts/authenticate.in: ... this.
* config-daemon.ac: Adjust accordingly.
* nix/local.mk (libstore_a_CPPFLAGS): Remove -DOPENSSL_PATH.
(nodist_libexec_SCRIPTS): Remove.
(nodist_pkglibexec_SCRIPTS): New variable.
* nix/nix-daemon/guix-daemon.cc (main): Remove 'setenv' call for
"PATH".
* nix/libstore/local-store.cc (runAuthenticationProgram): New function.
(LocalStore::exportPath, LocalStore::importPath): Use it instead of
'runProgram' and OPENSSL_PATH.
This commit is contained in:
Ludovic Courtès 2018-11-14 18:11:58 +01:00
parent 7a54b2281d
commit 0fe1fba4af
No known key found for this signature in database
GPG Key ID: 090B11993D9AEBB5
5 changed files with 19 additions and 21 deletions

@ -163,8 +163,8 @@ if test "x$guix_build_daemon" = "xyes"; then
[chmod +x nix/scripts/download])
AC_CONFIG_FILES([nix/scripts/substitute],
[chmod +x nix/scripts/substitute])
AC_CONFIG_FILES([nix/scripts/guix-authenticate],
[chmod +x nix/scripts/guix-authenticate])
AC_CONFIG_FILES([nix/scripts/authenticate],
[chmod +x nix/scripts/authenticate])
AC_CONFIG_FILES([nix/scripts/offload],
[chmod +x nix/scripts/offload])
fi

@ -1222,6 +1222,18 @@ static void checkSecrecy(const Path & path)
}
static std::string runAuthenticationProgram(const Strings & args)
{
/* Use the 'authenticate' script from 'LIBEXECDIR/guix' or just
'LIBEXECDIR', depending on whether we're uninstalled or not. */
const bool installed = getenv("GUIX_UNINSTALLED") == NULL;
const string program = settings.nixLibexecDir
+ (installed ? "/guix" : "")
+ "/authenticate";
return runProgram(program, false, args);
}
void LocalStore::exportPath(const Path & path, bool sign,
Sink & sink)
{
@ -1276,7 +1288,8 @@ void LocalStore::exportPath(const Path & path, bool sign,
args.push_back(secretKey);
args.push_back("-in");
args.push_back(hashFile);
string signature = runProgram(OPENSSL_PATH, true, args);
string signature = runAuthenticationProgram(args);
writeString(signature, hashAndWriteSink);
@ -1366,7 +1379,7 @@ Path LocalStore::importPath(bool requireSignature, Source & source)
args.push_back("-pubin");
args.push_back("-in");
args.push_back(sigFile);
string hash2 = runProgram(OPENSSL_PATH, true, args);
string hash2 = runAuthenticationProgram(args);
/* Note: runProgram() throws an exception if the signature
is invalid. */

@ -113,7 +113,6 @@ libstore_a_CPPFLAGS = \
-DGUIX_CONFIGURATION_DIRECTORY=\"$(sysconfdir)/guix\" \
-DNIX_LIBEXEC_DIR=\"$(libexecdir)\" \
-DNIX_BIN_DIR=\"$(bindir)\" \
-DOPENSSL_PATH="\"guix-authenticate\"" \
-DDEFAULT_CHROOT_DIRS="\"\""
libstore_a_CXXFLAGS = $(AM_CXXFLAGS) \
@ -168,10 +167,8 @@ nodist_pkglibexec_SCRIPTS += \
endif BUILD_DAEMON_OFFLOAD
# XXX: It'd be better to hide it in $(pkglibexecdir).
nodist_libexec_SCRIPTS = \
%D%/scripts/guix-authenticate
nodist_pkglibexec_SCRIPTS += \
%D%/scripts/authenticate
# The '.service' files for systemd.
systemdservicedir = $(libdir)/systemd/system

@ -466,18 +466,6 @@ main (int argc, char *argv[])
{
settings.processEnvironment ();
/* Hackily help 'local-store.cc' find our 'guix-authenticate' program, which
is known as 'OPENSSL_PATH' here. */
std::string search_path;
search_path = settings.nixLibexecDir;
if (getenv ("PATH") != NULL)
{
search_path += ":";
search_path += getenv ("PATH");
}
setenv ("PATH", search_path.c_str (), 1);
/* Use our substituter by default. */
settings.substituters.clear ();
settings.set ("build-use-substitutes", "true");