[PATCH] Add a ‘verifyStore’ RPC

[PATCH] Add a ‘verifyStore’ RPC

[Ludovic Courtès]

[-- Attachment #1: Type: text/plain, Size: 151 bytes --]

Hello!

The patch below adds a ‘verifyStore’ RPC with the same signature as the
current LocalStore::verifyStore method.

Thanks,
Ludo’.


[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #2: the patch --]
[-- Type: text/x-patch, Size: 2978 bytes --]

From aef46c03ca77eb6344f4892672eb6d9d06432041 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Ludovic=20Court=C3=A8s?= <ludo@gnu.org>
Date: Mon, 1 Jun 2015 23:17:10 +0200
Subject: [PATCH] Add a 'verifyStore' remote procedure call.

---
 src/libstore/remote-store.cc    | 10 ++++++++++
 src/libstore/remote-store.hh    |  1 +
 src/libstore/store-api.hh       |  4 ++++
 src/libstore/worker-protocol.hh |  3 ++-
 src/nix-daemon/nix-daemon.cc    | 10 ++++++++++
 5 files changed, 27 insertions(+), 1 deletion(-)

diff --git a/src/libstore/remote-store.cc b/src/libstore/remote-store.cc
index 3b2825c..ab87d9d 100644
--- a/src/libstore/remote-store.cc
+++ b/src/libstore/remote-store.cc
@@ -587,6 +587,16 @@ void RemoteStore::optimiseStore()
     readInt(from);
 }
 
+bool RemoteStore::verifyStore(bool checkContents, bool repair)
+{
+    openConnection();
+    writeInt(wopVerifyStore, to);
+    writeInt(checkContents, to);
+    writeInt(repair, to);
+    processStderr();
+    return readInt(from) != 0;
+}
+
 void RemoteStore::processStderr(Sink * sink, Source * source)
 {
     to.flush();
diff --git a/src/libstore/remote-store.hh b/src/libstore/remote-store.hh
index 14209cb..030120d 100644
--- a/src/libstore/remote-store.hh
+++ b/src/libstore/remote-store.hh
@@ -85,6 +85,7 @@ public:
 
     void optimiseStore();
 
+    bool verifyStore(bool checkContents, bool repair);
 private:
     AutoCloseFD fdSocket;
     FdSink to;
diff --git a/src/libstore/store-api.hh b/src/libstore/store-api.hh
index 97a60a6..3764f3e 100644
--- a/src/libstore/store-api.hh
+++ b/src/libstore/store-api.hh
@@ -254,6 +254,10 @@ public:
     /* Optimise the disk space usage of the Nix store by hard-linking files
        with the same contents. */
     virtual void optimiseStore() = 0;
+
+    /* Check the integrity of the Nix store.  Returns true if errors
+       remain. */
+    virtual bool verifyStore(bool checkContents, bool repair) = 0;
 };
 
 
diff --git a/src/libstore/worker-protocol.hh b/src/libstore/worker-protocol.hh
index 4b040b7..d037d74 100644
--- a/src/libstore/worker-protocol.hh
+++ b/src/libstore/worker-protocol.hh
@@ -42,7 +42,8 @@ typedef enum {
     wopQueryValidPaths = 31,
     wopQuerySubstitutablePaths = 32,
     wopQueryValidDerivers = 33,
-    wopOptimiseStore = 34
+    wopOptimiseStore = 34,
+    wopVerifyStore = 35
 } WorkerOp;
 
 
diff --git a/src/nix-daemon/nix-daemon.cc b/src/nix-daemon/nix-daemon.cc
index bed7de0..b3552a9 100644
--- a/src/nix-daemon/nix-daemon.cc
+++ b/src/nix-daemon/nix-daemon.cc
@@ -519,6 +519,16 @@ static void performOp(bool trusted, unsigned int clientVersion,
         writeInt(1, to);
         break;
 
+    case wopVerifyStore: {
+	bool checkContents = readInt(from) != 0;
+	bool repair = readInt(from) != 0;
+	startWork();
+	bool errors = store->verifyStore(checkContents, repair);
+	stopWork();
+	writeInt(errors, to);
+	break;
+    }
+
     default:
         throw Error(format("invalid operation %1%") % op);
     }
-- 
2.2.1


[-- Attachment #3: Type: text/plain, Size: 149 bytes --]

_______________________________________________
nix-dev mailing list
nix-dev@lists.science.uu.nl
http://lists.science.uu.nl/mailman/listinfo/nix-dev

Re: [PATCH] Add a ‘verifyStore’ RPC

[Eelco Dolstra]

Hi,

On 01/06/15 23:20, Ludovic Courtès wrote:

> The patch below adds a ‘verifyStore’ RPC with the same signature as the
> current LocalStore::verifyStore method.

Thanks! I've applied this with the following change to disallow repairing by
unprivileged users (since it's a potentially dangerous operation):

https://github.com/NixOS/nix/commit/d8ddf994e70f97994e0f1fbd382df93cd071b90f

-- 
Eelco Dolstra | LogicBlox, Inc. | http://nixos.org/~eelco/

Re: [PATCH] Add a ‘verifyStore’ RPC

[Ludovic Courtès]

Hello!

Eelco Dolstra <eelco.dolstra@logicblox.com> skribis:

> On 01/06/15 23:20, Ludovic Courtès wrote:
>
>> The patch below adds a ‘verifyStore’ RPC with the same signature as the
>> current LocalStore::verifyStore method.
>
> Thanks! I've applied this with the following change to disallow repairing by
> unprivileged users (since it's a potentially dangerous operation):
>
> https://github.com/NixOS/nix/commit/d8ddf994e70f97994e0f1fbd382df93cd071b90f

Sounds good, although I’m unclear on how things could go wrong:
repairing can only rebuild or use approved substitutes, right?

Thank you!

Ludo’.
_______________________________________________
nix-dev mailing list
nix-dev@lists.science.uu.nl
http://lists.science.uu.nl/mailman/listinfo/nix-dev

Re: [PATCH] Add a ‘verifyStore’ RPC

[Eelco Dolstra]

Hi,

On 03/06/15 10:27, Ludovic Courtès wrote:

>>> The patch below adds a ‘verifyStore’ RPC with the same signature as the
>>> current LocalStore::verifyStore method.
>>
>> Thanks! I've applied this with the following change to disallow repairing by
>> unprivileged users (since it's a potentially dangerous operation):
>>
>> https://github.com/NixOS/nix/commit/d8ddf994e70f97994e0f1fbd382df93cd071b90f
> 
> Sounds good, although I’m unclear on how things could go wrong:
> repairing can only rebuild or use approved substitutes, right?

Repair may replace store paths non-atomically, which, if interrupted, can leave
the system in a broken state. (E.g. if you try to replace glibc and it fails
half-way through.)

-- 
Eelco Dolstra | LogicBlox, Inc. | http://nixos.org/~eelco/
_______________________________________________
nix-dev mailing list
nix-dev@lists.science.uu.nl
http://lists.science.uu.nl/mailman/listinfo/nix-dev

Re: [PATCH] Add a ‘verifyStore’ RPC

[Ludovic Courtès]

Eelco Dolstra <eelco.dolstra@logicblox.com> skribis:

> On 03/06/15 10:27, Ludovic Courtès wrote:
>
>>>> The patch below adds a ‘verifyStore’ RPC with the same signature as the
>>>> current LocalStore::verifyStore method.
>>>
>>> Thanks! I've applied this with the following change to disallow repairing by
>>> unprivileged users (since it's a potentially dangerous operation):
>>>
>>> https://github.com/NixOS/nix/commit/d8ddf994e70f97994e0f1fbd382df93cd071b90f
>> 
>> Sounds good, although I’m unclear on how things could go wrong:
>> repairing can only rebuild or use approved substitutes, right?
>
> Repair may replace store paths non-atomically, which, if interrupted, can leave
> the system in a broken state. (E.g. if you try to replace glibc and it fails
> half-way through.)

I see, thanks for explaining.

Ludo’.
_______________________________________________
nix-dev mailing list
nix-dev@lists.science.uu.nl
http://lists.science.uu.nl/mailman/listinfo/nix-dev