Update binary cache signing to Nix 1.9

[?]
Feb 17, 2015, 7:15 PM
5US6TQ2N6EVVXSQHGJB4VVRTQCIDMLDCJSP3PSVLHUR3CA2XHTVAC

Dependencies

  • [2] AFNDUSGD Set Expires headers for Hydra's binary cache
  • [3] AJVEJENF Allow Hydra's binary cache to be signed
  • [4] UCJEI7YZ Don't compress already-compressed files.
  • [5] GX2GISE2 Revert "Don't compress already-compressed files."
  • [6] IDT3SO3P Generate *.narinfo files on the fly to support the binary cache substituter

Change contents

  • edit in src/lib/Hydra/View/NARInfo.pm at line 3
    [3.701][3.701:742]()
    use strict;
    use base qw/Catalyst::View/;
  • edit in src/lib/Hydra/View/NARInfo.pm at line 4
    [3.762]
    [3.762]
    use Hydra::Helper::CatalystUtils;
    use MIME::Base64;
    use Nix::Manifest;
  • replacement in src/lib/Hydra/View/NARInfo.pm at line 8
    [3.778][3.0:17](),[3.17][2.316:350]()
    use Nix::Crypto;
    use Hydra::Helper::CatalystUtils;
    [3.778]
    [3.778]
    use Nix::Utils;
    use base qw/Catalyst::View/;
    use strict;
  • replacement in src/lib/Hydra/View/NARInfo.pm at line 37
    [3.83][3.83:367]()
    my $privateKeyFile = $c->config->{binary_cache_private_key_file};
    my $keyName = $c->config->{binary_cache_key_name};
    if (defined $privateKeyFile && defined $keyName) {
    my $sig = signString($privateKeyFile, $info);
    $info .= "Signature: 1;$keyName;$sig\n";
    [3.83]
    [3.1654]
    my $secretKeyFile = $c->config->{binary_cache_secret_key_file};
    if (defined $secretKeyFile) {
    my $s = readFile $secretKeyFile;
    chomp $s;
    my ($keyName, $secretKey) = split ":", $s;
    die "invalid secret key file\n" unless defined $keyName && defined $secretKey;
    my $fingerprint = fingerprintPath($storePath, $narHash, $narSize, $refs);
    my $sig = encode_base64(signString(decode_base64($secretKey), $fingerprint), "");
    $info .= "Sig: $keyName:$sig\n";