Skip to content

Store provenance info in the NAR info disk cache #344

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
edolstra merged 1 commit into from
Feb 11, 2026
Merged

Store provenance info in the NAR info disk cache #344

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
16 changes: 11 additions & 5 deletions src/libstore/nar-info-disk-cache.cc
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,7 @@
#include "nix/util/sync.hh"
#include "nix/store/sqlite.hh"
#include "nix/store/globals.hh"
#include "nix/store/provenance.hh"

#include <sqlite3.h>
#include <nlohmann/json.hpp>
Expand Down Expand Up @@ -36,6 +37,7 @@ create table if not exists NARs (
deriver text,
sigs text,
ca text,
provenance text,
Comment thread
edolstra marked this conversation as resolved.
timestamp integer not null,
present integer not null,
primary key (cache, hashPart),
Expand Down Expand Up @@ -86,7 +88,7 @@ class NarInfoDiskCacheImpl : public NarInfoDiskCache

Sync<State> _state;

NarInfoDiskCacheImpl(Path dbPath = (getCacheDir() / "binary-cache-v7.sqlite").string())
NarInfoDiskCacheImpl(Path dbPath = (getCacheDir() / "binary-cache-v8.sqlite").string())
{
auto state(_state.lock());

Expand All @@ -109,14 +111,14 @@ class NarInfoDiskCacheImpl : public NarInfoDiskCache
state->insertNAR.create(
state->db,
"insert or replace into NARs(cache, hashPart, namePart, url, compression, fileHash, fileSize, narHash, "
"narSize, refs, deriver, sigs, ca, timestamp, present) values (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, 1)");
"narSize, refs, deriver, sigs, ca, provenance, timestamp, present) values (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, 1)");

state->insertMissingNAR.create(
state->db, "insert or replace into NARs(cache, hashPart, timestamp, present) values (?, ?, ?, 0)");

state->queryNAR.create(
state->db,
"select present, namePart, url, compression, fileHash, fileSize, narHash, narSize, refs, deriver, sigs, ca from NARs where cache = ? and hashPart = ? and ((present = 0 and timestamp > ?) or (present = 1 and timestamp > ?))");
"select present, namePart, url, compression, fileHash, fileSize, narHash, narSize, refs, deriver, sigs, ca, provenance from NARs where cache = ? and hashPart = ? and ((present = 0 and timestamp > ?) or (present = 1 and timestamp > ?))");

state->insertRealisation.create(
state->db,
Expand Down Expand Up @@ -279,6 +281,8 @@ class NarInfoDiskCacheImpl : public NarInfoDiskCache
for (auto & sig : tokenizeString<Strings>(queryNAR.getStr(10), " "))
narInfo->sigs.insert(sig);
narInfo->ca = ContentAddress::parseOpt(queryNAR.getStr(11));
if (experimentalFeatureSettings.isEnabled(Xp::Provenance) && !queryNAR.isNull(12))
narInfo->provenance = Provenance::from_json_str_optional(queryNAR.getStr(12));

return {oValid, narInfo};
});
Expand Down Expand Up @@ -337,8 +341,10 @@ class NarInfoDiskCacheImpl : public NarInfoDiskCache
narInfo && narInfo->fileHash)(
narInfo ? narInfo->fileSize : 0, narInfo != 0 && narInfo->fileSize)(info->narHash.to_string(
HashFormat::Nix32, true))(info->narSize)(concatStringsSep(" ", info->shortRefs()))(
info->deriver ? std::string(info->deriver->to_string()) : "", (bool) info->deriver)(
concatStringsSep(" ", info->sigs))(renderContentAddress(info->ca))(time(0))
info->deriver ? std::string(info->deriver->to_string()) : "",
(bool) info->deriver)(concatStringsSep(" ", info->sigs))(renderContentAddress(info->ca))(
info->provenance ? info->provenance->to_json_str() : "",
experimentalFeatureSettings.isEnabled(Xp::Provenance) && info->provenance)(time(0))
.exec();

} else {
Expand Down
8 changes: 8 additions & 0 deletions tests/functional/flakes/provenance.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -88,6 +88,12 @@ nix copy --to "file://$binaryCache" "$outPath"

clearStore

export _NIX_FORCE_HTTP=1 # force use of the NAR info disk cache

# Check that provenance is cached correctly.
[[ $(nix path-info --json --json-format 1 --store "file://$binaryCache" "$outPath" | jq ".\"$outPath\".provenance") != null ]]
[[ $(nix path-info --json --json-format 1 --store "file://$binaryCache" "$outPath" | jq ".\"$outPath\".provenance") != null ]]

nix copy --from "file://$binaryCache" "$outPath" --no-check-sigs

[[ $(nix path-info --json --json-format 1 "$outPath" | jq ".\"$outPath\".provenance") = $(cat <<EOF
Expand Down Expand Up @@ -124,6 +130,8 @@ nix copy --from "file://$binaryCache" "$outPath" --no-check-sigs
EOF
) ]]

unset _NIX_FORCE_HTTP

# Test `nix provenance show`.
[[ $(nix provenance show "$outPath") = $(cat <<EOF
$outPath
Expand Down