aboutsummaryrefslogtreecommitdiff
path: root/src/libstore/crypto.cc
diff options
context:
space:
mode:
authorEelco Dolstra <eelco.dolstra@logicblox.com>2016-03-29 14:29:50 +0200
committerEelco Dolstra <eelco.dolstra@logicblox.com>2016-03-29 16:37:16 +0200
commit784ee35c80774c5f073b6b8be6ab3d4d7e38e2f1 (patch)
tree1442cbfe72d75f5cb1dd8d68706220e5821ab374 /src/libstore/crypto.cc
parent0ebe69dc67853e9e2b2b7b22069e766a7cbc057d (diff)
Add "nix verify-paths" command
Unlike "nix-store --verify-path", this command verifies signatures in addition to store path contents, is multi-threaded (especially useful when verifying binary caches), and has a progress indicator. Example use: $ nix verify-paths --store https://cache.nixos.org -r $(type -p thunderbird) ... [17/132 checked] checking ‘/nix/store/rawakphadqrqxr6zri2rmnxh03gqkrl3-autogen-5.18.6’
Diffstat (limited to 'src/libstore/crypto.cc')
-rw-r--r--src/libstore/crypto.cc12
1 files changed, 12 insertions, 0 deletions
diff --git a/src/libstore/crypto.cc b/src/libstore/crypto.cc
index caba22c1e..94c582d65 100644
--- a/src/libstore/crypto.cc
+++ b/src/libstore/crypto.cc
@@ -1,5 +1,6 @@
#include "crypto.hh"
#include "util.hh"
+#include "globals.hh"
#if HAVE_SODIUM
#include <sodium.h>
@@ -98,4 +99,15 @@ bool verifyDetached(const std::string & data, const std::string & sig,
#endif
}
+PublicKeys getDefaultPublicKeys()
+{
+ PublicKeys publicKeys;
+ for (auto s : settings.get("binary-cache-public-keys", Strings())) {
+ PublicKey key(s);
+ publicKeys.emplace(key.name, key);
+ // FIXME: filter duplicates
+ }
+ return publicKeys;
+}
+
}