Add some logic for signing realisations

Not exposed anywhere, but built realisations are now signed (and this should be forwarded when copy-ing them around)
author: regnat <rg@regnat.ovh> 2021-03-08 11:56:33 +0100
committer: regnat <rg@regnat.ovh> 2021-03-15 16:34:49 +0100
commit: 826877cabf9374e0acd5408c6975ee332b1cccc8 (patch)
tree: a6b376a833a3fbb0594bff8ec00c3735c6990978 /src/libstore/realisation.hh
parent: 306c154632c03fe27e1513f4fb8797dd81536c05 (diff)
1 files changed, 8 insertions, 0 deletions
diff --git a/src/libstore/realisation.hh b/src/libstore/realisation.hh
index fc92d3c17..f5049c9e9 100644
--- a/src/libstore/realisation.hh
+++ b/src/libstore/realisation.hh
@@ -3,6 +3,7 @@
 #include "path.hh"
 #include <nlohmann/json_fwd.hpp>
 #include "comparator.hh"
+#include "crypto.hh"
 
 namespace nix {
 
@@ -25,9 +26,16 @@ struct Realisation {
     DrvOutput id;
     StorePath outPath;
 
+    StringSet signatures;
+
     nlohmann::json toJSON() const;
     static Realisation fromJSON(const nlohmann::json& json, const std::string& whence);
 
+    std::string fingerprint() const;
+    void sign(const SecretKey &);
+    bool checkSignature(const PublicKeys & publicKeys, const std::string & sig) const;
+    size_t checkSignatures(const PublicKeys & publicKeys) const;
+
     StorePath getPath() const { return outPath; }
 
     GENERATE_CMP(Realisation, me->id, me->outPath);
author	regnat <rg@regnat.ovh>	2021-03-08 11:56:33 +0100
committer	regnat <rg@regnat.ovh>	2021-03-15 16:34:49 +0100
commit	826877cabf9374e0acd5408c6975ee332b1cccc8 (patch)
tree	a6b376a833a3fbb0594bff8ec00c3735c6990978 /src/libstore/realisation.hh
parent	306c154632c03fe27e1513f4fb8797dd81536c05 (diff)