diff options
author | Eelco Dolstra <eelco.dolstra@logicblox.com> | 2016-04-07 15:14:12 +0200 |
---|---|---|
committer | Eelco Dolstra <eelco.dolstra@logicblox.com> | 2016-04-07 15:16:57 +0200 |
commit | 05fbc606fc1ce4a764276b7dee6ed49859de9d57 (patch) | |
tree | 08eba84207567e5d6aa7b66d162a417783dd0a73 /src/libstore | |
parent | 6b2ae528081d1f5082b687eb71531bc795d8d03a (diff) |
nix verify-paths: Add ‘--sigs-needed <N>’ flag
This specifies the number of distinct signatures required to consider
each path "trusted".
Also renamed ‘--no-sigs’ to ‘--no-trust’ for the flag that disables
verifying whether a path is trusted (since a path can also be trusted
if it has no signatures, but was built locally).
Diffstat (limited to 'src/libstore')
-rw-r--r-- | src/libstore/store-api.cc | 8 | ||||
-rw-r--r-- | src/libstore/store-api.hh | 3 |
2 files changed, 10 insertions, 1 deletions
diff --git a/src/libstore/store-api.cc b/src/libstore/store-api.cc index b9939feda..cc91ed287 100644 --- a/src/libstore/store-api.cc +++ b/src/libstore/store-api.cc @@ -333,12 +333,18 @@ unsigned int ValidPathInfo::checkSignatures(const PublicKeys & publicKeys) const { unsigned int good = 0; for (auto & sig : sigs) - if (verifyDetached(fingerprint(), sig, publicKeys)) + if (checkSignature(publicKeys, sig)) good++; return good; } +bool ValidPathInfo::checkSignature(const PublicKeys & publicKeys, const std::string & sig) const +{ + return verifyDetached(fingerprint(), sig, publicKeys); +} + + } diff --git a/src/libstore/store-api.hh b/src/libstore/store-api.hh index 4ea360b9d..798054d16 100644 --- a/src/libstore/store-api.hh +++ b/src/libstore/store-api.hh @@ -127,6 +127,9 @@ struct ValidPathInfo /* Return the number of signatures on this .narinfo that were produced by one of the specified keys. */ unsigned int checkSignatures(const PublicKeys & publicKeys) const; + + /* Verify a single signature. */ + bool checkSignature(const PublicKeys & publicKeys, const std::string & sig) const; }; typedef list<ValidPathInfo> ValidPathInfos; |