aboutsummaryrefslogtreecommitdiff
path: root/src/libstore
diff options
context:
space:
mode:
authorEelco Dolstra <eelco.dolstra@logicblox.com>2016-04-07 15:14:12 +0200
committerEelco Dolstra <eelco.dolstra@logicblox.com>2016-04-07 15:16:57 +0200
commit05fbc606fc1ce4a764276b7dee6ed49859de9d57 (patch)
tree08eba84207567e5d6aa7b66d162a417783dd0a73 /src/libstore
parent6b2ae528081d1f5082b687eb71531bc795d8d03a (diff)
nix verify-paths: Add ‘--sigs-needed <N>’ flag
This specifies the number of distinct signatures required to consider each path "trusted". Also renamed ‘--no-sigs’ to ‘--no-trust’ for the flag that disables verifying whether a path is trusted (since a path can also be trusted if it has no signatures, but was built locally).
Diffstat (limited to 'src/libstore')
-rw-r--r--src/libstore/store-api.cc8
-rw-r--r--src/libstore/store-api.hh3
2 files changed, 10 insertions, 1 deletions
diff --git a/src/libstore/store-api.cc b/src/libstore/store-api.cc
index b9939feda..cc91ed287 100644
--- a/src/libstore/store-api.cc
+++ b/src/libstore/store-api.cc
@@ -333,12 +333,18 @@ unsigned int ValidPathInfo::checkSignatures(const PublicKeys & publicKeys) const
{
unsigned int good = 0;
for (auto & sig : sigs)
- if (verifyDetached(fingerprint(), sig, publicKeys))
+ if (checkSignature(publicKeys, sig))
good++;
return good;
}
+bool ValidPathInfo::checkSignature(const PublicKeys & publicKeys, const std::string & sig) const
+{
+ return verifyDetached(fingerprint(), sig, publicKeys);
+}
+
+
}
diff --git a/src/libstore/store-api.hh b/src/libstore/store-api.hh
index 4ea360b9d..798054d16 100644
--- a/src/libstore/store-api.hh
+++ b/src/libstore/store-api.hh
@@ -127,6 +127,9 @@ struct ValidPathInfo
/* Return the number of signatures on this .narinfo that were
produced by one of the specified keys. */
unsigned int checkSignatures(const PublicKeys & publicKeys) const;
+
+ /* Verify a single signature. */
+ bool checkSignature(const PublicKeys & publicKeys, const std::string & sig) const;
};
typedef list<ValidPathInfo> ValidPathInfos;