aboutsummaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
authorEelco Dolstra <eelco.dolstra@logicblox.com>2016-04-07 15:07:00 +0200
committerEelco Dolstra <eelco.dolstra@logicblox.com>2016-04-07 15:16:57 +0200
commit6b2ae528081d1f5082b687eb71531bc795d8d03a (patch)
tree8d523c74fb0c71835b91a0ca98d2f8d1e86e6209 /src
parente39999ed48f7bce81555d1cd58918e59dffcf922 (diff)
Use secret-key-files for verifying
Diffstat (limited to 'src')
-rw-r--r--src/libstore/crypto.cc15
1 files changed, 14 insertions, 1 deletions
diff --git a/src/libstore/crypto.cc b/src/libstore/crypto.cc
index 94c582d65..747483afb 100644
--- a/src/libstore/crypto.cc
+++ b/src/libstore/crypto.cc
@@ -102,11 +102,24 @@ bool verifyDetached(const std::string & data, const std::string & sig,
PublicKeys getDefaultPublicKeys()
{
PublicKeys publicKeys;
+
+ // FIXME: filter duplicates
+
for (auto s : settings.get("binary-cache-public-keys", Strings())) {
PublicKey key(s);
publicKeys.emplace(key.name, key);
- // FIXME: filter duplicates
}
+
+ for (auto secretKeyFile : settings.get("secret-key-files", Strings())) {
+ try {
+ SecretKey secretKey(readFile(secretKeyFile));
+ publicKeys.emplace(secretKey.name, secretKey.toPublicKey());
+ } catch (SysError & e) {
+ /* Ignore unreadable key files. That's normal in a
+ multi-user installation. */
+ }
+ }
+
return publicKeys;
}