aboutsummaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
authorEelco Dolstra <eelco.dolstra@logicblox.com>2015-02-18 11:19:44 +0100
committerEelco Dolstra <eelco.dolstra@logicblox.com>2015-02-18 11:19:44 +0100
commit147deb236ebc8474d0e53cb90b23f1d722486bb6 (patch)
treeb81c9b2b3a857d46d9293b1ca90985bad657a101 /src
parentbd9106415099b32a51f66be886d18271e65ac9dd (diff)
nix-store --generate-binary-cache-key: Write key to disk
This ensures proper permissions for the secret key.
Diffstat (limited to 'src')
-rw-r--r--src/nix-store/nix-store.cc12
1 files changed, 8 insertions, 4 deletions
diff --git a/src/nix-store/nix-store.cc b/src/nix-store/nix-store.cc
index c16adf049..7ce5f63c2 100644
--- a/src/nix-store/nix-store.cc
+++ b/src/nix-store/nix-store.cc
@@ -1015,8 +1015,11 @@ static void opGenerateBinaryCacheKey(Strings opFlags, Strings opArgs)
foreach (Strings::iterator, i, opFlags)
throw UsageError(format("unknown flag ‘%1%’") % *i);
- if (opArgs.size() != 1) throw UsageError("one argument expected");
- string keyName = opArgs.front();
+ if (opArgs.size() != 3) throw UsageError("three arguments expected");
+ auto i = opArgs.begin();
+ string keyName = *i++;
+ string secretKeyFile = *i++;
+ string publicKeyFile = *i++;
#if HAVE_SODIUM
sodium_init();
@@ -1026,8 +1029,9 @@ static void opGenerateBinaryCacheKey(Strings opFlags, Strings opArgs)
if (crypto_sign_keypair(pk, sk) != 0)
throw Error("key generation failed");
- std::cout << keyName << ":" << base64Encode(string((char *) pk, crypto_sign_PUBLICKEYBYTES)) << std::endl;
- std::cout << keyName << ":" << base64Encode(string((char *) sk, crypto_sign_SECRETKEYBYTES)) << std::endl;
+ writeFile(publicKeyFile, keyName + ":" + base64Encode(string((char *) pk, crypto_sign_PUBLICKEYBYTES)));
+ umask(0077);
+ writeFile(secretKeyFile, keyName + ":" + base64Encode(string((char *) sk, crypto_sign_SECRETKEYBYTES)));
#else
throw Error("Nix was not compiled with libsodium, required for signed binary cache support");
#endif