aboutsummaryrefslogtreecommitdiff
path: root/doc
diff options
context:
space:
mode:
Diffstat (limited to 'doc')
-rw-r--r--doc/manual/command-ref/nix-copy-closure.xml18
-rw-r--r--doc/signing.txt24
2 files changed, 0 insertions, 42 deletions
diff --git a/doc/manual/command-ref/nix-copy-closure.xml b/doc/manual/command-ref/nix-copy-closure.xml
index 5848b84a0..97e261ae9 100644
--- a/doc/manual/command-ref/nix-copy-closure.xml
+++ b/doc/manual/command-ref/nix-copy-closure.xml
@@ -22,7 +22,6 @@
<arg choice='plain'><option>--to</option></arg>
<arg choice='plain'><option>--from</option></arg>
</group>
- <arg><option>--sign</option></arg>
<arg><option>--gzip</option></arg>
<!--
<arg><option>- -show-progress</option></arg>
@@ -87,23 +86,6 @@ those paths. If this bothers you, use
</varlistentry>
- <varlistentry><term><option>--sign</option></term>
-
- <listitem><para>Let the sending machine cryptographically sign the
- dump of each path with the key in
- <filename><replaceable>sysconfdir</replaceable>/nix/signing-key.sec</filename>.
- If the user on the target machine does not have direct access to
- the Nix store (i.e., if the target machine has a multi-user Nix
- installation), then the target machine will check the dump against
- <filename><replaceable>sysconfdir</replaceable>/nix/signing-key.pub</filename>
- before unpacking it in its Nix store. This allows secure sharing
- of store paths between untrusted users on two machines, provided
- that there is a trust relation between the Nix installations on
- both machines (namely, they have matching public/secret
- keys).</para></listitem>
-
- </varlistentry>
-
<varlistentry><term><option>--gzip</option></term>
<listitem><para>Enable compression of the SSH
diff --git a/doc/signing.txt b/doc/signing.txt
deleted file mode 100644
index 7403cac47..000000000
--- a/doc/signing.txt
+++ /dev/null
@@ -1,24 +0,0 @@
-Generate a private key:
-
-$ (umask 277 && openssl genrsa -out /etc/nix/signing-key.sec 2048)
-
-The private key should be kept secret (only readable to the Nix daemon
-user).
-
-
-Generate the corresponding public key:
-
-$ openssl rsa -in /etc/nix/signing-key.sec -pubout > /etc/nix/signing-key.pub
-
-The public key should be copied to all machines to which you want to
-export store paths.
-
-
-Signing:
-
-$ nix-hash --type sha256 --flat svn.nar | openssl rsautl -sign -inkey mykey.sec > svn.nar.sign
-
-
-Verifying a signature:
-
-$ test "$(nix-hash --type sha256 --flat svn.nar)" = "$(openssl rsautl -verify -inkey mykey.pub -pubin -in svn.nar.sign)"