diff options
Diffstat (limited to 'src/nix/sigs.cc')
-rw-r--r-- | src/nix/sigs.cc | 105 |
1 files changed, 93 insertions, 12 deletions
diff --git a/src/nix/sigs.cc b/src/nix/sigs.cc index 7821a5432..c64b472b6 100644 --- a/src/nix/sigs.cc +++ b/src/nix/sigs.cc @@ -16,7 +16,7 @@ struct CmdCopySigs : StorePathsCommand addFlag({ .longName = "substituter", .shortName = 's', - .description = "use signatures from specified store", + .description = "Copy signatures from the specified store.", .labels = {"store-uri"}, .handler = {[&](std::string s) { substituterUris.push_back(s); }}, }); @@ -24,11 +24,9 @@ struct CmdCopySigs : StorePathsCommand std::string description() override { - return "copy path signatures from substituters (like binary caches)"; + return "copy store path signatures from substituters"; } - Category category() override { return catUtility; } - void run(ref<Store> store, StorePaths storePaths) override { if (substituterUris.empty()) @@ -92,18 +90,18 @@ struct CmdCopySigs : StorePathsCommand } }; -static auto r1 = registerCommand<CmdCopySigs>("copy-sigs"); +static auto rCmdCopySigs = registerCommand2<CmdCopySigs>({"store", "copy-sigs"}); -struct CmdSignPaths : StorePathsCommand +struct CmdSign : StorePathsCommand { Path secretKeyFile; - CmdSignPaths() + CmdSign() { addFlag({ .longName = "key-file", .shortName = 'k', - .description = "file containing the secret signing key", + .description = "File containing the secret signing key.", .labels = {"file"}, .handler = {&secretKeyFile}, .completer = completePath @@ -112,11 +110,9 @@ struct CmdSignPaths : StorePathsCommand std::string description() override { - return "sign the specified paths"; + return "sign store paths"; } - Category category() override { return catUtility; } - void run(ref<Store> store, StorePaths storePaths) override { if (secretKeyFile.empty()) @@ -144,4 +140,89 @@ struct CmdSignPaths : StorePathsCommand } }; -static auto r2 = registerCommand<CmdSignPaths>("sign-paths"); +static auto rCmdSign = registerCommand2<CmdSign>({"store", "sign"}); + +struct CmdKeyGenerateSecret : Command +{ + std::optional<std::string> keyName; + + CmdKeyGenerateSecret() + { + addFlag({ + .longName = "key-name", + .description = "Identifier of the key (e.g. `cache.example.org-1`).", + .labels = {"name"}, + .handler = {&keyName}, + }); + } + + std::string description() override + { + return "generate a secret key for signing store paths"; + } + + std::string doc() override + { + return + #include "key-generate-secret.md" + ; + } + + void run() override + { + if (!keyName) + throw UsageError("required argument '--key-name' is missing"); + + std::cout << SecretKey::generate(*keyName).to_string(); + } +}; + +struct CmdKeyConvertSecretToPublic : Command +{ + std::string description() override + { + return "generate a public key for verifying store paths from a secret key read from standard input"; + } + + std::string doc() override + { + return + #include "key-convert-secret-to-public.md" + ; + } + + void run() override + { + SecretKey secretKey(drainFD(STDIN_FILENO)); + std::cout << secretKey.toPublicKey().to_string(); + } +}; + +struct CmdKey : NixMultiCommand +{ + CmdKey() + : MultiCommand({ + {"generate-secret", []() { return make_ref<CmdKeyGenerateSecret>(); }}, + {"convert-secret-to-public", []() { return make_ref<CmdKeyConvertSecretToPublic>(); }}, + }) + { + } + + std::string description() override + { + return "generate and convert Nix signing keys"; + } + + Category category() override { return catUtility; } + + void run() override + { + if (!command) + throw UsageError("'nix flake' requires a sub-command."); + settings.requireExperimentalFeature("flakes"); + command->second->prepare(); + command->second->run(); + } +}; + +static auto rCmdKey = registerCommand<CmdKey>("key"); |