From 6b2ae528081d1f5082b687eb71531bc795d8d03a Mon Sep 17 00:00:00 2001 From: Eelco Dolstra Date: Thu, 7 Apr 2016 15:07:00 +0200 Subject: Use secret-key-files for verifying --- src/libstore/crypto.cc | 15 ++++++++++++++- 1 file changed, 14 insertions(+), 1 deletion(-) (limited to 'src/libstore/crypto.cc') diff --git a/src/libstore/crypto.cc b/src/libstore/crypto.cc index 94c582d65..747483afb 100644 --- a/src/libstore/crypto.cc +++ b/src/libstore/crypto.cc @@ -102,11 +102,24 @@ bool verifyDetached(const std::string & data, const std::string & sig, PublicKeys getDefaultPublicKeys() { PublicKeys publicKeys; + + // FIXME: filter duplicates + for (auto s : settings.get("binary-cache-public-keys", Strings())) { PublicKey key(s); publicKeys.emplace(key.name, key); - // FIXME: filter duplicates } + + for (auto secretKeyFile : settings.get("secret-key-files", Strings())) { + try { + SecretKey secretKey(readFile(secretKeyFile)); + publicKeys.emplace(secretKey.name, secretKey.toPublicKey()); + } catch (SysError & e) { + /* Ignore unreadable key files. That's normal in a + multi-user installation. */ + } + } + return publicKeys; } -- cgit v1.2.3