Use secret-key-files for verifying

author: Eelco Dolstra <eelco.dolstra@logicblox.com> 2016-04-07T13·07+0200
committer: Eelco Dolstra <eelco.dolstra@logicblox.com> 2016-04-07T13·16+0200
commit: 6b2ae528081d1f5082b687eb71531bc795d8d03a (patch)
tree: 8d523c74fb0c71835b91a0ca98d2f8d1e86e6209
parent: e39999ed48f7bce81555d1cd58918e59dffcf922 (diff)
1 files changed, 14 insertions, 1 deletions
diff --git a/src/libstore/crypto.cc b/src/libstore/crypto.cc
index 94c582d65ca7..747483afb30b 100644
--- a/src/libstore/crypto.cc
+++ b/src/libstore/crypto.cc
@@ -102,11 +102,24 @@ bool verifyDetached(const std::string & data, const std::string & sig,
 PublicKeys getDefaultPublicKeys()
 {
     PublicKeys publicKeys;
+
+    // FIXME: filter duplicates
+
     for (auto s : settings.get("binary-cache-public-keys", Strings())) {
         PublicKey key(s);
         publicKeys.emplace(key.name, key);
-        // FIXME: filter duplicates
     }
+
+    for (auto secretKeyFile : settings.get("secret-key-files", Strings())) {
+        try {
+            SecretKey secretKey(readFile(secretKeyFile));
+            publicKeys.emplace(secretKey.name, secretKey.toPublicKey());
+        } catch (SysError & e) {
+            /* Ignore unreadable key files. That's normal in a
+               multi-user installation. */
+        }
+    }
+
     return publicKeys;
 }
author	Eelco Dolstra <eelco.dolstra@logicblox.com>	2016-04-07T13·07+0200
committer	Eelco Dolstra <eelco.dolstra@logicblox.com>	2016-04-07T13·16+0200
commit	6b2ae528081d1f5082b687eb71531bc795d8d03a (patch)
tree	8d523c74fb0c71835b91a0ca98d2f8d1e86e6209
parent	e39999ed48f7bce81555d1cd58918e59dffcf922 (diff)