diff options
author | Eelco Dolstra <eelco.dolstra@logicblox.com> | 2016-03-04T16·23+0100 |
---|---|---|
committer | Eelco Dolstra <eelco.dolstra@logicblox.com> | 2016-03-04T16·45+0100 |
commit | b4e0335d4d74e2ba0bc4eadcd7ff20d70a7bf7c0 (patch) | |
tree | 27440725f2844a2e93c8e59676e472079d7b379c | |
parent | af7cdb1096dd12f0ca06d78f5e5a3f5e9f57b3a8 (diff) |
Add option binary-cache-secret-key-file for signing binary caches
-rw-r--r-- | doc/manual/command-ref/conf-file.xml | 10 | ||||
-rw-r--r-- | src/libstore/http-binary-cache-store.cc | 3 | ||||
-rw-r--r-- | src/libstore/local-binary-cache-store.cc | 3 |
3 files changed, 14 insertions, 2 deletions
diff --git a/doc/manual/command-ref/conf-file.xml b/doc/manual/command-ref/conf-file.xml index daaf00ac3905..acddd63e12f7 100644 --- a/doc/manual/command-ref/conf-file.xml +++ b/doc/manual/command-ref/conf-file.xml @@ -421,6 +421,16 @@ flag, e.g. <literal>--option gc-keep-outputs false</literal>.</para> </varlistentry> + <varlistentry><term><literal>binary-cache-secret-key-file</literal></term> + + <listitem><para>Path of the file containing the secret key to be + used for signing binary caches. This file can be generated using + <command>nix-store + --generate-binary-cache-key</command>.</para></listitem> + + </varlistentry> + + <varlistentry><term><literal>binary-caches-parallel-connections</literal></term> <listitem><para>The maximum number of parallel HTTP connections diff --git a/src/libstore/http-binary-cache-store.cc b/src/libstore/http-binary-cache-store.cc index 861e13c7fe39..9614d0b4cf35 100644 --- a/src/libstore/http-binary-cache-store.cc +++ b/src/libstore/http-binary-cache-store.cc @@ -1,5 +1,6 @@ #include "binary-cache-store.hh" #include "download.hh" +#include "globals.hh" namespace nix { @@ -65,7 +66,7 @@ static RegisterStoreImplementation regStore([](const std::string & uri) -> std:: if (std::string(uri, 0, 7) != "http://" && std::string(uri, 0, 8) != "https://") return 0; auto store = std::make_shared<HttpBinaryCacheStore>(std::shared_ptr<Store>(0), - "", // FIXME: allow the signing key to be set + settings.get("binary-cache-secret-key-file", string("")), uri); store->init(); return store; diff --git a/src/libstore/local-binary-cache-store.cc b/src/libstore/local-binary-cache-store.cc index 6adabaf9f1ca..efd6d47254f2 100644 --- a/src/libstore/local-binary-cache-store.cc +++ b/src/libstore/local-binary-cache-store.cc @@ -1,4 +1,5 @@ #include "binary-cache-store.hh" +#include "globals.hh" namespace nix { @@ -75,7 +76,7 @@ ref<Store> openLocalBinaryCacheStore(std::shared_ptr<Store> localStore, static RegisterStoreImplementation regStore([](const std::string & uri) -> std::shared_ptr<Store> { if (std::string(uri, 0, 7) != "file://") return 0; return openLocalBinaryCacheStore(std::shared_ptr<Store>(0), - "", // FIXME: allow the signing key to be set + settings.get("binary-cache-secret-key-file", string("")), std::string(uri, 7)); }); |