about summary refs log tree commit diff
diff options
context:
space:
mode:
authorEelco Dolstra <eelco.dolstra@logicblox.com>2016-03-04T16·23+0100
committerEelco Dolstra <eelco.dolstra@logicblox.com>2016-03-04T16·45+0100
commitb4e0335d4d74e2ba0bc4eadcd7ff20d70a7bf7c0 (patch)
tree27440725f2844a2e93c8e59676e472079d7b379c
parentaf7cdb1096dd12f0ca06d78f5e5a3f5e9f57b3a8 (diff)
Add option binary-cache-secret-key-file for signing binary caches
-rw-r--r--doc/manual/command-ref/conf-file.xml10
-rw-r--r--src/libstore/http-binary-cache-store.cc3
-rw-r--r--src/libstore/local-binary-cache-store.cc3
3 files changed, 14 insertions, 2 deletions
diff --git a/doc/manual/command-ref/conf-file.xml b/doc/manual/command-ref/conf-file.xml
index daaf00ac3905..acddd63e12f7 100644
--- a/doc/manual/command-ref/conf-file.xml
+++ b/doc/manual/command-ref/conf-file.xml
@@ -421,6 +421,16 @@ flag, e.g. <literal>--option gc-keep-outputs false</literal>.</para>
   </varlistentry>
 
 
+  <varlistentry><term><literal>binary-cache-secret-key-file</literal></term>
+
+    <listitem><para>Path of the file containing the secret key to be
+    used for signing binary caches. This file can be generated using
+    <command>nix-store
+    --generate-binary-cache-key</command>.</para></listitem>
+
+  </varlistentry>
+
+
   <varlistentry><term><literal>binary-caches-parallel-connections</literal></term>
 
     <listitem><para>The maximum number of parallel HTTP connections
diff --git a/src/libstore/http-binary-cache-store.cc b/src/libstore/http-binary-cache-store.cc
index 861e13c7fe39..9614d0b4cf35 100644
--- a/src/libstore/http-binary-cache-store.cc
+++ b/src/libstore/http-binary-cache-store.cc
@@ -1,5 +1,6 @@
 #include "binary-cache-store.hh"
 #include "download.hh"
+#include "globals.hh"
 
 namespace nix {
 
@@ -65,7 +66,7 @@ static RegisterStoreImplementation regStore([](const std::string & uri) -> std::
     if (std::string(uri, 0, 7) != "http://" &&
         std::string(uri, 0, 8) != "https://") return 0;
     auto store = std::make_shared<HttpBinaryCacheStore>(std::shared_ptr<Store>(0),
-        "", // FIXME: allow the signing key to be set
+        settings.get("binary-cache-secret-key-file", string("")),
         uri);
     store->init();
     return store;
diff --git a/src/libstore/local-binary-cache-store.cc b/src/libstore/local-binary-cache-store.cc
index 6adabaf9f1ca..efd6d47254f2 100644
--- a/src/libstore/local-binary-cache-store.cc
+++ b/src/libstore/local-binary-cache-store.cc
@@ -1,4 +1,5 @@
 #include "binary-cache-store.hh"
+#include "globals.hh"
 
 namespace nix {
 
@@ -75,7 +76,7 @@ ref<Store> openLocalBinaryCacheStore(std::shared_ptr<Store> localStore,
 static RegisterStoreImplementation regStore([](const std::string & uri) -> std::shared_ptr<Store> {
     if (std::string(uri, 0, 7) != "file://") return 0;
     return openLocalBinaryCacheStore(std::shared_ptr<Store>(0),
-        "", // FIXME: allow the signing key to be set
+        settings.get("binary-cache-secret-key-file", string("")),
         std::string(uri, 7));
 });