Add "nix verify-paths" command

Unlike "nix-store --verify-path", this command verifies signatures in addition to store path contents, is multi-threaded (especially useful when verifying binary caches), and has a progress indicator. Example use: $ nix verify-paths --store https://cache.nixos.org -r $(type -p thunderbird) ... [17/132 checked] checking ‘/nix/store/rawakphadqrqxr6zri2rmnxh03gqkrl3-autogen-5.18.6’
author: Eelco Dolstra <eelco.dolstra@logicblox.com> 2016-03-29T12·29+0200
committer: Eelco Dolstra <eelco.dolstra@logicblox.com> 2016-03-29T14·37+0200
commit: 784ee35c80774c5f073b6b8be6ab3d4d7e38e2f1 (patch)
tree: 1442cbfe72d75f5cb1dd8d68706220e5821ab374 /src/libstore/crypto.cc
parent: 0ebe69dc67853e9e2b2b7b22069e766a7cbc057d (diff)
1 files changed, 12 insertions, 0 deletions
diff --git a/src/libstore/crypto.cc b/src/libstore/crypto.cc
index caba22c1e2..94c582d65c 100644
--- a/src/libstore/crypto.cc
+++ b/src/libstore/crypto.cc
@@ -1,5 +1,6 @@
 #include "crypto.hh"
 #include "util.hh"
+#include "globals.hh"
 
 #if HAVE_SODIUM
 #include <sodium.h>
@@ -98,4 +99,15 @@ bool verifyDetached(const std::string & data, const std::string & sig,
 #endif
 }
 
+PublicKeys getDefaultPublicKeys()
+{
+    PublicKeys publicKeys;
+    for (auto s : settings.get("binary-cache-public-keys", Strings())) {
+        PublicKey key(s);
+        publicKeys.emplace(key.name, key);
+        // FIXME: filter duplicates
+    }
+    return publicKeys;
+}
+
 }
author	Eelco Dolstra <eelco.dolstra@logicblox.com>	2016-03-29T12·29+0200
committer	Eelco Dolstra <eelco.dolstra@logicblox.com>	2016-03-29T14·37+0200
commit	784ee35c80774c5f073b6b8be6ab3d4d7e38e2f1 (patch)
tree	1442cbfe72d75f5cb1dd8d68706220e5821ab374 /src/libstore/crypto.cc
parent	0ebe69dc67853e9e2b2b7b22069e766a7cbc057d (diff)