diff options
author | Eelco Dolstra <eelco.dolstra@logicblox.com> | 2015-02-18T10·19+0100 |
---|---|---|
committer | Eelco Dolstra <eelco.dolstra@logicblox.com> | 2015-02-18T10·19+0100 |
commit | 147deb236ebc8474d0e53cb90b23f1d722486bb6 (patch) | |
tree | b81c9b2b3a857d46d9293b1ca90985bad657a101 /src/nix-store | |
parent | bd9106415099b32a51f66be886d18271e65ac9dd (diff) |
nix-store --generate-binary-cache-key: Write key to disk
This ensures proper permissions for the secret key.
Diffstat (limited to 'src/nix-store')
-rw-r--r-- | src/nix-store/nix-store.cc | 12 |
1 files changed, 8 insertions, 4 deletions
diff --git a/src/nix-store/nix-store.cc b/src/nix-store/nix-store.cc index c16adf049628..7ce5f63c2d2f 100644 --- a/src/nix-store/nix-store.cc +++ b/src/nix-store/nix-store.cc @@ -1015,8 +1015,11 @@ static void opGenerateBinaryCacheKey(Strings opFlags, Strings opArgs) foreach (Strings::iterator, i, opFlags) throw UsageError(format("unknown flag ‘%1%’") % *i); - if (opArgs.size() != 1) throw UsageError("one argument expected"); - string keyName = opArgs.front(); + if (opArgs.size() != 3) throw UsageError("three arguments expected"); + auto i = opArgs.begin(); + string keyName = *i++; + string secretKeyFile = *i++; + string publicKeyFile = *i++; #if HAVE_SODIUM sodium_init(); @@ -1026,8 +1029,9 @@ static void opGenerateBinaryCacheKey(Strings opFlags, Strings opArgs) if (crypto_sign_keypair(pk, sk) != 0) throw Error("key generation failed"); - std::cout << keyName << ":" << base64Encode(string((char *) pk, crypto_sign_PUBLICKEYBYTES)) << std::endl; - std::cout << keyName << ":" << base64Encode(string((char *) sk, crypto_sign_SECRETKEYBYTES)) << std::endl; + writeFile(publicKeyFile, keyName + ":" + base64Encode(string((char *) pk, crypto_sign_PUBLICKEYBYTES))); + umask(0077); + writeFile(secretKeyFile, keyName + ":" + base64Encode(string((char *) sk, crypto_sign_SECRETKEYBYTES))); #else throw Error("Nix was not compiled with libsodium, required for signed binary cache support"); #endif |