diff options
Diffstat (limited to 'src/nix-store')
| -rw-r--r-- | src/nix-store/local.mk | 2 | ||||
| -rw-r--r-- | src/nix-store/nix-store.cc | 38 |
2 files changed, 37 insertions, 3 deletions
diff --git a/src/nix-store/local.mk b/src/nix-store/local.mk index b887fe03389b..84ff15b241f3 100644 --- a/src/nix-store/local.mk +++ b/src/nix-store/local.mk @@ -6,6 +6,6 @@ nix-store_SOURCES := $(wildcard $(d)/*.cc) nix-store_LIBS = libmain libstore libutil libformat -nix-store_LDFLAGS = -lbz2 -pthread +nix-store_LDFLAGS = -lbz2 -pthread $(SODIUM_LIBS) nix-store_CXXFLAGS = -DCURL=\"$(curl)\" diff --git a/src/nix-store/nix-store.cc b/src/nix-store/nix-store.cc index 87bc8c379de5..7ce5f63c2d2f 100644 --- a/src/nix-store/nix-store.cc +++ b/src/nix-store/nix-store.cc @@ -20,6 +20,10 @@ #include <bzlib.h> +#if HAVE_SODIUM +#include <sodium.h> +#endif + using namespace nix; using std::cin; @@ -1006,6 +1010,34 @@ static void opServe(Strings opFlags, Strings opArgs) } +static void opGenerateBinaryCacheKey(Strings opFlags, Strings opArgs) +{ + foreach (Strings::iterator, i, opFlags) + throw UsageError(format("unknown flag ‘%1%’") % *i); + + if (opArgs.size() != 3) throw UsageError("three arguments expected"); + auto i = opArgs.begin(); + string keyName = *i++; + string secretKeyFile = *i++; + string publicKeyFile = *i++; + +#if HAVE_SODIUM + sodium_init(); + + unsigned char pk[crypto_sign_PUBLICKEYBYTES]; + unsigned char sk[crypto_sign_SECRETKEYBYTES]; + if (crypto_sign_keypair(pk, sk) != 0) + throw Error("key generation failed"); + + writeFile(publicKeyFile, keyName + ":" + base64Encode(string((char *) pk, crypto_sign_PUBLICKEYBYTES))); + umask(0077); + writeFile(secretKeyFile, keyName + ":" + base64Encode(string((char *) sk, crypto_sign_SECRETKEYBYTES))); +#else + throw Error("Nix was not compiled with libsodium, required for signed binary cache support"); +#endif +} + + /* Scan the arguments; find the operation, set global flags, put all other flags in a list, and put all other arguments in another list. */ @@ -1072,14 +1104,16 @@ int main(int argc, char * * argv) op = opQueryFailedPaths; else if (*arg == "--clear-failed-paths") op = opClearFailedPaths; + else if (*arg == "--serve") + op = opServe; + else if (*arg == "--generate-binary-cache-key") + op = opGenerateBinaryCacheKey; else if (*arg == "--add-root") gcRoot = absPath(getArg(*arg, arg, end)); else if (*arg == "--indirect") indirectRoot = true; else if (*arg == "--no-output") noOutput = true; - else if (*arg == "--serve") - op = opServe; else if (*arg != "" && arg->at(0) == '-') { opFlags.push_back(*arg); if (*arg == "--max-freed" || *arg == "--max-links" || *arg == "--max-atime") /* !!! hack */ |