about summary refs log tree commit diff
path: root/src/nix/verify.cc
AgeCommit message (Collapse)AuthorFilesLines
2016-08-10 Mark content-addressed paths in the Nix database and in .narinfoEelco Dolstra1-1/+5
This allows such paths to be imported without signatures.
2016-04-25 Improved logging abstractionEelco Dolstra1-27/+13
This also gets rid of --log-type, since the nested log type isn't useful in a multi-threaded situation, and nobody cares about the "pretty" log type.
2016-04-22 nix copy: ParalleliseEelco Dolstra1-3/+0
2016-04-21 Implement S3BinaryCacheStore::queryAllValidPaths()Eelco Dolstra1-4/+4
This allows commands like "nix verify --all" or "nix path-info --all" to work on S3 caches. Unfortunately, this requires some ugly hackery: when querying the contents of the bucket, we don't want to have to read every .narinfo file. But the S3 bucket keys only include the hash part of each store path, not the name part. So as a special exception queryAllValidPaths() can now return store paths *without* the name part, and queryPathInfo() accepts such store paths (returning a ValidPathInfo object containing the full name).
2016-04-21 nix --help: Show usage examplesEelco Dolstra1-0/+14
2016-04-19 Move path info caching from BinaryCacheStore to StoreEelco Dolstra1-8/+8
Caching path info is generally useful. For instance, it speeds up "nix path-info -rS /run/current-system" (i.e. showing the closure sizes of all paths in the closure of the current system) from 5.6s to 0.15s. This also eliminates some APIs like Store::queryDeriver() and Store::queryReferences().
2016-04-15 Unify "nix verify-paths" and "nix verify-store"Eelco Dolstra1-54/+14
"verify-store" is now simply an "--all" flag to "nix verify". This flag can be used for any other store path command as well (e.g. "nix path-info", "nix copy-sigs", ...).
2016-04-07 nix verify-paths: Add ‘--sigs-needed <N>’ flagEelco Dolstra1-15/+31
This specifies the number of distinct signatures required to consider each path "trusted". Also renamed ‘--no-sigs’ to ‘--no-trust’ for the flag that disables verifying whether a path is trusted (since a path can also be trusted if it has no signatures, but was built locally).
2016-03-30 nix verify: Support checking against signatures in other storesEelco Dolstra1-2/+33
Typical usage is to check local paths using the signatures from a binary cache: $ nix verify-paths -r /run/current-system -s https://cache.nixos.org path ‘/nix/store/c1k4zqfb74wba5sn4yflb044gvap0x6k-nixos-system-mandark-16.03.git.fc2d7a5M’ is untrusted ... checked 844 paths, 119 untrusted
2016-03-29 Add "nix verify-store" commandEelco Dolstra1-13/+53
Like "nix-store --verify --check-contents", but with the same advantages as "nix verify-paths".
2016-03-29 Add "nix verify-paths" commandEelco Dolstra1-0/+124
Unlike "nix-store --verify-path", this command verifies signatures in addition to store path contents, is multi-threaded (especially useful when verifying binary caches), and has a progress indicator. Example use: $ nix verify-paths --store https://cache.nixos.org -r $(type -p thunderbird) ... [17/132 checked] checking ‘/nix/store/rawakphadqrqxr6zri2rmnxh03gqkrl3-autogen-5.18.6’