From 53dd97bb9d70d98f648d3888b806b4044ea45f4c Mon Sep 17 00:00:00 2001 From: Eelco Dolstra Date: Mon, 1 Jun 2015 17:14:16 +0200 Subject: Document setting up signed binary caches --- doc/manual/command-ref/nix-store.xml | 50 ++++++++++++++++++++++++++++++++++++ 1 file changed, 50 insertions(+) (limited to 'doc/manual/command-ref/nix-store.xml') diff --git a/doc/manual/command-ref/nix-store.xml b/doc/manual/command-ref/nix-store.xml index a2faeaeba422..e21d53d8b9f0 100644 --- a/doc/manual/command-ref/nix-store.xml +++ b/doc/manual/command-ref/nix-store.xml @@ -1338,6 +1338,56 @@ $ nix-store --clear-failed-paths * + + +Operation <option>--generate-binary-cache-key</option> + + + Synopsis + + nix-store + + + + + + + + + +Description + +This command generates an Ed25519 key pair that can +be used to create a signed binary cache. It takes three mandatory +parameters: + + + + A key name, such as + cache.example.org-1, that is used to look up keys + on the client when it verifies signatures. It can be anything, but + it’s suggested to use the host name of your cache + (e.g. cache.example.org) with a suffix denoting + the number of the key (to be incremented every time you need to + revoke a key). + + The file name where the secret key is to be + stored. + + The file name where the public key is to be + stored. + + + +For an example, see the manual page for nix-push. + + + + + + Environment variables -- cgit 1.4.1