From 6b2ae528081d1f5082b687eb71531bc795d8d03a Mon Sep 17 00:00:00 2001
From: Eelco Dolstra <eelco.dolstra@logicblox.com>
Date: Thu, 7 Apr 2016 15:07:00 +0200
Subject: Use secret-key-files for verifying

---
 src/libstore/crypto.cc | 15 ++++++++++++++-
 1 file changed, 14 insertions(+), 1 deletion(-)

(limited to 'src/libstore/crypto.cc')

diff --git a/src/libstore/crypto.cc b/src/libstore/crypto.cc
index 94c582d65ca7..747483afb30b 100644
--- a/src/libstore/crypto.cc
+++ b/src/libstore/crypto.cc
@@ -102,11 +102,24 @@ bool verifyDetached(const std::string & data, const std::string & sig,
 PublicKeys getDefaultPublicKeys()
 {
     PublicKeys publicKeys;
+
+    // FIXME: filter duplicates
+
     for (auto s : settings.get("binary-cache-public-keys", Strings())) {
         PublicKey key(s);
         publicKeys.emplace(key.name, key);
-        // FIXME: filter duplicates
     }
+
+    for (auto secretKeyFile : settings.get("secret-key-files", Strings())) {
+        try {
+            SecretKey secretKey(readFile(secretKeyFile));
+            publicKeys.emplace(secretKey.name, secretKey.toPublicKey());
+        } catch (SysError & e) {
+            /* Ignore unreadable key files. That's normal in a
+               multi-user installation. */
+        }
+    }
+
     return publicKeys;
 }
 
-- 
cgit 1.4.1