From b4e0335d4d74e2ba0bc4eadcd7ff20d70a7bf7c0 Mon Sep 17 00:00:00 2001 From: Eelco Dolstra Date: Fri, 4 Mar 2016 17:23:42 +0100 Subject: [PATCH] Add option binary-cache-secret-key-file for signing binary caches --- doc/manual/command-ref/conf-file.xml | 10 ++++++++++ src/libstore/http-binary-cache-store.cc | 3 ++- src/libstore/local-binary-cache-store.cc | 3 ++- 3 files changed, 14 insertions(+), 2 deletions(-) diff --git a/doc/manual/command-ref/conf-file.xml b/doc/manual/command-ref/conf-file.xml index daaf00ac3..acddd63e1 100644 --- a/doc/manual/command-ref/conf-file.xml +++ b/doc/manual/command-ref/conf-file.xml @@ -421,6 +421,16 @@ flag, e.g. --option gc-keep-outputs false. + binary-cache-secret-key-file + + Path of the file containing the secret key to be + used for signing binary caches. This file can be generated using + nix-store + --generate-binary-cache-key. + + + + binary-caches-parallel-connections The maximum number of parallel HTTP connections diff --git a/src/libstore/http-binary-cache-store.cc b/src/libstore/http-binary-cache-store.cc index 861e13c7f..9614d0b4c 100644 --- a/src/libstore/http-binary-cache-store.cc +++ b/src/libstore/http-binary-cache-store.cc @@ -1,5 +1,6 @@ #include "binary-cache-store.hh" #include "download.hh" +#include "globals.hh" namespace nix { @@ -65,7 +66,7 @@ static RegisterStoreImplementation regStore([](const std::string & uri) -> std:: if (std::string(uri, 0, 7) != "http://" && std::string(uri, 0, 8) != "https://") return 0; auto store = std::make_shared(std::shared_ptr(0), - "", // FIXME: allow the signing key to be set + settings.get("binary-cache-secret-key-file", string("")), uri); store->init(); return store; diff --git a/src/libstore/local-binary-cache-store.cc b/src/libstore/local-binary-cache-store.cc index 6adabaf9f..efd6d4725 100644 --- a/src/libstore/local-binary-cache-store.cc +++ b/src/libstore/local-binary-cache-store.cc @@ -1,4 +1,5 @@ #include "binary-cache-store.hh" +#include "globals.hh" namespace nix { @@ -75,7 +76,7 @@ ref openLocalBinaryCacheStore(std::shared_ptr localStore, static RegisterStoreImplementation regStore([](const std::string & uri) -> std::shared_ptr { if (std::string(uri, 0, 7) != "file://") return 0; return openLocalBinaryCacheStore(std::shared_ptr(0), - "", // FIXME: allow the signing key to be set + settings.get("binary-cache-secret-key-file", string("")), std::string(uri, 7)); });