forked from lix-project/lix
Add 'nix store make-content-addressable' manpage
This commit is contained in:
parent
cdf20e04b7
commit
e6bea9c9b1
2 changed files with 64 additions and 12 deletions
|
@ -15,21 +15,14 @@ struct CmdMakeContentAddressable : StorePathsCommand, MixJSON
|
||||||
|
|
||||||
std::string description() override
|
std::string description() override
|
||||||
{
|
{
|
||||||
return "rewrite a path or closure to content-addressable form";
|
return "rewrite a path or closure to content-addressed form";
|
||||||
}
|
}
|
||||||
|
|
||||||
Examples examples() override
|
std::string doc() override
|
||||||
{
|
{
|
||||||
return {
|
return
|
||||||
Example{
|
#include "make-content-addressable.md"
|
||||||
"To create a content-addressable representation of GNU Hello (but not its dependencies):",
|
;
|
||||||
"nix store make-content-addressable nixpkgs#hello"
|
|
||||||
},
|
|
||||||
Example{
|
|
||||||
"To compute a content-addressable representation of the current NixOS system closure:",
|
|
||||||
"nix store make-content-addressable -r /run/current-system"
|
|
||||||
},
|
|
||||||
};
|
|
||||||
}
|
}
|
||||||
|
|
||||||
void run(ref<Store> store, StorePaths storePaths) override
|
void run(ref<Store> store, StorePaths storePaths) override
|
||||||
|
|
59
src/nix/make-content-addressable.md
Normal file
59
src/nix/make-content-addressable.md
Normal file
|
@ -0,0 +1,59 @@
|
||||||
|
R""(
|
||||||
|
|
||||||
|
# Examples
|
||||||
|
|
||||||
|
* Create a content-addressed representation of the closure of GNU Hello:
|
||||||
|
|
||||||
|
```console
|
||||||
|
# nix store make-content-addressable -r nixpkgs#hello
|
||||||
|
…
|
||||||
|
rewrote '/nix/store/v5sv61sszx301i0x6xysaqzla09nksnd-hello-2.10' to '/nix/store/5skmmcb9svys5lj3kbsrjg7vf2irid63-hello-2.10'
|
||||||
|
```
|
||||||
|
|
||||||
|
Since the resulting paths are content-addressed, they are always
|
||||||
|
trusted and don't need signatures to copied to another store:
|
||||||
|
|
||||||
|
```console
|
||||||
|
# nix copy --to /tmp/nix --trusted-public-keys '' /nix/store/5skmmcb9svys5lj3kbsrjg7vf2irid63-hello-2.10
|
||||||
|
```
|
||||||
|
|
||||||
|
By contrast, the original closure is input-addressed, so it does
|
||||||
|
need signatures to be trusted:
|
||||||
|
|
||||||
|
```console
|
||||||
|
# nix copy --to /tmp/nix --trusted-public-keys '' nixpkgs#hello
|
||||||
|
cannot add path '/nix/store/zy9wbxwcygrwnh8n2w9qbbcr6zk87m26-libunistring-0.9.10' because it lacks a valid signature
|
||||||
|
```
|
||||||
|
|
||||||
|
* Create a content-addressed representation of the current NixOS
|
||||||
|
system closure:
|
||||||
|
|
||||||
|
```console
|
||||||
|
# nix store make-content-addressable -r /run/current-system
|
||||||
|
```
|
||||||
|
|
||||||
|
# Description
|
||||||
|
|
||||||
|
This command converts the closure of the store paths specified by
|
||||||
|
*installables* to content-addressed form. Nix store paths are usually
|
||||||
|
*input-addressed*, meaning that the hash part of the store path is
|
||||||
|
computed from the contents of the derivation (i.e., the build-time
|
||||||
|
dependency graph). Input-addressed paths need to be signed by a
|
||||||
|
trusted key if you want to import them into a store, because we need
|
||||||
|
to trust that the contents of the path were actually built by the
|
||||||
|
derivation.
|
||||||
|
|
||||||
|
By contrast, in a *content-addressed* path, the hash part is computed
|
||||||
|
from the contents of the path. This allows the contents of the path to
|
||||||
|
be verified without any additional information such as
|
||||||
|
signatures. This means that a command like
|
||||||
|
|
||||||
|
```console
|
||||||
|
# nix store build /nix/store/5skmmcb9svys5lj3kbsrjg7vf2irid63-hello-2.10 \
|
||||||
|
--substituters https://my-cache.example.org
|
||||||
|
```
|
||||||
|
|
||||||
|
will succeed even if the binary cache `https://my-cache.example.org`
|
||||||
|
doesn't present any signatures.
|
||||||
|
|
||||||
|
)""
|
Loading…
Reference in a new issue