Rename 'nix store sign-paths' to 'nix store sign'
This commit is contained in:
parent
61216d32e1
commit
d33eca8539
|
@ -53,7 +53,7 @@ set -f # disable globbing
|
|||
export IFS=' '
|
||||
|
||||
echo "Signing paths" $OUT_PATHS
|
||||
nix sign-paths --key-file /etc/nix/key.private $OUT_PATHS
|
||||
nix store sign --key-file /etc/nix/key.private $OUT_PATHS
|
||||
echo "Uploading paths" $OUT_PATHS
|
||||
exec nix copy --to 's3://example-nix-cache' $OUT_PATHS
|
||||
```
|
||||
|
@ -63,7 +63,7 @@ exec nix copy --to 's3://example-nix-cache' $OUT_PATHS
|
|||
> The `$OUT_PATHS` variable is a space-separated list of Nix store
|
||||
> paths. In this case, we expect and want the shell to perform word
|
||||
> splitting to make each output path its own argument to `nix
|
||||
> sign-paths`. Nix guarantees the paths will not contain any spaces,
|
||||
> store sign`. Nix guarantees the paths will not contain any spaces,
|
||||
> however a store path might contain glob characters. The `set -f`
|
||||
> disables globbing in the shell.
|
||||
|
||||
|
|
|
@ -12,7 +12,7 @@ R""(
|
|||
|
||||
```console
|
||||
# nix build nixpkgs#hello
|
||||
# nix store sign-paths --key-file ./secret-key --recursive ./result
|
||||
# nix store sign --key-file ./secret-key --recursive ./result
|
||||
```
|
||||
|
||||
Finally, we can verify the store paths using the corresponding
|
||||
|
|
|
@ -129,7 +129,7 @@ struct NixArgs : virtual MultiCommand, virtual MixCommonArgs
|
|||
{"make-content-addressable", {"store", "make-content-addressable"}},
|
||||
{"optimise-store", {"store", "optimise"}},
|
||||
{"ping-store", {"store", "ping"}},
|
||||
{"sign-paths", {"store", "sign-paths"}},
|
||||
{"sign-paths", {"store", "sign"}},
|
||||
{"to-base16", {"hash", "to-base16"}},
|
||||
{"to-base32", {"hash", "to-base32"}},
|
||||
{"to-base64", {"hash", "to-base64"}},
|
||||
|
|
|
@ -92,11 +92,11 @@ struct CmdCopySigs : StorePathsCommand
|
|||
|
||||
static auto rCmdCopySigs = registerCommand2<CmdCopySigs>({"store", "copy-sigs"});
|
||||
|
||||
struct CmdSignPaths : StorePathsCommand
|
||||
struct CmdSign : StorePathsCommand
|
||||
{
|
||||
Path secretKeyFile;
|
||||
|
||||
CmdSignPaths()
|
||||
CmdSign()
|
||||
{
|
||||
addFlag({
|
||||
.longName = "key-file",
|
||||
|
@ -140,7 +140,7 @@ struct CmdSignPaths : StorePathsCommand
|
|||
}
|
||||
};
|
||||
|
||||
static auto rCmdSignPaths = registerCommand2<CmdSignPaths>({"store", "sign-paths"});
|
||||
static auto rCmdSign = registerCommand2<CmdSign>({"store", "sign"});
|
||||
|
||||
struct CmdKeyGenerateSecret : Command
|
||||
{
|
||||
|
|
|
@ -47,8 +47,8 @@ expect 2 nix store verify -r $outPath2 --sigs-needed 1
|
|||
|
||||
expect 2 nix store verify -r $outPath2 --sigs-needed 1 --trusted-public-keys $pk1
|
||||
|
||||
# Test "nix store sign-paths".
|
||||
nix store sign-paths --key-file $TEST_ROOT/sk1 $outPath2
|
||||
# Test "nix store sign".
|
||||
nix store sign --key-file $TEST_ROOT/sk1 $outPath2
|
||||
|
||||
nix store verify -r $outPath2 --sigs-needed 1 --trusted-public-keys $pk1
|
||||
|
||||
|
@ -63,7 +63,7 @@ nix store verify $outPathCA
|
|||
nix store verify $outPathCA --sigs-needed 1000
|
||||
|
||||
# Check that signing a content-addressed path doesn't overflow validSigs
|
||||
nix store sign-paths --key-file $TEST_ROOT/sk1 $outPathCA
|
||||
nix store sign --key-file $TEST_ROOT/sk1 $outPathCA
|
||||
nix store verify -r $outPathCA --sigs-needed 1000 --trusted-public-keys $pk1
|
||||
|
||||
# Copy to a binary cache.
|
||||
|
@ -76,7 +76,7 @@ info=$(nix path-info --store file://$cacheDir --json $outPath2)
|
|||
(! [[ $info =~ 'cache2.example.org' ]])
|
||||
|
||||
# Verify that adding a signature to a path in a binary cache works.
|
||||
nix store sign-paths --store file://$cacheDir --key-file $TEST_ROOT/sk2 $outPath2
|
||||
nix store sign --store file://$cacheDir --key-file $TEST_ROOT/sk2 $outPath2
|
||||
info=$(nix path-info --store file://$cacheDir --json $outPath2)
|
||||
[[ $info =~ 'cache1.example.org' ]]
|
||||
[[ $info =~ 'cache2.example.org' ]]
|
||||
|
|
Loading…
Reference in a new issue