Rename 'nix store sign-paths' to 'nix store sign'
This commit is contained in:
parent
61216d32e1
commit
d33eca8539
|
@ -53,7 +53,7 @@ set -f # disable globbing
|
||||||
export IFS=' '
|
export IFS=' '
|
||||||
|
|
||||||
echo "Signing paths" $OUT_PATHS
|
echo "Signing paths" $OUT_PATHS
|
||||||
nix sign-paths --key-file /etc/nix/key.private $OUT_PATHS
|
nix store sign --key-file /etc/nix/key.private $OUT_PATHS
|
||||||
echo "Uploading paths" $OUT_PATHS
|
echo "Uploading paths" $OUT_PATHS
|
||||||
exec nix copy --to 's3://example-nix-cache' $OUT_PATHS
|
exec nix copy --to 's3://example-nix-cache' $OUT_PATHS
|
||||||
```
|
```
|
||||||
|
@ -63,7 +63,7 @@ exec nix copy --to 's3://example-nix-cache' $OUT_PATHS
|
||||||
> The `$OUT_PATHS` variable is a space-separated list of Nix store
|
> The `$OUT_PATHS` variable is a space-separated list of Nix store
|
||||||
> paths. In this case, we expect and want the shell to perform word
|
> paths. In this case, we expect and want the shell to perform word
|
||||||
> splitting to make each output path its own argument to `nix
|
> splitting to make each output path its own argument to `nix
|
||||||
> sign-paths`. Nix guarantees the paths will not contain any spaces,
|
> store sign`. Nix guarantees the paths will not contain any spaces,
|
||||||
> however a store path might contain glob characters. The `set -f`
|
> however a store path might contain glob characters. The `set -f`
|
||||||
> disables globbing in the shell.
|
> disables globbing in the shell.
|
||||||
|
|
||||||
|
|
|
@ -12,7 +12,7 @@ R""(
|
||||||
|
|
||||||
```console
|
```console
|
||||||
# nix build nixpkgs#hello
|
# nix build nixpkgs#hello
|
||||||
# nix store sign-paths --key-file ./secret-key --recursive ./result
|
# nix store sign --key-file ./secret-key --recursive ./result
|
||||||
```
|
```
|
||||||
|
|
||||||
Finally, we can verify the store paths using the corresponding
|
Finally, we can verify the store paths using the corresponding
|
||||||
|
|
|
@ -129,7 +129,7 @@ struct NixArgs : virtual MultiCommand, virtual MixCommonArgs
|
||||||
{"make-content-addressable", {"store", "make-content-addressable"}},
|
{"make-content-addressable", {"store", "make-content-addressable"}},
|
||||||
{"optimise-store", {"store", "optimise"}},
|
{"optimise-store", {"store", "optimise"}},
|
||||||
{"ping-store", {"store", "ping"}},
|
{"ping-store", {"store", "ping"}},
|
||||||
{"sign-paths", {"store", "sign-paths"}},
|
{"sign-paths", {"store", "sign"}},
|
||||||
{"to-base16", {"hash", "to-base16"}},
|
{"to-base16", {"hash", "to-base16"}},
|
||||||
{"to-base32", {"hash", "to-base32"}},
|
{"to-base32", {"hash", "to-base32"}},
|
||||||
{"to-base64", {"hash", "to-base64"}},
|
{"to-base64", {"hash", "to-base64"}},
|
||||||
|
|
|
@ -92,11 +92,11 @@ struct CmdCopySigs : StorePathsCommand
|
||||||
|
|
||||||
static auto rCmdCopySigs = registerCommand2<CmdCopySigs>({"store", "copy-sigs"});
|
static auto rCmdCopySigs = registerCommand2<CmdCopySigs>({"store", "copy-sigs"});
|
||||||
|
|
||||||
struct CmdSignPaths : StorePathsCommand
|
struct CmdSign : StorePathsCommand
|
||||||
{
|
{
|
||||||
Path secretKeyFile;
|
Path secretKeyFile;
|
||||||
|
|
||||||
CmdSignPaths()
|
CmdSign()
|
||||||
{
|
{
|
||||||
addFlag({
|
addFlag({
|
||||||
.longName = "key-file",
|
.longName = "key-file",
|
||||||
|
@ -140,7 +140,7 @@ struct CmdSignPaths : StorePathsCommand
|
||||||
}
|
}
|
||||||
};
|
};
|
||||||
|
|
||||||
static auto rCmdSignPaths = registerCommand2<CmdSignPaths>({"store", "sign-paths"});
|
static auto rCmdSign = registerCommand2<CmdSign>({"store", "sign"});
|
||||||
|
|
||||||
struct CmdKeyGenerateSecret : Command
|
struct CmdKeyGenerateSecret : Command
|
||||||
{
|
{
|
||||||
|
|
|
@ -47,8 +47,8 @@ expect 2 nix store verify -r $outPath2 --sigs-needed 1
|
||||||
|
|
||||||
expect 2 nix store verify -r $outPath2 --sigs-needed 1 --trusted-public-keys $pk1
|
expect 2 nix store verify -r $outPath2 --sigs-needed 1 --trusted-public-keys $pk1
|
||||||
|
|
||||||
# Test "nix store sign-paths".
|
# Test "nix store sign".
|
||||||
nix store sign-paths --key-file $TEST_ROOT/sk1 $outPath2
|
nix store sign --key-file $TEST_ROOT/sk1 $outPath2
|
||||||
|
|
||||||
nix store verify -r $outPath2 --sigs-needed 1 --trusted-public-keys $pk1
|
nix store verify -r $outPath2 --sigs-needed 1 --trusted-public-keys $pk1
|
||||||
|
|
||||||
|
@ -63,7 +63,7 @@ nix store verify $outPathCA
|
||||||
nix store verify $outPathCA --sigs-needed 1000
|
nix store verify $outPathCA --sigs-needed 1000
|
||||||
|
|
||||||
# Check that signing a content-addressed path doesn't overflow validSigs
|
# Check that signing a content-addressed path doesn't overflow validSigs
|
||||||
nix store sign-paths --key-file $TEST_ROOT/sk1 $outPathCA
|
nix store sign --key-file $TEST_ROOT/sk1 $outPathCA
|
||||||
nix store verify -r $outPathCA --sigs-needed 1000 --trusted-public-keys $pk1
|
nix store verify -r $outPathCA --sigs-needed 1000 --trusted-public-keys $pk1
|
||||||
|
|
||||||
# Copy to a binary cache.
|
# Copy to a binary cache.
|
||||||
|
@ -76,7 +76,7 @@ info=$(nix path-info --store file://$cacheDir --json $outPath2)
|
||||||
(! [[ $info =~ 'cache2.example.org' ]])
|
(! [[ $info =~ 'cache2.example.org' ]])
|
||||||
|
|
||||||
# Verify that adding a signature to a path in a binary cache works.
|
# Verify that adding a signature to a path in a binary cache works.
|
||||||
nix store sign-paths --store file://$cacheDir --key-file $TEST_ROOT/sk2 $outPath2
|
nix store sign --store file://$cacheDir --key-file $TEST_ROOT/sk2 $outPath2
|
||||||
info=$(nix path-info --store file://$cacheDir --json $outPath2)
|
info=$(nix path-info --store file://$cacheDir --json $outPath2)
|
||||||
[[ $info =~ 'cache1.example.org' ]]
|
[[ $info =~ 'cache1.example.org' ]]
|
||||||
[[ $info =~ 'cache2.example.org' ]]
|
[[ $info =~ 'cache2.example.org' ]]
|
||||||
|
|
Loading…
Reference in a new issue