Use secret-key-files for verifying

2016-04-07 15:07:00 +02:00 · 2016-04-07 15:07:00 +02:00 · 6b2ae52808
parent e39999ed48
commit 6b2ae52808
1 changed files with 14 additions and 1 deletions
--- a/src/libstore/crypto.cc
+++ b/src/libstore/crypto.cc
@ -102,11 +102,24 @@ bool verifyDetached(const std::string & data, const std::string & sig,
 PublicKeys getDefaultPublicKeys()
 {
    PublicKeys publicKeys;
+
+    // FIXME: filter duplicates
+
    for (auto s : settings.get("binary-cache-public-keys", Strings())) {
        PublicKey key(s);
        publicKeys.emplace(key.name, key);
-        // FIXME: filter duplicates
    }
+
+    for (auto secretKeyFile : settings.get("secret-key-files", Strings())) {
+        try {
+            SecretKey secretKey(readFile(secretKeyFile));
+            publicKeys.emplace(secretKey.name, secretKey.toPublicKey());
+        } catch (SysError & e) {
+            /* Ignore unreadable key files. That's normal in a
+               multi-user installation. */
+        }
+    }
+
    return publicKeys;
 }