BinaryCacheStore: Remove publicKeyFile argument

The public key can be derived from the secret key, so there's no need
for the user to supply it separately.

src/libstore/binary-cache-store.cc

@@ -14,16 +14,13 @@
 namespace nix {
 
 BinaryCacheStore::BinaryCacheStore(std::shared_ptr<Store> localStore,
-    const Path & secretKeyFile, const Path & publicKeyFile)
+    const Path & secretKeyFile)
     : localStore(localStore)
 {
-    if (secretKeyFile != "")
+    if (secretKeyFile != "") {
         secretKey = std::unique_ptr<SecretKey>(new SecretKey(readFile(secretKeyFile)));
-
-    if (publicKeyFile != "") {
         publicKeys = std::unique_ptr<PublicKeys>(new PublicKeys);
-        auto key = PublicKey(readFile(publicKeyFile));
+        publicKeys->emplace(secretKey->name, secretKey->toPublicKey());
-        publicKeys->emplace(key.name, key);
     }
 
     StringSink sink;

src/libstore/binary-cache-store.hh

@@ -31,8 +31,7 @@ private:
 
 protected:
 
-    BinaryCacheStore(std::shared_ptr<Store> localStore,
+    BinaryCacheStore(std::shared_ptr<Store> localStore, const Path & secretKeyFile);
-        const Path & secretKeyFile, const Path & publicKeyFile);
 
     [[noreturn]] void notImpl();
 

src/libstore/crypto.cc

@@ -55,6 +55,17 @@ std::string SecretKey::signDetached(const std::string & data) const
 #endif
 }
 
+PublicKey SecretKey::toPublicKey() const
+{
+#if HAVE_SODIUM
+    unsigned char pk[crypto_sign_PUBLICKEYBYTES];
+    crypto_sign_ed25519_sk_to_pk(pk, (unsigned char *) key.data());
+    return PublicKey(name, std::string((char *) pk, crypto_sign_PUBLICKEYBYTES));
+#else
+    noSodium();
+#endif
+}
+
 PublicKey::PublicKey(const string & s)
     : Key(s)
 {

src/libstore/crypto.hh

@@ -15,19 +15,31 @@ struct Key
        ‘<name>:<key-in-base64>’. */
     Key(const std::string & s);
 
+protected:
+    Key(const std::string & name, const std::string & key)
+        : name(name), key(key) { }
 };
 
+struct PublicKey;
+
 struct SecretKey : Key
 {
     SecretKey(const std::string & s);
 
     /* Return a detached signature of the given string. */
     std::string signDetached(const std::string & s) const;
+
+    PublicKey toPublicKey() const;
 };
 
 struct PublicKey : Key
 {
     PublicKey(const std::string & data);
+
+private:
+    PublicKey(const std::string & name, const std::string & key)
+        : Key(name, key) { }
+    friend class SecretKey;
 };
 
 typedef std::map<std::string, PublicKey> PublicKeys;

src/libstore/http-binary-cache-store.cc

@@ -14,9 +14,8 @@ private:
 public:
 
     HttpBinaryCacheStore(std::shared_ptr<Store> localStore,
-        const Path & secretKeyFile, const Path & publicKeyFile,
+        const Path & secretKeyFile, const Path & _cacheUri)
-        const Path & _cacheUri)
+        : BinaryCacheStore(localStore, secretKeyFile)
-        : BinaryCacheStore(localStore, secretKeyFile, publicKeyFile)
         , cacheUri(_cacheUri)
         , downloader(makeDownloader())
     {
@@ -66,7 +65,7 @@ static RegisterStoreImplementation regStore([](const std::string & uri) -> std::
     if (std::string(uri, 0, 7) != "http://" &&
         std::string(uri, 0, 8) != "https://") return 0;
     auto store = std::make_shared<HttpBinaryCacheStore>(std::shared_ptr<Store>(0),
-        "", "", // FIXME: allow the signing key to be set
+        "", // FIXME: allow the signing key to be set
         uri);
     store->init();
     return store;

src/libstore/local-binary-cache-store.cc

@@ -11,8 +11,7 @@ private:
 public:
 
     LocalBinaryCacheStore(std::shared_ptr<Store> localStore,
-        const Path & secretKeyFile, const Path & publicKeyFile,
+        const Path & secretKeyFile, const Path & binaryCacheDir);
-        const Path & binaryCacheDir);
 
     void init() override;
 
@@ -27,9 +26,8 @@ protected:
 };
 
 LocalBinaryCacheStore::LocalBinaryCacheStore(std::shared_ptr<Store> localStore,
-    const Path & secretKeyFile, const Path & publicKeyFile,
+    const Path & secretKeyFile, const Path & binaryCacheDir)
-    const Path & binaryCacheDir)
+    : BinaryCacheStore(localStore, secretKeyFile)
-    : BinaryCacheStore(localStore, secretKeyFile, publicKeyFile)
     , binaryCacheDir(binaryCacheDir)
 {
 }
@@ -66,19 +64,18 @@ std::string LocalBinaryCacheStore::getFile(const std::string & path)
 }
 
 ref<Store> openLocalBinaryCacheStore(std::shared_ptr<Store> localStore,
-    const Path & secretKeyFile, const Path & publicKeyFile,
+    const Path & secretKeyFile, const Path & binaryCacheDir)
-    const Path & binaryCacheDir)
 {
-    auto store = std::make_shared<LocalBinaryCacheStore>(
+    auto store = make_ref<LocalBinaryCacheStore>(
-        localStore, secretKeyFile, publicKeyFile, binaryCacheDir);
+        localStore, secretKeyFile, binaryCacheDir);
     store->init();
-    return ref<Store>(std::shared_ptr<Store>(store));
+    return store;
 }
 
 static RegisterStoreImplementation regStore([](const std::string & uri) -> std::shared_ptr<Store> {
     if (std::string(uri, 0, 7) != "file://") return 0;
     return openLocalBinaryCacheStore(std::shared_ptr<Store>(0),
-        "", "", // FIXME: allow the signing key to be set
+        "", // FIXME: allow the signing key to be set
         std::string(uri, 7));
 });
 

src/libstore/store-api.hh

@@ -454,8 +454,7 @@ ref<Store> openStore();
 
 
 ref<Store> openLocalBinaryCacheStore(std::shared_ptr<Store> localStore,
-    const Path & secretKeyFile, const Path & publicKeyFile,
+    const Path & secretKeyFile, const Path & binaryCacheDir);
-    const Path & binaryCacheDir);
 
 
 /* Store implementation registration. */