BinaryCacheStore: Make the signing key a parameter

doc/manual/command-ref/conf-file.xml

@@ -406,16 +406,6 @@ flag, e.g. <literal>--option gc-keep-outputs false</literal>.</para>
   </varlistentry>
 
 
-  <varlistentry><term><literal>binary-cache-secret-key-file</literal></term>
-
-    <listitem><para>Path of the file containing the secret key to be
-    used for signing binary caches. This file can be generated using
-    <command>nix-store
-    --generate-binary-cache-key</command>.</para></listitem>
-
-  </varlistentry>
-
-
   <varlistentry><term><literal>binary-caches-parallel-connections</literal></term>
 
     <listitem><para>The maximum number of parallel HTTP connections

src/libstore/binary-cache-store.cc

@@ -15,9 +15,10 @@
 namespace nix {
 
 BinaryCacheStore::BinaryCacheStore(std::shared_ptr<Store> localStore,
-    const Path & secretKeyFile)
+    const StoreParams & params)
     : localStore(localStore)
 {
+    auto secretKeyFile = get(params, "secret-key", "");
     if (secretKeyFile != "")
         secretKey = std::unique_ptr<SecretKey>(new SecretKey(readFile(secretKeyFile)));
 

src/libstore/binary-cache-store.hh

@@ -21,7 +21,8 @@ private:
 
 protected:
 
-    BinaryCacheStore(std::shared_ptr<Store> localStore, const Path & secretKeyFile);
+    BinaryCacheStore(std::shared_ptr<Store> localStore,
+        const StoreParams & params);
 
     [[noreturn]] void notImpl();
 

src/libstore/http-binary-cache-store.cc

@@ -16,8 +16,8 @@ private:
 public:
 
     HttpBinaryCacheStore(std::shared_ptr<Store> localStore,
-        const Path & secretKeyFile, const Path & _cacheUri)
+        const StoreParams & params, const Path & _cacheUri)
-        : BinaryCacheStore(localStore, secretKeyFile)
+        : BinaryCacheStore(localStore, params)
         , cacheUri(_cacheUri)
         , downloaders(
             std::numeric_limits<size_t>::max(),
@@ -92,8 +92,7 @@ static RegisterStoreImplementation regStore([](
     if (std::string(uri, 0, 7) != "http://" &&
         std::string(uri, 0, 8) != "https://") return 0;
     auto store = std::make_shared<HttpBinaryCacheStore>(std::shared_ptr<Store>(0),
-        settings.get("binary-cache-secret-key-file", string("")),
+        params, uri);
-        uri);
     store->init();
     return store;
 });

src/libstore/local-binary-cache-store.cc

@@ -12,7 +12,11 @@ private:
 public:
 
     LocalBinaryCacheStore(std::shared_ptr<Store> localStore,
-        const Path & secretKeyFile, const Path & binaryCacheDir);
+        const StoreParams & params, const Path & binaryCacheDir)
+        : BinaryCacheStore(localStore, params)
+        , binaryCacheDir(binaryCacheDir)
+    {
+    }
 
     void init() override;
 
@@ -31,13 +35,6 @@ protected:
 
 };
 
-LocalBinaryCacheStore::LocalBinaryCacheStore(std::shared_ptr<Store> localStore,
-    const Path & secretKeyFile, const Path & binaryCacheDir)
-    : BinaryCacheStore(localStore, secretKeyFile)
-    , binaryCacheDir(binaryCacheDir)
-{
-}
-
 void LocalBinaryCacheStore::init()
 {
     createDirs(binaryCacheDir + "/nar");
@@ -74,23 +71,15 @@ std::shared_ptr<std::string> LocalBinaryCacheStore::getFile(const std::string &
     }
 }
 
-ref<Store> openLocalBinaryCacheStore(std::shared_ptr<Store> localStore,
-    const Path & secretKeyFile, const Path & binaryCacheDir)
-{
-    auto store = make_ref<LocalBinaryCacheStore>(
-        localStore, secretKeyFile, binaryCacheDir);
-    store->init();
-    return store;
-}
-
 static RegisterStoreImplementation regStore([](
     const std::string & uri, const StoreParams & params)
     -> std::shared_ptr<Store>
 {
     if (std::string(uri, 0, 7) != "file://") return 0;
-    return openLocalBinaryCacheStore(std::shared_ptr<Store>(0),
+    auto store = std::make_shared<LocalBinaryCacheStore>(
-        settings.get("binary-cache-secret-key-file", string("")),
+        std::shared_ptr<Store>(0), params, std::string(uri, 7));
-        std::string(uri, 7));
+    store->init();
+    return store;
 });
 
 }

src/libstore/s3-binary-cache-store.cc

@@ -43,8 +43,8 @@ struct S3BinaryCacheStoreImpl : public S3BinaryCacheStore
     Stats stats;
 
     S3BinaryCacheStoreImpl(std::shared_ptr<Store> localStore,
-        const Path & secretKeyFile, const std::string & bucketName)
+        const StoreParams & params, const std::string & bucketName)
-        : S3BinaryCacheStore(localStore, secretKeyFile)
+        : S3BinaryCacheStore(localStore, params)
         , bucketName(bucketName)
         , config(makeConfig())
         , client(make_ref<Aws::S3::S3Client>(*config))
@@ -245,8 +245,7 @@ static RegisterStoreImplementation regStore([](
 {
     if (std::string(uri, 0, 5) != "s3://") return 0;
     auto store = std::make_shared<S3BinaryCacheStoreImpl>(std::shared_ptr<Store>(0),
-        settings.get("binary-cache-secret-key-file", string("")),
+        params, std::string(uri, 5));
-        std::string(uri, 5));
     store->init();
     return store;
 });

src/libstore/s3-binary-cache-store.hh

@@ -11,8 +11,8 @@ class S3BinaryCacheStore : public BinaryCacheStore
 protected:
 
     S3BinaryCacheStore(std::shared_ptr<Store> localStore,
-        const Path & secretKeyFile)
+        const StoreParams & params)
-        : BinaryCacheStore(localStore, secretKeyFile)
+        : BinaryCacheStore(localStore, params)
     { }
 
 public:

src/libstore/store-api.hh

@@ -529,10 +529,6 @@ ref<Store> openStoreAt(const std::string & uri);
 ref<Store> openStore();
 
 
-ref<Store> openLocalBinaryCacheStore(std::shared_ptr<Store> localStore,
-    const Path & secretKeyFile, const Path & binaryCacheDir);
-
-
 /* Return the default substituter stores, defined by the
    ‘substituters’ option and various legacy options like
    ‘binary-caches’. */