forked from lix-project/hydra
Allow Hydra's binary cache to be signed
This requires adding the following to hydra.conf: binary_cache_key_name = <key-name> binary_cache_private_key_file = <path-to-private-key> e.g. binary_cache_key_name = hydra.nixos.org-1 binary_cache_private_key_file = /home/hydra/cache-key.sec
This commit is contained in:
parent
de26b55afe
commit
a598fe7e81
|
@ -4,6 +4,7 @@ use strict;
|
||||||
use base qw/Catalyst::View/;
|
use base qw/Catalyst::View/;
|
||||||
use File::Basename;
|
use File::Basename;
|
||||||
use Nix::Store;
|
use Nix::Store;
|
||||||
|
use Nix::Crypto;
|
||||||
|
|
||||||
sub process {
|
sub process {
|
||||||
my ($self, $c) = @_;
|
my ($self, $c) = @_;
|
||||||
|
@ -29,6 +30,15 @@ sub process {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
# Optionally, sign the NAR info file we just created.
|
||||||
|
my $privateKeyFile = $c->config->{binary_cache_private_key_file};
|
||||||
|
my $keyName = $c->config->{binary_cache_key_name};
|
||||||
|
|
||||||
|
if (defined $privateKeyFile && defined $keyName) {
|
||||||
|
my $sig = signString($privateKeyFile, $info);
|
||||||
|
$info .= "Signature: 1;$keyName;$sig\n";
|
||||||
|
}
|
||||||
|
|
||||||
$c->response->body($info);
|
$c->response->body($info);
|
||||||
|
|
||||||
return 1;
|
return 1;
|
||||||
|
|
Loading…
Reference in a new issue