lix/src/nix/verify.md
Valentin Gagarin 2af9fd20c6 clarify definition of "installable"
the term was hard to discover, as its definition and explanation were in
a very long document lacking an overview section.
search did not help because it occurs so often.

- clarify wording in the definition
- add an overview of installable types
- add "installable" to glossary
- link to definition from occurrences of the term
- be more precise about where store derivation outputs are processed
- installable Nix expressions must evaluate to a derivation

Co-authored-by: Adam Joseph <54836058+amjoseph-nixpkgs@users.noreply.github.com>
2023-03-05 01:46:17 +01:00

1.2 KiB

R""(

Examples

  • Verify the entire Nix store:

    # nix store verify --all
    
  • Check whether each path in the closure of Firefox has at least 2 signatures:

    # nix store verify -r -n2 --no-contents $(type -p firefox)
    
  • Verify a store path in the binary cache https://cache.nixos.org/:

    # nix store verify --store https://cache.nixos.org/ \
        /nix/store/v5sv61sszx301i0x6xysaqzla09nksnd-hello-2.10
    

Description

This command verifies the integrity of the store paths installables, or, if --all is given, the entire Nix store. For each path, it checks that

  • its contents match the NAR hash recorded in the Nix database; and

  • it is trusted, that is, it is signed by at least one trusted signing key, is content-addressed, or is built locally ("ultimately trusted").

Exit status

The exit status of this command is the sum of the following values:

  • 1 if any path is corrupted (i.e. its contents don't match the recorded NAR hash).

  • 2 if any path is untrusted.

  • 4 if any path couldn't be verified for any other reason (such as an I/O error).

)""