Use secret-key-files for verifying

This commit is contained in:
Eelco Dolstra 2016-04-07 15:07:00 +02:00
parent e39999ed48
commit 6b2ae52808

View file

@ -102,11 +102,24 @@ bool verifyDetached(const std::string & data, const std::string & sig,
PublicKeys getDefaultPublicKeys() PublicKeys getDefaultPublicKeys()
{ {
PublicKeys publicKeys; PublicKeys publicKeys;
// FIXME: filter duplicates
for (auto s : settings.get("binary-cache-public-keys", Strings())) { for (auto s : settings.get("binary-cache-public-keys", Strings())) {
PublicKey key(s); PublicKey key(s);
publicKeys.emplace(key.name, key); publicKeys.emplace(key.name, key);
// FIXME: filter duplicates
} }
for (auto secretKeyFile : settings.get("secret-key-files", Strings())) {
try {
SecretKey secretKey(readFile(secretKeyFile));
publicKeys.emplace(secretKey.name, secretKey.toPublicKey());
} catch (SysError & e) {
/* Ignore unreadable key files. That's normal in a
multi-user installation. */
}
}
return publicKeys; return publicKeys;
} }