Use secret-key-files for verifying

This commit is contained in:
Eelco Dolstra 2016-04-07 15:07:00 +02:00
parent e39999ed48
commit 6b2ae52808

View file

@ -102,11 +102,24 @@ bool verifyDetached(const std::string & data, const std::string & sig,
PublicKeys getDefaultPublicKeys()
{
PublicKeys publicKeys;
// FIXME: filter duplicates
for (auto s : settings.get("binary-cache-public-keys", Strings())) {
PublicKey key(s);
publicKeys.emplace(key.name, key);
// FIXME: filter duplicates
}
for (auto secretKeyFile : settings.get("secret-key-files", Strings())) {
try {
SecretKey secretKey(readFile(secretKeyFile));
publicKeys.emplace(secretKey.name, secretKey.toPublicKey());
} catch (SysError & e) {
/* Ignore unreadable key files. That's normal in a
multi-user installation. */
}
}
return publicKeys;
}