Signer infrastructure: Prep for #9076

This sets up infrastructure in libutil to allow for signing other than by a secret key in memory. #9076 uses this to implement remote signing. (Split from that PR to allow reviewing in smaller chunks.) Co-Authored-By: Raito Bezarius <masterancpp@gmail.com>
2025-11-15 15:02:42 +01:00 · 2024-01-03 15:02:20 -05:00 · 2024-01-03 15:02:20 -05:00 · 12bb8cdd38
commit 12bb8cdd38
parent 315aade89d
24 changed files with 233 additions and 70 deletions
--- a/src/libstore/realisation.cc
+++ b/src/libstore/realisation.cc
@ -1,6 +1,7 @@
 #include "realisation.hh"
 #include "store-api.hh"
 #include "closure.hh"
+#include "signature/local-keys.hh"
 #include <nlohmann/json.hpp>

 namespace nix {
@ -113,9 +114,9 @@ std::string Realisation::fingerprint() const
    return serialized.dump();
 }

-void Realisation::sign(const SecretKey & secretKey)
+void Realisation::sign(const Signer &signer)
 {
-    signatures.insert(secretKey.signDetached(fingerprint()));
+    signatures.insert(signer.signDetached(fingerprint()));
 }

 bool Realisation::checkSignature(const PublicKeys & publicKeys, const std::string & sig) const