nixos/nix
1
1
Fork 0
mirror of https://github.com/NixOS/nix.git synced 2025-11-25 11:49:35 +01:00
Code Activity

Add some logic for signing realisations

Browse source 
Not exposed anywhere, but built realisations are now signed (and this
should be forwarded when copy-ing them around)
This commit is contained in:
regnat 2021-03-08 11:56:33 +01:00
parent 306c154632
commit 826877cabf
7 changed files with 93 additions and 12 deletions
Download patch file Download diff file Expand all files Collapse all files

4
src/libstore/local-store.hh
View file

@ -137,6 +137,7 @@ public:
SubstitutablePathInfos & infos) override;
bool pathInfoIsTrusted(const ValidPathInfo &) override;
bool realisationIsUntrusted(const Realisation & ) override;
void addToStore(const ValidPathInfo & info, Source & source,
RepairFlag repair, CheckSigsFlag checkSigs) override;
@ -272,9 +273,10 @@ private:
bool isValidPath_(State & state, const StorePath & path);
void queryReferrers(State & state, const StorePath & path, StorePathSet & referrers);
/* Add signatures to a ValidPathInfo using the secret keys
/* Add signatures to a ValidPathInfo or Realisation using the secret keys
specified by the secret-key-files option. */
void signPathInfo(ValidPathInfo & info);
void signRealisation(Realisation &);
Path getRealStoreDir() override { return realStoreDir; }