wroclaw-git-backups/nix
1
0
Fork 0
mirror of https://github.com/NixOS/nix synced 2025-06-27 08:31:16 +02:00
Code Activity

nix verify-paths: Add ‘--sigs-needed <N>’ flag

Browse source 
This specifies the number of distinct signatures required to consider
each path "trusted".

Also renamed ‘--no-sigs’ to ‘--no-trust’ for the flag that disables
verifying whether a path is trusted (since a path can also be trusted
if it has no signatures, but was built locally).
This commit is contained in:
Eelco Dolstra 2016-04-07 15:14:12 +02:00
parent 6b2ae52808
commit 05fbc606fc
3 changed files with 41 additions and 16 deletions
Download patch file Download diff file Expand all files Collapse all files

8
src/libstore/store-api.cc
View file

@ -333,12 +333,18 @@ unsigned int ValidPathInfo::checkSignatures(const PublicKeys & publicKeys) const
{
unsigned int good = 0;
for (auto & sig : sigs)
if (verifyDetached(fingerprint(), sig, publicKeys))
if (checkSignature(publicKeys, sig))
good++;
return good;
}
bool ValidPathInfo::checkSignature(const PublicKeys & publicKeys, const std::string & sig) const
{
return verifyDetached(fingerprint(), sig, publicKeys);
}
}