wroclaw-git-backups/nix
1
0
Fork 0
mirror of https://github.com/NixOS/nix synced 2025-07-07 10:11:47 +02:00
Code Activity

binary-cache-public-keys -> trusted-public-keys

Browse source 
The name had become a misnomer since it's not only for substitution
from binary caches, but when adding/copying any
(non-content-addressed) path to a store.
This commit is contained in:
Eelco Dolstra 2017-11-20 17:29:54 +01:00
parent ea94a87493
commit 7a2b64e55c
No known key found for this signature in database
GPG key ID: 8170B4726D7198DE
5 changed files with 20 additions and 19 deletions
Download patch file Download diff file Expand all files Collapse all files

8
tests/binary-cache.sh
View file

@ -131,11 +131,11 @@ clearCacheCache
clearStore
clearCacheCache
(! nix-store -r $outPath --option binary-caches "file://$cacheDir" --option signed-binary-caches '*' --option binary-cache-public-keys "$badKey")
(! nix-store -r $outPath --option binary-caches "file://$cacheDir" --option signed-binary-caches '*' --option trusted-public-keys "$badKey")
# It should succeed if we provide the correct key.
nix-store -r $outPath --option binary-caches "file://$cacheDir" --option signed-binary-caches '*' --option binary-cache-public-keys "$otherKey $publicKey"
nix-store -r $outPath --option binary-caches "file://$cacheDir" --option signed-binary-caches '*' --option trusted-public-keys "$otherKey $publicKey"
# It should fail if we corrupt the .narinfo.
@ -152,10 +152,10 @@ done
clearCacheCache
(! nix-store -r $outPath --option binary-caches "file://$cacheDir2" --option signed-binary-caches '*' --option binary-cache-public-keys "$publicKey")
(! nix-store -r $outPath --option binary-caches "file://$cacheDir2" --option signed-binary-caches '*' --option trusted-public-keys "$publicKey")
# If we provide a bad and a good binary cache, it should succeed.
nix-store -r $outPath --option binary-caches "file://$cacheDir2 file://$cacheDir" --option signed-binary-caches '*' --option binary-cache-public-keys "$publicKey"
nix-store -r $outPath --option binary-caches "file://$cacheDir2 file://$cacheDir" --option signed-binary-caches '*' --option trusted-public-keys "$publicKey"
fi # HAVE_LIBSODIUM

12
tests/signing.sh
View file

@ -22,13 +22,13 @@ nix verify -r $outPath
expect 2 nix verify -r $outPath --sigs-needed 1
nix verify -r $outPath --sigs-needed 1 --binary-cache-public-keys $pk1
nix verify -r $outPath --sigs-needed 1 --trusted-public-keys $pk1
expect 2 nix verify -r $outPath --sigs-needed 2 --binary-cache-public-keys $pk1
expect 2 nix verify -r $outPath --sigs-needed 2 --trusted-public-keys $pk1
nix verify -r $outPath --sigs-needed 2 --binary-cache-public-keys "$pk1 $pk2"
nix verify -r $outPath --sigs-needed 2 --trusted-public-keys "$pk1 $pk2"
nix verify --all --sigs-needed 2 --binary-cache-public-keys "$pk1 $pk2"
nix verify --all --sigs-needed 2 --trusted-public-keys "$pk1 $pk2"
# Build something unsigned.
outPath2=$(nix-build simple.nix --no-out-link)
@ -45,12 +45,12 @@ nix verify -r $outPath2
expect 2 nix verify -r $outPath2 --sigs-needed 1
expect 2 nix verify -r $outPath2 --sigs-needed 1 --binary-cache-public-keys $pk1
expect 2 nix verify -r $outPath2 --sigs-needed 1 --trusted-public-keys $pk1
# Test "nix sign-paths".
nix sign-paths --key-file $TEST_ROOT/sk1 $outPath2
nix verify -r $outPath2 --sigs-needed 1 --binary-cache-public-keys $pk1
nix verify -r $outPath2 --sigs-needed 1 --trusted-public-keys $pk1
# Copy to a binary cache.
nix copy --to file://$cacheDir $outPath2