wroclaw-git-backups/nix
1
0
Fork 0
mirror of https://github.com/NixOS/nix synced 2025-07-06 21:41:48 +02:00
Code Activity

Add some logic for signing realisations

Browse source 
Not exposed anywhere, but built realisations are now signed (and this
should be forwarded when copy-ing them around)
This commit is contained in:
regnat 2021-03-08 11:56:33 +01:00
parent 306c154632
commit 826877cabf
7 changed files with 93 additions and 12 deletions
Download patch file Download diff file Expand all files Collapse all files

8
src/libstore/realisation.hh
View file

@ -3,6 +3,7 @@
#include "path.hh"
#include <nlohmann/json_fwd.hpp>
#include "comparator.hh"
#include "crypto.hh"
namespace nix {
@ -25,9 +26,16 @@ struct Realisation {
DrvOutput id;
StorePath outPath;
StringSet signatures;
nlohmann::json toJSON() const;
static Realisation fromJSON(const nlohmann::json& json, const std::string& whence);
std::string fingerprint() const;
void sign(const SecretKey &);
bool checkSignature(const PublicKeys & publicKeys, const std::string & sig) const;
size_t checkSignatures(const PublicKeys & publicKeys) const;
StorePath getPath() const { return outPath; }
GENERATE_CMP(Realisation, me->id, me->outPath);