nix-super/src/libstore/keys.cc

#include "file-system.hh"
#include "globals.hh"
#include "keys.hh"

namespace nix {

PublicKeys getDefaultPublicKeys()
{
    PublicKeys publicKeys;

    // FIXME: filter duplicates

    for (auto s : settings.trustedPublicKeys.get()) {
        PublicKey key(s);
        publicKeys.emplace(key.name, key);
    }

    for (auto secretKeyFile : settings.secretKeyFiles.get()) {
        try {
            SecretKey secretKey(readFile(secretKeyFile));
            publicKeys.emplace(secretKey.name, secretKey.toPublicKey());
        } catch (SystemError & e) {
            /* Ignore unreadable key files. That's normal in a
               multi-user installation. */
        }
    }

    return publicKeys;
}

}
Signer infrastructure: Prep for #9076 This sets up infrastructure in libutil to allow for signing other than by a secret key in memory. #9076 uses this to implement remote signing. (Split from that PR to allow reviewing in smaller chunks.) Co-Authored-By: Raito Bezarius <masterancpp@gmail.com> 2024-01-03 22:02:20 +02:00			`#include "file-system.hh"`
			`#include "globals.hh"`
			`#include "keys.hh"`

			`namespace nix {`

			`PublicKeys getDefaultPublicKeys()`
			`{`
			`PublicKeys publicKeys;`

			`// FIXME: filter duplicates`

			`for (auto s : settings.trustedPublicKeys.get()) {`
			`PublicKey key(s);`
			`publicKeys.emplace(key.name, key);`
			`}`

			`for (auto secretKeyFile : settings.secretKeyFiles.get()) {`
			`try {`
			`SecretKey secretKey(readFile(secretKeyFile));`
			`publicKeys.emplace(secretKey.name, secretKey.toPublicKey());`
Separate `SystemError` from `SysError` Most of this is a `catch SysError` -> `catch SystemError` sed. This is a rather pure-churn change I would like to get out of the way. The intersting part is `src/libutil/error.hh`. On Unix, we will only throw the `SysError` concrete class, which has the same constructors that `SystemError` used to have. On Windows, we will throw `WinError` and `SysError`. `WinError` (which will be created in a later PR), will use a `DWORD` instead of `int` error value, and `GetLastError()`, which is the Windows equivalent of the `errno` machinery. Windows will also use `SysError` because Window's "libc" (MSVCRT) implements the POSIX interface, and we use it too. As the docs describe, while we throw one of the 3 choices above (2 concrete classes or the alias), we should always catch `SystemError`. This ensures no matter how the implementation changes for Windows (e.g. between `SysError` and `WinError`) the catching logic stays the same and stays correct. Co-Authored-By volth <volth@volth.com> Co-Authored-By Eugene Butler <eugene@eugene4.com> 2023-12-02 00:03:28 +02:00			`} catch (SystemError & e) {`
Signer infrastructure: Prep for #9076 This sets up infrastructure in libutil to allow for signing other than by a secret key in memory. #9076 uses this to implement remote signing. (Split from that PR to allow reviewing in smaller chunks.) Co-Authored-By: Raito Bezarius <masterancpp@gmail.com> 2024-01-03 22:02:20 +02:00			`/* Ignore unreadable key files. That's normal in a`
			`multi-user installation. */`
			`}`
			`}`

			`return publicKeys;`
			`}`

			`}`