nix-super/src/nix/verify.md

R""(

# Examples

* Verify the entire Nix store:

  ```console
  # nix store verify --all
  ```

* Check whether each path in the closure of Firefox has at least 2
  signatures:

  ```console
  # nix store verify --recursive --sigs-needed 2 --no-contents $(type -p firefox)
  ```

* Verify a store path in the binary cache `https://cache.nixos.org/`:

  ```console
  # nix store verify --store https://cache.nixos.org/ \
      /nix/store/v5sv61sszx301i0x6xysaqzla09nksnd-hello-2.10
  ```

# Description

This command verifies the integrity of the store paths [*installables*](./nix.md#installables),
or, if `--all` is given, the entire Nix store. For each path, it
checks that

* its contents match the NAR hash recorded in the Nix database; and

* it is *trusted*, that is, it is signed by at least one trusted
  signing key, is content-addressed, or is built locally ("ultimately
  trusted").

# Exit status

The exit status of this command is the sum of the following values:

* **1** if any path is corrupted (i.e. its contents don't match the
  recorded NAR hash).

* **2** if any path is untrusted.

* **4** if any path couldn't be verified for any other reason (such as
  an I/O error).

)""
Add 'nix store verify' manpage 2020-12-10 00:45:06 +02:00			`R""(`

			`# Examples`

			`* Verify the entire Nix store:`

			```console
			`# nix store verify --all`
			```

			`* Check whether each path in the closure of Firefox has at least 2`
			`signatures:`

			```console
Also use long options in src/nix/*.md 2023-04-30 16:55:08 +03:00			`# nix store verify --recursive --sigs-needed 2 --no-contents $(type -p firefox)`
Add 'nix store verify' manpage 2020-12-10 00:45:06 +02:00			```

			* Verify a store path in the binary cache `https://cache.nixos.org/`:

			```console
			`# nix store verify --store https://cache.nixos.org/ \`
			`/nix/store/v5sv61sszx301i0x6xysaqzla09nksnd-hello-2.10`
			```

			`# Description`

clarify definition of "installable" the term was hard to discover, as its definition and explanation were in a very long document lacking an overview section. search did not help because it occurs so often. - clarify wording in the definition - add an overview of installable types - add "installable" to glossary - link to definition from occurrences of the term - be more precise about where store derivation outputs are processed - installable Nix expressions must evaluate to a derivation Co-authored-by: Adam Joseph <54836058+amjoseph-nixpkgs@users.noreply.github.com> 2022-12-01 02:57:02 +02:00			`This command verifies the integrity of the store paths [installables](./nix.md#installables),`
Add 'nix store verify' manpage 2020-12-10 00:45:06 +02:00			or, if `--all` is given, the entire Nix store. For each path, it
			`checks that`

			`* its contents match the NAR hash recorded in the Nix database; and`

			`* it is trusted, that is, it is signed by at least one trusted`
			`signing key, is content-addressed, or is built locally ("ultimately`
			`trusted").`

			`# Exit status`

			`The exit status of this command is the sum of the following values:`

			`* 1 if any path is corrupted (i.e. its contents don't match the`
			`recorded NAR hash).`

			`* 2 if any path is untrusted.`

			`* 4 if any path couldn't be verified for any other reason (such as`
			`an I/O error).`

			`)""`