mirror of
https://github.com/privatevoid-net/nix-super.git
synced 2024-11-22 14:06:16 +02:00
Move most store-related commands to 'nix store'
This commit is contained in:
parent
a1cd805cba
commit
ea2062a2d9
17 changed files with 62 additions and 77 deletions
|
@ -43,8 +43,6 @@ struct CmdAddToStore : MixDryRun, StoreCommand
|
||||||
;
|
;
|
||||||
}
|
}
|
||||||
|
|
||||||
Category category() override { return catUtility; }
|
|
||||||
|
|
||||||
void run(ref<Store> store) override
|
void run(ref<Store> store) override
|
||||||
{
|
{
|
||||||
if (!namePart) namePart = baseNameOf(path);
|
if (!namePart) namePart = baseNameOf(path);
|
||||||
|
@ -80,4 +78,4 @@ struct CmdAddToStore : MixDryRun, StoreCommand
|
||||||
}
|
}
|
||||||
};
|
};
|
||||||
|
|
||||||
static auto rCmdAddToStore = registerCommand<CmdAddToStore>("add-to-store");
|
static auto rCmdAddToStore = registerCommand2<CmdAddToStore>({"store", "add-path"});
|
||||||
|
|
|
@ -37,8 +37,6 @@ struct CmdCatStore : StoreCommand, MixCat
|
||||||
return "print the contents of a file in the Nix store on stdout";
|
return "print the contents of a file in the Nix store on stdout";
|
||||||
}
|
}
|
||||||
|
|
||||||
Category category() override { return catUtility; }
|
|
||||||
|
|
||||||
void run(ref<Store> store) override
|
void run(ref<Store> store) override
|
||||||
{
|
{
|
||||||
cat(store->getFSAccessor());
|
cat(store->getFSAccessor());
|
||||||
|
|
|
@ -121,14 +121,12 @@ struct CmdDiffClosures : SourceExprCommand
|
||||||
return "show what packages and versions were added and removed between two closures";
|
return "show what packages and versions were added and removed between two closures";
|
||||||
}
|
}
|
||||||
|
|
||||||
Category category() override { return catSecondary; }
|
|
||||||
|
|
||||||
Examples examples() override
|
Examples examples() override
|
||||||
{
|
{
|
||||||
return {
|
return {
|
||||||
{
|
{
|
||||||
"To show what got added and removed between two versions of the NixOS system profile:",
|
"To show what got added and removed between two versions of the NixOS system profile:",
|
||||||
"nix diff-closures /nix/var/nix/profiles/system-655-link /nix/var/nix/profiles/system-658-link",
|
"nix store diff-closures /nix/var/nix/profiles/system-655-link /nix/var/nix/profiles/system-658-link",
|
||||||
},
|
},
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
@ -143,4 +141,4 @@ struct CmdDiffClosures : SourceExprCommand
|
||||||
}
|
}
|
||||||
};
|
};
|
||||||
|
|
||||||
static auto rCmdDiffClosures = registerCommand<CmdDiffClosures>("diff-closures");
|
static auto rCmdDiffClosures = registerCommand2<CmdDiffClosures>({"store", "diff-closures"});
|
||||||
|
|
|
@ -16,13 +16,11 @@ struct CmdDumpPath : StorePathCommand
|
||||||
return {
|
return {
|
||||||
Example{
|
Example{
|
||||||
"To get a NAR from the binary cache https://cache.nixos.org/:",
|
"To get a NAR from the binary cache https://cache.nixos.org/:",
|
||||||
"nix dump-path --store https://cache.nixos.org/ /nix/store/7crrmih8c52r8fbnqb933dxrsp44md93-glibc-2.25"
|
"nix store dump-path --store https://cache.nixos.org/ /nix/store/7crrmih8c52r8fbnqb933dxrsp44md93-glibc-2.25"
|
||||||
},
|
},
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
||||||
Category category() override { return catUtility; }
|
|
||||||
|
|
||||||
void run(ref<Store> store, const StorePath & storePath) override
|
void run(ref<Store> store, const StorePath & storePath) override
|
||||||
{
|
{
|
||||||
FdSink sink(STDOUT_FILENO);
|
FdSink sink(STDOUT_FILENO);
|
||||||
|
@ -31,7 +29,6 @@ struct CmdDumpPath : StorePathCommand
|
||||||
}
|
}
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
||||||
static auto rDumpPath = registerCommand2<CmdDumpPath>({"store", "dump-path"});
|
static auto rDumpPath = registerCommand2<CmdDumpPath>({"store", "dump-path"});
|
||||||
|
|
||||||
struct CmdDumpPath2 : Command
|
struct CmdDumpPath2 : Command
|
||||||
|
|
|
@ -97,7 +97,7 @@ struct CmdLsStore : StoreCommand, MixLs
|
||||||
return {
|
return {
|
||||||
Example{
|
Example{
|
||||||
"To list the contents of a store path in a binary cache:",
|
"To list the contents of a store path in a binary cache:",
|
||||||
"nix ls-store --store https://cache.nixos.org/ -lR /nix/store/0i2jd68mp5g6h2sa5k9c85rb80sn8hi9-hello-2.10"
|
"nix store ls --store https://cache.nixos.org/ -lR /nix/store/0i2jd68mp5g6h2sa5k9c85rb80sn8hi9-hello-2.10"
|
||||||
},
|
},
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
@ -107,8 +107,6 @@ struct CmdLsStore : StoreCommand, MixLs
|
||||||
return "show information about a path in the Nix store";
|
return "show information about a path in the Nix store";
|
||||||
}
|
}
|
||||||
|
|
||||||
Category category() override { return catUtility; }
|
|
||||||
|
|
||||||
void run(ref<Store> store) override
|
void run(ref<Store> store) override
|
||||||
{
|
{
|
||||||
list(store->getFSAccessor());
|
list(store->getFSAccessor());
|
||||||
|
|
|
@ -115,17 +115,25 @@ struct NixArgs : virtual MultiCommand, virtual MixCommonArgs
|
||||||
}
|
}
|
||||||
|
|
||||||
std::map<std::string, std::vector<std::string>> aliases = {
|
std::map<std::string, std::vector<std::string>> aliases = {
|
||||||
|
{"add-to-store", {"store", "add-path"}},
|
||||||
|
{"cat-nar", {"nar", "cat"}},
|
||||||
|
{"cat-store", {"store", "cat"}},
|
||||||
|
{"copy-sigs", {"store", "copy-sigs"}},
|
||||||
{"dev-shell", {"develop"}},
|
{"dev-shell", {"develop"}},
|
||||||
|
{"diff-closures", {"store", "diff-closures"}},
|
||||||
|
{"dump-path", {"store", "dump-path"}},
|
||||||
{"hash-file", {"hash", "file"}},
|
{"hash-file", {"hash", "file"}},
|
||||||
{"hash-path", {"hash", "path"}},
|
{"hash-path", {"hash", "path"}},
|
||||||
|
{"ls-nar", {"nar", "ls"}},
|
||||||
|
{"ls-store", {"store", "ls"}},
|
||||||
|
{"make-content-addressable", {"store", "make-content-addressable"}},
|
||||||
|
{"optimise-store", {"store", "optimise"}},
|
||||||
|
{"ping-store", {"store", "ping"}},
|
||||||
|
{"sign-paths", {"store", "sign-paths"}},
|
||||||
{"to-base16", {"hash", "to-base16"}},
|
{"to-base16", {"hash", "to-base16"}},
|
||||||
{"to-base32", {"hash", "to-base32"}},
|
{"to-base32", {"hash", "to-base32"}},
|
||||||
{"to-base64", {"hash", "to-base64"}},
|
{"to-base64", {"hash", "to-base64"}},
|
||||||
{"ls-nar", {"nar", "ls"}},
|
{"verify", {"store", "verify"}},
|
||||||
{"ls-store", {"store", "ls"}},
|
|
||||||
{"cat-nar", {"nar", "cat"}},
|
|
||||||
{"cat-store", {"store", "cat"}},
|
|
||||||
{"dump-path", {"store", "dump-path"}},
|
|
||||||
};
|
};
|
||||||
|
|
||||||
bool aliasUsed = false;
|
bool aliasUsed = false;
|
||||||
|
|
|
@ -23,17 +23,15 @@ struct CmdMakeContentAddressable : StorePathsCommand, MixJSON
|
||||||
return {
|
return {
|
||||||
Example{
|
Example{
|
||||||
"To create a content-addressable representation of GNU Hello (but not its dependencies):",
|
"To create a content-addressable representation of GNU Hello (but not its dependencies):",
|
||||||
"nix make-content-addressable nixpkgs#hello"
|
"nix store make-content-addressable nixpkgs#hello"
|
||||||
},
|
},
|
||||||
Example{
|
Example{
|
||||||
"To compute a content-addressable representation of the current NixOS system closure:",
|
"To compute a content-addressable representation of the current NixOS system closure:",
|
||||||
"nix make-content-addressable -r /run/current-system"
|
"nix store make-content-addressable -r /run/current-system"
|
||||||
},
|
},
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
||||||
Category category() override { return catUtility; }
|
|
||||||
|
|
||||||
void run(ref<Store> store, StorePaths storePaths) override
|
void run(ref<Store> store, StorePaths storePaths) override
|
||||||
{
|
{
|
||||||
auto paths = store->topoSortPaths(StorePathSet(storePaths.begin(), storePaths.end()));
|
auto paths = store->topoSortPaths(StorePathSet(storePaths.begin(), storePaths.end()));
|
||||||
|
@ -108,4 +106,4 @@ struct CmdMakeContentAddressable : StorePathsCommand, MixJSON
|
||||||
}
|
}
|
||||||
};
|
};
|
||||||
|
|
||||||
static auto rCmdMakeContentAddressable = registerCommand<CmdMakeContentAddressable>("make-content-addressable");
|
static auto rCmdMakeContentAddressable = registerCommand2<CmdMakeContentAddressable>({"store", "make-content-addressable"});
|
||||||
|
|
|
@ -18,17 +18,15 @@ struct CmdOptimiseStore : StoreCommand
|
||||||
return {
|
return {
|
||||||
Example{
|
Example{
|
||||||
"To optimise the Nix store:",
|
"To optimise the Nix store:",
|
||||||
"nix optimise-store"
|
"nix store optimise"
|
||||||
},
|
},
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
||||||
Category category() override { return catUtility; }
|
|
||||||
|
|
||||||
void run(ref<Store> store) override
|
void run(ref<Store> store) override
|
||||||
{
|
{
|
||||||
store->optimiseStore();
|
store->optimiseStore();
|
||||||
}
|
}
|
||||||
};
|
};
|
||||||
|
|
||||||
static auto rCmdOptimiseStore = registerCommand<CmdOptimiseStore>("optimise-store");
|
static auto rCmdOptimiseStore = registerCommand2<CmdOptimiseStore>({"store", "optimise"});
|
||||||
|
|
|
@ -16,17 +16,15 @@ struct CmdPingStore : StoreCommand
|
||||||
return {
|
return {
|
||||||
Example{
|
Example{
|
||||||
"To test whether connecting to a remote Nix store via SSH works:",
|
"To test whether connecting to a remote Nix store via SSH works:",
|
||||||
"nix ping-store --store ssh://mac1"
|
"nix store ping --store ssh://mac1"
|
||||||
},
|
},
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
||||||
Category category() override { return catUtility; }
|
|
||||||
|
|
||||||
void run(ref<Store> store) override
|
void run(ref<Store> store) override
|
||||||
{
|
{
|
||||||
store->connect();
|
store->connect();
|
||||||
}
|
}
|
||||||
};
|
};
|
||||||
|
|
||||||
static auto rCmdPingStore = registerCommand<CmdPingStore>("ping-store");
|
static auto rCmdPingStore = registerCommand2<CmdPingStore>({"store", "ping"});
|
||||||
|
|
|
@ -27,8 +27,6 @@ struct CmdCopySigs : StorePathsCommand
|
||||||
return "copy path signatures from substituters (like binary caches)";
|
return "copy path signatures from substituters (like binary caches)";
|
||||||
}
|
}
|
||||||
|
|
||||||
Category category() override { return catUtility; }
|
|
||||||
|
|
||||||
void run(ref<Store> store, StorePaths storePaths) override
|
void run(ref<Store> store, StorePaths storePaths) override
|
||||||
{
|
{
|
||||||
if (substituterUris.empty())
|
if (substituterUris.empty())
|
||||||
|
@ -92,7 +90,7 @@ struct CmdCopySigs : StorePathsCommand
|
||||||
}
|
}
|
||||||
};
|
};
|
||||||
|
|
||||||
static auto rCmdCopySigs = registerCommand<CmdCopySigs>("copy-sigs");
|
static auto rCmdCopySigs = registerCommand2<CmdCopySigs>({"store", "copy-sigs"});
|
||||||
|
|
||||||
struct CmdSignPaths : StorePathsCommand
|
struct CmdSignPaths : StorePathsCommand
|
||||||
{
|
{
|
||||||
|
@ -115,8 +113,6 @@ struct CmdSignPaths : StorePathsCommand
|
||||||
return "sign the specified paths";
|
return "sign the specified paths";
|
||||||
}
|
}
|
||||||
|
|
||||||
Category category() override { return catUtility; }
|
|
||||||
|
|
||||||
void run(ref<Store> store, StorePaths storePaths) override
|
void run(ref<Store> store, StorePaths storePaths) override
|
||||||
{
|
{
|
||||||
if (secretKeyFile.empty())
|
if (secretKeyFile.empty())
|
||||||
|
@ -144,4 +140,4 @@ struct CmdSignPaths : StorePathsCommand
|
||||||
}
|
}
|
||||||
};
|
};
|
||||||
|
|
||||||
static auto rCmdSignPaths = registerCommand<CmdSignPaths>("sign-paths");
|
static auto rCmdSignPaths = registerCommand2<CmdSignPaths>({"store", "sign-paths"});
|
||||||
|
|
|
@ -40,17 +40,15 @@ struct CmdVerify : StorePathsCommand
|
||||||
return {
|
return {
|
||||||
Example{
|
Example{
|
||||||
"To verify the entire Nix store:",
|
"To verify the entire Nix store:",
|
||||||
"nix verify --all"
|
"nix store verify --all"
|
||||||
},
|
},
|
||||||
Example{
|
Example{
|
||||||
"To check whether each path in the closure of Firefox has at least 2 signatures:",
|
"To check whether each path in the closure of Firefox has at least 2 signatures:",
|
||||||
"nix verify -r -n2 --no-contents $(type -p firefox)"
|
"nix store verify -r -n2 --no-contents $(type -p firefox)"
|
||||||
},
|
},
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
||||||
Category category() override { return catSecondary; }
|
|
||||||
|
|
||||||
void run(ref<Store> store, StorePaths storePaths) override
|
void run(ref<Store> store, StorePaths storePaths) override
|
||||||
{
|
{
|
||||||
std::vector<ref<Store>> substituters;
|
std::vector<ref<Store>> substituters;
|
||||||
|
@ -189,4 +187,4 @@ struct CmdVerify : StorePathsCommand
|
||||||
}
|
}
|
||||||
};
|
};
|
||||||
|
|
||||||
static auto rCmdVerify = registerCommand<CmdVerify>("verify");
|
static auto rCmdVerify = registerCommand2<CmdVerify>({"store", "verify"});
|
||||||
|
|
|
@ -188,7 +188,7 @@ unset _NIX_FORCE_HTTP
|
||||||
|
|
||||||
|
|
||||||
# Test 'nix verify --all' on a binary cache.
|
# Test 'nix verify --all' on a binary cache.
|
||||||
nix verify -vvvvv --all --store file://$cacheDir --no-trust
|
nix store verify -vvvvv --all --store file://$cacheDir --no-trust
|
||||||
|
|
||||||
|
|
||||||
# Test local NAR caching.
|
# Test local NAR caching.
|
||||||
|
|
|
@ -36,7 +36,7 @@ other_store=file://$TEST_ROOT/other_store?store=/fnord/store
|
||||||
|
|
||||||
hash=$(nix hash file --type sha256 --base16 ./fetchurl.sh)
|
hash=$(nix hash file --type sha256 --base16 ./fetchurl.sh)
|
||||||
|
|
||||||
storePath=$(nix --store $other_store add-to-store --flat ./fetchurl.sh)
|
storePath=$(nix --store $other_store store add-path --flat ./fetchurl.sh)
|
||||||
|
|
||||||
outPath=$(nix-build '<nix/fetchurl.nix>' --argstr url file:///no-such-dir/fetchurl.sh --argstr sha256 $hash --no-out-link --substituters $other_store)
|
outPath=$(nix-build '<nix/fetchurl.nix>' --argstr url file:///no-such-dir/fetchurl.sh --argstr sha256 $hash --no-out-link --substituters $other_store)
|
||||||
|
|
||||||
|
|
|
@ -2,9 +2,9 @@ source common.sh
|
||||||
|
|
||||||
clearStore
|
clearStore
|
||||||
|
|
||||||
garbage1=$(nix add-to-store --name garbage1 ./nar-access.sh)
|
garbage1=$(nix store add-path --name garbage1 ./nar-access.sh)
|
||||||
garbage2=$(nix add-to-store --name garbage2 ./nar-access.sh)
|
garbage2=$(nix store add-path --name garbage2 ./nar-access.sh)
|
||||||
garbage3=$(nix add-to-store --name garbage3 ./nar-access.sh)
|
garbage3=$(nix store add-path --name garbage3 ./nar-access.sh)
|
||||||
|
|
||||||
ls -l $garbage3
|
ls -l $garbage3
|
||||||
POSIXLY_CORRECT=1 du $garbage3
|
POSIXLY_CORRECT=1 du $garbage3
|
||||||
|
|
|
@ -7,7 +7,7 @@ clearStore
|
||||||
|
|
||||||
rm -f $TEST_ROOT/result
|
rm -f $TEST_ROOT/result
|
||||||
|
|
||||||
export unreachable=$(nix add-to-store ./recursive.sh)
|
export unreachable=$(nix store add-path ./recursive.sh)
|
||||||
|
|
||||||
NIX_BIN_DIR=$(dirname $(type -p nix)) nix --experimental-features 'nix-command recursive-nix' build -o $TEST_ROOT/result -L --impure --expr '
|
NIX_BIN_DIR=$(dirname $(type -p nix)) nix --experimental-features 'nix-command recursive-nix' build -o $TEST_ROOT/result -L --impure --expr '
|
||||||
with import ./config.nix;
|
with import ./config.nix;
|
||||||
|
@ -38,7 +38,7 @@ NIX_BIN_DIR=$(dirname $(type -p nix)) nix --experimental-features 'nix-command r
|
||||||
|
|
||||||
# Add something to the store.
|
# Add something to the store.
|
||||||
echo foobar > foobar
|
echo foobar > foobar
|
||||||
foobar=$(nix $opts add-to-store ./foobar)
|
foobar=$(nix $opts store add-path ./foobar)
|
||||||
|
|
||||||
nix $opts path-info $foobar
|
nix $opts path-info $foobar
|
||||||
nix $opts build $foobar
|
nix $opts build $foobar
|
||||||
|
|
|
@ -17,40 +17,40 @@ info=$(nix path-info --json $outPath)
|
||||||
[[ $info =~ 'cache1.example.org' ]]
|
[[ $info =~ 'cache1.example.org' ]]
|
||||||
[[ $info =~ 'cache2.example.org' ]]
|
[[ $info =~ 'cache2.example.org' ]]
|
||||||
|
|
||||||
# Test "nix verify".
|
# Test "nix store verify".
|
||||||
nix verify -r $outPath
|
nix store verify -r $outPath
|
||||||
|
|
||||||
expect 2 nix verify -r $outPath --sigs-needed 1
|
expect 2 nix store verify -r $outPath --sigs-needed 1
|
||||||
|
|
||||||
nix verify -r $outPath --sigs-needed 1 --trusted-public-keys $pk1
|
nix store verify -r $outPath --sigs-needed 1 --trusted-public-keys $pk1
|
||||||
|
|
||||||
expect 2 nix verify -r $outPath --sigs-needed 2 --trusted-public-keys $pk1
|
expect 2 nix store verify -r $outPath --sigs-needed 2 --trusted-public-keys $pk1
|
||||||
|
|
||||||
nix verify -r $outPath --sigs-needed 2 --trusted-public-keys "$pk1 $pk2"
|
nix store verify -r $outPath --sigs-needed 2 --trusted-public-keys "$pk1 $pk2"
|
||||||
|
|
||||||
nix verify --all --sigs-needed 2 --trusted-public-keys "$pk1 $pk2"
|
nix store verify --all --sigs-needed 2 --trusted-public-keys "$pk1 $pk2"
|
||||||
|
|
||||||
# Build something unsigned.
|
# Build something unsigned.
|
||||||
outPath2=$(nix-build simple.nix --no-out-link)
|
outPath2=$(nix-build simple.nix --no-out-link)
|
||||||
|
|
||||||
nix verify -r $outPath
|
nix store verify -r $outPath
|
||||||
|
|
||||||
# Verify that the path did not get signed but does have the ultimate bit.
|
# Verify that the path did not get signed but does have the ultimate bit.
|
||||||
info=$(nix path-info --json $outPath2)
|
info=$(nix path-info --json $outPath2)
|
||||||
[[ $info =~ '"ultimate":true' ]]
|
[[ $info =~ '"ultimate":true' ]]
|
||||||
(! [[ $info =~ 'signatures' ]])
|
(! [[ $info =~ 'signatures' ]])
|
||||||
|
|
||||||
# Test "nix verify".
|
# Test "nix store verify".
|
||||||
nix verify -r $outPath2
|
nix store verify -r $outPath2
|
||||||
|
|
||||||
expect 2 nix verify -r $outPath2 --sigs-needed 1
|
expect 2 nix store verify -r $outPath2 --sigs-needed 1
|
||||||
|
|
||||||
expect 2 nix verify -r $outPath2 --sigs-needed 1 --trusted-public-keys $pk1
|
expect 2 nix store verify -r $outPath2 --sigs-needed 1 --trusted-public-keys $pk1
|
||||||
|
|
||||||
# Test "nix sign-paths".
|
# Test "nix store sign-paths".
|
||||||
nix sign-paths --key-file $TEST_ROOT/sk1 $outPath2
|
nix store sign-paths --key-file $TEST_ROOT/sk1 $outPath2
|
||||||
|
|
||||||
nix verify -r $outPath2 --sigs-needed 1 --trusted-public-keys $pk1
|
nix store verify -r $outPath2 --sigs-needed 1 --trusted-public-keys $pk1
|
||||||
|
|
||||||
# Build something content-addressed.
|
# Build something content-addressed.
|
||||||
outPathCA=$(IMPURE_VAR1=foo IMPURE_VAR2=bar nix-build ./fixed.nix -A good.0 --no-out-link)
|
outPathCA=$(IMPURE_VAR1=foo IMPURE_VAR2=bar nix-build ./fixed.nix -A good.0 --no-out-link)
|
||||||
|
@ -59,12 +59,12 @@ outPathCA=$(IMPURE_VAR1=foo IMPURE_VAR2=bar nix-build ./fixed.nix -A good.0 --no
|
||||||
|
|
||||||
# Content-addressed paths don't need signatures, so they verify
|
# Content-addressed paths don't need signatures, so they verify
|
||||||
# regardless of --sigs-needed.
|
# regardless of --sigs-needed.
|
||||||
nix verify $outPathCA
|
nix store verify $outPathCA
|
||||||
nix verify $outPathCA --sigs-needed 1000
|
nix store verify $outPathCA --sigs-needed 1000
|
||||||
|
|
||||||
# Check that signing a content-addressed path doesn't overflow validSigs
|
# Check that signing a content-addressed path doesn't overflow validSigs
|
||||||
nix sign-paths --key-file $TEST_ROOT/sk1 $outPathCA
|
nix store sign-paths --key-file $TEST_ROOT/sk1 $outPathCA
|
||||||
nix verify -r $outPathCA --sigs-needed 1000 --trusted-public-keys $pk1
|
nix store verify -r $outPathCA --sigs-needed 1000 --trusted-public-keys $pk1
|
||||||
|
|
||||||
# Copy to a binary cache.
|
# Copy to a binary cache.
|
||||||
nix copy --to file://$cacheDir $outPath2
|
nix copy --to file://$cacheDir $outPath2
|
||||||
|
@ -76,7 +76,7 @@ info=$(nix path-info --store file://$cacheDir --json $outPath2)
|
||||||
(! [[ $info =~ 'cache2.example.org' ]])
|
(! [[ $info =~ 'cache2.example.org' ]])
|
||||||
|
|
||||||
# Verify that adding a signature to a path in a binary cache works.
|
# Verify that adding a signature to a path in a binary cache works.
|
||||||
nix sign-paths --store file://$cacheDir --key-file $TEST_ROOT/sk2 $outPath2
|
nix store sign-paths --store file://$cacheDir --key-file $TEST_ROOT/sk2 $outPath2
|
||||||
info=$(nix path-info --store file://$cacheDir --json $outPath2)
|
info=$(nix path-info --store file://$cacheDir --json $outPath2)
|
||||||
[[ $info =~ 'cache1.example.org' ]]
|
[[ $info =~ 'cache1.example.org' ]]
|
||||||
[[ $info =~ 'cache2.example.org' ]]
|
[[ $info =~ 'cache2.example.org' ]]
|
||||||
|
@ -89,17 +89,17 @@ rm -rf $TEST_ROOT/store0
|
||||||
# But succeed if we supply the public keys.
|
# But succeed if we supply the public keys.
|
||||||
nix copy --to $TEST_ROOT/store0 $outPath --trusted-public-keys $pk1
|
nix copy --to $TEST_ROOT/store0 $outPath --trusted-public-keys $pk1
|
||||||
|
|
||||||
expect 2 nix verify --store $TEST_ROOT/store0 -r $outPath
|
expect 2 nix store verify --store $TEST_ROOT/store0 -r $outPath
|
||||||
|
|
||||||
nix verify --store $TEST_ROOT/store0 -r $outPath --trusted-public-keys $pk1
|
nix store verify --store $TEST_ROOT/store0 -r $outPath --trusted-public-keys $pk1
|
||||||
nix verify --store $TEST_ROOT/store0 -r $outPath --sigs-needed 2 --trusted-public-keys "$pk1 $pk2"
|
nix store verify --store $TEST_ROOT/store0 -r $outPath --sigs-needed 2 --trusted-public-keys "$pk1 $pk2"
|
||||||
|
|
||||||
# It should also succeed if we disable signature checking.
|
# It should also succeed if we disable signature checking.
|
||||||
(! nix copy --to $TEST_ROOT/store0 $outPath2)
|
(! nix copy --to $TEST_ROOT/store0 $outPath2)
|
||||||
nix copy --to $TEST_ROOT/store0?require-sigs=false $outPath2
|
nix copy --to $TEST_ROOT/store0?require-sigs=false $outPath2
|
||||||
|
|
||||||
# But signatures should still get copied.
|
# But signatures should still get copied.
|
||||||
nix verify --store $TEST_ROOT/store0 -r $outPath2 --trusted-public-keys $pk1
|
nix store verify --store $TEST_ROOT/store0 -r $outPath2 --trusted-public-keys $pk1
|
||||||
|
|
||||||
# Content-addressed stuff can be copied without signatures.
|
# Content-addressed stuff can be copied without signatures.
|
||||||
nix copy --to $TEST_ROOT/store0 $outPathCA
|
nix copy --to $TEST_ROOT/store0 $outPathCA
|
||||||
|
|
|
@ -11,6 +11,6 @@ store+=$remote_store
|
||||||
store+=$remote_store
|
store+=$remote_store
|
||||||
store+=$remote_store
|
store+=$remote_store
|
||||||
|
|
||||||
out=$(nix add-to-store --store "$store" $TEST_ROOT/hello.sh)
|
out=$(nix store add-path --store "$store" $TEST_ROOT/hello.sh)
|
||||||
|
|
||||||
[ foo = $(< $out) ]
|
[ foo = $(< $out) ]
|
||||||
|
|
Loading…
Reference in a new issue