Use secret-key-files for verifying
This commit is contained in:
parent
e39999ed48
commit
6b2ae52808
1 changed files with 14 additions and 1 deletions
|
@ -102,11 +102,24 @@ bool verifyDetached(const std::string & data, const std::string & sig,
|
||||||
PublicKeys getDefaultPublicKeys()
|
PublicKeys getDefaultPublicKeys()
|
||||||
{
|
{
|
||||||
PublicKeys publicKeys;
|
PublicKeys publicKeys;
|
||||||
|
|
||||||
|
// FIXME: filter duplicates
|
||||||
|
|
||||||
for (auto s : settings.get("binary-cache-public-keys", Strings())) {
|
for (auto s : settings.get("binary-cache-public-keys", Strings())) {
|
||||||
PublicKey key(s);
|
PublicKey key(s);
|
||||||
publicKeys.emplace(key.name, key);
|
publicKeys.emplace(key.name, key);
|
||||||
// FIXME: filter duplicates
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
for (auto secretKeyFile : settings.get("secret-key-files", Strings())) {
|
||||||
|
try {
|
||||||
|
SecretKey secretKey(readFile(secretKeyFile));
|
||||||
|
publicKeys.emplace(secretKey.name, secretKey.toPublicKey());
|
||||||
|
} catch (SysError & e) {
|
||||||
|
/* Ignore unreadable key files. That's normal in a
|
||||||
|
multi-user installation. */
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
return publicKeys;
|
return publicKeys;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue