nix_compat

Module narinfo

Source
Expand description

NAR info files describe a store path in a traditional Nix binary cache. Over the wire, they are formatted as “Key: value” pairs separated by newlines.

It contains four kinds of information:

  1. the description of the store path itself
    • store path prefix, digest, and name
    • NAR hash and size
    • references
  2. authenticity information
    • zero or more signatures over that description
    • an optional CAHash for content-addressed paths (fixed outputs, sources, and derivations)
  3. derivation metadata
    • deriver (the derivation that produced this path)
    • system (the system value of that derivation)
  4. cache-specific information
    • URL of the compressed NAR, relative to the NAR info file
    • compression algorithm used for the NAR
    • hash and size of the compressed NAR

Modules§

fingerprint 🔒
signature 🔒
signing_keys 🔒
This module provides tooling to parse private key (pairs) produced by Nix and its nix-store --generate-binary-cache-key name path.secret path.pub command. It produces ed25519_dalek keys, but the NarInfo::add_signature function is generic, allowing other signers.
verifying_keys 🔒
This module defines data structures and parsers for the public key format used inside Nix to verify signatures on .narinfo files.

Structs§

Flags
TODO(edef): be conscious of these when roundtripping
NarInfo
Signature
SigningKey
VerifyingKey
This represents a ed25519 public key and “name”. These are normally passed in the trusted-public-keys Nix config option, and consist of a name and base64-encoded ed25519 pubkey, separated by a :.

Enums§

Error
SignatureError
SigningKeyError
VerifyingKeyError

Constants§

TAG_CA 🔒
TAG_COMPRESSION 🔒
TAG_DERIVER 🔒
TAG_FILEHASH 🔒
TAG_FILESIZE 🔒
TAG_NARHASH 🔒
TAG_NARSIZE 🔒
TAG_REFERENCES 🔒
TAG_SIG 🔒
TAG_STOREPATH 🔒
TAG_SYSTEM 🔒
TAG_URL 🔒

Functions§

fingerprint
Computes the fingerprint string for certain fields in a super::NarInfo. This fingerprint is signed by an ed25519 key, and in the case of a Nix HTTP Binary cache, included in the NARInfo files served from there.
parse_keypair
Parses a SigningKey / VerifyingKey from a byte slice in the format that Nix uses.

Type Aliases§

SignatureRef
Type alias of a Signature using a &str as name field.