diff options
author | Ludovic Courtès <ludo@gnu.org> | 2017-03-22 11:26:05 +0100 |
---|---|---|
committer | Ludovic Courtès <ludo@gnu.org> | 2017-03-22 14:05:59 +0100 |
commit | 46f58390cb5a01d6cb59070e8e76e9a78e9b933e (patch) | |
tree | 83c89b0d7736d8d36773668b9818a6137452a9b1 | |
parent | ab2a74e4dbfd396566a8b14223f5849304d4fe6b (diff) |
publish: Add '--public-key' and '--private-key'.
* guix/scripts/publish.scm (show-help, %options): Add --public-key and
--private-key.
* doc/guix.texi (Invoking guix publish): Document it.
-rw-r--r-- | doc/guix.texi | 12 | ||||
-rw-r--r-- | guix/scripts/publish.scm | 10 |
2 files changed, 22 insertions, 0 deletions
diff --git a/doc/guix.texi b/doc/guix.texi index 8d27dd2031..6c4e1800c1 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -6523,6 +6523,18 @@ This allows the user's Guix to keep substitute information in cache for guarantee that the store items it provides will indeed remain available for as long as @var{ttl}. +@item --public-key=@var{file} +@itemx --private-key=@var{file} +Use the specific @var{file}s as the public/private key pair used to sign +the store items being published. + +The files must correspond to the same key pair (the private key is used +for signing and the public key is merely advertised in the signature +metadata). They must contain keys in the canonical s-expression format +as produced by @command{guix archive --generate-key} (@pxref{Invoking +guix archive}). By default, @file{/etc/guix/signing-key.pub} and +@file{/etc/guix/signing-key.sec} are used. + @item --repl[=@var{port}] @itemx -r [@var{port}] Spawn a Guile REPL server (@pxref{REPL Servers,,, guile, GNU Guile diff --git a/guix/scripts/publish.scm b/guix/scripts/publish.scm index 57eea792b6..5a5ef68422 100644 --- a/guix/scripts/publish.scm +++ b/guix/scripts/publish.scm @@ -72,6 +72,10 @@ Publish ~a over HTTP.\n") %store-directory) (display (_ " --ttl=TTL announce narinfos can be cached for TTL seconds")) (display (_ " + --public-key=FILE use FILE as the public key for signatures")) + (display (_ " + --private-key=FILE use FILE as the private key for signatures")) + (display (_ " -r, --repl[=PORT] spawn REPL server on PORT")) (newline) (display (_ " @@ -148,6 +152,12 @@ compression disabled~%")) (leave (_ "~a: invalid duration~%") arg)) (alist-cons 'narinfo-ttl (time-second duration) result)))) + (option '("public-key") #t #f + (lambda (opt name arg result) + (alist-cons 'public-key-file arg result))) + (option '("private-key" "secret-key") #t #f + (lambda (opt name arg result) + (alist-cons 'private-key-file arg result))) (option '(#\r "repl") #f #t (lambda (opt name arg result) ;; If port unspecified, use default Guile REPL port. |