summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorLudovic Courtès <ludo@gnu.org>2017-03-22 11:26:05 +0100
committerLudovic Courtès <ludo@gnu.org>2017-03-22 14:05:59 +0100
commit46f58390cb5a01d6cb59070e8e76e9a78e9b933e (patch)
tree83c89b0d7736d8d36773668b9818a6137452a9b1
parentab2a74e4dbfd396566a8b14223f5849304d4fe6b (diff)
publish: Add '--public-key' and '--private-key'.
* guix/scripts/publish.scm (show-help, %options): Add --public-key and --private-key. * doc/guix.texi (Invoking guix publish): Document it.
-rw-r--r--doc/guix.texi12
-rw-r--r--guix/scripts/publish.scm10
2 files changed, 22 insertions, 0 deletions
diff --git a/doc/guix.texi b/doc/guix.texi
index 8d27dd2031..6c4e1800c1 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -6523,6 +6523,18 @@ This allows the user's Guix to keep substitute information in cache for
guarantee that the store items it provides will indeed remain available
for as long as @var{ttl}.
+@item --public-key=@var{file}
+@itemx --private-key=@var{file}
+Use the specific @var{file}s as the public/private key pair used to sign
+the store items being published.
+
+The files must correspond to the same key pair (the private key is used
+for signing and the public key is merely advertised in the signature
+metadata). They must contain keys in the canonical s-expression format
+as produced by @command{guix archive --generate-key} (@pxref{Invoking
+guix archive}). By default, @file{/etc/guix/signing-key.pub} and
+@file{/etc/guix/signing-key.sec} are used.
+
@item --repl[=@var{port}]
@itemx -r [@var{port}]
Spawn a Guile REPL server (@pxref{REPL Servers,,, guile, GNU Guile
diff --git a/guix/scripts/publish.scm b/guix/scripts/publish.scm
index 57eea792b6..5a5ef68422 100644
--- a/guix/scripts/publish.scm
+++ b/guix/scripts/publish.scm
@@ -72,6 +72,10 @@ Publish ~a over HTTP.\n") %store-directory)
(display (_ "
--ttl=TTL announce narinfos can be cached for TTL seconds"))
(display (_ "
+ --public-key=FILE use FILE as the public key for signatures"))
+ (display (_ "
+ --private-key=FILE use FILE as the private key for signatures"))
+ (display (_ "
-r, --repl[=PORT] spawn REPL server on PORT"))
(newline)
(display (_ "
@@ -148,6 +152,12 @@ compression disabled~%"))
(leave (_ "~a: invalid duration~%") arg))
(alist-cons 'narinfo-ttl (time-second duration)
result))))
+ (option '("public-key") #t #f
+ (lambda (opt name arg result)
+ (alist-cons 'public-key-file arg result)))
+ (option '("private-key" "secret-key") #t #f
+ (lambda (opt name arg result)
+ (alist-cons 'private-key-file arg result)))
(option '(#\r "repl") #f #t
(lambda (opt name arg result)
;; If port unspecified, use default Guile REPL port.