Module nix_compat::narinfo
source · Expand description
NAR info files describe a store path in a traditional Nix binary cache. Over the wire, they are formatted as “Key: value” pairs separated by newlines.
It contains four kinds of information:
- the description of the store path itself
- store path prefix, digest, and name
- NAR hash and size
- references
- authenticity information
- zero or more signatures over that description
- an optional CAHash for content-addressed paths (fixed outputs, sources, and derivations)
- derivation metadata
- deriver (the derivation that produced this path)
- system (the system value of that derivation)
- cache-specific information
- URL of the compressed NAR, relative to the NAR info file
- compression algorithm used for the NAR
- hash and size of the compressed NAR
Modules§
- This module provides tooling to parse private key (pairs) produced by Nix and its
nix-store --generate-binary-cache-key name path.secret path.pubcommand. It producesed25519_dalekkeys, but theNarInfo::add_signaturefunction is generic, allowing other signers. - This module defines data structures and parsers for the public key format used inside Nix to verify signatures on .narinfo files.
Structs§
- TODO(edef): be conscious of these when roundtripping
- This represents a ed25519 public key and “name”. These are normally passed in the
trusted-public-keysNix config option, and consist of a name and base64-encoded ed25519 pubkey, separated by a:.
Enums§
Functions§
- Computes the fingerprint string for certain fields in a super::NarInfo. This fingerprint is signed by an ed25519 key, and in the case of a Nix HTTP Binary cache, included in the NARInfo files served from there.
- Parses a SigningKey / VerifyingKey from a byte slice in the format that Nix uses.