Module nix_compat::narinfo

source ·
Expand description

NAR info files describe a store path in a traditional Nix binary cache. Over the wire, they are formatted as “Key: value” pairs separated by newlines.

It contains four kinds of information:

  1. the description of the store path itself
    • store path prefix, digest, and name
    • NAR hash and size
    • references
  2. authenticity information
    • zero or more signatures over that description
    • an optional CAHash for content-addressed paths (fixed outputs, sources, and derivations)
  3. derivation metadata
    • deriver (the derivation that produced this path)
    • system (the system value of that derivation)
  4. cache-specific information
    • URL of the compressed NAR, relative to the NAR info file
    • compression algorithm used for the NAR
    • hash and size of the compressed NAR


  • This module defines data structures and parsers for the public key format used inside Nix to verify signatures on .narinfo files.
  • signature 🔒


  • TODO(edef): be conscious of these when roundtripping
  • This represents a ed25519 public key and “name”. These are normally passed in the trusted-public-keys Nix config option, and consist of a name and base64-encoded ed25519 pubkey, separated by a :.



  • Computes the fingerprint string for certain fields in a super::NarInfo. This fingerprint is signed by an ed25519 key, and in the case of a Nix HTTP Binary cache, included in the NARInfo files served from there.