diff options
| author | Christopher Baines <mail@cbaines.net> | 2019-12-25 23:09:59 +0000 |
|---|---|---|
| committer | Christopher Baines <mail@cbaines.net> | 2019-12-26 09:34:43 +0000 |
| commit | 66e886a6b4c228421d45023ffa75817c65a4f954 (patch) | |
| tree | cf95b77d7d4d0e512820695c87589e7ccbae3302 /scripts | |
| parent | 120af42c24e428ef818ecbca1042598e012753d5 (diff) | |
| download | data-service-66e886a6b4c228421d45023ffa75817c65a4f954.tar data-service-66e886a6b4c228421d45023ffa75817c65a4f954.tar.gz | |
Serve narinfo files for derivations
Diffstat (limited to 'scripts')
| -rw-r--r-- | scripts/guix-data-service.in | 48 |
1 files changed, 40 insertions, 8 deletions
diff --git a/scripts/guix-data-service.in b/scripts/guix-data-service.in index d91b659..efa6425 100644 --- a/scripts/guix-data-service.in +++ b/scripts/guix-data-service.in @@ -27,8 +27,11 @@ (srfi srfi-37) (ice-9 textual-ports) (system repl server) + (gcrypt pk-crypto) + (guix pki) (guix-data-service config) - (guix-data-service web server)) + (guix-data-service web server) + (guix-data-service web nar controller)) (define %default-repl-server-port ;; Default port to run REPL server on, if --listen-repl is provided @@ -56,6 +59,12 @@ (string-trim-right (call-with-input-file arg get-string-all)) result))) + (option '("narinfo-signing-public-key") #t #f + (lambda (opt name arg result) + (alist-cons 'narinfo-signing-public-key-file arg result))) + (option '("narinfo-signing-private-key") #t #f + (lambda (opt name arg result) + (alist-cons 'narinfo-signing-private-key-file arg result))) (option '("update-database") #f #f (lambda (opt name _ result) (alist-cons 'update-database #t result))) @@ -73,10 +82,12 @@ (define %default-options ;; Alist of default option values - `((listen-repl . #f) - (update-database . #f) - (port . 8765) - (host . "0.0.0.0"))) + `((listen-repl . #f) + (narinfo-signing-public-key . ,%public-key-file) + (narinfo-signing-private-key . ,%private-key-file) + (update-database . #f) + (port . 8765) + (host . "0.0.0.0"))) (define (parse-options args) (args-fold @@ -129,6 +140,27 @@ (simple-format #t "starting the server on port ~A\n" (assq-ref opts 'port)) - (start-guix-data-service-web-server (assq-ref opts 'port) - (assq-ref opts 'host) - (assq-ref opts 'secret-key-base))) + (parameterize ((%narinfo-signing-public-key + (and=> (assoc-ref opts 'narinfo-signing-public-key) + read-file-sexp)) + (%narinfo-signing-private-key + (catch + 'system-error + (lambda () + (and=> (assoc-ref opts 'narinfo-signing-private-key) + read-file-sexp)) + (lambda (key . args) + (simple-format + (current-error-port) + "warning: failed to load narinfo signing private key from ~A\n" + (assoc-ref opts 'narinfo-signing-private-key)) + (simple-format (current-error-port) + " ~A: ~A\n" + key args) + (display "warning: not signing narinfo files\n" + (current-error-port)) + #f)))) + + (start-guix-data-service-web-server (assq-ref opts 'port) + (assq-ref opts 'host) + (assq-ref opts 'secret-key-base)))) |