The manual has some info: https://nixos.org/nix/manual/#operation-generate-binary-cache-key
It's a fairly straight forward private / public signing scheme. There's an example on how to verify integrity in the manual as well: https://nixos.org/nix/manual/#examples-23 ~ On 28 March 2016 at 13:17, Matthias Beyer <[email protected]> wrote: > Hi, > > How is package signing this done by nix and how does it work for > nixpkgs/nixos? > I'm searching for resources on this because of my bachelors thesis and I'm > not > quite sure nix already does signing and the like. > > So all the "big" package managers (apt, yum, pacman,...) do some gpg foo > to sign > packages. How does this work in a nix context? Do we sign packages? Does > nix > verify signatures? Do we sign expressions? > > Is there any literature out there? I'm starting reading Eelcos papers now, > maybe > I can find something in there... > > (The context I'm asking this in is for traceability and auditability, my > thesis > focuses on Agent based intrusion detection systems and how they do software > installations.) > > -- > Mit freundlichen Grüßen, > Kind regards, > Matthias Beyer > > Proudly sent with mutt. > Happily signed with gnupg. > > _______________________________________________ > nix-dev mailing list > [email protected] > http://lists.science.uu.nl/mailman/listinfo/nix-dev > >
_______________________________________________ nix-dev mailing list [email protected] http://lists.science.uu.nl/mailman/listinfo/nix-dev
