Skip to content

Instantly share code, notes, and snippets.

@AmineChikhaoui

AmineChikhaoui/signed.md

Last active August 1, 2018 16:53
Show Gist options
  • Save AmineChikhaoui/655effb23af15d33407590f37f9f6f3a to your computer and use it in GitHub Desktop.
Save AmineChikhaoui/655effb23af15d33407590f37f9f6f3a to your computer and use it in GitHub Desktop.
Download ZIP
Raw
signed.md

Generate a keypair:

nix-store --generate-binary-cache-key example.org /path/to/secret /path/to/public

Use that to push signed paths:

  • For usage through the nix cli nix copy --to s3://example?secret-key=/path/to/secret <path>

  • in hydra config store_uri = s3://example?secret-key=/path/to/secret

From client side:

  • make sure the binary cache is added to the trusted substituters through nix.trustedBinaryCaches (trusted-substituters in nix.conf)

    nix.trustedBinaryCaches = [ s3://example ];

  • make sure to add the content of /path/to/public to nix.binaryCachePublicKeys or trusted-public-keys in nix.conf

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment