publish: Add '--public-key' and '--private-key'.

* guix/scripts/publish.scm (show-help, %options): Add --public-key and --private-key. * doc/guix.texi (Invoking guix publish): Document it.
2017-03-22 11:26:05 +01:00 · 2017-03-22 11:26:05 +01:00 · 46f58390cb
parent ab2a74e4db
commit 46f58390cb
2 changed files with 22 additions and 0 deletions
--- a/doc/guix.texi
+++ b/doc/guix.texi
@ -6523,6 +6523,18 @@ This allows the user's Guix to keep substitute information in cache for
 guarantee that the store items it provides will indeed remain available
 for as long as @var{ttl}.

+@item --public-key=@var{file}
+@itemx --private-key=@var{file}
+Use the specific @var{file}s as the public/private key pair used to sign
+the store items being published.
+
+The files must correspond to the same key pair (the private key is used
+for signing and the public key is merely advertised in the signature
+metadata).  They must contain keys in the canonical s-expression format
+as produced by @command{guix archive --generate-key} (@pxref{Invoking
+guix archive}).  By default, @file{/etc/guix/signing-key.pub} and
+@file{/etc/guix/signing-key.sec} are used.
+
@item --repl[=@var{port}]
@itemx -r [@var{port}]
 Spawn a Guile REPL server (@pxref{REPL Servers,,, guile, GNU Guile
--- a/guix/scripts/publish.scm
+++ b/guix/scripts/publish.scm
@ -71,6 +71,10 @@ Publish ~a over HTTP.\n") %store-directory)
                         compress archives at LEVEL"))
  (display (_ "
      --ttl=TTL          announce narinfos can be cached for TTL seconds"))
+  (display (_ "
+      --public-key=FILE  use FILE as the public key for signatures"))
+  (display (_ "
+      --private-key=FILE use FILE as the private key for signatures"))
  (display (_ "
  -r, --repl[=PORT]      spawn REPL server on PORT"))
  (newline)
@ -148,6 +152,12 @@ compression disabled~%"))
                      (leave (_ "~a: invalid duration~%") arg))
                    (alist-cons 'narinfo-ttl (time-second duration)
                                result))))
+        (option '("public-key") #t #f
+                (lambda (opt name arg result)
+                  (alist-cons 'public-key-file arg result)))
+        (option '("private-key" "secret-key") #t #f
+                (lambda (opt name arg result)
+                  (alist-cons 'private-key-file arg result)))
        (option '(#\r "repl") #f #t
                (lambda (opt name arg result)
                  ;; If port unspecified, use default Guile REPL port.