Man page - nix3-store-verify(1)
Packages contas this manual
- nix3-derivation-add(1)
- nix3-hash-to-base64(1)
- nix3-registry-list(1)
- nix-store-add-fixed(1)
- nix-store-dump-db(1)
- nix3-config-check(1)
- nix3-profile(1)
- nix3-registry-pin(1)
- nix3-store-add-path(1)
- nix3-copy(1)
- nix-store-read-log(1)
- nix-store-verify(1)
- nix3-search(1)
- nix-store-add(1)
- nix3-why-depends(1)
- nix.conf(5)
- nix-store-repair-path(1)
- nix-store-serve(1)
- nix3-store-dump-path(1)
- nix3-key-generate-secret(1)
- nix-store-optimise(1)
- nix-env-set(1)
- nix-store-verify-path(1)
- nix3-nar-cat(1)
- nix3-hash-convert(1)
- nix-env(1)
- nix-copy-closure(1)
- nix-env-list-generations(1)
- nix3-store-gc(1)
- nix3-profile-wipe-history(1)
- nix-profiles(5)
- nix3-profile-history(1)
- nix3-store-ls(1)
- nix3-store-repair(1)
- nix3-nar-ls(1)
- nix3-daemon(1)
- nix3-print-dev-env(1)
- nix3-hash-file(1)
- nix-channel(1)
- nix3-store-prefetch-file(1)
- nix-prefetch-url(1)
- nix-store-gc(1)
- nix3-registry-remove(1)
- nix-env-set-flag(1)
- nix3-flake-lock(1)
- nix-store-generate-binary-cache-key(1)
- nix3-flake-update(1)
- nix-store-realise(1)
- nix3-derivation-show(1)
- nix3-hash-to-base32(1)
- nix-store-query(1)
- nix-env-upgrade(1)
- nix3-log(1)
- nix3-store-copy-log(1)
- nix3-flake-prefetch(1)
- nix3-store-path-from-hash-part(1)
- nix3-profile-install(1)
- nix3-env-shell(1)
- nix(1)
- nix3-config(1)
- nix3-hash-path(1)
- nix3-derivation(1)
- nix3-registry-add(1)
- nix3-store-make-content-addressed(1)
- nix3-store-delete(1)
- nix3-store-add(1)
- nix3-profile-remove(1)
- nix3-flake-check(1)
- nix3-key-convert-secret-to-public(1)
- nix3-store-cat(1)
- nix-instantiate(1)
- nix-store-print-env(1)
- nix3-edit(1)
- nix-store-import(1)
- nix3-run(1)
- nix3-nar-dump-path(1)
- nix-store-export(1)
- nix3-config-show(1)
- nix3-realisation(1)
- nix-env-delete-generations(1)
- nix3-store-info(1)
- nix3-store-add-file(1)
- nix3-flake-show(1)
- nix3-hash-to-base16(1)
- nix3-store-diff-closures(1)
- nix3-bundle(1)
- nix3-help-stores(1)
- nix-store(1)
- nix3-store-optimise(1)
- nix3-upgrade-nix(1)
- nix3-store-copy-sigs(1)
- nix-daemon(8)
- nix3-key(1)
- nix3-nar-pack(1)
- nix3-flake-init(1)
- nix3-fmt(1)
- nix-env-query(1)
- nix3-store(1)
- nix3-help(1)
- nix-store-dump(1)
- nix-env-rollback(1)
- nix-hash(1)
- nix3-hash(1)
- nix-store-restore(1)
- nix3-registry(1)
- nix3-realisation-info(1)
- nix-env-switch-generation(1)
- nix3-flake-archive(1)
- nix3-profile-rollback(1)
- nix3-path-info(1)
- nix3-nar(1)
- nix3-flake-metadata(1)
- nix3-profile-diff-closures(1)
- nix3-store-sign(1)
- nix3-store-verify(1)
- nix3-hash-to-sri(1)
- nix-env-uninstall(1)
- nix3-build(1)
- nix-store-delete(1)
- nix3-profile-upgrade(1)
- nix3-flake-clone(1)
- nix-store-load-db(1)
- nix3-flake(1)
- nix-shell(1)
- nix3-flake-info(1)
- nix3-eval(1)
- nix3-profile-list(1)
- nix3-store-ping(1)
- nix3-develop(1)
- nix3-repl(1)
- nix3-flake-new(1)
- nix-env-switch-profile(1)
- nix-collect-garbage(1)
- nix-build(1)
- nix-env-install(1)
Package: nix-bin
apt-get install nix-bin
apt-get install nix-bin
Manuals in package:
Documentations in package:
Manual
| nix3-store-verify(1) | General Commands Manual | nix3-store-verify(1) |
Warning
This program is
experimental
and its interface is subject to change.
Name
nix store verify - verify the integrity of store paths
Synopsis
nix store verify [option…] installables…
Examples
- •
- Verify the entire Nix store:
# nix store verify --all
- •
- Check whether each path in the closure of Firefox has at least 2 signatures:
# nix store verify --recursive --sigs-needed 2 --no-contents $(type -p firefox)
- •
- Verify a store path in the binary cache https://cache.nixos.org/:
# nix store verify --store https://cache.nixos.org/ \
/nix/store/v5sv61sszx301i0x6xysaqzla09nksnd-hello-2.10
Description
This command verifies the integrity of the store paths installables, or, if --all is given, the entire Nix store. For each path, it checks that
- its contents match the NAR hash recorded in the Nix database; and
- it is trusted, that is, it is signed by at least one trusted signing key, is content-addressed, or is built locally (“ultimately trusted”).
Exit status
The exit status of this command is the sum of the following values:
- 1 if any path is corrupted (i.e. its contents don’t match the recorded NAR hash).
- 2 if any path is untrusted.
- 4 if any path couldn’t be verified for any other reason (such as an I/O error).
Options
- Do not verify the contents of each store path.
- Do not verify whether each store path is trusted.
- •
- --sigs-needed / -n n
- Require that each path is signed by at least n different keys.
- •
- --stdin
- Read installables from the standard input. No default installable applied.
- •
- --substituter / -s store-uri
- Use signatures from the specified store.
Common evaluation options
- •
- --arg name expr
- Pass the value expr as the argument name to Nix functions.
- •
- --arg-from-file name path
- Pass the contents of file path as the argument name to Nix functions.
- •
- --arg-from-stdin name
- Pass the contents of stdin as the argument name to Nix functions.
- •
- --argstr name string
- Pass the string string as the argument name to Nix functions.
- Start an interactive environment if evaluation fails.
- •
- --eval-store store-url
- The URL of the Nix store to use for evaluation, i.e. to store derivations (.drv files) and inputs referenced by them.
- •
- --impure
- Allow access to mutable paths and repositories.
- •
- --include / -I path
- Add path to search path entries used to resolve lookup paths
- This option may be given multiple times.
- Paths added through -I take precedence over the nix-path configuration setting and the NIX_PATH environment variable.
- •
- --override-flake original-ref resolved-ref
- Override the flake registries, redirecting original-ref to resolved-ref.
Common flake-related options
- Commit changes to the flake’s lock file.
- •
- --inputs-from flake-url
- Use the inputs of the specified flake as registry entries.
- Don’t allow lookups in the flake registries.
- DEPRECATED
- Use --no-use-registries instead.
- Do not allow any updates to the flake’s lock file.
- Do not write the flake’s newly generated lock file.
- •
- --output-lock-file flake-lock-path
- Write the given lock file instead of flake.lock within the top-level flake.
- •
- --override-input input-path flake-url
- Override a specific flake input (e.g. dwarffs/nixpkgs). This implies --no-write-lock-file.
- Recreate the flake’s lock file from scratch.
- DEPRECATED
- Use nix flake update instead.
- •
- --reference-lock-file flake-lock-path
- Read the given lock file instead of flake.lock within the top-level flake.
- •
- --update-input input-path
- Update a specific flake input (ignoring its previous entry in the lock file).
- DEPRECATED
- Use nix flake update instead.
Logging-related options
- •
- --debug
- Set the logging verbosity level to ‘debug’.
- •
- --log-format format
- Set the format of log output; one of raw, internal-json, bar or bar-with-logs.
- •
- --print-build-logs / -L
- Print full build logs on standard error.
- •
- --quiet
- Decrease the logging verbosity level.
- •
- --verbose / -v
- Increase the logging verbosity level.
Miscellaneous global options
- •
- --help
- Show usage information.
- Disable substituters and consider all previously downloaded files up-to-date.
- •
- --option name value
- Set the Nix configuration setting name to value (overriding nix.conf).
- Consider all previously downloaded files out-of-date.
- •
- --repair
- During evaluation, rewrite missing or corrupted files in the Nix store. During building, rebuild missing or corrupted store paths.
- Show version information.
Options that change the interpretation of installables
- •
- --all
- Apply the operation to every store path.
- Operate on the store derivation rather than its outputs.
- •
- --expr expr
- Interpret installables as attribute paths relative to the Nix expression expr.
- •
- --file / -f file
- Interpret installables as attribute paths relative to the Nix expression stored in file. If file is the character -, then a Nix expression will be read from standard input. Implies --impure.
- •
- --recursive / -r
- Apply operation to closure of the specified paths.
Note
See man nix.conf for overriding configuration settings with command line flags.