Warning
This program is experimental and its interface is subject to change.

Name

nix store sign - sign store paths with a local key

Synopsis

nix store sign [option...] installables...

Options

  • --key-file / -k file

    File containing the secret signing key.

  • --stdin

    Read installables from the standard input. No default installable applied.

Common evaluation options

  • --arg name expr

    Pass the value expr as the argument name to Nix functions.

  • --argstr name string

    Pass the string string as the argument name to Nix functions.

  • --debugger

    Start an interactive environment if evaluation fails.

  • --eval-store store-url

    The URL of the Nix store to use for evaluation, i.e. to store derivations (.drv files) and inputs referenced by them.

  • --impure

    Allow access to mutable paths and repositories.

  • --include / -I path

    Add path to the Nix search path. The Nix search path is initialized from the colon-separated NIX_PATH environment variable, and is used to look up the location of Nix expressions using paths enclosed in angle brackets (i.e., <nixpkgs>).

    For instance, passing

    -I /home/eelco/Dev
    -I /etc/nixos
    

    will cause Nix to look for paths relative to /home/eelco/Dev and /etc/nixos, in that order. This is equivalent to setting the NIX_PATH environment variable to

    /home/eelco/Dev:/etc/nixos
    

    It is also possible to match paths against a prefix. For example, passing

    -I nixpkgs=/home/eelco/Dev/nixpkgs-branch
    -I /etc/nixos
    

    will cause Nix to search for <nixpkgs/path> in /home/eelco/Dev/nixpkgs-branch/path and /etc/nixos/nixpkgs/path.

    If a path in the Nix search path starts with http:// or https://, it is interpreted as the URL of a tarball that will be downloaded and unpacked to a temporary location. The tarball must consist of a single top-level directory. For example, passing

    -I nixpkgs=https://github.com/NixOS/nixpkgs/archive/master.tar.gz
    

    tells Nix to download and use the current contents of the master branch in the nixpkgs repository.

    The URLs of the tarballs from the official nixos.org channels (see the manual page for nix-channel) can be abbreviated as channel:<channel-name>. For instance, the following two flags are equivalent:

    -I nixpkgs=channel:nixos-21.05
    -I nixpkgs=https://nixos.org/channels/nixos-21.05/nixexprs.tar.xz
    

    You can also fetch source trees using flake URLs and add them to the search path. For instance,

    -I nixpkgs=flake:nixpkgs
    

    specifies that the prefix nixpkgs shall refer to the source tree downloaded from the nixpkgs entry in the flake registry. Similarly,

    -I nixpkgs=flake:github:NixOS/nixpkgs/nixos-22.05
    

    makes <nixpkgs> refer to a particular branch of the NixOS/nixpkgs repository on GitHub.

  • --override-flake original-ref resolved-ref

    Override the flake registries, redirecting original-ref to resolved-ref.

  • --debug

    Set the logging verbosity level to 'debug'.

  • --log-format format

    Set the format of log output; one of raw, internal-json, bar or bar-with-logs.

  • --print-build-logs / -L

    Print full build logs on standard error.

  • --quiet

    Decrease the logging verbosity level.

  • --verbose / -v

    Increase the logging verbosity level.

Miscellaneous global options

  • --help

    Show usage information.

  • --offline

    Disable substituters and consider all previously downloaded files up-to-date.

  • --option name value

    Set the Nix configuration setting name to value (overriding nix.conf).

  • --refresh

    Consider all previously downloaded files out-of-date.

  • --repair

    During evaluation, rewrite missing or corrupted files in the Nix store. During building, rebuild missing or corrupted store paths.

  • --version

    Show version information.

Options that change the interpretation of installables

  • --all

    Apply the operation to every store path.

  • --derivation

    Operate on the store derivation rather than its outputs.

  • --expr expr

    Interpret installables as attribute paths relative to the Nix expression expr.

  • --file / -f file

    Interpret installables as attribute paths relative to the Nix expression stored in file. If file is the character -, then a Nix expression will be read from standard input. Implies --impure.

  • --recursive / -r

    Apply operation to closure of the specified paths.

Note

See man nix.conf for overriding configuration settings with command line flags.