Manpages - nix3-store-verify.1
Warning
This program is experimental and its interface is subject to change.
#+end_quote
Name
nix store verify - verify the integrity of store paths
Synopsis
nix store verify [/option/…] installables…
Examples
- Verify the entire Nix store:
# nix store verify --all
- Check whether each path in the closure of Firefox has at least 2 signatures:
# nix store verify --recursive --sigs-needed 2 --no-contents $(type -p firefox)
- Verify a store path in the binary cache
https://cache.nixos.org/:
# nix store verify --store https://cache.nixos.org/ \ /nix/store/v5sv61sszx301i0x6xysaqzla09nksnd-hello-2.10
Description
This command verifies the integrity of the store paths installables,
or, if --all is given, the entire Nix store. For each path, it checks
that
- its contents match the NAR hash recorded in the Nix database; and
- it is trusted, that is, it is signed by at least one trusted signing key, is content-addressed, or is built locally (“ultimately trusted”).
Exit status
The exit status of this command is the sum of the following values:
- 1 if any path is corrupted (i.e. its contents don't match the recorded NAR hash).
- 2 if any path is untrusted.
- 4 if any path couldn't be verified for any other reason (such as an I/O error).
Options
--no-contentsDo not verify the contents of each store path.--no-trustDo not verify whether each store path is trusted.--sigs-needed/-nn Require that each path is signed by at least n different keys.--stdinRead installables from the standard input. No default installable applied.--substituter/-sstore-uri Use signatures from the specified store.
Common evaluation options
--argname expr Pass the value expr as the argument name to Nix functions.--arg-from-filename path Pass the contents of file path as the argument name to Nix functions.--arg-from-stdinname Pass the contents of stdin as the argument name to Nix functions.--argstrname string Pass the string string as the argument name to Nix functions.--debuggerStart an interactive environment if evaluation fails.--eval-storestore-url The URL of the Nix store to use for evaluation, i.e. to store derivations (.drvfiles) and inputs referenced by them.--impureAllow access to mutable paths and repositories.--include/-Ipath Add path to search path entries used to resolve lookup paths This option may be given multiple times. Paths added through-Itake precedence over thenix-pathconfiguration setting and theNIX_PATHenvironment variable.--override-flakeoriginal-ref resolved-ref Override the flake registries, redirecting original-ref to resolved-ref.
Common flake-related options
--commit-lock-fileCommit changes to the flake's lock file.--inputs-fromflake-url Use the inputs of the specified flake as registry entries.-
--no-registriesDon't allow lookups in the flake registries.
DEPRECATED
Use
--no-use-registriesinstead. --no-update-lock-fileDo not allow any updates to the flake's lock file.--no-write-lock-fileDo not write the flake's newly generated lock file.--output-lock-fileflake-lock-path Write the given lock file instead offlake.lockwithin the top-level flake.--override-inputinput-path flake-url Override a specific flake input (e.g.dwarffs/nixpkgs). This implies--no-write-lock-file.-
--recreate-lock-fileRecreate the flake's lock file from scratch.
DEPRECATED
Use
nix flake updateinstead. --reference-lock-fileflake-lock-path Read the given lock file instead offlake.lockwithin the top-level flake.-
--update-inputinput-pathUpdate a specific flake input (ignoring its previous entry in the lock file).
DEPRECATED
Use
nix flake updateinstead.
Logging-related options
--debugSet the logging verbosity level to ‘debug'.--log-formatformat Set the format of log output; one ofraw,internal-json,barorbar-with-logs.--print-build-logs/-LPrint full build logs on standard error.--quietDecrease the logging verbosity level.--verbose/-vIncrease the logging verbosity level.
Miscellaneous global options
--helpShow usage information.--offlineDisable substituters and consider all previously downloaded files up-to-date.--optionname value Set the Nix configuration setting name to value (overridingnix.conf).--refreshConsider all previously downloaded files out-of-date.--repairDuring evaluation, rewrite missing or corrupted files in the Nix store. During building, rebuild missing or corrupted store paths.--versionShow version information.
Options that change the interpretation of installables
--allApply the operation to every store path.--derivationOperate on the store derivation rather than its outputs.--exprexpr Interpret installables as attribute paths relative to the Nix expression expr.--file/-ffile Interpret installables as attribute paths relative to the Nix expression stored in file. If file is the character -, then a Nix expression will be read from standard input. Implies--impure.--recursive/-rApply operation to closure of the specified paths. Note Seeman nix.conffor overriding configuration settings with command line flags.