From ed75f617d677f99bd068df1422daed5640a11152 Mon Sep 17 00:00:00 2001
From: Jean-Paul Calderone <exarkun@twistedmatrix.com>
Date: Wed, 20 Nov 2019 14:27:40 -0500
Subject: [PATCH] Pass around the Ristretto signing key *path*
The new version of PaymentServer has incompatible changes that require this.
---
morph/issuer.nix | 3 +--
nixos/modules/issuer.nix | 10 +++++-----
2 files changed, 6 insertions(+), 7 deletions(-)
diff --git a/morph/issuer.nix b/morph/issuer.nix
index 57ffd009..fe448699 100644
--- a/morph/issuer.nix
+++ b/morph/issuer.nix
@@ -26,8 +26,7 @@
services.private-storage-issuer = {
enable = true;
- # XXX This should be passed as a path.
- ristrettoSigningKey = builtins.readFile (./.. + ristrettoSigningKeyPath);
+ ristrettoSigningKeyPath = ./.. + ristrettoSigningKeyPath;
stripeSecretKeyPath = ./.. + stripeSecretKeyPath;
database = "SQLite3";
databasePath = "/var/db/vouchers.sqlite3";
diff --git a/nixos/modules/issuer.nix b/nixos/modules/issuer.nix
index b22cb07f..dbe75132 100644
--- a/nixos/modules/issuer.nix
+++ b/nixos/modules/issuer.nix
@@ -41,12 +41,12 @@ in {
algorithm or Ristretto for Ristretto-flavored PrivacyPass.
'';
};
- services.private-storage-issuer.ristrettoSigningKey = lib.mkOption {
+ services.private-storage-issuer.ristrettoSigningKeyPath = lib.mkOption {
default = null;
- type = lib.types.str;
+ type = lib.types.path;
description = ''
- The Ristretto signing key to use. Required if the issuer is
- ``Ristretto``.
+ The path to a file containing the Ristretto signing key to use.
+ Required if the issuer is ``Ristretto``.
'';
};
services.private-storage-issuer.stripeSecretKeyPath = lib.mkOption {
@@ -116,7 +116,7 @@ in {
issuerArgs =
if cfg.issuer == "Trivial"
then "--issuer Trivial"
- else "--issuer Ristretto --signing-key ${cfg.ristrettoSigningKey}";
+ else "--issuer Ristretto --signing-key-path ${cfg.ristrettoSigningKeyPath}";
databaseArgs =
if cfg.database == "Memory"
then "--database Memory"
--
GitLab