doc: More on what's special about the archive format.
* doc/guix.texi (Invoking guix archive): Expound on what sets the Nar format apart.
This commit is contained in:
Ludovic Courtès
parent
96c7448f37
commit
0dbd88db39
|
|
@ -1095,11 +1095,19 @@ the target machine's store. The @code{--missing} option can help figure
|
||||||
out which items are missing from the target's store.
|
out which items are missing from the target's store.
|
||||||
|
|
||||||
Archives are stored in the ``Nix archive'' or ``Nar'' format, which is
|
Archives are stored in the ``Nix archive'' or ``Nar'' format, which is
|
||||||
comparable in spirit to `tar'. When exporting, the daemon digitally
|
comparable in spirit to `tar', but with a few noteworthy differences
|
||||||
signs the contents of the archive, and that digital signature is
|
that make it more appropriate for our purposes. First, rather than
|
||||||
appended. When importing, the daemon verifies the signature and rejects
|
recording all Unix meta-data for each file, the Nar format only mentions
|
||||||
the import in case of an invalid signature or if the signing key is not
|
the file type (regular, directory, or symbolic link); Unix permissions
|
||||||
authorized.
|
and owner/group are dismissed. Second, the order in which directory
|
||||||
|
entries are stored always follows the order of file names according to
|
||||||
|
the C locale collation order. This makes archive production fully
|
||||||
|
deterministic.
|
||||||
|
|
||||||
|
When exporting, the daemon digitally signs the contents of the archive,
|
||||||
|
and that digital signature is appended. When importing, the daemon
|
||||||
|
verifies the signature and rejects the import in case of an invalid
|
||||||
|
signature or if the signing key is not authorized.
|
||||||
@c FIXME: Add xref to daemon doc about signatures.
|
@c FIXME: Add xref to daemon doc about signatures.
|
||||||
|
|
||||||
The main options are:
|
The main options are:
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue