Add option binary-cache-secret-key-file for signing binary caches

doc/manual/command-ref/conf-file.xml

@@ -421,6 +421,16 @@ flag, e.g. <literal>--option gc-keep-outputs false</literal>.</para>
   </varlistentry>
 
 
+  <varlistentry><term><literal>binary-cache-secret-key-file</literal></term>
+
+    <listitem><para>Path of the file containing the secret key to be
+    used for signing binary caches. This file can be generated using
+    <command>nix-store
+    --generate-binary-cache-key</command>.</para></listitem>
+
+  </varlistentry>
+
+
   <varlistentry><term><literal>binary-caches-parallel-connections</literal></term>
 
     <listitem><para>The maximum number of parallel HTTP connections

src/libstore/http-binary-cache-store.cc

@@ -1,5 +1,6 @@
 #include "binary-cache-store.hh"
 #include "download.hh"
+#include "globals.hh"
 
 namespace nix {
 
@@ -65,7 +66,7 @@ static RegisterStoreImplementation regStore([](const std::string & uri) -> std::
     if (std::string(uri, 0, 7) != "http://" &&
         std::string(uri, 0, 8) != "https://") return 0;
     auto store = std::make_shared<HttpBinaryCacheStore>(std::shared_ptr<Store>(0),
-        "", // FIXME: allow the signing key to be set
+        settings.get("binary-cache-secret-key-file", string("")),
         uri);
     store->init();
     return store;

src/libstore/local-binary-cache-store.cc

@@ -1,4 +1,5 @@
 #include "binary-cache-store.hh"
+#include "globals.hh"
 
 namespace nix {
 
@@ -75,7 +76,7 @@ ref<Store> openLocalBinaryCacheStore(std::shared_ptr<Store> localStore,
 static RegisterStoreImplementation regStore([](const std::string & uri) -> std::shared_ptr<Store> {
     if (std::string(uri, 0, 7) != "file://") return 0;
     return openLocalBinaryCacheStore(std::shared_ptr<Store>(0),
-        "", // FIXME: allow the signing key to be set
+        settings.get("binary-cache-secret-key-file", string("")),
         std::string(uri, 7));
 });