Provided by: nix-bin_2.6.0+dfsg-3_amd64 bug

Name

       nix store verify - verify the integrity of store paths

Synopsis

       nix store verify [option…] installables

Examples

       • Verify the entire Nix store:

       # nix store verify --all

       • Check whether each path in the closure of Firefox has at least 2 signatures:

       # nix store verify -r -n2 --no-contents $(type -p firefox)

       • Verify a store path in the binary cache https://cache.nixos.org/:

       # nix store verify --store https://cache.nixos.org/ \
         /nix/store/v5sv61sszx301i0x6xysaqzla09nksnd-hello-2.10

Description

       This  command  verifies  the  integrity  of  the store paths installables, or, if --all is
       given, the entire Nix store. For each path, it checks that

       • its contents match the NAR hash recorded in the Nix database; and

       • it is trusted, that is, it is signed by at least one trusted signing  key,  is  content-
         addressed, or is built locally (“ultimately trusted”).

Exit status

       The exit status of this command is the sum of the following values:

       • 1 if any path is corrupted (i.e. its contents don’t match the recorded NAR hash).

       • 2 if any path is untrusted.

       • 4 if any path couldn’t be verified for any other reason (such as an I/O error).

Options

       • --no-contents
         Do not verify the contents of each store path.

       • --no-trust
         Do not verify whether each store path is trusted.

       • --sigs-needed / -n n
         Require that each path has at least n valid signatures.

       • --substituter / -s store-uri
         Use signatures from the specified store.

       Common evaluation options:

       • --arg name expr
         Pass the value expr as the argument name to Nix functions.

       • --argstr name string
         Pass the string string as the argument name to Nix functions.

       • --eval-store store-url
         The Nix store to use for evaluations.

       • --impure
         Allow access to mutable paths and repositories.

       • --include / -I path
         Add path to the list of locations used to look up <...> file names.

       • --override-flake original-ref resolved-ref
         Override the flake registries, redirecting original-ref to resolved-ref.

       Common flake-related options:

       • --commit-lock-file
         Commit changes to the flake’s lock file.

       • --inputs-from flake-url
         Use the inputs of the specified flake as registry entries.

       • --no-registries
         Don’t  allow  lookups  in the flake registries. This option is deprecated; use --no-use-
         registries.

       • --no-update-lock-file
         Do not allow any updates to the flake’s lock file.

       • --no-write-lock-file
         Do not write the flake’s newly generated lock file.

       • --override-input input-path flake-url
         Override a specific flake input (e.g. dwarffs/nixpkgs).  This  implies  --no-write-lock-
         file.

       • --recreate-lock-file
         Recreate the flake’s lock file from scratch.

       • --update-input input-path
         Update a specific flake input (ignoring its previous entry in the lock file).

       Options that change the interpretation of installables:

       • --all
         Apply the operation to every store path.

       • --derivation
         Operate on the store derivation rather than its outputs.

       • --expr expr
         Interpret installables as attribute paths relative to the Nix expression expr.

       • --file / -f file
         Interpret installables as attribute paths relative to the Nix expression stored in file.

       • --recursive / -r
         Apply operation to closure of the specified paths.

                                                                             nix3-store-verify(1)