Provided by: nix-bin_2.26.3+dfsg-1ubuntu4_amd64 
Name
nix store verify - verify the integrity of store paths
Synopsis
nix store verify [option…] installables…
Examples
• Verify the entire Nix store:
# nix store verify --all
• Check whether each path in the closure of Firefox has at least 2 signatures:
# nix store verify --recursive --sigs-needed 2 --no-contents $(type -p firefox)
• Verify a store path in the binary cache https://cache.nixos.org/:
# nix store verify --store https://cache.nixos.org/ \
/nix/store/v5sv61sszx301i0x6xysaqzla09nksnd-hello-2.10
Description
This command verifies the integrity of the store paths installables, or, if --all is given, the entire
Nix store. For each path, it checks that
• its contents match the NAR hash recorded in the Nix database; and
• it is trusted, that is, it is signed by at least one trusted signing key, is content-addressed, or is
built locally (“ultimately trusted”).
Exit status
The exit status of this command is the sum of the following values:
• 1 if any path is corrupted (i.e. its contents don’t match the recorded NAR hash).
• 2 if any path is untrusted.
• 4 if any path couldn’t be verified for any other reason (such as an I/O error).
Options
• --no-contents
Do not verify the contents of each store path.
• --no-trust
Do not verify whether each store path is trusted.
• --sigs-needed / -n n
Require that each path is signed by at least n different keys.
• --stdin
Read installables from the standard input. No default installable applied.
• --substituter / -s store-uri
Use signatures from the specified store.
Common evaluation options
• --arg name expr
Pass the value expr as the argument name to Nix functions.
• --arg-from-file name path
Pass the contents of file path as the argument name to Nix functions.
• --arg-from-stdin name
Pass the contents of stdin as the argument name to Nix functions.
• --argstr name string
Pass the string string as the argument name to Nix functions.
• --debugger
Start an interactive environment if evaluation fails.
• --eval-store store-url
The URL of the Nix store to use for evaluation, i.e. to store derivations (.drv files) and inputs
referenced by them.
• --impure
Allow access to mutable paths and repositories.
• --include / -I path
Add path to search path entries used to resolve lookup paths
This option may be given multiple times.
Paths added through -I take precedence over the nix-path configuration setting and the NIX_PATH
environment variable.
• --override-flake original-ref resolved-ref
Override the flake registries, redirecting original-ref to resolved-ref.
Common flake-related options
• --commit-lock-file
Commit changes to the flake’s lock file.
• --inputs-from flake-url
Use the inputs of the specified flake as registry entries.
• --no-registries
Don’t allow lookups in the flake registries.
DEPRECATED
Use --no-use-registries instead.
• --no-update-lock-file
Do not allow any updates to the flake’s lock file.
• --no-write-lock-file
Do not write the flake’s newly generated lock file.
• --output-lock-file flake-lock-path
Write the given lock file instead of flake.lock within the top-level flake.
• --override-input input-path flake-url
Override a specific flake input (e.g. dwarffs/nixpkgs). This implies --no-write-lock-file.
• --recreate-lock-file
Recreate the flake’s lock file from scratch.
DEPRECATED
Use nix flake update instead.
• --reference-lock-file flake-lock-path
Read the given lock file instead of flake.lock within the top-level flake.
• --update-input input-path
Update a specific flake input (ignoring its previous entry in the lock file).
DEPRECATED
Use nix flake update instead.
Logging-related options
• --debug
Set the logging verbosity level to ‘debug’.
• --log-format format
Set the format of log output; one of raw, internal-json, bar or bar-with-logs.
• --print-build-logs / -L
Print full build logs on standard error.
• --quiet
Decrease the logging verbosity level.
• --verbose / -v
Increase the logging verbosity level.
Miscellaneous global options
• --help
Show usage information.
• --offline
Disable substituters and consider all previously downloaded files up-to-date.
• --option name value
Set the Nix configuration setting name to value (overriding nix.conf).
• --refresh
Consider all previously downloaded files out-of-date.
• --repair
During evaluation, rewrite missing or corrupted files in the Nix store. During building, rebuild
missing or corrupted store paths.
• --version
Show version information.
Options that change the interpretation of installables
• --all
Apply the operation to every store path.
• --derivation
Operate on the store derivation rather than its outputs.
• --expr expr
Interpret installables as attribute paths relative to the Nix expression expr.
• --file / -f file
Interpret installables as attribute paths relative to the Nix expression stored in file. If file is
the character -, then a Nix expression will be read from standard input. Implies --impure.
• --recursive / -r
Apply operation to closure of the specified paths.
Note
See man nix.conf for overriding configuration settings with command line flags.
nix3-store-verify(1)