.\" -*- mode: troff; coding: utf-8 -*-
.TH "nix3-store-verify" "1" ""
.RS
.PP
\fBWarning\fR 
.br
This program is
.UR @docroot@/development/experimental-features.md#xp-feature-nix-command
\fBexperimental\fR
.UE
and its interface is subject to change.
.RE
.SH Name
.LP
\f(CRnix store verify\fR - verify the integrity of store paths
.SH Synopsis
.LP
\f(CRnix store verify\fR [\fIoption\fR\[u2026]] \fIinstallables\fR\[u2026]
.SH Examples
.IP "\(bu" 3
Verify the entire Nix store:
.LP
.EX
# nix store verify --all
.EE
.IP "\(bu" 3
Check whether each path in the closure of Firefox has at least 2
signatures:
.LP
.EX
# nix store verify --recursive --sigs-needed 2 --no-contents $(type -p firefox)
.EE
.IP "\(bu" 3
Verify a store path in the binary cache \f(CRhttps://cache.nixos.org/\fR:
.LP
.EX
# nix store verify --store https://cache.nixos.org/ \e
  /nix/store/v5sv61sszx301i0x6xysaqzla09nksnd-hello-2.10
.EE
.SH Description
.LP
This command verifies the integrity of the store paths \c
.UR ./nix.md#installables
\fIinstallables\fR
.UE \c
,
or, if \f(CR--all\fR is given, the entire Nix store. For each path, it
checks that
.IP "\(bu" 3
its contents match the NAR hash recorded in the Nix database; and
.IP "\(bu" 3
it is \fItrusted\fR, that is, it is signed by at least one trusted
signing key, is content-addressed, or is built locally (\(lqultimately
trusted\(rq).
.SH Exit status
.LP
The exit status of this command is the sum of the following values:
.IP "\(bu" 3
\fB1\fR if any path is corrupted (i.e. its contents don\(cqt match the
recorded NAR hash).
.IP "\(bu" 3
\fB2\fR if any path is untrusted.
.IP "\(bu" 3
\fB4\fR if any path couldn\(cqt be verified for any other reason (such as
an I/O error).
.SH Options
.IP "\(bu" 3
.UR #opt-no-contents
\f(CR--no-contents\fR
.UE
.IP
Do not verify the contents of each store path.
.IP "\(bu" 3
.UR #opt-no-trust
\f(CR--no-trust\fR
.UE
.IP
Do not verify whether each store path is trusted.
.IP "\(bu" 3
.UR #opt-sigs-needed
\f(CR--sigs-needed\fR
.UE
/ \f(CR-n\fR \fIn\fR
.IP
Require that each path is signed by at least \fIn\fR different keys.
.IP "\(bu" 3
.UR #opt-stdin
\f(CR--stdin\fR
.UE
.IP
Read installables from the standard input. No default installable applied.
.IP "\(bu" 3
.UR #opt-substituter
\f(CR--substituter\fR
.UE
/ \f(CR-s\fR \fIstore-uri\fR
.IP
Use signatures from the specified store.
.SS
Common evaluation options
.IP "\(bu" 3
.UR #opt-arg
\f(CR--arg\fR
.UE
\fIname\fR \fIexpr\fR
.IP
Pass the value \fIexpr\fR as the argument \fIname\fR to Nix functions.
.IP "\(bu" 3
.UR #opt-arg-from-file
\f(CR--arg-from-file\fR
.UE
\fIname\fR \fIpath\fR
.IP
Pass the contents of file \fIpath\fR as the argument \fIname\fR to Nix functions.
.IP "\(bu" 3
.UR #opt-arg-from-stdin
\f(CR--arg-from-stdin\fR
.UE
\fIname\fR
.IP
Pass the contents of stdin as the argument \fIname\fR to Nix functions.
.IP "\(bu" 3
.UR #opt-argstr
\f(CR--argstr\fR
.UE
\fIname\fR \fIstring\fR
.IP
Pass the string \fIstring\fR as the argument \fIname\fR to Nix functions.
.IP "\(bu" 3
.UR #opt-debugger
\f(CR--debugger\fR
.UE
.IP
Start an interactive environment if evaluation fails.
.IP "\(bu" 3
.UR #opt-eval-store
\f(CR--eval-store\fR
.UE
\fIstore-url\fR
.IP
The \c
.UR @docroot@/store/types/index.md#store-url-format
URL of the Nix store
.UE
to use for evaluation, i.e. to store derivations (\f(CR.drv\fR files) and inputs referenced by them.
.IP "\(bu" 3
.UR #opt-impure
\f(CR--impure\fR
.UE
.IP
Allow access to mutable paths and repositories.
.IP "\(bu" 3
.UR #opt-include
\f(CR--include\fR
.UE
/ \f(CR-I\fR \fIpath\fR
.IP
Add \fIpath\fR to search path entries used to resolve \c
.UR @docroot@/language/constructs/lookup-path.md
lookup paths
.UE
.IP
This option may be given multiple times.
.IP
Paths added through \f(CR-I\fR take precedence over the \c
.UR @docroot@/command-ref/conf-file.md#conf-nix-path
\f(CRnix-path\fR configuration setting
.UE
and the \c
.UR @docroot@/command-ref/env-common.md#env-NIX_PATH
\f(CRNIX_PATH\fR environment variable
.UE \c
\&.
.IP "\(bu" 3
.UR #opt-override-flake
\f(CR--override-flake\fR
.UE
\fIoriginal-ref\fR \fIresolved-ref\fR
.IP
Override the flake registries, redirecting \fIoriginal-ref\fR to \fIresolved-ref\fR.
.SS
Common flake-related options
.IP "\(bu" 3
.UR #opt-commit-lock-file
\f(CR--commit-lock-file\fR
.UE
.IP
Commit changes to the flake\(cqs lock file.
.IP "\(bu" 3
.UR #opt-inputs-from
\f(CR--inputs-from\fR
.UE
\fIflake-url\fR
.IP
Use the inputs of the specified flake as registry entries.
.IP "\(bu" 3
.UR #opt-no-registries
\f(CR--no-registries\fR
.UE
.IP
Don\(cqt allow lookups in the flake registries.
.RS
.IP
\fBDEPRECATED\fR
.IP
Use \c
.UR @docroot@/command-ref/conf-file.md#conf-use-registries
\f(CR--no-use-registries\fR
.UE
instead.
.RE
.IP "\(bu" 3
.UR #opt-no-update-lock-file
\f(CR--no-update-lock-file\fR
.UE
.IP
Do not allow any updates to the flake\(cqs lock file.
.IP "\(bu" 3
.UR #opt-no-write-lock-file
\f(CR--no-write-lock-file\fR
.UE
.IP
Do not write the flake\(cqs newly generated lock file.
.IP "\(bu" 3
.UR #opt-output-lock-file
\f(CR--output-lock-file\fR
.UE
\fIflake-lock-path\fR
.IP
Write the given lock file instead of \f(CRflake.lock\fR within the top-level flake.
.IP "\(bu" 3
.UR #opt-override-input
\f(CR--override-input\fR
.UE
\fIinput-path\fR \fIflake-url\fR
.IP
Override a specific flake input (e.g. \f(CRdwarffs/nixpkgs\fR). This implies \f(CR--no-write-lock-file\fR.
.IP "\(bu" 3
.UR #opt-recreate-lock-file
\f(CR--recreate-lock-file\fR
.UE
.IP
Recreate the flake\(cqs lock file from scratch.
.RS
.IP
\fBDEPRECATED\fR
.IP
Use \c
.UR @docroot@/command-ref/new-cli/nix3-flake-update.md
\f(CRnix flake update\fR
.UE
instead.
.RE
.IP "\(bu" 3
.UR #opt-reference-lock-file
\f(CR--reference-lock-file\fR
.UE
\fIflake-lock-path\fR
.IP
Read the given lock file instead of \f(CRflake.lock\fR within the top-level flake.
.IP "\(bu" 3
.UR #opt-update-input
\f(CR--update-input\fR
.UE
\fIinput-path\fR
.IP
Update a specific flake input (ignoring its previous entry in the lock file).
.RS
.IP
\fBDEPRECATED\fR
.IP
Use \c
.UR @docroot@/command-ref/new-cli/nix3-flake-update.md
\f(CRnix flake update\fR
.UE
instead.
.RE
.SS
Logging-related options
.IP "\(bu" 3
.UR #opt-debug
\f(CR--debug\fR
.UE
.IP
Set the logging verbosity level to \(oqdebug\(cq.
.IP "\(bu" 3
.UR #opt-log-format
\f(CR--log-format\fR
.UE
\fIformat\fR
.IP
Set the format of log output; one of \f(CRraw\fR, \f(CRinternal-json\fR, \f(CRbar\fR or \f(CRbar-with-logs\fR.
.IP "\(bu" 3
.UR #opt-print-build-logs
\f(CR--print-build-logs\fR
.UE
/ \f(CR-L\fR
.IP
Print full build logs on standard error.
.IP "\(bu" 3
.UR #opt-quiet
\f(CR--quiet\fR
.UE
.IP
Decrease the logging verbosity level.
.IP "\(bu" 3
.UR #opt-verbose
\f(CR--verbose\fR
.UE
/ \f(CR-v\fR
.IP
Increase the logging verbosity level.
.SS
Miscellaneous global options
.IP "\(bu" 3
.UR #opt-help
\f(CR--help\fR
.UE
.IP
Show usage information.
.IP "\(bu" 3
.UR #opt-offline
\f(CR--offline\fR
.UE
.IP
Disable substituters and consider all previously downloaded files up-to-date.
.IP "\(bu" 3
.UR #opt-option
\f(CR--option\fR
.UE
\fIname\fR \fIvalue\fR
.IP
Set the Nix configuration setting \fIname\fR to \fIvalue\fR (overriding \f(CRnix.conf\fR).
.IP "\(bu" 3
.UR #opt-refresh
\f(CR--refresh\fR
.UE
.IP
Consider all previously downloaded files out-of-date.
.IP "\(bu" 3
.UR #opt-repair
\f(CR--repair\fR
.UE
.IP
During evaluation, rewrite missing or corrupted files in the Nix store. During building, rebuild missing or corrupted store paths.
.IP "\(bu" 3
.UR #opt-version
\f(CR--version\fR
.UE
.IP
Show version information.
.SS
Options that change the interpretation of \fBinstallables\fR
.IP "\(bu" 3
.UR #opt-all
\f(CR--all\fR
.UE
.IP
Apply the operation to every store path.
.IP "\(bu" 3
.UR #opt-derivation
\f(CR--derivation\fR
.UE
.IP
Operate on the \c
.UR @docroot@/glossary.md#gloss-store-derivation
store derivation
.UE
rather than its outputs.
.IP "\(bu" 3
.UR #opt-expr
\f(CR--expr\fR
.UE
\fIexpr\fR
.IP
Interpret \c
.UR @docroot@/command-ref/new-cli/nix.md#installables
\fIinstallables\fR
.UE
as attribute paths relative to the Nix expression \fIexpr\fR.
.IP "\(bu" 3
.UR #opt-file
\f(CR--file\fR
.UE
/ \f(CR-f\fR \fIfile\fR
.IP
Interpret \c
.UR @docroot@/command-ref/new-cli/nix.md#installables
\fIinstallables\fR
.UE
as attribute paths relative to the Nix expression stored in \fIfile\fR. If \fIfile\fR is the character -, then a Nix expression will be read from standard input. Implies \f(CR--impure\fR.
.IP "\(bu" 3
.UR #opt-recursive
\f(CR--recursive\fR
.UE
/ \f(CR-r\fR
.IP
Apply operation to closure of the specified paths.
.RS
.LP
\fBNote\fR
.PP
See \c
.UR @docroot@/command-ref/conf-file.md#command-line-flags
\f(CRman nix.conf\fR
.UE
for overriding configuration settings with command line flags.
.RE