pushing a storepath with changed signature does not add signature

[ajs124]

1. push a storepath, with some signature
2. add another signature with nix store sign, with another key
3. push path again
4. signature in cache remains the same

[zhaofengli]

push a storepath, with some signature

I should clarify that client-supplied signatures currently have no effect, and .narinfos only contain signatures generated on-the-fly using server-managed keys. The current implementation focuses on letting users upload paths without access to the signing keys, using time-limited tokens that can be replaced without causing disruption to users who only download.

The client-supplied signatures are, however, saved in the database so we can support client-managed signing later, with integration in the attic client to make things seamless.

[ajs124]

Ah, so when a cache is created, a private key is created and used to sign? Is that documented and I just missed it or is that not mentioned in the documentation.

That seems like a valid approach, I just assumed it worked otherwise, for some reason.