mirror of
https://github.com/NixOS/nix
synced 2025-07-07 18:31:49 +02:00
signed-binary-caches -> require-sigs
Unlike signed-binary-caches (which could only be '*' or ''), require-sigs is a proper Boolean option. The default is true.
This commit is contained in:
parent
d0b88db441
commit
91a1987607
5 changed files with 25 additions and 17 deletions
|
@ -402,12 +402,15 @@ false</literal>.</para>
|
|||
</varlistentry>
|
||||
|
||||
|
||||
<varlistentry><term><literal>signed-binary-caches</literal></term>
|
||||
<varlistentry><term><literal>require-sigs</literal></term>
|
||||
|
||||
<listitem><para>If set to <literal>*</literal> (the default), Nix
|
||||
will only download binaries if they are signed using one of the
|
||||
keys listed in <option>trusted-public-keys</option>. Set to
|
||||
the empty string to disable signature checking.</para></listitem>
|
||||
<listitem><para>If set to <literal>true</literal> (the default),
|
||||
any non-content-addressed path added or copied to the Nix store
|
||||
(e.g. when substituting from a binary cache) must have a valid
|
||||
signature, that is, be signed using one of the keys listed in
|
||||
<option>trusted-public-keys</option>. Set to
|
||||
<literal>false</literal> to disable signature
|
||||
checking.</para></listitem>
|
||||
|
||||
</varlistentry>
|
||||
|
||||
|
|
Loading…
Add table
Add a link
Reference in a new issue