1
0
Fork 0
mirror of https://github.com/NixOS/nix synced 2025-07-07 18:31:49 +02:00

signed-binary-caches -> require-sigs

Unlike signed-binary-caches (which could only be '*' or ''),
require-sigs is a proper Boolean option. The default is true.
This commit is contained in:
Eelco Dolstra 2017-11-20 17:44:07 +01:00
parent d0b88db441
commit 91a1987607
No known key found for this signature in database
GPG key ID: 8170B4726D7198DE
5 changed files with 25 additions and 17 deletions

View file

@ -402,12 +402,15 @@ false</literal>.</para>
</varlistentry>
<varlistentry><term><literal>signed-binary-caches</literal></term>
<varlistentry><term><literal>require-sigs</literal></term>
<listitem><para>If set to <literal>*</literal> (the default), Nix
will only download binaries if they are signed using one of the
keys listed in <option>trusted-public-keys</option>. Set to
the empty string to disable signature checking.</para></listitem>
<listitem><para>If set to <literal>true</literal> (the default),
any non-content-addressed path added or copied to the Nix store
(e.g. when substituting from a binary cache) must have a valid
signature, that is, be signed using one of the keys listed in
<option>trusted-public-keys</option>. Set to
<literal>false</literal> to disable signature
checking.</para></listitem>
</varlistentry>