Document setting up signed binary caches

author: Eelco Dolstra <eelco.dolstra@logicblox.com> 2015-06-01T15·14+0200
committer: Eelco Dolstra <eelco.dolstra@logicblox.com> 2015-06-01T15·14+0200
commit: 53dd97bb9d70d98f648d3888b806b4044ea45f4c (patch)
tree: 1f4816943cf3226807441308c889fca9f7a4a1a4 /doc/manual/command-ref/conf-file.xml
parent: b8b571cfc1c2d31f2dea7d2a0209ec400660bf13 (diff)
1 files changed, 20 insertions, 0 deletions
diff --git a/doc/manual/command-ref/conf-file.xml b/doc/manual/command-ref/conf-file.xml
index ec96f750ea8c..c947d19fa0e1 100644
--- a/doc/manual/command-ref/conf-file.xml
+++ b/doc/manual/command-ref/conf-file.xml
@@ -401,6 +401,26 @@ flag, e.g. <literal>--option gc-keep-outputs false</literal>.</para>
   </varlistentry>
 
 
+  <varlistentry><term><literal>signed-binary-caches</literal></term>
+
+    <listitem><para>If set to <literal>*</literal>, Nix will only
+    download binaries if they are signed using one of the keys listed
+    in <option>binary-cache-public-keys</option>.</para></listitem>
+
+  </varlistentry>
+
+
+  <varlistentry><term><literal>binary-cache-public-keys</literal></term>
+
+    <listitem><para>A whitespace-separated list of public keys
+    corresponding to the secret keys trusted to sign binary
+    caches. For example:
+    <literal>cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY=
+    hydra.nixos.org-1:CNHJZBh9K4tP3EKF6FkkgeVYsS3ohTl+oS0Qa8bezVs=</literal>.</para></listitem>
+
+  </varlistentry>
+
+
   <varlistentry><term><literal>binary-caches-parallel-connections</literal></term>
 
     <listitem><para>The maximum number of parallel HTTP connections
author	Eelco Dolstra <eelco.dolstra@logicblox.com>	2015-06-01T15·14+0200
committer	Eelco Dolstra <eelco.dolstra@logicblox.com>	2015-06-01T15·14+0200
commit	53dd97bb9d70d98f648d3888b806b4044ea45f4c (patch)
tree	1f4816943cf3226807441308c889fca9f7a4a1a4 /doc/manual/command-ref/conf-file.xml
parent	b8b571cfc1c2d31f2dea7d2a0209ec400660bf13 (diff)