signed-binary-caches -> require-sigs

Unlike signed-binary-caches (which could only be '*' or ''), require-sigs is a proper Boolean option. The default is true.
author: Eelco Dolstra <edolstra@gmail.com> 2017-11-20T16·44+0100
committer: Eelco Dolstra <edolstra@gmail.com> 2017-11-20T16·44+0100
commit: 91a19876073a2ed8fef2139fba906cfac1e96f83 (patch)
tree: 6f1bd48a8127d19a20d5b877c946f2a49d985f63 /doc/manual/command-ref
parent: d0b88db44138c6348bb8ed587286f6016ea11f4a (diff)
1 files changed, 8 insertions, 5 deletions
diff --git a/doc/manual/command-ref/conf-file.xml b/doc/manual/command-ref/conf-file.xml
index a28f70899141..c3a9cc56063a 100644
--- a/doc/manual/command-ref/conf-file.xml
+++ b/doc/manual/command-ref/conf-file.xml
@@ -402,12 +402,15 @@ false</literal>.</para>
   </varlistentry>
 
 
-  <varlistentry><term><literal>signed-binary-caches</literal></term>
+  <varlistentry><term><literal>require-sigs</literal></term>
 
-    <listitem><para>If set to <literal>*</literal> (the default), Nix
-    will only download binaries if they are signed using one of the
-    keys listed in <option>trusted-public-keys</option>. Set to
-    the empty string to disable signature checking.</para></listitem>
+    <listitem><para>If set to <literal>true</literal> (the default),
+    any non-content-addressed path added or copied to the Nix store
+    (e.g. when substituting from a binary cache) must have a valid
+    signature, that is, be signed using one of the keys listed in
+    <option>trusted-public-keys</option>. Set to
+    <literal>false</literal> to disable signature
+    checking.</para></listitem>
 
   </varlistentry>
author	Eelco Dolstra <edolstra@gmail.com>	2017-11-20T16·44+0100
committer	Eelco Dolstra <edolstra@gmail.com>	2017-11-20T16·44+0100
commit	91a19876073a2ed8fef2139fba906cfac1e96f83 (patch)
tree	6f1bd48a8127d19a20d5b877c946f2a49d985f63 /doc/manual/command-ref
parent	d0b88db44138c6348bb8ed587286f6016ea11f4a (diff)