about summary refs log tree commit diff
path: root/doc
diff options
context:
space:
mode:
authorEelco Dolstra <edolstra@gmail.com>2017-11-20T16·44+0100
committerEelco Dolstra <edolstra@gmail.com>2017-11-20T16·44+0100
commit91a19876073a2ed8fef2139fba906cfac1e96f83 (patch)
tree6f1bd48a8127d19a20d5b877c946f2a49d985f63 /doc
parentd0b88db44138c6348bb8ed587286f6016ea11f4a (diff)
signed-binary-caches -> require-sigs
Unlike signed-binary-caches (which could only be '*' or ''),
require-sigs is a proper Boolean option. The default is true.
Diffstat (limited to 'doc')
-rw-r--r--doc/manual/command-ref/conf-file.xml13
1 files changed, 8 insertions, 5 deletions
diff --git a/doc/manual/command-ref/conf-file.xml b/doc/manual/command-ref/conf-file.xml
index a28f70899141..c3a9cc56063a 100644
--- a/doc/manual/command-ref/conf-file.xml
+++ b/doc/manual/command-ref/conf-file.xml
@@ -402,12 +402,15 @@ false</literal>.</para>
   </varlistentry>
 
 
-  <varlistentry><term><literal>signed-binary-caches</literal></term>
+  <varlistentry><term><literal>require-sigs</literal></term>
 
-    <listitem><para>If set to <literal>*</literal> (the default), Nix
-    will only download binaries if they are signed using one of the
-    keys listed in <option>trusted-public-keys</option>. Set to
-    the empty string to disable signature checking.</para></listitem>
+    <listitem><para>If set to <literal>true</literal> (the default),
+    any non-content-addressed path added or copied to the Nix store
+    (e.g. when substituting from a binary cache) must have a valid
+    signature, that is, be signed using one of the keys listed in
+    <option>trusted-public-keys</option>. Set to
+    <literal>false</literal> to disable signature
+    checking.</para></listitem>
 
   </varlistentry>