diff options
author | Eelco Dolstra <edolstra@gmail.com> | 2017-11-20T16·44+0100 |
---|---|---|
committer | Eelco Dolstra <edolstra@gmail.com> | 2017-11-20T16·44+0100 |
commit | 91a19876073a2ed8fef2139fba906cfac1e96f83 (patch) | |
tree | 6f1bd48a8127d19a20d5b877c946f2a49d985f63 /doc | |
parent | d0b88db44138c6348bb8ed587286f6016ea11f4a (diff) |
signed-binary-caches -> require-sigs
Unlike signed-binary-caches (which could only be '*' or ''), require-sigs is a proper Boolean option. The default is true.
Diffstat (limited to 'doc')
-rw-r--r-- | doc/manual/command-ref/conf-file.xml | 13 |
1 files changed, 8 insertions, 5 deletions
diff --git a/doc/manual/command-ref/conf-file.xml b/doc/manual/command-ref/conf-file.xml index a28f70899141..c3a9cc56063a 100644 --- a/doc/manual/command-ref/conf-file.xml +++ b/doc/manual/command-ref/conf-file.xml @@ -402,12 +402,15 @@ false</literal>.</para> </varlistentry> - <varlistentry><term><literal>signed-binary-caches</literal></term> + <varlistentry><term><literal>require-sigs</literal></term> - <listitem><para>If set to <literal>*</literal> (the default), Nix - will only download binaries if they are signed using one of the - keys listed in <option>trusted-public-keys</option>. Set to - the empty string to disable signature checking.</para></listitem> + <listitem><para>If set to <literal>true</literal> (the default), + any non-content-addressed path added or copied to the Nix store + (e.g. when substituting from a binary cache) must have a valid + signature, that is, be signed using one of the keys listed in + <option>trusted-public-keys</option>. Set to + <literal>false</literal> to disable signature + checking.</para></listitem> </varlistentry> |