diff options
author | Eelco Dolstra <edolstra@gmail.com> | 2017-11-20T16·44+0100 |
---|---|---|
committer | Eelco Dolstra <edolstra@gmail.com> | 2017-11-20T16·44+0100 |
commit | 91a19876073a2ed8fef2139fba906cfac1e96f83 (patch) | |
tree | 6f1bd48a8127d19a20d5b877c946f2a49d985f63 /src/libstore | |
parent | d0b88db44138c6348bb8ed587286f6016ea11f4a (diff) |
signed-binary-caches -> require-sigs
Unlike signed-binary-caches (which could only be '*' or ''), require-sigs is a proper Boolean option. The default is true.
Diffstat (limited to 'src/libstore')
-rw-r--r-- | src/libstore/globals.hh | 5 | ||||
-rw-r--r-- | src/libstore/local-store.hh | 2 |
2 files changed, 6 insertions, 1 deletions
diff --git a/src/libstore/globals.hh b/src/libstore/globals.hh index 70c01bb32665..5c857cbb6a9c 100644 --- a/src/libstore/globals.hh +++ b/src/libstore/globals.hh @@ -281,6 +281,11 @@ public: Setting<std::string> signedBinaryCaches{this, "*", "signed-binary-caches", "Obsolete."}; + Setting<bool> requireSigs{this, signedBinaryCaches == "*", "require-sigs", + "Whether to check that any non-content-addressed path added to the " + "Nix store has a valid signature (that is, one signed using a key " + "listed in 'trusted-public-keys'."}; + Setting<Strings> substituters{this, nixStore == "/nix/store" ? Strings{"https://cache.nixos.org/"} : Strings(), "substituters", diff --git a/src/libstore/local-store.hh b/src/libstore/local-store.hh index 0a3841133e5d..d35cd1a949eb 100644 --- a/src/libstore/local-store.hh +++ b/src/libstore/local-store.hh @@ -97,7 +97,7 @@ public: private: Setting<bool> requireSigs{(Store*) this, - settings.signedBinaryCaches != "", // FIXME + settings.requireSigs, "require-sigs", "whether store paths should have a trusted signature on import"}; PublicKeys publicKeys; |