From 91a19876073a2ed8fef2139fba906cfac1e96f83 Mon Sep 17 00:00:00 2001
From: Eelco Dolstra <edolstra@gmail.com>
Date: Mon, 20 Nov 2017 17:44:07 +0100
Subject: signed-binary-caches -> require-sigs

Unlike signed-binary-caches (which could only be '*' or ''),
require-sigs is a proper Boolean option. The default is true.
---
 src/libstore/globals.hh     | 5 +++++
 src/libstore/local-store.hh | 2 +-
 2 files changed, 6 insertions(+), 1 deletion(-)

(limited to 'src/libstore')

diff --git a/src/libstore/globals.hh b/src/libstore/globals.hh
index 70c01bb32665..5c857cbb6a9c 100644
--- a/src/libstore/globals.hh
+++ b/src/libstore/globals.hh
@@ -281,6 +281,11 @@ public:
     Setting<std::string> signedBinaryCaches{this, "*", "signed-binary-caches",
         "Obsolete."};
 
+    Setting<bool> requireSigs{this, signedBinaryCaches == "*", "require-sigs",
+        "Whether to check that any non-content-addressed path added to the "
+        "Nix store has a valid signature (that is, one signed using a key "
+        "listed in 'trusted-public-keys'."};
+
     Setting<Strings> substituters{this,
         nixStore == "/nix/store" ? Strings{"https://cache.nixos.org/"} : Strings(),
         "substituters",
diff --git a/src/libstore/local-store.hh b/src/libstore/local-store.hh
index 0a3841133e5d..d35cd1a949eb 100644
--- a/src/libstore/local-store.hh
+++ b/src/libstore/local-store.hh
@@ -97,7 +97,7 @@ public:
 private:
 
     Setting<bool> requireSigs{(Store*) this,
-        settings.signedBinaryCaches != "", // FIXME
+        settings.requireSigs,
         "require-sigs", "whether store paths should have a trusted signature on import"};
 
     PublicKeys publicKeys;
-- 
cgit 1.4.1