From 91a19876073a2ed8fef2139fba906cfac1e96f83 Mon Sep 17 00:00:00 2001 From: Eelco Dolstra Date: Mon, 20 Nov 2017 17:44:07 +0100 Subject: signed-binary-caches -> require-sigs Unlike signed-binary-caches (which could only be '*' or ''), require-sigs is a proper Boolean option. The default is true. --- src/libstore/globals.hh | 5 +++++ src/libstore/local-store.hh | 2 +- 2 files changed, 6 insertions(+), 1 deletion(-) (limited to 'src') diff --git a/src/libstore/globals.hh b/src/libstore/globals.hh index 70c01bb32665..5c857cbb6a9c 100644 --- a/src/libstore/globals.hh +++ b/src/libstore/globals.hh @@ -281,6 +281,11 @@ public: Setting signedBinaryCaches{this, "*", "signed-binary-caches", "Obsolete."}; + Setting requireSigs{this, signedBinaryCaches == "*", "require-sigs", + "Whether to check that any non-content-addressed path added to the " + "Nix store has a valid signature (that is, one signed using a key " + "listed in 'trusted-public-keys'."}; + Setting substituters{this, nixStore == "/nix/store" ? Strings{"https://cache.nixos.org/"} : Strings(), "substituters", diff --git a/src/libstore/local-store.hh b/src/libstore/local-store.hh index 0a3841133e5d..d35cd1a949eb 100644 --- a/src/libstore/local-store.hh +++ b/src/libstore/local-store.hh @@ -97,7 +97,7 @@ public: private: Setting requireSigs{(Store*) this, - settings.signedBinaryCaches != "", // FIXME + settings.requireSigs, "require-sigs", "whether store paths should have a trusted signature on import"}; PublicKeys publicKeys; -- cgit 1.4.1