aboutsummaryrefslogtreecommitdiff
path: root/doc/manual
diff options
context:
space:
mode:
authorEelco Dolstra <edolstra@gmail.com>2017-11-20 18:51:04 +0100
committerEelco Dolstra <edolstra@gmail.com>2017-11-20 18:51:04 +0100
commit8df60b4ea8fab5fd3571e55de95a4b956f0f6105 (patch)
tree198953a29f0d0ac7e4cdc2e2cd74a918e4faa6be /doc/manual
parent4cde04f476fa0f61680f8e53fe81cc70923689fc (diff)
Document secret-key-files
Diffstat (limited to 'doc/manual')
-rw-r--r--doc/manual/command-ref/conf-file.xml19
1 files changed, 16 insertions, 3 deletions
diff --git a/doc/manual/command-ref/conf-file.xml b/doc/manual/command-ref/conf-file.xml
index c3a9cc560..868cca1da 100644
--- a/doc/manual/command-ref/conf-file.xml
+++ b/doc/manual/command-ref/conf-file.xml
@@ -408,9 +408,9 @@ false</literal>.</para>
any non-content-addressed path added or copied to the Nix store
(e.g. when substituting from a binary cache) must have a valid
signature, that is, be signed using one of the keys listed in
- <option>trusted-public-keys</option>. Set to
- <literal>false</literal> to disable signature
- checking.</para></listitem>
+ <option>trusted-public-keys</option> or
+ <option>secret-key-files</option>. Set to <literal>false</literal>
+ to disable signature checking.</para></listitem>
</varlistentry>
@@ -426,6 +426,19 @@ false</literal>.</para>
</varlistentry>
+ <varlistentry><term><literal>secret-key-files</literal></term>
+
+ <listitem><para>A whitespace-separated list of files containing
+ secret (private) keys. These are used to sign locally-built
+ paths. They can be generated using <command>nix-store
+ --generate-binary-cache-key</command>. The corresponding public
+ key can be distributed to other users, who can add it to
+ <option>trusted-public-keys</option> in their
+ <filename>nix.conf</filename>.</para></listitem>
+
+ </varlistentry>
+
+
<varlistentry><term><literal>http-connections</literal></term>
<listitem><para>The maximum number of parallel TCP connections