diff options
| author | Robert Hensing <roberth@users.noreply.github.com> | 2023-06-23 13:08:46 +0200 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2023-06-23 13:08:46 +0200 |
| commit | fd4f03b8fdcb0f33552730c786139019e29f5dbe (patch) | |
| tree | 8a7f222bf7936ddd29bcd2cba6b18568858ac165 /src/libstore/globals.hh | |
| parent | 8350f06d6c319b250d006b195415b9b6e95d8ca1 (diff) | |
| parent | e91d19db5f827cec56e32fe9b7c07c8d2c546ce6 (diff) | |
Merge pull request #8519 from fricklerhandwerk/reword-trusted-users
reword documentation on trusted users and substituters
Diffstat (limited to 'src/libstore/globals.hh')
| -rw-r--r-- | src/libstore/globals.hh | 14 |
1 files changed, 6 insertions, 8 deletions
diff --git a/src/libstore/globals.hh b/src/libstore/globals.hh index b8dcf1f76..ec8625020 100644 --- a/src/libstore/globals.hh +++ b/src/libstore/globals.hh @@ -700,8 +700,8 @@ public: At least one of the following conditions must be met for Nix to use a substituter: - - the substituter is in the [`trusted-substituters`](#conf-trusted-substituters) list - - the user calling Nix is in the [`trusted-users`](#conf-trusted-users) list + - The substituter is in the [`trusted-substituters`](#conf-trusted-substituters) list + - The user calling Nix is in the [`trusted-users`](#conf-trusted-users) list In addition, each store path should be trusted as described in [`trusted-public-keys`](#conf-trusted-public-keys) )", @@ -710,12 +710,10 @@ public: Setting<StringSet> trustedSubstituters{ this, {}, "trusted-substituters", R"( - A list of [URLs of Nix stores](@docroot@/command-ref/new-cli/nix3-help-stores.md#store-url-format), - separated by whitespace. These are - not used by default, but can be enabled by users of the Nix daemon - by specifying `--option substituters urls` on the command - line. Unprivileged users are only allowed to pass a subset of the - URLs listed in `substituters` and `trusted-substituters`. + A list of [Nix store URLs](@docroot@/command-ref/new-cli/nix3-help-stores.md#store-url-format), separated by whitespace. + These are not used by default, but users of the Nix daemon can enable them by specifying [`substituters`](#conf-substituters). + + Unprivileged users (those set in only [`allowed-users`](#conf-allowed-users) but not [`trusted-users`](#conf-trusted-users)) can pass as `substituters` only those URLs listed in `trusted-substituters`. )", {"trusted-binary-caches"}}; |