aboutsummaryrefslogtreecommitdiff
path: root/src/libstore
diff options
context:
space:
mode:
authorEelco Dolstra <edolstra@gmail.com>2017-11-20 17:44:07 +0100
committerEelco Dolstra <edolstra@gmail.com>2017-11-20 17:44:07 +0100
commit91a19876073a2ed8fef2139fba906cfac1e96f83 (patch)
tree6f1bd48a8127d19a20d5b877c946f2a49d985f63 /src/libstore
parentd0b88db44138c6348bb8ed587286f6016ea11f4a (diff)
signed-binary-caches -> require-sigs
Unlike signed-binary-caches (which could only be '*' or ''), require-sigs is a proper Boolean option. The default is true.
Diffstat (limited to 'src/libstore')
-rw-r--r--src/libstore/globals.hh5
-rw-r--r--src/libstore/local-store.hh2
2 files changed, 6 insertions, 1 deletions
diff --git a/src/libstore/globals.hh b/src/libstore/globals.hh
index 70c01bb32..5c857cbb6 100644
--- a/src/libstore/globals.hh
+++ b/src/libstore/globals.hh
@@ -281,6 +281,11 @@ public:
Setting<std::string> signedBinaryCaches{this, "*", "signed-binary-caches",
"Obsolete."};
+ Setting<bool> requireSigs{this, signedBinaryCaches == "*", "require-sigs",
+ "Whether to check that any non-content-addressed path added to the "
+ "Nix store has a valid signature (that is, one signed using a key "
+ "listed in 'trusted-public-keys'."};
+
Setting<Strings> substituters{this,
nixStore == "/nix/store" ? Strings{"https://cache.nixos.org/"} : Strings(),
"substituters",
diff --git a/src/libstore/local-store.hh b/src/libstore/local-store.hh
index 0a3841133..d35cd1a94 100644
--- a/src/libstore/local-store.hh
+++ b/src/libstore/local-store.hh
@@ -97,7 +97,7 @@ public:
private:
Setting<bool> requireSigs{(Store*) this,
- settings.signedBinaryCaches != "", // FIXME
+ settings.requireSigs,
"require-sigs", "whether store paths should have a trusted signature on import"};
PublicKeys publicKeys;