aboutsummaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
authorEelco Dolstra <edolstra@gmail.com>2018-01-26 17:10:52 +0100
committerEelco Dolstra <edolstra@gmail.com>2018-01-26 17:12:15 +0100
commite09161d05cfbd7c6d4cf41a35765e3fe346ea181 (patch)
tree1fa54ca1ca5721d728b38b8f041b51311c6891cf /src
parent98f3c75a0e16f5aaaecb25a46f988580efb04d19 (diff)
Remove signed-binary-caches as the default for require-sigs
This was for backward compatibility. However, with security-related configuration settings, it's best not to have any confusion. Issue #495.
Diffstat (limited to 'src')
-rw-r--r--src/libstore/globals.hh5
1 files changed, 1 insertions, 4 deletions
diff --git a/src/libstore/globals.hh b/src/libstore/globals.hh
index 1e50e2d13..20ac8fe4e 100644
--- a/src/libstore/globals.hh
+++ b/src/libstore/globals.hh
@@ -287,10 +287,7 @@ public:
Setting<unsigned int> tarballTtl{this, 60 * 60, "tarball-ttl",
"How soon to expire files fetched by builtins.fetchTarball and builtins.fetchurl."};
- Setting<std::string> signedBinaryCaches{this, "*", "signed-binary-caches",
- "Obsolete."};
-
- Setting<bool> requireSigs{this, signedBinaryCaches == "*", "require-sigs",
+ Setting<bool> requireSigs{this, true, "require-sigs",
"Whether to check that any non-content-addressed path added to the "
"Nix store has a valid signature (that is, one signed using a key "
"listed in 'trusted-public-keys'."};