aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--doc/manual/command-ref/conf-file.xml7
-rw-r--r--tests/binary-cache.sh10
-rw-r--r--tests/repair.sh4
3 files changed, 11 insertions, 10 deletions
diff --git a/doc/manual/command-ref/conf-file.xml b/doc/manual/command-ref/conf-file.xml
index 3bd133918..6952829e8 100644
--- a/doc/manual/command-ref/conf-file.xml
+++ b/doc/manual/command-ref/conf-file.xml
@@ -394,9 +394,10 @@ flag, e.g. <literal>--option gc-keep-outputs false</literal>.</para>
<varlistentry><term><literal>signed-binary-caches</literal></term>
- <listitem><para>If set to <literal>*</literal>, Nix will only
- download binaries if they are signed using one of the keys listed
- in <option>binary-cache-public-keys</option>.</para></listitem>
+ <listitem><para>If set to <literal>*</literal> (the default), Nix
+ will only download binaries if they are signed using one of the
+ keys listed in <option>binary-cache-public-keys</option>. Set to
+ the empty string to disable signature checking.</para></listitem>
</varlistentry>
diff --git a/tests/binary-cache.sh b/tests/binary-cache.sh
index 4ce428f64..532099d02 100644
--- a/tests/binary-cache.sh
+++ b/tests/binary-cache.sh
@@ -18,7 +18,7 @@ basicTests() {
nix-env --option binary-caches "file://$cacheDir" -f dependencies.nix -qas \* | grep -- "---"
- nix-store --option binary-caches "file://$cacheDir" -r $outPath
+ nix-store --option binary-caches "file://$cacheDir" --option signed-binary-caches '' -r $outPath
[ -x $outPath/program ]
@@ -34,7 +34,7 @@ basicTests() {
x=$(nix-env -f dependencies.nix -qas \* --prebuilt-only)
[ -z "$x" ]
- nix-store --option binary-caches "file://$cacheDir" -r $outPath
+ nix-store --option binary-caches "file://$cacheDir" --option signed-binary-caches '' -r $outPath
nix-store --check-validity $outPath
nix-store -qR $outPath | grep input-2
@@ -63,7 +63,7 @@ mv $nar $nar.good
mkdir -p $TEST_ROOT/empty
nix-store --dump $TEST_ROOT/empty | xz > $nar
-nix-build --option binary-caches "file://$cacheDir" dependencies.nix -o $TEST_ROOT/result 2>&1 | tee $TEST_ROOT/log
+nix-build --option binary-caches "file://$cacheDir" --option signed-binary-caches '' dependencies.nix -o $TEST_ROOT/result 2>&1 | tee $TEST_ROOT/log
grep -q "hash mismatch" $TEST_ROOT/log
mv $nar.good $nar
@@ -73,7 +73,7 @@ mv $nar.good $nar
clearStore
clearCacheCache
-if nix-store --option binary-caches "file://$cacheDir" --option signed-binary-caches '*' -r $outPath; then
+if nix-store --option binary-caches "file://$cacheDir" -r $outPath; then
echo "unsigned binary cache incorrectly accepted"
exit 1
fi
@@ -99,7 +99,7 @@ clearStore
rm $(grep -l "StorePath:.*dependencies-input-2" $cacheDir/*.narinfo)
-nix-build --option binary-caches "file://$cacheDir" dependencies.nix -o $TEST_ROOT/result 2>&1 | tee $TEST_ROOT/log
+nix-build --option binary-caches "file://$cacheDir" --option signed-binary-caches '' dependencies.nix -o $TEST_ROOT/result 2>&1 | tee $TEST_ROOT/log
grep -q "fetching path" $TEST_ROOT/log
diff --git a/tests/repair.sh b/tests/repair.sh
index 782838704..57152d450 100644
--- a/tests/repair.sh
+++ b/tests/repair.sh
@@ -51,7 +51,7 @@ nix copy --recursive --to file://$cacheDir $path
chmod u+w $path2
rm -rf $path2
-nix-store --verify --check-contents --repair --option binary-caches "file://$cacheDir"
+nix-store --verify --check-contents --repair --option binary-caches "file://$cacheDir" --option signed-binary-caches ''
if [ "$(nix-hash $path2)" != "$hash" -o -e $path2/bad ]; then
echo "path not repaired properly" >&2
@@ -69,7 +69,7 @@ if nix-store --verify-path $path2; then
exit 1
fi
-nix-store --repair-path $path2 --option binary-caches "file://$cacheDir"
+nix-store --repair-path $path2 --option binary-caches "file://$cacheDir" --option signed-binary-caches ''
if [ "$(nix-hash $path2)" != "$hash" -o -e $path2/bad ]; then
echo "path not repaired properly" >&2