From e09b40e0d0b68ca7c3646ddffb50e1356daec997 Mon Sep 17 00:00:00 2001 From: Valentin Gagarin Date: Sun, 5 Mar 2023 02:36:26 +0100 Subject: reword documentation on trusted users and substituters this is to make it slightly easier to scan over --- src/libstore/globals.hh | 14 ++++++-------- 1 file changed, 6 insertions(+), 8 deletions(-) (limited to 'src/libstore/globals.hh') diff --git a/src/libstore/globals.hh b/src/libstore/globals.hh index 820898350..b0c025c8e 100644 --- a/src/libstore/globals.hh +++ b/src/libstore/globals.hh @@ -700,8 +700,8 @@ public: At least one of the following conditions must be met for Nix to use a substituter: - - the substituter is in the [`trusted-substituters`](#conf-trusted-substituters) list - - the user calling Nix is in the [`trusted-users`](#conf-trusted-users) list + - The substituter is in the [`trusted-substituters`](#conf-trusted-substituters) list + - The user calling Nix is in the [`trusted-users`](#conf-trusted-users) list In addition, each store path should be trusted as described in [`trusted-public-keys`](#conf-trusted-public-keys) )", @@ -710,12 +710,10 @@ public: Setting trustedSubstituters{ this, {}, "trusted-substituters", R"( - A list of [URLs of Nix stores](@docroot@/command-ref/new-cli/nix3-help-stores.md#store-url-format), - separated by whitespace. These are - not used by default, but can be enabled by users of the Nix daemon - by specifying `--option substituters urls` on the command - line. Unprivileged users are only allowed to pass a subset of the - URLs listed in `substituters` and `trusted-substituters`. + A list of [URLs of Nix stores](@docroot@/command-ref/new-cli/nix3-help-stores.md#store-url-format), separated by whitespace. + These are not used by default, but can be enabled by users of the Nix daemon by specifying [`substituters`](#conf-substituters). + + Unprivileged users are only allowed to pass as `substituters` only those URLs listed in `trusted-substituters`. )", {"trusted-binary-caches"}}; -- cgit v1.2.3 From b7d47e1d22e7ce2785487d325cc3dd35a43f16b5 Mon Sep 17 00:00:00 2001 From: Valentin Gagarin Date: Thu, 15 Jun 2023 04:58:07 +0200 Subject: fix wording --- src/libstore/globals.hh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'src/libstore/globals.hh') diff --git a/src/libstore/globals.hh b/src/libstore/globals.hh index b0c025c8e..f63ec8b50 100644 --- a/src/libstore/globals.hh +++ b/src/libstore/globals.hh @@ -713,7 +713,7 @@ public: A list of [URLs of Nix stores](@docroot@/command-ref/new-cli/nix3-help-stores.md#store-url-format), separated by whitespace. These are not used by default, but can be enabled by users of the Nix daemon by specifying [`substituters`](#conf-substituters). - Unprivileged users are only allowed to pass as `substituters` only those URLs listed in `trusted-substituters`. + Unprivileged users are allowed to pass as `substituters` only those URLs listed in `trusted-substituters`. )", {"trusted-binary-caches"}}; -- cgit v1.2.3 From 2ceacce484e21ac116a79c74877327355fd153d0 Mon Sep 17 00:00:00 2001 From: Valentin Gagarin Date: Thu, 15 Jun 2023 15:57:54 +0200 Subject: Update src/libstore/globals.hh --- src/libstore/globals.hh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'src/libstore/globals.hh') diff --git a/src/libstore/globals.hh b/src/libstore/globals.hh index f63ec8b50..46147a5e1 100644 --- a/src/libstore/globals.hh +++ b/src/libstore/globals.hh @@ -713,7 +713,7 @@ public: A list of [URLs of Nix stores](@docroot@/command-ref/new-cli/nix3-help-stores.md#store-url-format), separated by whitespace. These are not used by default, but can be enabled by users of the Nix daemon by specifying [`substituters`](#conf-substituters). - Unprivileged users are allowed to pass as `substituters` only those URLs listed in `trusted-substituters`. + Unprivileged users (those set in only [`allowed-users`](#conf-allowed-users) but not [`trusted-users`](#conf-trusted-users)) can pass as `substituters` only those URLs listed in `trusted-substituters`. )", {"trusted-binary-caches"}}; -- cgit v1.2.3 From 1a8ca85d488ddacf26f2aeddddab926c0e081d98 Mon Sep 17 00:00:00 2001 From: Valentin Gagarin Date: Fri, 16 Jun 2023 14:34:11 +0200 Subject: use "store URLs" consistently --- src/libstore/globals.hh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'src/libstore/globals.hh') diff --git a/src/libstore/globals.hh b/src/libstore/globals.hh index 46147a5e1..d2efd1505 100644 --- a/src/libstore/globals.hh +++ b/src/libstore/globals.hh @@ -710,7 +710,7 @@ public: Setting trustedSubstituters{ this, {}, "trusted-substituters", R"( - A list of [URLs of Nix stores](@docroot@/command-ref/new-cli/nix3-help-stores.md#store-url-format), separated by whitespace. + A list of [Nix store URLs](@docroot@/command-ref/new-cli/nix3-help-stores.md#store-url-format), separated by whitespace. These are not used by default, but can be enabled by users of the Nix daemon by specifying [`substituters`](#conf-substituters). Unprivileged users (those set in only [`allowed-users`](#conf-allowed-users) but not [`trusted-users`](#conf-trusted-users)) can pass as `substituters` only those URLs listed in `trusted-substituters`. -- cgit v1.2.3 From f695a74751c314cc426ff7bbc67ce5de8b58bbfd Mon Sep 17 00:00:00 2001 From: Valentin Gagarin Date: Fri, 16 Jun 2023 17:58:01 +0200 Subject: Update src/libstore/globals.hh --- src/libstore/globals.hh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'src/libstore/globals.hh') diff --git a/src/libstore/globals.hh b/src/libstore/globals.hh index d2efd1505..05aa8288a 100644 --- a/src/libstore/globals.hh +++ b/src/libstore/globals.hh @@ -711,7 +711,7 @@ public: this, {}, "trusted-substituters", R"( A list of [Nix store URLs](@docroot@/command-ref/new-cli/nix3-help-stores.md#store-url-format), separated by whitespace. - These are not used by default, but can be enabled by users of the Nix daemon by specifying [`substituters`](#conf-substituters). + These are not used by default, but users of the Nix daemon can enable them by specifying [`substituters`](#conf-substituters). Unprivileged users (those set in only [`allowed-users`](#conf-allowed-users) but not [`trusted-users`](#conf-trusted-users)) can pass as `substituters` only those URLs listed in `trusted-substituters`. )", -- cgit v1.2.3