Dodge "trusted" vs "trustworthy" by being explicit
Hopefully this is best!
This commit is contained in:
parent
752f967c0f
commit
a2a8cb10ac
|
@ -560,9 +560,15 @@ public:
|
||||||
R"(
|
R"(
|
||||||
If set to `true` (the default), any non-content-addressed path added
|
If set to `true` (the default), any non-content-addressed path added
|
||||||
or copied to the Nix store (e.g. when substituting from a binary
|
or copied to the Nix store (e.g. when substituting from a binary
|
||||||
cache) must have a trustworthy signature, that is, be signed using one of
|
cache) must have a signature by a key we trust. A trusted key is one
|
||||||
the keys listed in `trusted-public-keys` or `secret-key-files`. Set
|
listed in `trusted-public-keys`, or a public key counterpart to a
|
||||||
to `false` to disable signature checking.
|
private key stored in a file listed in `secret-key-files`.
|
||||||
|
|
||||||
|
Set to `false` to disable signature checking and trust all
|
||||||
|
non-content-addressed paths unconditionally.
|
||||||
|
|
||||||
|
(Content-addressed paths are inherently trustworthy and thus
|
||||||
|
unaffected by this configuration option.)
|
||||||
)"};
|
)"};
|
||||||
|
|
||||||
Setting<StringSet> extraPlatforms{
|
Setting<StringSet> extraPlatforms{
|
||||||
|
|
|
@ -751,7 +751,7 @@ void LocalStore::registerDrvOutput(const Realisation & info, CheckSigsFlag check
|
||||||
if (checkSigs == NoCheckSigs || !realisationIsUntrusted(info))
|
if (checkSigs == NoCheckSigs || !realisationIsUntrusted(info))
|
||||||
registerDrvOutput(info);
|
registerDrvOutput(info);
|
||||||
else
|
else
|
||||||
throw Error("cannot register realisation '%s' because it lacks a trustworthy signature", info.outPath.to_string());
|
throw Error("cannot register realisation '%s' because it lacks a signature by a trusted key", info.outPath.to_string());
|
||||||
}
|
}
|
||||||
|
|
||||||
void LocalStore::registerDrvOutput(const Realisation & info)
|
void LocalStore::registerDrvOutput(const Realisation & info)
|
||||||
|
@ -1266,7 +1266,7 @@ void LocalStore::addToStore(const ValidPathInfo & info, Source & source,
|
||||||
RepairFlag repair, CheckSigsFlag checkSigs)
|
RepairFlag repair, CheckSigsFlag checkSigs)
|
||||||
{
|
{
|
||||||
if (checkSigs && pathInfoIsUntrusted(info))
|
if (checkSigs && pathInfoIsUntrusted(info))
|
||||||
throw Error("cannot add path '%s' because it lacks a trustworthy signature", printStorePath(info.path));
|
throw Error("cannot add path '%s' because it lacks a signature by a trusted key", printStorePath(info.path));
|
||||||
|
|
||||||
addTempRoot(info.path);
|
addTempRoot(info.path);
|
||||||
|
|
||||||
|
|
|
@ -22,7 +22,7 @@ R""(
|
||||||
|
|
||||||
```console
|
```console
|
||||||
# nix copy --to /tmp/nix --trusted-public-keys '' nixpkgs#hello
|
# nix copy --to /tmp/nix --trusted-public-keys '' nixpkgs#hello
|
||||||
cannot add path '/nix/store/zy9wbxwcygrwnh8n2w9qbbcr6zk87m26-libunistring-0.9.10' because it lacks a trustworthy signature
|
cannot add path '/nix/store/zy9wbxwcygrwnh8n2w9qbbcr6zk87m26-libunistring-0.9.10' because it lacks a signature by a trusted key
|
||||||
```
|
```
|
||||||
|
|
||||||
* Create a content-addressed representation of the current NixOS
|
* Create a content-addressed representation of the current NixOS
|
||||||
|
|
|
@ -41,7 +41,7 @@ struct CmdVerify : StorePathsCommand
|
||||||
addFlag({
|
addFlag({
|
||||||
.longName = "sigs-needed",
|
.longName = "sigs-needed",
|
||||||
.shortName = 'n',
|
.shortName = 'n',
|
||||||
.description = "Require that each path has at least *n* trustworthy signatures.",
|
.description = "Require that each path has is signed by *n* different keys.",
|
||||||
.labels = {"n"},
|
.labels = {"n"},
|
||||||
.handler = {&sigsNeeded}
|
.handler = {&sigsNeeded}
|
||||||
});
|
});
|
||||||
|
|
|
@ -81,7 +81,7 @@ info=$(nix path-info --store file://$cacheDir --json $outPath2)
|
||||||
[[ $info =~ 'cache1.example.org' ]]
|
[[ $info =~ 'cache1.example.org' ]]
|
||||||
[[ $info =~ 'cache2.example.org' ]]
|
[[ $info =~ 'cache2.example.org' ]]
|
||||||
|
|
||||||
# Copying to a diverted store should fail due to a lack of trustworthy signatures.
|
# Copying to a diverted store should fail due to a lack of signatures by trusted keys.
|
||||||
chmod -R u+w $TEST_ROOT/store0 || true
|
chmod -R u+w $TEST_ROOT/store0 || true
|
||||||
rm -rf $TEST_ROOT/store0
|
rm -rf $TEST_ROOT/store0
|
||||||
(! nix copy --to $TEST_ROOT/store0 $outPath)
|
(! nix copy --to $TEST_ROOT/store0 $outPath)
|
||||||
|
|
Loading…
Reference in a new issue