Remove signed-binary-caches as the default for require-sigs

This was for backward compatibility. However, with security-related
configuration settings, it's best not to have any confusion.

Issue #495.
This commit is contained in:
Eelco Dolstra 2018-01-26 17:10:52 +01:00
parent 98f3c75a0e
commit e09161d05c
No known key found for this signature in database
GPG key ID: 8170B4726D7198DE

View file

@ -287,10 +287,7 @@ public:
Setting<unsigned int> tarballTtl{this, 60 * 60, "tarball-ttl", Setting<unsigned int> tarballTtl{this, 60 * 60, "tarball-ttl",
"How soon to expire files fetched by builtins.fetchTarball and builtins.fetchurl."}; "How soon to expire files fetched by builtins.fetchTarball and builtins.fetchurl."};
Setting<std::string> signedBinaryCaches{this, "*", "signed-binary-caches", Setting<bool> requireSigs{this, true, "require-sigs",
"Obsolete."};
Setting<bool> requireSigs{this, signedBinaryCaches == "*", "require-sigs",
"Whether to check that any non-content-addressed path added to the " "Whether to check that any non-content-addressed path added to the "
"Nix store has a valid signature (that is, one signed using a key " "Nix store has a valid signature (that is, one signed using a key "
"listed in 'trusted-public-keys'."}; "listed in 'trusted-public-keys'."};