Document secret-key-files

This commit is contained in:
Eelco Dolstra 2017-11-20 18:51:04 +01:00
parent 4cde04f476
commit 8df60b4ea8
No known key found for this signature in database
GPG key ID: 8170B4726D7198DE

View file

@ -408,9 +408,9 @@ false</literal>.</para>
any non-content-addressed path added or copied to the Nix store
(e.g. when substituting from a binary cache) must have a valid
signature, that is, be signed using one of the keys listed in
<option>trusted-public-keys</option>. Set to
<literal>false</literal> to disable signature
checking.</para></listitem>
<option>trusted-public-keys</option> or
<option>secret-key-files</option>. Set to <literal>false</literal>
to disable signature checking.</para></listitem>
</varlistentry>
@ -426,6 +426,19 @@ false</literal>.</para>
</varlistentry>
<varlistentry><term><literal>secret-key-files</literal></term>
<listitem><para>A whitespace-separated list of files containing
secret (private) keys. These are used to sign locally-built
paths. They can be generated using <command>nix-store
--generate-binary-cache-key</command>. The corresponding public
key can be distributed to other users, who can add it to
<option>trusted-public-keys</option> in their
<filename>nix.conf</filename>.</para></listitem>
</varlistentry>
<varlistentry><term><literal>http-connections</literal></term>
<listitem><para>The maximum number of parallel TCP connections