diff options
author | Eelco Dolstra <eelco.dolstra@logicblox.com> | 2015-07-27 19:28:41 +0200 |
---|---|---|
committer | Eelco Dolstra <eelco.dolstra@logicblox.com> | 2015-07-27 20:30:09 +0200 |
commit | e3a5bca4ae3737dbe0ff2675d1fd77fdf72db609 (patch) | |
tree | fda59394e62abfca2d5b08408fc0797aed4fcb5d | |
parent | a7bfe5643b0a53aab2bc578d4b527a59f01cc280 (diff) | |
download | nixlib-e3a5bca4ae3737dbe0ff2675d1fd77fdf72db609.tar nixlib-e3a5bca4ae3737dbe0ff2675d1fd77fdf72db609.tar.gz nixlib-e3a5bca4ae3737dbe0ff2675d1fd77fdf72db609.tar.bz2 nixlib-e3a5bca4ae3737dbe0ff2675d1fd77fdf72db609.tar.lz nixlib-e3a5bca4ae3737dbe0ff2675d1fd77fdf72db609.tar.xz nixlib-e3a5bca4ae3737dbe0ff2675d1fd77fdf72db609.tar.zst nixlib-e3a5bca4ae3737dbe0ff2675d1fd77fdf72db609.zip |
Require signed binary caches by default
-rw-r--r-- | nixos/doc/manual/release-notes/rl-unstable.xml | 5 | ||||
-rw-r--r-- | nixos/modules/services/misc/nix-daemon.nix | 2 |
2 files changed, 6 insertions, 1 deletions
diff --git a/nixos/doc/manual/release-notes/rl-unstable.xml b/nixos/doc/manual/release-notes/rl-unstable.xml index ecde80f2a01d..6ae8cd83d3f4 100644 --- a/nixos/doc/manual/release-notes/rl-unstable.xml +++ b/nixos/doc/manual/release-notes/rl-unstable.xml @@ -56,6 +56,11 @@ default, unless you have a non-empty <command>cron</command> to be enabled, set <option>services.cron.enable = true</option>.</para></listitem> +<listitem><para>Nix now requires binary caches to be cryptographically +signed. If you have unsigned binary caches that you want to continue +to use, you should set <option>nix.requireSignedBinaryCaches = +false</option>.</para></listitem> + <listitem><para>Steam now doesn't need root rights to work. Instead of using <literal>*-steam-chrootenv</literal>, you should now just run <literal>steam</literal>. <literal>steamChrootEnv</literal> package was renamed to <literal>steam</literal>, diff --git a/nixos/modules/services/misc/nix-daemon.nix b/nixos/modules/services/misc/nix-daemon.nix index b5a8a7df9fca..49286f512bb9 100644 --- a/nixos/modules/services/misc/nix-daemon.nix +++ b/nixos/modules/services/misc/nix-daemon.nix @@ -254,7 +254,7 @@ in requireSignedBinaryCaches = mkOption { type = types.bool; - default = false; + default = true; description = '' If enabled, Nix will only download binaries from binary caches if they are cryptographically signed with any of the |