Dodge "trusted" vs "trustworthy" by being explicit

Hopefully this is best!
This commit is contained in:
John Ericson 2022-09-22 14:36:26 -04:00 committed by John Ericson
parent 752f967c0f
commit a2a8cb10ac
5 changed files with 14 additions and 8 deletions

View File

@ -560,9 +560,15 @@ public:
R"( R"(
If set to `true` (the default), any non-content-addressed path added If set to `true` (the default), any non-content-addressed path added
or copied to the Nix store (e.g. when substituting from a binary or copied to the Nix store (e.g. when substituting from a binary
cache) must have a trustworthy signature, that is, be signed using one of cache) must have a signature by a key we trust. A trusted key is one
the keys listed in `trusted-public-keys` or `secret-key-files`. Set listed in `trusted-public-keys`, or a public key counterpart to a
to `false` to disable signature checking. private key stored in a file listed in `secret-key-files`.
Set to `false` to disable signature checking and trust all
non-content-addressed paths unconditionally.
(Content-addressed paths are inherently trustworthy and thus
unaffected by this configuration option.)
)"}; )"};
Setting<StringSet> extraPlatforms{ Setting<StringSet> extraPlatforms{

View File

@ -751,7 +751,7 @@ void LocalStore::registerDrvOutput(const Realisation & info, CheckSigsFlag check
if (checkSigs == NoCheckSigs || !realisationIsUntrusted(info)) if (checkSigs == NoCheckSigs || !realisationIsUntrusted(info))
registerDrvOutput(info); registerDrvOutput(info);
else else
throw Error("cannot register realisation '%s' because it lacks a trustworthy signature", info.outPath.to_string()); throw Error("cannot register realisation '%s' because it lacks a signature by a trusted key", info.outPath.to_string());
} }
void LocalStore::registerDrvOutput(const Realisation & info) void LocalStore::registerDrvOutput(const Realisation & info)
@ -1266,7 +1266,7 @@ void LocalStore::addToStore(const ValidPathInfo & info, Source & source,
RepairFlag repair, CheckSigsFlag checkSigs) RepairFlag repair, CheckSigsFlag checkSigs)
{ {
if (checkSigs && pathInfoIsUntrusted(info)) if (checkSigs && pathInfoIsUntrusted(info))
throw Error("cannot add path '%s' because it lacks a trustworthy signature", printStorePath(info.path)); throw Error("cannot add path '%s' because it lacks a signature by a trusted key", printStorePath(info.path));
addTempRoot(info.path); addTempRoot(info.path);

View File

@ -22,7 +22,7 @@ R""(
```console ```console
# nix copy --to /tmp/nix --trusted-public-keys '' nixpkgs#hello # nix copy --to /tmp/nix --trusted-public-keys '' nixpkgs#hello
cannot add path '/nix/store/zy9wbxwcygrwnh8n2w9qbbcr6zk87m26-libunistring-0.9.10' because it lacks a trustworthy signature cannot add path '/nix/store/zy9wbxwcygrwnh8n2w9qbbcr6zk87m26-libunistring-0.9.10' because it lacks a signature by a trusted key
``` ```
* Create a content-addressed representation of the current NixOS * Create a content-addressed representation of the current NixOS

View File

@ -41,7 +41,7 @@ struct CmdVerify : StorePathsCommand
addFlag({ addFlag({
.longName = "sigs-needed", .longName = "sigs-needed",
.shortName = 'n', .shortName = 'n',
.description = "Require that each path has at least *n* trustworthy signatures.", .description = "Require that each path has is signed by *n* different keys.",
.labels = {"n"}, .labels = {"n"},
.handler = {&sigsNeeded} .handler = {&sigsNeeded}
}); });

View File

@ -81,7 +81,7 @@ info=$(nix path-info --store file://$cacheDir --json $outPath2)
[[ $info =~ 'cache1.example.org' ]] [[ $info =~ 'cache1.example.org' ]]
[[ $info =~ 'cache2.example.org' ]] [[ $info =~ 'cache2.example.org' ]]
# Copying to a diverted store should fail due to a lack of trustworthy signatures. # Copying to a diverted store should fail due to a lack of signatures by trusted keys.
chmod -R u+w $TEST_ROOT/store0 || true chmod -R u+w $TEST_ROOT/store0 || true
rm -rf $TEST_ROOT/store0 rm -rf $TEST_ROOT/store0
(! nix copy --to $TEST_ROOT/store0 $outPath) (! nix copy --to $TEST_ROOT/store0 $outPath)