Remove signed-binary-caches as the default for require-sigs

This was for backward compatibility. However, with security-related configuration settings, it's best not to have any confusion. Issue #495.
2018-01-26 17:10:52 +01:00 · 2018-01-26 17:10:52 +01:00 · e09161d05c
parent 98f3c75a0e
commit e09161d05c
1 changed files with 1 additions and 4 deletions
--- a/src/libstore/globals.hh
+++ b/src/libstore/globals.hh
@ -287,10 +287,7 @@ public:
    Setting<unsigned int> tarballTtl{this, 60 * 60, "tarball-ttl",
        "How soon to expire files fetched by builtins.fetchTarball and builtins.fetchurl."};

-    Setting<std::string> signedBinaryCaches{this, "*", "signed-binary-caches",
-        "Obsolete."};
-
-    Setting<bool> requireSigs{this, signedBinaryCaches == "*", "require-sigs",
+    Setting<bool> requireSigs{this, true, "require-sigs",
        "Whether to check that any non-content-addressed path added to the "
        "Nix store has a valid signature (that is, one signed using a key "
        "listed in 'trusted-public-keys'."};