Document secret-key-files

2017-11-20 18:51:04 +01:00 · 2017-11-20 18:51:04 +01:00 · 8df60b4ea8
parent 4cde04f476
commit 8df60b4ea8
1 changed files with 16 additions and 3 deletions
--- a/doc/manual/command-ref/conf-file.xml
+++ b/doc/manual/command-ref/conf-file.xml
@ -408,9 +408,9 @@ false</literal>.</para>
    any non-content-addressed path added or copied to the Nix store
    (e.g. when substituting from a binary cache) must have a valid
    signature, that is, be signed using one of the keys listed in
-    <option>trusted-public-keys</option>. Set to
-    <literal>false</literal> to disable signature
-    checking.</para></listitem>
+    <option>trusted-public-keys</option> or
+    <option>secret-key-files</option>. Set to <literal>false</literal>
+    to disable signature checking.</para></listitem>

  </varlistentry>

@ -426,6 +426,19 @@ false</literal>.</para>
  </varlistentry>


+  <varlistentry><term><literal>secret-key-files</literal></term>
+
+    <listitem><para>A whitespace-separated list of files containing
+    secret (private) keys. These are used to sign locally-built
+    paths. They can be generated using <command>nix-store
+    --generate-binary-cache-key</command>. The corresponding public
+    key can be distributed to other users, who can add it to
+    <option>trusted-public-keys</option> in their
+    <filename>nix.conf</filename>.</para></listitem>
+
+  </varlistentry>
+
+
  <varlistentry><term><literal>http-connections</literal></term>

    <listitem><para>The maximum number of parallel TCP connections