Allow daemon users to override ‘binary-caches’

For security reasons, daemon users can only specify caches that appear in the ‘binary-caches’ and ‘trusted-binary-caches’ options in nix.conf.
2012-07-31 18:56:22 -04:00 · 2012-07-31 18:56:22 -04:00 · 4d1b64f118
commit 4d1b64f118
parent eb7849e3a2
2 changed files with 40 additions and 3 deletions
--- a/doc/manual/conf-file.xml
+++ b/doc/manual/conf-file.xml
@ -329,6 +329,19 @@ build-use-chroot = /dev /proc /bin</programlisting>
  </varlistentry>


+  <varlistentry><term><literal>trusted-binary-caches</literal></term>
+
+    <listitem><para>A list of URLs of binary caches, separated by
+    whitespace.  These are not used by default, but can be enabled by
+    users of the Nix daemon by specifying <literal>--option
+    binary-caches <replaceable>urls</replaceable></literal> on the
+    command line.  Daemon users are only allowed to pass a subset of
+    the URLs listed in <literal>binary-caches</literal> and
+    <literal>trusted-binary-caches</literal>.</para></listitem>
+
+  </varlistentry>
+
+
  <varlistentry><term><literal>binary-caches-parallel-connections</literal></term>

    <listitem><para>The maximum number of parallel HTTP connections