You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
If I have a list of binary caches e.g s3://foo s3://bar and foo is signed while bar isn't.
It seems that right now if I have a require-sigs = true in my nix config, that will still try to check the signature for s3://bar paths which doesn't really make sense.
/* Bail out early if this substituter lacks a valid
signature. LocalStore::addToStore() also checks for this, but
only after we've downloaded the path. */
if (worker.store.requireSigs && !info->checkSignatures(worker.store, worker.store.publicKeys)) {
printInfo(format("warning: substituter '%s' does not have a valid signature for path '%s'")
% sub->getUri() % storePath);
tryNext();
return;
}
Maybe a better approach would be to do signature validation per binary cache, i.e have some kind of mapping between binary cache/public key/require-sigs.
The text was updated successfully, but these errors were encountered:
If I have a list of binary caches e.g s3://foo s3://bar and foo is signed while bar isn't.
It seems that right now if I have a
require-sigs = true
in my nix config, that will still try to check the signature for s3://bar paths which doesn't really make sense.Maybe a better approach would be to do signature validation per binary cache, i.e have some kind of mapping between binary cache/public key/require-sigs.
The text was updated successfully, but these errors were encountered: