warnings: enhance the case of untrusted substituter for untrusted user

NixOS · Dec 16, 2022 · 4303db8 · 4303db8
1 parent af5582c
commit 4303db8
Showing 1 changed file with 9 additions and 1 deletion.
diff --git a/src/libstore/daemon.cc b/src/libstore/daemon.cc
@@ -222,7 +222,15 @@ struct ClientSettings
                     else if (!hasSuffix(s, "/") && trusted.count(s + "/"))
                         subs.push_back(s + "/");
                     else
-                        warn("ignoring untrusted substituter '%s'", s);
+                        warn("trying to use an untrusted substituter '%s', but you are not a trusted user.\n\n"
+                             "/!\\ A trusted but malicious actor could hack your system through this substituter.\n\n"
+                             "If you trust this substituter, either\n"
+                             " - run the command again as a trusted user, or mark your user as trusted in /etc/nix/nix.conf:\n"
+                             "   trusted-users = <users>\n"
+                             " - add the substituter and its public key to nix.conf:\n"
+                             "   trusted-substituters = %s\n"
+                             "   trusted-public-keys = %s:<public key>\n\n"
+                             "settings documentation: man nix.conf\n", s, s, s);
                 res = subs;
                 return true;
             };