From 4303db8b175c80c5f4809f390873879177f3c473 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Sol=C3=A8ne=20Rapenne?= <solene.rapenne@tweag.io>
Date: Wed, 14 Dec 2022 14:01:29 +0100
Subject: [PATCH] warnings: enhance the case of untrusted substituter for
 untrusted user

---
 src/libstore/daemon.cc | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/src/libstore/daemon.cc b/src/libstore/daemon.cc
index 12596ba49837..0f7720ba6d31 100644
--- a/src/libstore/daemon.cc
+++ b/src/libstore/daemon.cc
@@ -222,7 +222,15 @@ struct ClientSettings
                     else if (!hasSuffix(s, "/") && trusted.count(s + "/"))
                         subs.push_back(s + "/");
                     else
-                        warn("ignoring untrusted substituter '%s'", s);
+                        warn("trying to use an untrusted substituter '%s', but you are not a trusted user.\n\n"
+                             "/!\\ A trusted but malicious actor could hack your system through this substituter.\n\n"
+                             "If you trust this substituter, either\n"
+                             " - run the command again as a trusted user, or mark your user as trusted in /etc/nix/nix.conf:\n"
+                             "   trusted-users = <users>\n"
+                             " - add the substituter and its public key to nix.conf:\n"
+                             "   trusted-substituters = %s\n"
+                             "   trusted-public-keys = %s:<public key>\n\n"
+                             "settings documentation: man nix.conf\n", s, s, s);
                 res = subs;
                 return true;
             };