I have a local file-based cache which I wish to trust. In /etc/nix/nix.conf, I have:
substituters = file:///cache/nix?priority=30&trusted=1 https://cache.nixos.org?priority=40
…with the expectation that this should cause us to check signatures for content from Hydra, but not that local store.
However, at build time, I see the following:
querying info about '/nix/store/mgl9mc7ylqzxay8pband34plkpndk21n-nix-shell-env' on 'file:///cache/nix'...
warning: the substitute for '/nix/store/mgl9mc7ylqzxay8pband34plkpndk21n-nix-shell-env' from 'file:///cache/nix' is not signed by any of the keys in 'trusted-public-keys'
querying info about '/nix/store/mgl9mc7ylqzxay8pband34plkpndk21n-nix-shell-env' on 'https://cache.nixos.org'...
…indicating that trusted=1
– contrary to the comments in src/libstore/store-api.hh
– is not causing this content to be used even when unsigned.