Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Cryptographically verify manifests #18

Closed
edolstra opened this issue May 10, 2012 · 4 comments
Closed

Cryptographically verify manifests #18

edolstra opened this issue May 10, 2012 · 4 comments
Assignees
@edolstra
Labels
feature Feature request or proposal
Milestone
nix-1.1

Comments

@edolstra
Copy link
Member

We should cryptographically sign channel manifests, and nix-pull should verify them against a set of allowed keys. This way even non-root users could be allowed to do a nix-pull.
@ghost ghost assigned edolstra May 10, 2012
@iljah
Copy link

iljah commented Aug 5, 2012

0install style signatures could be a good start.

@joeyh
Copy link

joeyh commented Feb 9, 2014

I agree. I can't use nix until it's cryptographically secure.

@edolstra
Copy link
Member Author

Mostly irrelevant now that we have signed binary caches (#75).

@kirelagin kirelagin mentioned this issue Jul 21, 2014
Closed
@edolstra
Copy link
Member Author

edolstra commented Feb 4, 2015

Closing, no longer relevant. We don't rely on manifests anymore, and everything uses https now.

@edolstra edolstra closed this as completed Feb 4, 2015
aszlig pushed a commit to aszlig/nix that referenced this issue Aug 18, 2018
@LnL7
Merge pull request NixOS#18 from danbornside/intpolation-special
7b8f784 
match some specials
@jbobko23 jbobko23 mentioned this issue Nov 25, 2019
Closed
@modond modond mentioned this issue Mar 13, 2020
Closed
meditans referenced this issue in Ericson2314/nix Aug 28, 2020
@Ericson2314
Merge pull request #18 from obsidiansystems/ipfs-binary-cache-version…
dc8557c 
…-check

Check IPFS version on startup
@cole-h cole-h mentioned this issue Nov 15, 2020
Closed
@idkjs idkjs mentioned this issue Mar 27, 2021
Closed
@kelmi kelmi mentioned this issue May 5, 2021
Open
@harriswarren harriswarren mentioned this issue Jul 8, 2021
Closed
@sandoor sandoor mentioned this issue Feb 8, 2022
Closed
@magfoto magfoto mentioned this issue Mar 9, 2023
Open
3 tasks
@rrtaylor-flock rrtaylor-flock mentioned this issue Oct 2, 2023
Closed
3 tasks
zolodev pushed a commit to zolodev/nix that referenced this issue Jan 1, 2024
@domenkozar
Merge pull request NixOS#18 from domenkozar/ad-hoc-developer-environm…
5170bfe 
…ents

Tutorial: ad hoc developer environments
P-E-Meunier pushed a commit to P-E-Meunier/nix that referenced this issue Feb 26, 2025
@cchalmers
Change crate dependencies from attrSets to lists
24dbe9d 
Fixes issue NixOS#18

This allows for multiple dependencies with different targets. Before
this there was an issue with the flate2 crate which had dependencies:

    [dependencies]
    [...]
    miniz_oxide = { version = "0.3.2", optional = true}

    [target.'cfg(all(target_arch = "wasm32", not(target_os = "emscripten")))'.dependencies]
    miniz_oxide = "0.3.2"

but the generated Cargo.nix would only contain the targeted version:

    "miniz_oxide" = {
      packageId = "miniz_oxide 0.3.2 (registry+https://github.com/rust-lang/crates.io-index)";
      target = ((target."arch" == "wasm32") && (!(target."os" == "emscripten")));
    };

which means that miniz_oxide would not match for non-wasm32 targets,
even if it was enabled via a feature. Now the dependency appears twice:

    {
      name = "miniz_oxide";
      packageId = "miniz_oxide 0.3.3 (registry+https://github.com/rust-lang/crates.io-index)";
      optional = true;
    }
    {
      name = "miniz_oxide";
      packageId = "miniz_oxide 0.3.3 (registry+https://github.com/rust-lang/crates.io-index)";
      target = ((target."arch" == "x86_64"));
    }

so it will match when the target matches or when the feature is enabled.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@edolstra edolstra

Labels
feature Feature request or proposal
Projects
None yet
Milestone
nix-1.1
Development

No branches or pull requests
3 participants
@joeyh @edolstra @iljah