Hi, Eelco Dolstra <[EMAIL PROTECTED]> writes:
> Nix-env certainly doesn't require root access, if Nix is configured in the > right > way. (And "the right way" isn't documented yet, but NixOS is set up that way > - > any user can install software. I'll update the manual for the Nix 0.11 > release > soon.) Then I'll stay tuned. ;-) > In principle nix-channel could also work per user - the only problem is that > nix-channel does a nix-pull to get a list of pre-built binaries, and that's a > privileged operation that only root can do. The reason for this is that > otherwise a user could register some bogus binary that doesn't correspond to > its > purported derivation (the source build action from which the binary was > supposedly produced). Building from source is safe because users cannot > influence builds (they're executed under a different, unique uid). Does skipping `nix-pull' mean building from source, at least in the event where no list of pre-built store paths is already available? > There is a paper about the Nix security model: > > http://people.cs.uu.nl/eelco/pubs/secsharing-ase2005-final.pdf Thanks for pointing it out. > The current model is described in section 3. Does `nix-env -i' actually asks a daemon running as the global Nix user to "build" on its behalf, as described in Section 3? I guess I'm not yet very familiar with Nix... Thanks, Ludovic. _______________________________________________ nix-dev mailing list [email protected] https://mail.cs.uu.nl/mailman/listinfo/nix-dev
