-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Nicolas Pierron wrote: > I though multiple times of this issues. I see an other solution which > implies the implementation of the following rules: > > - Restricted file/data should not be copied into the store and > should cause the failure of the build process. > - The permission of a derivation correspond to the intersection of > all dependencies permissions.
Or easier.. One can mark derivation "restricted". Then it is only readable to Nix daemon and root. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.12 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQEcBAEBAgAGBQJLNhhzAAoJEE6tnN0aWvw303MH/0JTa9TtDvDdKWjRC/4lVIyK 8GrQ62pBY8BPCF2u2WuJTSdwRqe5cH0eVcyD2TKR1jF+sCM+PGbiQ4Duk5pwoIZw mKBguedSJu046V7wZbNW2tV2LoEuP/Gqtn6Muke9OTNbxK2YlEWo6EpCJAlS5b63 BJZGoe0bBa7/Cd8w4FbkQKqRY0Axcssqu/0GSVqoey3yYpiAqwKF6KjN4IB/MocT 4++gyRYxs6ENi1PyFDQbELmDkJlDMY6mjbM20SGAzqsR/f/y4IUVX3y4nYrBtydH JFqcoLpG+CzPjEgRA1XMXWBLej/ZdDiG+8GwKZsxZ310q9mbxR/xTklLkuX92DY= =nURz -----END PGP SIGNATURE----- _______________________________________________ nix-dev mailing list [email protected] https://mail.cs.uu.nl/mailman/listinfo/nix-dev
