-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Marc Weber wrote: >> I guess we could have "derivationSecret" and "owners" derivation >> properties. If they are set, derivation is only readable by store owner; >> only direct builds by store owner or local builds via Nix daemon by >> users with names in "owners" list should go on. > > What do you mean by users with names in "owners" ?
A. Brown can instantiate an expression, producing a derivation with owners = ["brown" "smith"]; Brown cannot read the derivation, but if a process owned by him connects to daemon and asks to build this derivation (or reveal its output store path), the request is granted. If J. Smith later comes and wants to instantiate it, everybody goes smooth again. Now, A.N. Adversary comes. Sorry, you are not in the access list of the derivation, daemon replies. The secrecy of the output itself is another question, of course. For system daemons we can use config encryption like gw6c job does. Or we can have outputSecret flag with the same semantics (now A. Brown will have to use nix-dump to retrieve the CD, though) > Do they belong to the group "store_owners" or such? No > In your description: Will every user still be able to build a live cd > which is using the feature derivationSecret ? Yes -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.12 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQEcBAEBAgAGBQJLN3RWAAoJEE6tnN0aWvw39nQIAIjYNLMQmQ2VVx0+qtc/Wze2 r+/gMFuSAdfYqczpqvjJd3iigg3/SpXf6EoIIpABtv3DMKf2nEIfhpFbatj8asDh RPs0UoTNNtTr+Jufi/ziHjbvLfEBYMjKLBo8W2/4qXkuJmBODbz4KBK2QZWkTmp1 PJp5YOjZ/pOtVhk/QmYFH1fbkfS1E8ga4hpCFzhHIYCFp+c2MSnPWC6Rnt0+mlDB DTSE4nBNcgI2gsFHOssQ5lhQXuT3ffvH7xRqGI2+BjALebmipnq8NAAGwdlUCoUQ OqCeT2k+tsMA1ziu4fFTdvE/XTphbVjCPFTXQUVxo4FB7J+OAQhkxkS/dT3GdAw= =1Ek9 -----END PGP SIGNATURE----- _______________________________________________ nix-dev mailing list [email protected] https://mail.cs.uu.nl/mailman/listinfo/nix-dev
