В письме от Вторник 25 июня 2013 14:28:14 пользователь Vladimír Čunát написал: > On 06/25/2013 02:24 PM, [email protected] wrote: > > Nothing of what is currently enabled causes > > nondeterminism, or at > > Great. There's no need to sanitize nondet. sources that aren't used > (e.g. there's gethostid). > > But the time is everywhere... many apps just "must" know how/where/when > they were built (e.g. see uname -v).
In fact, sanitization is a very useful thing if you want to reliably cache builds. If you intercept all syscalls, you can have a total list of build inputs(not only files). Basically, the build system has no other option but to produce the same output(and thus it can be safely cached), unless it performs a benchmarking attack to get some entropy. The most popular such attack is parallel builds :) It's quite possible that there's a useful combination of letting some syscalls pass(like reading files from nixos store), sanitizing others and patching the build system to not touch weird stuff. Useful for caching most of cpu-intensive stuff that is. _______________________________________________ nix-dev mailing list [email protected] http://lists.science.uu.nl/mailman/listinfo/nix-dev
