My 'forceOut' clearly will not work as easy as setting it in a stdenv.mkDerivation argument, because there may be multiple calls to mkDerivation for the same derivation name (with different inputs).
The table of correspondences in nix.conf still looks good to me though. It'd be nice if there were an operation that could list all "bash" (derivation name) that have been built with a specific src hash. That'd allow to find out all affected derivations. Regards, Lluís On Sun, Sep 28, 2014 at 12:28:42PM +0200, Lluís Batlle i Rossell wrote: > Hello! > > It could be nice if we had a nix derivation attribute that allowed the > determination of a store path, overriding the hash mechanisms for it. > > Imagine that we have a bash to fix; we could add a line in the bash derivation > attribute set: > forceOut = "whatever store path out" > > It'd be nice if nix tools allowed to list (or mark specially on screen) > derivations that have forceOut paths. It should be applied only in case of > security fixes. > > An operation like "nix-store --repair" should, then, allow for a global system > update. > > Another approach, non intrusive to nixpkgs, would be to allow nix to read > such a > list of hash overrides (hash → desiredHash) from nix.conf or so. It'd allow > for > anyone who cares to get some protection without waiting hydra. > > Of course this makes sense for elf programs or shared objects, and not for > static libs. And hydra should not be using this trick. :) > > What do you think? Maybe all this even exists already. :) > > Regards, > Lluís. > _______________________________________________ > nix-dev mailing list > [email protected] > http://lists.science.uu.nl/mailman/listinfo/nix-dev _______________________________________________ nix-dev mailing list [email protected] http://lists.science.uu.nl/mailman/listinfo/nix-dev
