I'm referring to the database which is referred to by the manpage of nix-store, section on "--verify".
It is not clearly stated what database this is, as far as I can tell. On 10-03-2016 02:02:24, Roger Qiu wrote: > The database you're referring to is the nixpkgs repository/channel right? > On 10/03/2016 1:59 AM, "Matthias Beyer" <m...@beyermatthias.de> wrote: > > > Hi, > > > > I have a question. When calling `nix-store --verify-path > > /nix/store/something`, > > it verifies that the contents of the store path haven't been altered by an > > attacker or some other corruption like bitflips or something, am I right? > > > > It does so by comparing the hashsum of the directory contents with a hash > > sum > > stored in some database, am I right? > > > > How to know that the database isn't corrupt? > > > > Following scenario: > > > > An attacker altered the libc of my system. The attacker knows how nix > > works > > and alters the hash stored in the database as well. > > Calling `nix-store --verify-path /nix/store/somehash-libc-something` > > exits > > without error now, as the hashes still match. > > > > Or am I getting something wrong here? > > > > -- > > Mit freundlichen Grüßen, > > Kind regards, > > Matthias Beyer > > > > Proudly sent with mutt. > > Happily signed with gnupg. > > > > _______________________________________________ > > nix-dev mailing list > > nix-dev@lists.science.uu.nl > > http://lists.science.uu.nl/mailman/listinfo/nix-dev > > > > -- Mit freundlichen Grüßen, Kind regards, Matthias Beyer Proudly sent with mutt. Happily signed with gnupg.
signature.asc
Description: PGP signature
_______________________________________________ nix-dev mailing list nix-dev@lists.science.uu.nl http://lists.science.uu.nl/mailman/listinfo/nix-dev