On 10-03-2016 07:43:00, Kevin Cox wrote:
> On Mar 10, 2016 5:28 AM, "Eelco Dolstra"
> wrote:
> >
> >
> > In the future Nix will probably store binary cache signatures in its
> database,
> > and provide a command to check local paths against binary caches.
> >
>
> The
On Mar 10, 2016 5:28 AM, "Eelco Dolstra"
wrote:
>
>
> In the future Nix will probably store binary cache signatures in its
database,
> and provide a command to check local paths against binary caches.
>
The problem with this is that if you are running a local command
Hi,
On 09/03/16 15:58, Matthias Beyer wrote:
> I have a question. When calling `nix-store --verify-path
> /nix/store/something`,
> it verifies that the contents of the store path haven't been altered by an
> attacker or some other corruption like bitflips or something, am I right?
>
> It does
On 03/09/2016 04:20 PM, Matthias Beyer wrote:
> It is not clearly stated what database this is, as far as I can tell.
I believe it has to be /nix/var/nix/db/.
Note that if an attacker compromised your system (such as libc etc.),
you can *not* trust what your compromised nix-store ... returns,
I'm referring to the database which is referred to by the manpage of nix-store,
section on "--verify".
It is not clearly stated what database this is, as far as I can tell.
On 10-03-2016 02:02:24, Roger Qiu wrote:
> The database you're referring to is the nixpkgs repository/channel right?
> On
The database you're referring to is the nixpkgs repository/channel right?
On 10/03/2016 1:59 AM, "Matthias Beyer" wrote:
> Hi,
>
> I have a question. When calling `nix-store --verify-path
> /nix/store/something`,
> it verifies that the contents of the store path haven't
Hi,
I have a question. When calling `nix-store --verify-path /nix/store/something`,
it verifies that the contents of the store path haven't been altered by an
attacker or some other corruption like bitflips or something, am I right?
It does so by comparing the hashsum of the directory contents