Re: [Nix-dev] Linux Libertine: Source vs. OTF
On 03/09/2016 10:04 AM, Sergiu Ivanov wrote: > I have installed linux-libertine-5.3.0 and am having quite a bit of > trouble with the fonts and XeLaTeX: Note that the new texlive packaging includes the `libertine` package which also contains latex class for it etc. It might solve the problems. (If you don't know this texlive packagin, basic user docs is at: https://github.com/NixOS/nixpkgs/blob/master/pkgs/tools/typesetting/tex/texlive-new/default.nix#L1 ) > Is there a specific reason to install Linux Libertine from source, > instead of just downloading the pre-built OTF/TTF/whatever files? I don't know that. On desktop the fonts seemed to always work fine for me, including accented letters (CZ). --Vladimir smime.p7s Description: S/MIME Cryptographic Signature ___ nix-dev mailing list nix-dev@lists.science.uu.nl http://lists.science.uu.nl/mailman/listinfo/nix-dev
Re: [Nix-dev] When calling nix-store --verify-path - How to know the hash database is not corrupt?
On 03/09/2016 04:20 PM, Matthias Beyer wrote: > It is not clearly stated what database this is, as far as I can tell. I believe it has to be /nix/var/nix/db/. Note that if an attacker compromised your system (such as libc etc.), you can *not* trust what your compromised nix-store ... returns, regardless of measures we (originally) took in that executable. --Vladimir smime.p7s Description: S/MIME Cryptographic Signature ___ nix-dev mailing list nix-dev@lists.science.uu.nl http://lists.science.uu.nl/mailman/listinfo/nix-dev
Re: [Nix-dev] When calling nix-store --verify-path - How to know the hash database is not corrupt?
I'm referring to the database which is referred to by the manpage of nix-store, section on "--verify". It is not clearly stated what database this is, as far as I can tell. On 10-03-2016 02:02:24, Roger Qiu wrote: > The database you're referring to is the nixpkgs repository/channel right? > On 10/03/2016 1:59 AM, "Matthias Beyer" wrote: > > > Hi, > > > > I have a question. When calling `nix-store --verify-path > > /nix/store/something`, > > it verifies that the contents of the store path haven't been altered by an > > attacker or some other corruption like bitflips or something, am I right? > > > > It does so by comparing the hashsum of the directory contents with a hash > > sum > > stored in some database, am I right? > > > > How to know that the database isn't corrupt? > > > > Following scenario: > > > > An attacker altered the libc of my system. The attacker knows how nix > > works > > and alters the hash stored in the database as well. > > Calling `nix-store --verify-path /nix/store/somehash-libc-something` > > exits > > without error now, as the hashes still match. > > > > Or am I getting something wrong here? > > > > -- > > Mit freundlichen Grüßen, > > Kind regards, > > Matthias Beyer > > > > Proudly sent with mutt. > > Happily signed with gnupg. > > > > ___ > > nix-dev mailing list > > nix-dev@lists.science.uu.nl > > http://lists.science.uu.nl/mailman/listinfo/nix-dev > > > > -- Mit freundlichen Grüßen, Kind regards, Matthias Beyer Proudly sent with mutt. Happily signed with gnupg. signature.asc Description: PGP signature ___ nix-dev mailing list nix-dev@lists.science.uu.nl http://lists.science.uu.nl/mailman/listinfo/nix-dev
Re: [Nix-dev] When calling nix-store --verify-path - How to know the hash database is not corrupt?
The database you're referring to is the nixpkgs repository/channel right? On 10/03/2016 1:59 AM, "Matthias Beyer" wrote: > Hi, > > I have a question. When calling `nix-store --verify-path > /nix/store/something`, > it verifies that the contents of the store path haven't been altered by an > attacker or some other corruption like bitflips or something, am I right? > > It does so by comparing the hashsum of the directory contents with a hash > sum > stored in some database, am I right? > > How to know that the database isn't corrupt? > > Following scenario: > > An attacker altered the libc of my system. The attacker knows how nix > works > and alters the hash stored in the database as well. > Calling `nix-store --verify-path /nix/store/somehash-libc-something` > exits > without error now, as the hashes still match. > > Or am I getting something wrong here? > > -- > Mit freundlichen Grüßen, > Kind regards, > Matthias Beyer > > Proudly sent with mutt. > Happily signed with gnupg. > > ___ > nix-dev mailing list > nix-dev@lists.science.uu.nl > http://lists.science.uu.nl/mailman/listinfo/nix-dev > > ___ nix-dev mailing list nix-dev@lists.science.uu.nl http://lists.science.uu.nl/mailman/listinfo/nix-dev
[Nix-dev] When calling nix-store --verify-path - How to know the hash database is not corrupt?
Hi, I have a question. When calling `nix-store --verify-path /nix/store/something`, it verifies that the contents of the store path haven't been altered by an attacker or some other corruption like bitflips or something, am I right? It does so by comparing the hashsum of the directory contents with a hash sum stored in some database, am I right? How to know that the database isn't corrupt? Following scenario: An attacker altered the libc of my system. The attacker knows how nix works and alters the hash stored in the database as well. Calling `nix-store --verify-path /nix/store/somehash-libc-something` exits without error now, as the hashes still match. Or am I getting something wrong here? -- Mit freundlichen Grüßen, Kind regards, Matthias Beyer Proudly sent with mutt. Happily signed with gnupg. signature.asc Description: PGP signature ___ nix-dev mailing list nix-dev@lists.science.uu.nl http://lists.science.uu.nl/mailman/listinfo/nix-dev
[Nix-dev] Linux Libertine: Source vs. OTF
Hello, I have installed linux-libertine-5.3.0 and am having quite a bit of trouble with the fonts and XeLaTeX: - small caps are not included into Linux Libertine O font face, by default, so I have to use something like \setmainfont[SmallCapsFont={Linux Libertine Initials O}]{Linux Libertine O} even though, normally, this is not required, - even if I set the small caps font explicitly, I get weird rendering effects: \textsc{H} will make the capital H quite blurry, with some weird contour around it, - non-Latin small caps are missing: I get a box with a cross when I do \textsc{ă}. Looking at the definition of the package [0], I noticed that the fonts are built from source _locally_. On an impulse, I threw together a package that downloads OTF files directly (thus, nothing is build locally). Weirdly enough, it solved all my problems: the fonts behaved just as I expected. I have texlive-full on my machine. Has anyone else experienced anything like this? Is there a specific reason to install Linux Libertine from source, instead of just downloading the pre-built OTF/TTF/whatever files? -- Sergiu [0] https://github.com/NixOS/nixpkgs/blob/0b3becb2697a8d0a00344cc3370a7d7ad67290fc/pkgs/data/fonts/libertine/default.nix signature.asc Description: PGP signature ___ nix-dev mailing list nix-dev@lists.science.uu.nl http://lists.science.uu.nl/mailman/listinfo/nix-dev