coding-conventions.chapter.md: update to account for #89885 #191378
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This PR: #89885 ensures that fetches are done securely (i.e. without `--insecure`) when the `hash` parameter is one of the four special "fake" hashes. However the manual was not updated in that PR. This commit updates the manual to account for the already-merged changes from that PR.
ghost
requested a review
from 
ghost
mentioned this pull request
ofborg
bot
added
10.rebuild-darwin: 0
fricklerhandwerk
requested changes
Sep 16, 2022
Co-authored-by: Valentin Gagarin <valentin.gagarin@tweag.io>
Co-authored-by: Valentin Gagarin <valentin.gagarin@tweag.io>
fricklerhandwerk
approved these changes
Oct 12, 2022
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description of changes
This PR: #89885 ensures that fetches are done securely (i.e. without
--insecure) when thehashparameter is one of the four special "fake" hashes. However the manual was not updated in that PR. This commit updates the manual to account for the already-merged changes from that PR.ping @matthewbauer
Future-proofing
It would probably be a good idea if Nix didn't print out the complete unexpected hash of insecure fetches on the console, in order to deter people from copy-and-pasting it. For example, by default the error message printed to the console could deliberately garble a few characters in the middle of the hash by replacing them with an invalid character like
.unless--option dammit-give-me-the-footgunis set.The question is how to communicate to Nix that the fetch was insecure. I see two possibilities:
Nix adopts the nixpkgs convention that if expected-hash is
"",lib.fakeHash,lib.fakeSha256, orlib.fakeSha512then the unexpected-hash was computed over something which was fetched securely. This could be considered a layering violation.A new derivation attribute
__insecurefor FODs is added, which tells Nix that the fetch was performed insecurely. Since this would appear only on FODs it shouldn't affect any outpath addresses. It should probably also be allowed on__impurederivations, and be inherited by FODs which depend on__insecure __impurederivations.@edolstra if either of these approaches sounds acceptable to you I will implement it.
Things done
sandbox = trueset innix.conf? (See Nix manual)nix-shell -p nixpkgs-review --run "nixpkgs-review rev HEAD". Note: all changes have to be committed, also see nixpkgs-review usage./result/bin/)nixos/doc/manual/md-to-db.shto update generated release notes