[Nix-dev] Nix(OS) and passwords ? builtins.writeFileToPath proposal

Michael Raskin 7c6f434c at mail.ru
Sat Dec 26 15:06:44 CET 2009


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Nicolas Pierron wrote:
> I though multiple times of this issues.  I see an other solution which
> implies the implementation of the following rules:
> 
>    - Restricted file/data should not be copied into the store and
> should cause the failure of the build process.
>    - The permission of a derivation correspond to the intersection of
> all dependencies permissions.

Or easier.. One can mark derivation "restricted". Then it is only
readable to Nix daemon and root.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.12 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQEcBAEBAgAGBQJLNhhzAAoJEE6tnN0aWvw303MH/0JTa9TtDvDdKWjRC/4lVIyK
8GrQ62pBY8BPCF2u2WuJTSdwRqe5cH0eVcyD2TKR1jF+sCM+PGbiQ4Duk5pwoIZw
mKBguedSJu046V7wZbNW2tV2LoEuP/Gqtn6Muke9OTNbxK2YlEWo6EpCJAlS5b63
BJZGoe0bBa7/Cd8w4FbkQKqRY0Axcssqu/0GSVqoey3yYpiAqwKF6KjN4IB/MocT
4++gyRYxs6ENi1PyFDQbELmDkJlDMY6mjbM20SGAzqsR/f/y4IUVX3y4nYrBtydH
JFqcoLpG+CzPjEgRA1XMXWBLej/ZdDiG+8GwKZsxZ310q9mbxR/xTklLkuX92DY=
=nURz
-----END PGP SIGNATURE-----



More information about the nix-dev mailing list