[Nix-dev] Nix(OS) and passwords ? builtins.writeFileToPath proposal

[Michael Raskin]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Marc Weber wrote:
>> I guess we could have "derivationSecret" and "owners" derivation
>> properties. If they are set, derivation is only readable by store owner;
>> only direct builds by store owner or local builds via Nix daemon by
>> users with names in "owners" list should go on.
> 
> What do you mean by users with names in "owners" ?

A. Brown can instantiate an expression, producing a derivation with

owners = ["brown" "smith"];

Brown cannot read the derivation, but if a process owned by him connects
to daemon and asks to build this derivation (or reveal its output store
path), the request is granted.

If J. Smith later comes and wants to instantiate it, everybody goes
smooth again.

Now, A.N. Adversary comes. Sorry, you are not in the access list of the
derivation, daemon replies.

The secrecy of the output itself is another question, of course. For
system daemons we can use config encryption like gw6c job does. Or we
can have outputSecret flag with the same semantics (now A. Brown will
have to use nix-dump to retrieve the CD, though)

> Do they belong to the group "store_owners" or such?

No

> In your description: Will every user still be able to build a live cd
> which is using the feature derivationSecret ?

Yes
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.12 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQEcBAEBAgAGBQJLN3RWAAoJEE6tnN0aWvw39nQIAIjYNLMQmQ2VVx0+qtc/Wze2
r+/gMFuSAdfYqczpqvjJd3iigg3/SpXf6EoIIpABtv3DMKf2nEIfhpFbatj8asDh
RPs0UoTNNtTr+Jufi/ziHjbvLfEBYMjKLBo8W2/4qXkuJmBODbz4KBK2QZWkTmp1
PJp5YOjZ/pOtVhk/QmYFH1fbkfS1E8ga4hpCFzhHIYCFp+c2MSnPWC6Rnt0+mlDB
DTSE4nBNcgI2gsFHOssQ5lhQXuT3ffvH7xRqGI2+BjALebmipnq8NAAGwdlUCoUQ
OqCeT2k+tsMA1ziu4fFTdvE/XTphbVjCPFTXQUVxo4FB7J+OAQhkxkS/dT3GdAw=
=1Ek9
-----END PGP SIGNATURE-----