[Nix-dev] Binary trust

Kirill Elagin kirelagin at gmail.com
Thu Apr 16 22:41:26 CEST 2015


That’s not cool at all.

An easy way would be to force TLS.
Another option could be to sign NARs with a certificate tied to the
hostname of the trusted binary cache and issued by a special NixOS/Nixpkgs
CA.

On Thu, Apr 16, 2015 at 11:30 PM Peter Simons <simons at cryp.to> wrote:

> Hi Kirill,
>
>  > Actually, that’s an interesting question. I always assumed they were
>  > signed (AFAIK `nix-store` is able to check signatures contained inside
>  > NAR-files), but now I wonder how does hydra.cryp.to sign NAR’s…
>
> it's my understanding that the content from binary caches is not signed in
> any meaningful way. If you're downloading pre-compiled binaries from
> hydra.cryp.to or anywhere else, then you're living in the Wild West,
> essentially. Anyone with the ability to mess with those machines (or the
> transport layer between you and the cache) can inject trojan horses into
> your system as they please.
>
> Best regards,
> Peter
>
> _______________________________________________
> nix-dev mailing list
> nix-dev at lists.science.uu.nl
> http://lists.science.uu.nl/mailman/listinfo/nix-dev
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.science.uu.nl/pipermail/nix-dev/attachments/20150416/864e9a38/attachment.html 


More information about the nix-dev mailing list