[Nix-dev] Question on package signing and security?

Mon Mar 28 16:03:51 CEST 2016

There's also some discussion on the scope of signatures here:
https://github.com/NixOS/nix/issues/613

On Mon, Mar 28, 2016 at 9:15 AM, Thomas Hunger <tehunger at gmail.com> wrote:

> The manual has some info:
>
> https://nixos.org/nix/manual/#operation-generate-binary-cache-key
>
> It's a fairly straight forward private / public signing scheme.
>
> There's an example on how to verify integrity in the manual as well:
>
> https://nixos.org/nix/manual/#examples-23
>
> ~
>
> On 28 March 2016 at 13:17, Matthias Beyer <mail at beyermatthias.de> wrote:
>
>> Hi,
>>
>> How is package signing this done by nix and how does it work for
>> nixpkgs/nixos?
>> I'm searching for resources on this because of my bachelors thesis and
>> I'm not
>> quite sure nix already does signing and the like.
>>
>> So all the "big" package managers (apt, yum, pacman,...) do some gpg foo
>> to sign
>> packages. How does this work in a nix context? Do we sign packages? Does
>> nix
>> verify signatures? Do we sign expressions?
>>
>> Is there any literature out there? I'm starting reading Eelcos papers
>> now, maybe
>> I can find something in there...
>>
>> (The context I'm asking this in is for traceability and auditability, my
>> thesis
>> focuses on Agent based intrusion detection systems and how they do
>> software
>> installations.)
>>
>> --
>> Mit freundlichen Grüßen,
>> Kind regards,
>> Matthias Beyer
>>
>> Proudly sent with mutt.
>> Happily signed with gnupg.
>>
>> _______________________________________________
>> nix-dev mailing list
>> nix-dev at lists.science.uu.nl
>> http://lists.science.uu.nl/mailman/listinfo/nix-dev
>>
>>
>
> _______________________________________________
> nix-dev mailing list
> nix-dev at lists.science.uu.nl
> http://lists.science.uu.nl/mailman/listinfo/nix-dev
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.science.uu.nl/pipermail/nix-dev/attachments/20160328/6ebfc35b/attachment.html 