[Nix-commits] [NixOS/nix] 0eb200: propagate NIX_BUILD_SHELL also in pure builds docu...

Tue, 05 Jan 2016 05:24:08 -0800 

  Branch: refs/heads/master
  Home:   https://github.com/NixOS/nix
  Commit: 0eb200e569affe89c8850ea993ae0f603f40f742
      
https://github.com/NixOS/nix/commit/0eb200e569affe89c8850ea993ae0f603f40f742
  Author: Fabian Schmitthenner <[email protected]>
  Date:   2016-01-05 (Tue, 05 Jan 2016)

  Changed paths:
    M doc/manual/command-ref/nix-shell.xml
    M scripts/nix-build.in

  Log Message:
  -----------
  propagate NIX_BUILD_SHELL also in pure builds document NIX_BUILD_SHELL in the 
nix-shell command documentation


  Commit: 39d1da7b51e6984a332a7eb68ae4048242b1adb8
      
https://github.com/NixOS/nix/commit/39d1da7b51e6984a332a7eb68ae4048242b1adb8
  Author: Fabian Schmitthenner <[email protected]>
  Date:   2016-01-05 (Tue, 05 Jan 2016)

  Changed paths:
    M src/libexpr/primops.cc

  Log Message:
  -----------
  Better error message

Also show types when nix cannot compare values of different types.
This is also more consistent since types are already shown when comparing 
values of the same not comparable type.


  Commit: 4f3cf06c97cb1f15c74b51b60673a0ed9af0a603
      
https://github.com/NixOS/nix/commit/4f3cf06c97cb1f15c74b51b60673a0ed9af0a603
  Author: Philip Potter <[email protected]>
  Date:   2016-01-05 (Tue, 05 Jan 2016)

  Changed paths:
    M scripts/download-from-binary-cache.pl.in
    M scripts/download-using-manifests.pl.in

  Log Message:
  -----------
  Verify TLS certificate before downloading binaries

The --insecure flag to curl tells curl not to bother checking if the TLS
certificate presented by the server actually matches the hostname
requested, and actually is issued by a trusted CA chain.  This almost
entirely negates any benefit from using TLS in the first place.

This removes the --insecure flag to ensure we actually have a secure
connection to the intended hostname before downloading binaries.

Manually tested locally within a dev-shell; was able to download
binaries from https://cache.nixos.org without issue.

[Note: --insecure was only used for fetching NARs, whose integrity is
verified by Nix anyway using the hash from the .narinfo. But if we can
fetch the .narinfo without --insecure, we can also fetch the .nar, so
there is not much point to using --insecure. --Eelco]


Compare: https://github.com/NixOS/nix/compare/80ebd60e7ca3...4f3cf06c97cb
_______________________________________________
nix-commits mailing list
[email protected]
http://lists.science.uu.nl/mailman/listinfo/nix-commits

Reply via email to