>Of course running nix-prefetch-git is an option, however checking
>whether a store path representing { url = ..; hash = .. } already exists
>is harder. If you run nix-prefetch-git twice it will fetch twice
>(waste). I haven't looked for options.nix-store --check-validity $(nix-store -q --outputs $(nix-instantiate expression.nix -A src)) ? Also, I do use fresh checkouts as src for various Nix expressions. I just added a repository set to chroot-accessible locations and do what you say (telling only git hashes to Nix). >If nix could handle this, I could just create a .nix file and I'd always >get what I want: the source - if it exists I would not have to bother at >all. >So comment on whether you see huge security risks using git url and >git's hash only. It is not so much security risks as it is about special case being a separate source of bugs. _______________________________________________ nix-dev mailing list nix-dev@lists.science.uu.nl http://lists.science.uu.nl/mailman/listinfo/nix-dev
