Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Allow trustless building of CA derivations --- contains #3922 #3918

Merged
merged 4 commits into from Aug 17, 2020
Merged

Allow trustless building of CA derivations --- contains #3922 #3918

merged 4 commits into from Aug 17, 2020

Conversation

Ericson2314
Copy link
Member

@Ericson2314 Ericson2314 commented Aug 11, 2020
edited

Include a long comment explaining the policy. Perhaps this can be moved
to the manual at some point in the future.

Also bump the daemon protocol minor version, so clients can tell whether
wopBuildDerivation supports trustless CA derivation building. I hope
to take advantage of this in a follow-up PR to support trustless remote
building with the minimal sending of derivation closures.

Progress towards #2789.

Kha
Kha reviewed Aug 12, 2020
View reviewed changes
src/libstore/daemon.cc Outdated Show resolved Hide resolved
@Ericson2314
Make system-features a store setting
4720853 
This seems more correct. It also means one can specify the features a
store should support with --store and remote-store=..., which is useful.
I use this to clean up the build remotes test.
@Ericson2314
Merge branch 'daemon-auth-cleanup' of github.com:obsidiansystems/nix …
5d67f18 
…into HEAD
@Ericson2314
Test RemoteStore::buildDerivation
d2f2be0 
Fix `wopNarFromPath` which needed a `toRealPath`.
@Ericson2314
Allow trustless building of CA derivations
5ccd945 
Include a long comment explaining the policy. Perhaps this can be moved
to the manual at some point in the future.

Also bump the daemon protocol minor version, so clients can tell whether
`wopBuildDerivation` supports trustless CA derivation building. I hope
to take advantage of this in a follow-up PR to support trustless remote
building with the minimal sending of derivation closures.
@Ericson2314 Ericson2314 changed the title Allow trustless building of CA derivations Allow trustless building of CA derivations --- contains #3922 Aug 13, 2020
@edolstra edolstra merged commit 847a539 into NixOS:master Aug 17, 2020
@Ericson2314 Ericson2314 deleted the ca-no-need-trust branch August 17, 2020 12:49
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Kha Kha Kha left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@Ericson2314 @Kha @edolstra