Allow HTTP binary cache to request absolute uris #3981
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
domenkozar
commented
Sep 1, 2020
|
Yeah I don't think this is a major security concern since we're checking the NAR hash. |
|
I wouldn't say I trust my binary store. I only trust the signature from it. |
edolstra
reviewed
Sep 1, 2020
domenkozar
force-pushed
the
http-binary-cache-allow-absolute-urls
branch
from
a02ff51
to
dd4b56c
Compare
|
@Kloenk if you use the signing mechanism then it doesn't matter where the files are coming from, you trust the person that signed the contents. If you don't use signing, then you trust the binary cache. Either way it doesn't matter much where the content is coming from. @edolstra ready for re-review. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
@edolstra I'm not sure if this opens up any security concerns, but I'd like narinfo to point to nar url that doesn't match binary cache uri prefix.
My thinking is if you trust the binary cache you can also trust uri requests it returns.