Skip to content
This repository was archived by the owner on Dec 16, 2021. It is now read-only.
Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: NixOS/docker
Failed to load repositories. Confirm that selected base ref is valid, then try again.
Loading
base: 3a8d3774bec1
Choose a base ref
...
head repository: NixOS/docker
Failed to load repositories. Confirm that selected head ref is valid, then try again.
Loading
compare: 003412658ea4
Choose a head ref
  • 1 commit
  • 1 file changed
  • 1 contributor

Commits on Oct 4, 2019

  1. Drop the sha256sum verification. 

    Checking the sha256 fingerprint of the downloaded archive doesn't
accomplish anything for 2 reasons:

 (1) We download via HTTPS, so the archive is authenticated already.

 (2) This entire build runs on untrusted hardware, so verifying the
     input doesn't add any "security" anyway. Nobody knows what
     hub.docker.com does exactly while building that image.
    @peti
    peti committed Oct 4, 2019
    Copy the full SHA
    0034126 View commit details
Showing with 0 additions and 1 deletion.
  1. +0 −1 Dockerfile
1 change: 0 additions & 1 deletion Dockerfile
View file
Original file line number Diff line number Diff line change
@@ -8,7 +8,6 @@ RUN apk add --no-cache --update openssl \

# Download Nix and install it into the system.
RUN wget https://nixos.org/releases/nix/nix-2.3/nix-2.3-x86_64-linux.tar.xz \
&& echo "e43f6947d1f302b6193302889e7800f3e3dd4a650b6f929c668c894884a02701 nix-2.3-x86_64-linux.tar.xz" | sha256sum -c \
&& tar xf nix-2.3-x86_64-linux.tar.xz \
&& addgroup -g 30000 -S nixbld \
&& for i in $(seq 1 30); do adduser -S -D -h /var/empty -g "Nix build user $i" -u $((30000 + i)) -G nixbld nixbld$i ; done \