New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
s3: make scheme configurable #2566
Conversation
Please also extend this list: https://github.com/NixOS/nix/blob/master/doc/manual/packages/s3-substituter.xml#L28 |
This enables using for http for S3 request for debugging or implementations that don't have https configured. This is not a problem for binary caches since they should not contain sensitive information. Both package signatures and AWS auth already protect against tampering.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Docs nit, but looks pretty good to me!
<para> | ||
This enables using for http for S3 request for debugging or | ||
implementations that don't have https configured. Should not | ||
be used if the cache might contain sensitive information. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Let's put <example>https</example> (default) or <example>http</example>
at the start, and then something like:
This option allows you to disable HTTPS for binary caches which don't support it. HTTPS should be used if the cache might contain sensitive information.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks nice to me.
This enables using for http for S3 request for debugging or
implementations that don't have https configured. This is not a problem
for binary caches since they should not contain sensitive information.
Both package signatures and AWS auth already protect against tampering.