Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

s3: make scheme configurable #2566

Merged
merged 2 commits into from Dec 9, 2018
Merged

s3: make scheme configurable #2566

merged 2 commits into from Dec 9, 2018

Conversation

LnL7
Copy link
Member

@LnL7 LnL7 commented Dec 7, 2018

This enables using for http for S3 request for debugging or
implementations that don't have https configured. This is not a problem
for binary caches since they should not contain sensitive information.
Both package signatures and AWS auth already protect against tampering.

@grahamc
Copy link
Member

grahamc commented Dec 7, 2018

Please also extend this list: https://github.com/NixOS/nix/blob/master/doc/manual/packages/s3-substituter.xml#L28

@LnL7
s3: make scheme configurable
898823b 
This enables using for http for S3 request for debugging or
implementations that don't have https configured.  This is not a problem
for binary caches since they should not contain sensitive information.
Both package signatures and AWS auth already protect against tampering.
grahamc
grahamc reviewed Dec 7, 2018
View reviewed changes
Copy link
Member

@grahamc grahamc left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Docs nit, but looks pretty good to me!

doc/manual/packages/s3-substituter.xml Outdated
<para>
This enables using for http for S3 request for debugging or
implementations that don't have https configured. Should not
be used if the cache might contain sensitive information.
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Let's put <example>https</example> (default) or <example>http</example> at the start, and then something like:

This option allows you to disable HTTPS for binary caches which don't support it. HTTPS should be used if the cache might contain sensitive information.

grahamc
grahamc approved these changes Dec 8, 2018
View reviewed changes
Copy link
Member

@grahamc grahamc left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks nice to me.

@edolstra edolstra merged commit 18ecd08 into NixOS:master Dec 9, 2018
@LnL7 LnL7 deleted the s3-scheme branch September 22, 2019 10:50
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@grahamc grahamc grahamc approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@LnL7 @grahamc @edolstra