mirror of
https://github.com/NixOS/nix
synced 2025-06-29 23:13:14 +02:00
e43bb655fe
Below the comment added by this commit is a much longer comment
followed by a trust check, both of which have confused me on at
least two occasions. I figured it out once, forgot it, then had to
ask @Ericson2314 to explain it, at which point I understood it
again. I think this might confuse other people too, or maybe I will
just forget it a third time. So let's add a comment.
Farther down in the function is the following check:
```
if (!(drvType.isCA() || trusted))
throw Error("you are not privileged to build input-addressed derivations");
```
This seems really strange at first. A key property of Nix is that
you can compute the outpath of a derivation using the derivation
(and its references-closure) without trusting anybody!
The missing insight is that at this point in the code the builder
doesn't necessarily have the references-closure of the derivation
being built, and therefore needs to trust that the derivation's
outPath is honest. It's incredibly easy to overlook this, because
the only difference between these two cases is which of these
identically-named functions we used:
- `readDerivation(Source,Store)`
- `Store::readDerivation()`
These functions have different trust models (except in the special
case where the first function is used on the local store). We
should call the reader's attention to this fact.
Co-authored-by: Cole Helbling <cole.e.helbling@outlook.com>
|
||
|---|---|---|
| .. | ||
| build-remote | ||
| libcmd | ||
| libexpr | ||
| libfetchers | ||
| libmain | ||
| libstore | ||
| libutil | ||
| nix | ||
| nix-build | ||
| nix-channel | ||
| nix-collect-garbage | ||
| nix-copy-closure | ||
| nix-env | ||
| nix-instantiate | ||
| nix-store | ||
| resolve-system-dependencies | ||
| toml11 | ||