diff options
author | regnat <rg@regnat.ovh> | 2021-05-27 13:25:25 +0200 |
---|---|---|
committer | Eelco Dolstra <edolstra@gmail.com> | 2021-06-01 15:09:24 +0200 |
commit | 5985b8b5275605ddd5e92e2f0a7a9f494ac6e35d (patch) | |
tree | d44bdb69d99952539e01570f2f6dc95ef5e714d8 /src/nix/flake-check.md | |
parent | 48396d940ee0f68080cfe99544a50a884b30fea6 (diff) |
Check the CA hash when importing stuff in the local store
When adding a path to the local store (via `LocalStore::addToStore`),
ensure that the `ca` field of the provided `ValidPathInfo` does indeed
correspond to the content of the path.
Otherwise any untrusted user (or any binary cache) can add arbitrary
content-addressed paths to the store (as content-addressed paths don’t
need a signature).
Diffstat (limited to 'src/nix/flake-check.md')
0 files changed, 0 insertions, 0 deletions