| Age | Commit message (Collapse) | Author | |
|---|---|---|---|
| 2024-09-26 | Fix passing custom CA files into the builtin:fetchurl sandbox | Puck Meerburg | |
| Without this, verifying TLS certificates would fail on macOS, as well as any system that doesn't have a certificate file at /etc/ssl/certs/ca-certificates.crt, which includes e.g. Fedora. Change-Id: Iaa2e0e9db3747645b5482c82e3e0e4e8f229f5f9 | |||
| 2024-09-25 | [security] builtin:fetchurl: Enable TLS verification | Eelco Dolstra | |
| This is better for privacy and to avoid leaking netrc credentials in a MITM attack, but also the assumption that we check the hash no longer holds in some cases (in particular for impure derivations). Partially reverts https://github.com/NixOS/nix/commit/5db358d4d78aea7204a8f22c5bf2a309267ee038. (cherry picked from commit c04bc17a5a0fdcb725a11ef6541f94730112e7b6) (cherry picked from commit f2f47fa725fc87bfb536de171a2ea81f2789c9fb) (cherry picked from commit 7b39cd631e0d3c3d238015c6f450c59bbc9cbc5b) Upstream-PR: https://github.com/NixOS/nix/pull/11585 Change-Id: Ia973420f6098113da05a594d48394ce1fe41fbb9 | |||
 |
index : lix | |
| User & |
| aboutsummaryrefslogtreecommitdiff |