depot - monorepo for the virus lounge

Age	Commit message (Collapse)	Author	Files	Lines
2015-02-04	Sign a subset of the .narinfo	Eelco Dolstra	1	-11/+26
	We only need to sign the store path, NAR hash and references (the "fingerprint"). Everything else is irrelevant to security. For instance, the compression algorithm or the hash of the compressed NAR don't matter as long as the contents of the uncompressed NAR are correct. (Maybe we should include derivers in the fingerprint, but they're broken and nobody cares about them. Also, it might be nice in the future if .narinfos contained signatures from multiple independent signers. But that's impossible if the deriver is included in the fingerprint, since everybody will tend to have a different deriver for the same store path.) Also renamed the "Signature" field to "Sig" since the format changed in an incompatible way.
2015-02-04	Use libsodium instead of OpenSSL for binary cache signing	Eelco Dolstra	1	-10/+9
	Sodium's Ed25519 signatures are much shorter than OpenSSL's RSA signatures. Public keys are also much shorter, so they're now specified directly in the nix.conf option ‘binary-cache-public-keys’. The new command ‘nix-store --generate-binary-cache-key’ generates and prints a public and secret key.
2014-08-20	Use proper quotes everywhere	Eelco Dolstra	1	-10/+11

2014-01-08	Support cryptographically signed binary caches	Eelco Dolstra	1	-3/+37
	NAR info files in binary caches can now have a cryptographic signature that Nix will verify before using the corresponding NAR file. To create a private/public key pair for signing and verifying a binary cache, do: $ openssl genrsa -out ./cache-key.sec 2048 $ openssl rsa -in ./cache-key.sec -pubout > ./cache-key.pub You should also come up with a symbolic name for the key, such as "cache.example.org-1". This will be used by clients to look up the public key. (It's a good idea to number keys, in case you ever need to revoke/replace one.) To create a binary cache signed with the private key: $ nix-push --dest /path/to/binary-cache --key ./cache-key.sec --key-name cache.example.org-1 The public key (cache-key.pub) should be distributed to the clients. They should have a nix.conf should contain something like: signed-binary-caches = * binary-cache-public-key-cache.example.org-1 = /path/to/cache-key.pub If all works well, then if Nix fetches something from the signed binary cache, you will see a message like: *** Downloading ‘http://cache.example.org/nar/7dppcj5sc1nda7l54rjc0g5l1hamj09j-subversion-1.7.11’ (signed by ‘cache.example.org-1’) to ‘/nix/store/7dppcj5sc1nda7l54rjc0g5l1hamj09j-subversion-1.7.11’... On the other hand, if the signature is wrong, you get a message like NAR info file `http://cache.example.org/7dppcj5sc1nda7l54rjc0g5l1hamj09j.narinfo' has an invalid signature; ignoring Signatures are implemented as a single line appended to the NAR info file, which looks like this: Signature: 1;cache.example.org-1;HQ9Xzyanq9iV...muQ== Thus the signature has 3 fields: a version (currently "1"), the ID of key, and the base64-encoded signature of the SHA-256 hash of the contents of the NAR info file up to but not including the Signature line. Issue #75.
2013-10-24	Fix segfault on Darwin	Eelco Dolstra	1	-0/+1
	Ever since SQLite in Nixpkgs was updated to 3.8.0.2, Nix has randomly segfaulted on Darwin: http://hydra.nixos.org/build/6175515 http://hydra.nixos.org/build/6611038 It turns out that this is because the binary cache substituter somehow ends up loading two versions of SQLite: the one in Nixpkgs and the other from /usr/lib/libsqlite3.dylib. It's not exactly clear why the latter is loaded, but it appears to be because WWW::Curl indirectly loads /System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation, which in turn seems to load /usr/lib/libsqlite3.dylib. This leads to a segfault when Perl exits: #0 0x00000001010375f4 in sqlite3_finalize () #1 0x000000010125806e in sqlite_st_destroy () #2 0x000000010124bc30 in XS_DBD__SQLite__st_DESTROY () #3 0x00000001001c8155 in XS_DBI_dispatch () ... #14 0x0000000100023224 in perl_destruct () #15 0x0000000100000d6a in main () ... The workaround is to explicitly load DBD::SQLite before WWW::Curl.
2013-06-20	Don't keep "disabled" substituters running	Eelco Dolstra	1	-1/+4
	For instance, it's pointless to keep copy-from-other-stores running if there are no other stores, or download-using-manifests if there are no manifests. This also speeds things up because we don't send queries to those substituters.
2012-10-17	nix-push: Only generate and copy a NAR if it doesn't already exist	Eelco Dolstra	1	-1/+39
	This prevents unnecessary and slow rebuilds of NARs that already exist in the binary cache.
2012-09-19	Support xz compression in the download-using-manifests substituter	Eelco Dolstra	1	-6/+12

2012-09-13	Delete manifests in "nix-channel --remove" or when a binary cache is available	Eelco Dolstra	1	-21/+39

2012-04-10	Unconfuse Rob	Eelco Dolstra	1	-2/+2

2012-01-03	* Ignore missing manifest symlinks.	Eelco Dolstra	1	-0/+1

2011-11-16	* nix-pull: update the Nix manifest cache if necessary. Also, don't	Eelco Dolstra	1	-4/+4
	read the manifest just to check the version and print the number of paths. This makes nix-pull very fast for the cached cache (speeding up nixos-rebuild without the ‘--no-pull’ or ‘--fast’ options).
2011-11-16	* Don't decompress the manifests in /nix/var/nix/manifest. This saves	Eelco Dolstra	1	-2/+8
	disk space, and, since they're typically only decompressed once (to fill the manifest cache), doesn't make things slower.
2011-11-16	* Remove obsolete line.	Eelco Dolstra	1	-1/+0

2011-11-16	* Re-use prepared statements across insertions into the manifest cache	Eelco Dolstra	1	-8/+12
	DB. This speeds up creating the cache from 16.1s to 7.9s on my system.
2011-10-10	* Install NixManifest.pm, NixConfig.pm and GeneratePatches.pm under	Eelco Dolstra	1	-0/+357
	the Nix:: namespace.