forked from lix-project/lix
4f3cf06c97
The --insecure flag to curl tells curl not to bother checking if the TLS certificate presented by the server actually matches the hostname requested, and actually is issued by a trusted CA chain. This almost entirely negates any benefit from using TLS in the first place. This removes the --insecure flag to ensure we actually have a secure connection to the intended hostname before downloading binaries. Manually tested locally within a dev-shell; was able to download binaries from https://cache.nixos.org without issue. [Note: --insecure was only used for fetching NARs, whose integrity is verified by Nix anyway using the hash from the .narinfo. But if we can fetch the .narinfo without --insecure, we can also fetch the .nar, so there is not much point to using --insecure. --Eelco] |
||
|---|---|---|
| config | ||
| corepkgs | ||
| doc | ||
| misc | ||
| mk | ||
| perl | ||
| scripts | ||
| src | ||
| tests | ||
| .gitignore | ||
| bootstrap.sh | ||
| configure.ac | ||
| COPYING | ||
| dev-shell | ||
| INSTALL | ||
| local.mk | ||
| Makefile | ||
| Makefile.config.in | ||
| nix.spec.in | ||
| README | ||
| release.nix | ||
| version | ||
Nix is a purely functional package manager. For installation and usage instructions, please read the manual, which can be found in `docs/manual/manual.html', and additionally at the Nix website at <http://nixos.org/>. Acknowledgments This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit (http://www.OpenSSL.org/).