lix/scripts
Eelco Dolstra f3a5930488 Sign a subset of the .narinfo
We only need to sign the store path, NAR hash and references (the
"fingerprint"). Everything else is irrelevant to security. For
instance, the compression algorithm or the hash of the compressed NAR
don't matter as long as the contents of the uncompressed NAR are
correct.

(Maybe we should include derivers in the fingerprint, but they're
broken and nobody cares about them. Also, it might be nice in the
future if .narinfos contained signatures from multiple independent
signers. But that's impossible if the deriver is included in the
fingerprint, since everybody will tend to have a different deriver for
the same store path.)

Also renamed the "Signature" field to "Sig" since the format changed
in an incompatible way.
2015-02-04 17:59:31 +01:00
..
build-remote.pl.in
copy-from-other-stores.pl.in Shut up "Wide character in print" warning in copy-from-other-stores.pl 2015-01-15 17:56:56 +01:00
download-from-binary-cache.pl.in Set correct user agent for NAR downloads from binary caches 2015-01-15 12:05:27 +01:00
download-using-manifests.pl.in
find-runtime-roots.pl.in
install-nix-from-closure.sh Install cacert before running nix-channel 2014-12-13 16:53:21 +01:00
local.mk
nix-build.in Moves runHook to a later execution position 2015-01-28 13:39:48 +01:00
nix-channel.in
nix-collect-garbage.in
nix-copy-closure.in
nix-generate-patches.in
nix-http-export.cgi.in
nix-install-package.in nix-install-package: follow symlinks 2015-01-30 11:30:21 +01:00
nix-prefetch-url.in
nix-profile.sh.in Always use https to fetch the Nixpkgs channel 2014-12-10 11:35:56 +01:00
nix-pull.in
nix-push.in Sign a subset of the .narinfo 2015-02-04 17:59:31 +01:00
nix-reduce-build.in
show-duplication.pl