4f3cf06c97
The --insecure flag to curl tells curl not to bother checking if the TLS certificate presented by the server actually matches the hostname requested, and actually is issued by a trusted CA chain. This almost entirely negates any benefit from using TLS in the first place. This removes the --insecure flag to ensure we actually have a secure connection to the intended hostname before downloading binaries. Manually tested locally within a dev-shell; was able to download binaries from https://cache.nixos.org without issue. [Note: --insecure was only used for fetching NARs, whose integrity is verified by Nix anyway using the hash from the .narinfo. But if we can fetch the .narinfo without --insecure, we can also fetch the .nar, so there is not much point to using --insecure. --Eelco] |
||
---|---|---|
config | ||
corepkgs | ||
doc | ||
misc | ||
mk | ||
perl | ||
scripts | ||
src | ||
tests | ||
.gitignore | ||
bootstrap.sh | ||
configure.ac | ||
COPYING | ||
dev-shell | ||
INSTALL | ||
local.mk | ||
Makefile | ||
Makefile.config.in | ||
nix.spec.in | ||
README | ||
release.nix | ||
version |
Nix is a purely functional package manager. For installation and usage instructions, please read the manual, which can be found in `docs/manual/manual.html', and additionally at the Nix website at <http://nixos.org/>. Acknowledgments This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit (http://www.OpenSSL.org/).