a47e055e09
These settings are not needed for libstore at all, they are just used by the nix daemon *command* for authorization on unix domain sockets. My moving them to a new configuration struct just in that file, we avoid them leaking anywhere else. Also, it is good to break up the mammoth `Settings` struct in general. Issue #5638 tracks this. The message is not changed because I do not want to regress in convenience to the user. Just saying "this connection is not trusted" doesn't tell them out to fix the issue. The ideal thing to do would be to somehow parameterize `processCommand` on how the error should be displayed, so different sorts of connections can display different information to the user based on how authentication is performed for the connection in question. This, however, is a good bit more work, so it is left for the future. This came up with me thinking about the tcp:// store (#5265). The larger project is not TCP *per se*, but the idea that it should be possible for something else to manage access control to services like the Nix Daemon, and those services simply trust or trust the incoming connection as they are told. This is a more capability-oriented way of thinking about trust than "every server implements its own auth separately" as we are used to today. Its very great that libstore itself already implements just this model, and so via this refactor I basically want to "enshrine" that so it continues to be the case. |
||
---|---|---|
.github | ||
config | ||
contrib | ||
doc/manual | ||
m4 | ||
maintainers | ||
misc | ||
mk | ||
perl | ||
scripts | ||
src | ||
tests | ||
.dir-locals.el | ||
.editorconfig | ||
.gitignore | ||
.version | ||
boehmgc-coroutine-sp-fallback.diff | ||
bootstrap.sh | ||
configure.ac | ||
COPYING | ||
default.nix | ||
docker.nix | ||
flake.lock | ||
flake.nix | ||
local.mk | ||
Makefile | ||
Makefile.config.in | ||
precompiled-headers.h | ||
README.md | ||
shell.nix |
Nix
Nix is a powerful package manager for Linux and other Unix systems that makes package management reliable and reproducible. Please refer to the Nix manual for more details.
Installation
On Linux and macOS the easiest way to install Nix is to run the following shell command (as a user other than root):
$ curl -L https://nixos.org/nix/install | sh
Information on additional installation methods is available on the Nix download page.
Building And Developing
See our Hacking guide in our manual for instruction on how to build nix from source with nix-build or how to get a development environment.
Additional Resources
- Nix manual
- Nix jobsets on hydra.nixos.org
- NixOS Discourse
- Matrix - #nix:nixos.org
- IRC - #nixos on libera.chat
License
Nix is released under the LGPL v2.1.