A modern, delicious implementation of the Nix package manager, focused on correctness, usability, and growth — and committed to doing right by its community https://lix.systems
Find a file
Philip Potter 4f3cf06c97 Verify TLS certificate before downloading binaries
The --insecure flag to curl tells curl not to bother checking if the TLS
certificate presented by the server actually matches the hostname
requested, and actually is issued by a trusted CA chain.  This almost
entirely negates any benefit from using TLS in the first place.

This removes the --insecure flag to ensure we actually have a secure
connection to the intended hostname before downloading binaries.

Manually tested locally within a dev-shell; was able to download
binaries from https://cache.nixos.org without issue.

[Note: --insecure was only used for fetching NARs, whose integrity is
verified by Nix anyway using the hash from the .narinfo. But if we can
fetch the .narinfo without --insecure, we can also fetch the .nar, so
there is not much point to using --insecure. --Eelco]
2016-01-05 14:19:46 +01:00
config Add config.guess, config.sub and install-sh 2013-11-25 11:26:02 +00:00
corepkgs update sandbox profiles within nix 2015-11-14 14:11:03 -08:00
doc propagate NIX_BUILD_SHELL also in pure builds document NIX_BUILD_SHELL in the nix-shell command documentation 2016-01-05 14:11:20 +01:00
misc emacs mode: match keywords on the start/end of symbols 2015-10-10 21:20:49 +02:00
mk Don't pass "--no-copy-dt-needed-entries" option to linker on FreeBSD. 2015-10-06 22:28:30 +02:00
perl Provide addTempRoot in the Perl API 2015-10-09 12:49:47 +02:00
scripts Verify TLS certificate before downloading binaries 2016-01-05 14:19:46 +01:00
src Better error message 2016-01-05 14:13:54 +01:00
tests Support SHA-512 hashes 2015-11-04 16:37:49 +01:00
.gitignore Add exe, dll to .gitignore 2014-12-15 23:34:13 +08:00
bootstrap.sh bootstrap: Simplify & make more robust. 2011-09-06 12:11:05 +00:00
configure.ac Do not override environment CFLAGS and CXXFLAGS 2016-01-05 14:06:51 +01:00
COPYING
dev-shell Make dev-shell script work on Darwin 2014-07-16 11:53:47 +02:00
INSTALL
local.mk Don't depend on git when generating source tarball 2015-10-15 11:53:45 -07:00
Makefile nix-prefetch-url: Rewrite in C++ 2015-10-01 16:47:43 +02:00
Makefile.config.in Merge pull request #704 from ysangkok/freebsd-support 2015-11-24 19:24:21 +01:00
nix.spec.in Update nix.spec.in 2015-08-24 22:25:24 -07:00
README * Install documentation in $(docdir) (i.e. share/doc/nix). 2008-11-19 13:19:09 +00:00
release.nix Make Debian package depend on libcurl3-nss 2015-12-14 19:42:42 -08:00
version Bump version 2015-09-04 10:02:50 +02:00

Nix is a purely functional package manager.  For installation and
usage instructions, please read the manual, which can be found in
`docs/manual/manual.html', and additionally at the Nix website at
<http://nixos.org/>.


Acknowledgments

This product includes software developed by the OpenSSL Project for
use in the OpenSSL Toolkit (http://www.OpenSSL.org/).