nordic-dev.net/nix
nordic-dev.net/nix
2
0
Fork 0
mirror of https://github.com/NixOS/nix.git synced 2024-11-22 14:52:55 +00:00
Code Issues Packages Projects Releases Wiki Activity

builtin:fetchurl: Enable TLS verification

Browse Source 
This is better for privacy and to avoid leaking netrc credentials in a
MITM attack, but also the assumption that we check the hash no longer
holds in some cases (in particular for impure derivations).

Partially reverts 5db358d4d7.

(cherry picked from commit c04bc17a5a)
This commit is contained in:
Eelco Dolstra 2024-09-23 15:09:44 +02:00 committed by Mergify
parent 691f67d83e
commit c65ce6c6ec
1 changed files with 0 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
src/libstore/builtins/fetchurl.cc
View File

@ -34,10 +34,7 @@ void builtinFetchurl(const BasicDerivation & drv, const std::string & netrcData)
auto source = sinkToSource([&](Sink & sink) { auto source = sinkToSource([&](Sink & sink) {
/* No need to do TLS verification, because we check the hash of
the result anyway. */
FileTransferRequest request(url); FileTransferRequest request(url);
request.verifyTLS = false;
request.decompress = false; request.decompress = false;
auto decompressor = makeDecompressionSink( auto decompressor = makeDecompressionSink(