![]() ![]() StorePath: /nix/store/xvp2wr01fi27j0ycxqmdg6q4frsiv82s-libnotify-0.8.1 Additionally, NAR packs and unpacks deterministically, and you can read the implementation in the Nix thesis. narinfo file that (a Nix substituted) serves that is signed, contains both the NAR Hash and the hash of the NAR Archive File as well. ![]() When you say it is not the right end-to-end solution for all cases, I am wondering what case you have in mind that a NAR Hash would not be suitable for. It's a good solution in limited cases such as Nix and Go modules, but it's not the right end-to-end solution for all cases. Even if there were, such tools would need to be able to parse every kind of file that people might be downloading as part of a build, not just tar files. In contrast, there are not widespread, standard tools or libraries for the "NAR Hash" nor the Go "directory hash". Essentially every programming language ships with or has easily accessible libraries to do the same. There are widespread, standard tools to run a SHA256 over a downloaded file, and those tools work on _any_ downloaded file. I am not here advocating that everyone switch to this basic directory hash either, because it's not a solution to the more general problem that many systems are solving, namely validating _any_ downloaded file, not just file archives. The Go modules "directory hash" is roughly equivalent, although we defined it in terms of somewhat more standard tooling: it is the output of Nix is not the only system that takes this approach. You're not wrong, but you're also not being realistic. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |