nixos/rfcs
1
0
Fork 0
mirror of https://github.com/NixOS/rfcs.git synced 2025-11-13 05:56:14 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

17: updates from comments

Browse source
This commit is contained in:
Wout Mertens 2020-11-05 14:13:34 +01:00
parent 1c7f74926e
commit e9c3340eff
1 changed files with 2 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

3
rfcs/0017-intensional-store.md
View file

@ -32,6 +32,7 @@ By using content hashes instead of output hashes, we can:
- make the Nix store network-writeable and world-shareable - make the Nix store network-writeable and world-shareable
- predefine mappings from output to content hash without building - predefine mappings from output to content hash without building
- store paths can be verified without access to the Nix Store DB - store paths can be verified without access to the Nix Store DB
- public trust mappings allow detecting non-reproducible builds
Additionally, this is an opportunity to move the Nix store to a filesystem location supported by most non-NixOS systems, namely `/var/lib/nix`. Additionally, this is an opportunity to move the Nix store to a filesystem location supported by most non-NixOS systems, namely `/var/lib/nix`.
@ -175,7 +176,7 @@ To make sure only the build's own references need rewriting, it is recommended t
After the build, its `$cas` is calculated and any occurences of the build path are replaced with `/var/lib/nix/$cas`. After the build, its `$cas` is calculated and any occurences of the build path are replaced with `/var/lib/nix/$cas`.
If there undetected build path references, they might cause the finished entry to work incorrectly, and they will cause `$cas` to differ on every build of `$out`. This must be handled on a case-by-case basis. If there undetected build path references, they might cause the finished entry to work incorrectly, and they will cause `$cas` to differ on every build of `$out`. This must be handled on a case-by-case basis. Perhaps we'll need pluggable hash rewriters.
The build can happen by a sandboxing build daemon like `nix-build`, but that is not a requirement. The build can happen by a sandboxing build daemon like `nix-build`, but that is not a requirement.