Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

cachix use suggests insecure trusted-users #612

Open
brainrake opened this issue Dec 22, 2023 · 5 comments
Open

cachix use suggests insecure trusted-users #612

brainrake opened this issue Dec 22, 2023 · 5 comments

Comments

@brainrake
Copy link

brainrake commented Dec 22, 2023
edited

cachix use suggests to add your user to trusted-users in your system-wide nix config. However, that is unsafe as it can be used to run any command as root: NixOS/nix#9649 (comment)

Cachix should only recommend the first option.

Since the detection logic is already there, it could print a warning if a non-root user is in trusted-users.

Screenshot showing recommendation b) to add your user to trusted-users:
screenshot-2023-12-22-21:59:36
@brainrake
Copy link
Author

Another option is to print a command that can be run to add the cache. It is easier to inspect.

@GeorgeFlerovsky
Copy link

Another option is to print a command that can be run to add the cache. It is easier to inspect.

This is much better than running something opaque as root.

@brainrake
Copy link
Author

It could also show lines to add to NixOS configuration, works with flakes too, re. #533.

@brainrake
Copy link
Author

Not sure how to avoid entering netrc contents on command line though.

@brainrake
Copy link
Author

Related: #558

@peter-mlabs peter-mlabs mentioned this issue Dec 26, 2023
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@brainrake @GeorgeFlerovsky