-
Notifications
You must be signed in to change notification settings - Fork 44
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
cachix use
suggests insecure trusted-users
#612
Comments
Another option is to print a command that can be run to add the cache. It is easier to inspect. |
This is much better than running something opaque as root. |
It could also show lines to add to NixOS configuration, works with flakes too, re. #533. |
Not sure how to avoid entering netrc contents on command line though. |
Related: #558 |
cachix use
suggests to add your user totrusted-users
in your system-wide nix config. However, that is unsafe as it can be used to run any command as root: NixOS/nix#9649 (comment)Cachix should only recommend the first option.
Since the detection logic is already there, it could print a warning if a non-root user is in
trusted-users
.Screenshot showing recommendation b) to add your user to
trusted-users
:The text was updated successfully, but these errors were encountered: