raboof
commented
1 week ago On the other hand: it seems unlikely we'd ever fetch such an object from the cache, so perhaps it's fine to not record attestations for it?
Open raboof opened 8 months ago
raboof
commented
1 week ago On the other hand: it seems unlikely we'd ever fetch such an object from the cache, so perhaps it's fine to not record attestations for it?
Binary caches can contain objects that are 'directly' part of a build, instead of being the result of a derivation: an example is https://cache.nixos.org/h9lc1dpi14z7is86ffhl3ld569138595.narinfo
Since systems can have run-time dependencies on such objects, and in those cases those objects may be fetched from the binary cache, it seems helpful to be able to collect hashes for such objects, too. This means we should be able to store attestations that 'this output path has the following nar_hash' without a reference to a derivation - i.e. making the
drv_idfield ofAttestationnullable and allowing this in the upload model as well.