Open sellout opened 3 months ago
accept-flake-config
trusted-users
trusted-
)substituters
post-build-hook
In the interests of making the documentation more navigable and less cluttered, it might also be worth pulling the experimental features blocks (like in flake-registry
) out into another tag, like “[experimental:flakes]” that also links to somewhere else that describes once (and in more detail) how to enable the experimental features needed to make those settings available.
Triaged in Nix maintainer team meeting:
This issue has been mentioned on NixOS Discourse. There might be relevant details there:
https://discourse.nixos.org/t/2024-07-10-nix-team-meeting-minutes-160/49101/1
Is your feature request related to a problem? Please describe.
The nix.conf documentation doesn’t do a good job of indicating or describing the security concerns of various settings, or how to mitigate them.
As #9649 points out,
accept-flake-config
is described very innocuously, but for various reasons is a massive security hole that has already resulted in compromised systems in the wild.Describe the solution you'd like
The Nix manual should clearly tag each nix.conf setting with a known severity level, and link that tag to a detailed description of the known issues with that setting, along with any possible mitigations (e.g., “prefer to use
--accept-flake-config
on the command line as needed, after manually reviewing thenixConfig
section of the flake, along with the security issues listed here for each of the settings in thenixConfig
.”).Priorities
Add :+1: to issues you find important.