Improve file authenticity check; fix to work in pure evaluation mode

mozilla / nixpkgs-mozilla

Mozilla overlay for Nixpkgs.

MIT License

516 stars 128 forks source link

Improve file authenticity check; fix to work in pure evaluation mode #302

Closed andersk closed 1 year ago

andersk commented 1 year ago

verifyFileAuthenticity now asserts that the checksums it’s verifying really contain the file to be verified. Also, it now accepts SHA-256 hashes of the checksum files themselves, so that after storing the result of an impurely evaluated versionInfo call, one can build firefoxVersion in pure evaluation mode. This is necessary for flake-firefox-nightly:

colemickens/flake-firefox-nightly#3

colemickens commented 1 year ago

I'm going to pull/test this soon and merge it if no one objects.

colemickens commented 1 year ago

Works for me end to end through flake-firefox-nightly. Merging.