4f3cf06c97
The --insecure flag to curl tells curl not to bother checking if the TLS certificate presented by the server actually matches the hostname requested, and actually is issued by a trusted CA chain. This almost entirely negates any benefit from using TLS in the first place. This removes the --insecure flag to ensure we actually have a secure connection to the intended hostname before downloading binaries. Manually tested locally within a dev-shell; was able to download binaries from https://cache.nixos.org without issue. [Note: --insecure was only used for fetching NARs, whose integrity is verified by Nix anyway using the hash from the .narinfo. But if we can fetch the .narinfo without --insecure, we can also fetch the .nar, so there is not much point to using --insecure. --Eelco] |
||
---|---|---|
.. | ||
build-remote.pl.in | ||
copy-from-other-stores.pl.in | ||
download-from-binary-cache.pl.in | ||
download-using-manifests.pl.in | ||
find-runtime-roots.pl.in | ||
install-nix-from-closure.sh | ||
local.mk | ||
nix-build.in | ||
nix-channel.in | ||
nix-copy-closure.in | ||
nix-generate-patches.in | ||
nix-http-export.cgi.in | ||
nix-install-package.in | ||
nix-profile.sh.in | ||
nix-pull.in | ||
nix-push.in | ||
nix-reduce-build.in | ||
resolve-system-dependencies.pl.in | ||
show-duplication.pl |