No description
97c93526da
conditional expression in the blacklist can specify when to continue/stop a traversal. For example, in <condition> <within> <traverse> <not><hasAttr name='outputHash' value='.+' /></not> </traverse> <hasAttr name='outputHash' value='ef1cb003448b4a53517b8f25adb12452' /> </within> </condition> we traverse the dependency graph, not following the dependencies of `fetchurl' derivations (as indicated by the presence of an `outputHash' attribute - this is a bit ugly). The resulting set of paths is scanned for a fetch of a file with the given hash, in this case, the hash of zlib-1.2.1.tar.gz (which has a security bug). The intent is that a dependency on zlib is not a problem if it is in a `fetchurl' derivation, since that's build-time only. (Other build-time uses of zlib *might* be a problem, e.g., static linking.) |
||
---|---|---|
blacklisting | ||
corepkgs | ||
doc | ||
externals | ||
misc | ||
scripts | ||
src | ||
tests | ||
AUTHORS | ||
bootstrap.sh | ||
ChangeLog | ||
configure.ac | ||
COPYING | ||
INSTALL | ||
Makefile.am | ||
NEWS | ||
nix.conf.example | ||
nix.spec.in | ||
README | ||
substitute.mk |
For installation and usage instructions, please read the manual, which can be found in `docs/manual/manual.html', and additionally at the Nix website at <http://www.cs.uu.nl/groups/ST/Trace/Nix>. Acknowledgments This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)