diff options
| author | github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> | 2023-10-26 18:01:02 +0000 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2023-10-26 18:01:02 +0000 |
| commit | 96132a216a919e3260941c67161b5f16c6a85880 (patch) | |
| tree | 55964a141e571c641c703e4251d97785c8e301d3 /pkgs/stdenv | |
| parent | 23c525f8dadc3caf0b00a1406ad5a6bd76ea5357 (diff) | |
| parent | adcaf3962d5147cec7d63c1ff9e3f7a3fe4653d4 (diff) | |
| download | nixpkgs-96132a216a919e3260941c67161b5f16c6a85880.tar nixpkgs-96132a216a919e3260941c67161b5f16c6a85880.tar.gz nixpkgs-96132a216a919e3260941c67161b5f16c6a85880.tar.bz2 nixpkgs-96132a216a919e3260941c67161b5f16c6a85880.tar.lz nixpkgs-96132a216a919e3260941c67161b5f16c6a85880.tar.xz nixpkgs-96132a216a919e3260941c67161b5f16c6a85880.tar.zst nixpkgs-96132a216a919e3260941c67161b5f16c6a85880.zip | |
Merge master into staging-next
Diffstat (limited to 'pkgs/stdenv')
| -rw-r--r-- | pkgs/stdenv/generic/make-derivation.nix | 11 |
1 files changed, 11 insertions, 0 deletions
diff --git a/pkgs/stdenv/generic/make-derivation.nix b/pkgs/stdenv/generic/make-derivation.nix index beba687e788..d235ffefaab 100644 --- a/pkgs/stdenv/generic/make-derivation.nix +++ b/pkgs/stdenv/generic/make-derivation.nix @@ -165,6 +165,17 @@ let , ... } @ attrs: +# Policy on acceptable hash types in nixpkgs +assert attrs ? outputHash -> ( + let algo = + attrs.outputHashAlgo or (lib.head (lib.splitString "-" attrs.outputHash)); + in + if algo == "md5" then + throw "Rejected insecure ${algo} hash '${attrs.outputHash}'" + else + true +); + let # TODO(@oxij, @Ericson2314): This is here to keep the old semantics, remove when # no package has `doCheck = true`. |