Security: Difference between revisions
imported>Nix →Supported: add virtualization details |
imported>Nix →Core features: add data integrity and authenticity |
||
| Line 20: | Line 20: | ||
NixOS is automatically installed in Multi-User mode. For standalone-Nix, the manual covers [https://nixos.org/manual/nix/stable/#ssec-multi-user multi-user installs]. This allows multiple users to have isolated store environments and to avoid them having access to root in order to install their personal applications (achieved by having build users which nix operations are delegated to). | NixOS is automatically installed in Multi-User mode. For standalone-Nix, the manual covers [https://nixos.org/manual/nix/stable/#ssec-multi-user multi-user installs]. This allows multiple users to have isolated store environments and to avoid them having access to root in order to install their personal applications (achieved by having build users which nix operations are delegated to). | ||
==== Data integrity and authenticity ==== | |||
The core installation resources for Nix(OS) have [https://en.wikipedia.org/wiki/SHA-2 SHA256] checksums which are [https://en.wikipedia.org/wiki/GNU_Privacy_Guard GPG] signed by the [https://nixos.org/download.html#nix-verify-installation Nix team] for authenticity. Within the installation data are all the SHA256 checksums for packages that were available within Nixpkgs at build time. | |||
All packages which are pulled into your Nix system via Nixpkgs derivation builds are checked against SHA256 checksums which are already available on your local system (and should be traceable to the signed core Nix install materials). | |||
=== Supported === | === Supported === | ||