[Nix-dev] Bash CVE-2014-6271
Ricardo M. Correia
rcorreia at wizy.org
Mon Sep 29 00:52:10 CEST 2014
On Sun, Sep 28, 2014 at 10:19 AM, Vladimír Čunát <vcunat at gmail.com> wrote:
> On 09/25/2014 03:41 PM, Ricardo M. Correia wrote:
>
>> Also, I'm not sure if this is expected, but when I first tried to run
>> "nixos-rebuild dry-run" with this workaround applied, it started to
>> download and compile bash even though the man page of nixos-rebuild
>> specifically says: [...]
>>
>
> IIRC there are two steps -- first build nix, and then do the dry-run (or
> switch or anything else). Nix also needs its bash replaced, so first you
> need to build the bash replacement. That is, unless you specify
> --no-build-nix option.
>
That's what I thought too after reflecting on it a bit more, but now I'm
starting to think that there is a real bug.
I just tried to run "nixos-rebuild dry-run" (in preparation for testing
roconner's performance improvement) and it started to compile rustcMaster!
(I'm pretty sure that is not a dependency of nix).
I expected it to do that if I ran "nixos-rebuild switch" or "nixos-rebuild
boot" because I changed it locally, but I didn't expect it to compile when
running "nixos-rebuild dry-run".
For reference, I am currently running on
e2d06c45b4586203a1838098460ec0a5781c8cf8 (from about 3 days ago).
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.science.uu.nl/pipermail/nix-dev/attachments/20140929/8113e900/attachment.html
More information about the nix-dev
mailing list