Created
November 2, 2018 19:30
-
-
Save shlevy/c50f848bda51f57f285faaa6f45c6a3f to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
/* Primitives for unforgeable values in Nix. As long as the make-unforgeable primitive isn't | |
* available to arbitrary expressions (e.g. it's defined in a let within your entry point | |
* and only made available through a more constrained interface), you can use this to build | |
* general functionality to enforcethat some value must have been created by some trusted | |
* component. | |
* | |
* This is stupidly hacky and relies on a number of questionable assumptions. | |
*/ | |
rec { | |
make-unforgeable = x: { value = x; }; | |
read-unforgeable = let | |
reference = builtins.unsafeGetAttrPos "value" (make-unforgeable null); | |
in x: if reference == builtins.unsafeGetAttrPos "value" x | |
then x.value | |
else throw "Forgery!"; | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment