digital-asset/daml
1
1
Fork 0
mirror of https://github.com/digital-asset/daml.git synced 2024-09-20 09:17:43 +03:00
Code Issues Projects Releases Wiki Activity
d636505d61
daml/nix/tools/nix-store-gcs-proxy
History
Brian Healey cfab7dab63
Update netty and iogrpc version (#6063) 
* io.grpc:grpc-xxxx to 1.29.0 (from 1.22.1)
io.netty:netty-xxxx to .1.50.Final (from 4.1.37.Final)
io.nett.netty-tcp-native-boringssl-static to 2.0.30.Final (from 2.0.25.Final)

To resolve open vulnerabilities with these versions
netty-4.1.37.Final vulnerabilities
 BDSA-2018-4022 (Medium)
 BDSA-2019-2610 (Medium)
 BDSA-2019-3119 (CVE-2019-16869) (Medium)
 BDSA-2020-0130 (Medium)
 BDSA BDSA-2019-4230 (CVE-2019-20445) (Low)
 BDSA BDSA-2019-4231 (CVE-2019-20444) (Low)
 BDSA BDSA-2020-0666 (CVE-2020-11612) (Low)
 BDSA BDSA-2019-2642 (Low)
 BDSA BDSA-2019-2649 (Low)
 BDSA BDSA-2019-2643 (Low)

CHANGELOG_BEGIN
Upgrade io.grpc:grpc-xxxxx and io.netty:netty-xxx version to latest
released to avoid exposure to reported security vulnerabilities in
currently used versions
CHANGELOG_END
–

* Update spray versions to address vulnerabilities
CVE-2018-18853 and CVE-2018-18854

CHANGELOG_BEGIN
Upgrade io.grpc:grpc-xxxxx and io.netty:netty-xxx version to latest
released to avoid exposure to reported security vulnerabilities in
currently used versions
CHANGELOG_END

* do not change io.grpc version since reflection seems to be misbehaving

* Clarify how to bump grpc/netty/protobuf versions

Also "downgrade" netty to 4.1.48, according to
https://github.com/grpc/grpc-java/blob/master/SECURITY.md#netty

CHANGELOG_BEGIN
CHANGELOG_END

* Load protobuf deps after haskell deps to avoid loading an older version of rules_cc

* Upgrade protoc and protobuf-java to 3.11.0

* buildifier reformat

* regen unique int after rebase

* remove commented patch

Co-authored-by: Gerolf Seitz <gerolf.seitz@daml.com>
2020-05-27 13:44:34 -04:00
..
.gitignore open-sourcing daml 2019-04-04 09:33:38 +01:00
default.nix update all references of old repo to new repo 2019-04-04 16:20:07 +02:00
deps.nix open-sourcing daml 2019-04-04 09:33:38 +01:00
go.mod Update netty and iogrpc version (#6063) 2020-05-27 13:44:34 -04:00
go.sum open-sourcing daml 2019-04-04 09:33:38 +01:00
main.go open-sourcing daml 2019-04-04 09:33:38 +01:00
README.md open-sourcing daml 2019-04-04 09:33:38 +01:00

README.md

nix-store-gcs-proxy - A HTTP nix store that proxies requests to Google Storage

Nix supports multiple store backends such as file, http, s3, ... but not Google Storage.

Here we provide a http store backend for nix, that will proxy all the reads and writes to Google Storage.

Usage

Make sure to have the google credentials installed in ~/.config/gcloud or the GOOGLE_APPLICATION_CREDENTIALS environment variable.

Start the server in one terminal: ./nix-store-gcs-proxy --bucket-name <name-of-your-bucket>

Then in another terminal, use nix copy --to http://localhost:3000?secret-key=path/to/secret.key <INSTALLABLE>. Eg:

$ nix-store --generate-binary-cache-key cache1.example.org cache.key cache.pub
$ nix copy --to http://localhost:3000?secret-key=$PWD/cache.key nixpkgs.hello

TODO

  • Section that explains how to setup GCS with the LB CDN.