Advanced programming in the UNIX environment
Advanced programming in the UNIX environment
Caching function calls using precise dependencies
PLDI '00 Proceedings of the ACM SIGPLAN 2000 conference on Programming language design and implementation
Component Software: Beyond Object-Oriented Programming
Component Software: Beyond Object-Oriented Programming
Pastry: Scalable, Decentralized Object Location, and Routing for Large-Scale Peer-to-Peer Systems
Middleware '01 Proceedings of the IFIP/ACM International Conference on Distributed Systems Platforms Heidelberg
Imposing a Memory Management Discipline on Software Deployment
Proceedings of the 26th International Conference on Software Engineering
An Approach for Secure Software Installation
LISA '02 Proceedings of the 16th USENIX conference on System administration
Nix: A Safe and Policy-Free System for Software Deployment
LISA '04 Proceedings of the 18th USENIX conference on System administration
Finding collisions in the full SHA-1
CRYPTO'05 Proceedings of the 25th annual international conference on Advances in Cryptology
How to break MD5 and other hash functions
EUROCRYPT'05 Proceedings of the 24th annual international conference on Theory and Applications of Cryptographic Techniques
NixOS: a purely functional Linux distribution
Proceedings of the 13th ACM SIGPLAN international conference on Functional programming
Nixos: A purely functional linux distribution
Journal of Functional Programming
| Hi-index | 0.00 |
The Nix software deployment system is based on the paradigm of transparent source/binary deployment: distributors deploy descriptors that build components from source, while client machines can transparently optimise such source builds by downloading pre-built binaries from remote repositories. This model combines the simplicity and flexibility of source deployment with the efficiency of binary deployment. A desirable property is sharing of components: if multiple users install from the same source descriptors, ideally only one remotely built binary should be installed. The problem is that users must trust that remotely downloaded binaries were built from the sources they are claimed to have been built from, while users in general do not have a trust relation with each other or with the same remote repositories.This paper presents three models that enable sharing: the extensional model that requires that all users on a system have the same remote trust relations, the intensional model that does not have this requirement but may be suboptimal in terms of space use, and the mixed model that merges the best properties of both. The latter two models are achieved through a novel technique of hash rewriting in content-addressable component stores, and were implemented in the context of the Nix system.