实现示例
type Derivation = { name: string; system: string; sha256: string }
type Profile = { packages: string[] }
function hex64(h: string): boolean { return /^[A-Fa-f0-9]{64}$/.test(h) }
function validDerivation(d: Derivation): boolean { return !!d.name && !!d.system && hex64(d.sha256) }
function validProfile(p: Profile): boolean { return p.packages.length > 0 }
function evaluate(d: Derivation, p: Profile): { ok: boolean; errors: string[] } { const errors: string[] = []; if (!validDerivation(d)) errors.push('drv'); if (!validProfile(p)) errors.push('profile'); return { ok: errors.length === 0, errors } }
审计与运行治理
- 审计 derivation 哈希与 profile 清单;异常阻断并回退。
- 环境变更需审批与版本化存档,支持离线复验。
发表评论 取消回复