If you don’t trust the build server, then you can’t trust any sort of verification on the build server. Right? So I don’t see verification of the code doing anything useful for you here.
I imagine at most you could verify that the nar hash of the build result hasn’t changed. And if that hash needs to change, you’d have to independently verify that change.
If you don’t trust the build server, then you can’t trust any sort of verification on the build server. Right? So I don’t see verification of the code doing anything useful for you here.
Well I trust the build server but I use gitolite for managing my git repo, and if a hacker would manage to get access to the git user through some exploit then they could theoretically tamper the git repository. If the application server verifies the builds before installing them, by verifying that all commits are signed by a trusted key, such tampering could be stopped even with repository access.