From ea019e9a269ae35fdf8861485fe16e622f8293f6 Mon Sep 17 00:00:00 2001 From: Eelco Dolstra Date: Tue, 7 May 2013 15:37:28 +0200 Subject: [PATCH] =?UTF-8?q?Add=20option=20=E2=80=98extra-binary-caches?= =?UTF-8?q?=E2=80=99?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This allows providing additional binary caches, useful in scripts like Hydra's build reproduction scripts, in particular because untrusted caches are ignored. --- doc/manual/conf-file.xml | 16 ++++++++++++++-- scripts/download-from-binary-cache.pl.in | 11 ++++++++++- 2 files changed, 24 insertions(+), 3 deletions(-) diff --git a/doc/manual/conf-file.xml b/doc/manual/conf-file.xml index 4629e8eae..932c339eb 100644 --- a/doc/manual/conf-file.xml +++ b/doc/manual/conf-file.xml @@ -350,13 +350,25 @@ flag, e.g. --option gc-keep-outputs false. whitespace. These are not used by default, but can be enabled by users of the Nix daemon by specifying --option binary-caches urls on the - command line. Daemon users are only allowed to pass a subset of - the URLs listed in binary-caches and + command line. Unprivileged users are only allowed to pass a + subset of the URLs listed in binary-caches and trusted-binary-caches. + extra-binary-caches + + Additional binary caches appended to those + specified in and + . When used by unprivileged + users, untrusted binary caches (i.e. those not listed in + ) are silently + ignored. + + + + binary-caches-parallel-connections The maximum number of parallel HTTP connections diff --git a/scripts/download-from-binary-cache.pl.in b/scripts/download-from-binary-cache.pl.in index e47457551..a511f65b4 100644 --- a/scripts/download-from-binary-cache.pl.in +++ b/scripts/download-from-binary-cache.pl.in @@ -208,12 +208,15 @@ sub getAvailableCaches { push @urls, strToList($url); } + push @urls, strToList($Nix::Config::config{"extra-binary-caches"} // ""); + # Allow Nix daemon users to override the binary caches to a subset # of those listed in the config file. Note that ‘untrusted-*’ # denotes options passed by the client. + my @trustedUrls = uniq(@urls, strToList($Nix::Config::config{"trusted-binary-caches"} // "")); + if (defined $Nix::Config::config{"untrusted-binary-caches"}) { my @untrustedUrls = strToList $Nix::Config::config{"untrusted-binary-caches"}; - my @trustedUrls = uniq(@urls, strToList($Nix::Config::config{"trusted-binary-caches"} // "")); @urls = (); foreach my $url (@untrustedUrls) { die "binary cache ‘$url’ is not trusted (please add it to ‘trusted-binary-caches’ [@trustedUrls] in $Nix::Config::confDir/nix.conf)\n" @@ -222,6 +225,12 @@ sub getAvailableCaches { } } + my @untrustedUrls = strToList $Nix::Config::config{"untrusted-extra-binary-caches"}; + foreach my $url (@untrustedUrls) { + next unless scalar(grep { $url eq $_ } @trustedUrls) > 0; + push @urls, $url; + } + foreach my $url (uniq @urls) { # FIXME: not atomic.