Add option ‘extra-binary-caches’

This allows providing additional binary caches, useful in scripts like
Hydra's build reproduction scripts, in particular because untrusted
caches are ignored.
This commit is contained in:
Eelco Dolstra 2013-05-07 15:37:28 +02:00
parent cc837e2458
commit ea019e9a26
2 changed files with 24 additions and 3 deletions

View file

@ -350,13 +350,25 @@ flag, e.g. <literal>--option gc-keep-outputs false</literal>.</para>
whitespace. These are not used by default, but can be enabled by whitespace. These are not used by default, but can be enabled by
users of the Nix daemon by specifying <literal>--option users of the Nix daemon by specifying <literal>--option
binary-caches <replaceable>urls</replaceable></literal> on the binary-caches <replaceable>urls</replaceable></literal> on the
command line. Daemon users are only allowed to pass a subset of command line. Unprivileged users are only allowed to pass a
the URLs listed in <literal>binary-caches</literal> and subset of the URLs listed in <literal>binary-caches</literal> and
<literal>trusted-binary-caches</literal>.</para></listitem> <literal>trusted-binary-caches</literal>.</para></listitem>
</varlistentry> </varlistentry>
<varlistentry><term><literal>extra-binary-caches</literal></term>
<listitem><para>Additional binary caches appended to those
specified in <option>binary-caches</option> and
<option>binary-caches-files</option>. When used by unprivileged
users, untrusted binary caches (i.e. those not listed in
<option>trusted-binary-caches</option>) are silently
ignored.</para></listitem>
</varlistentry>
<varlistentry><term><literal>binary-caches-parallel-connections</literal></term> <varlistentry><term><literal>binary-caches-parallel-connections</literal></term>
<listitem><para>The maximum number of parallel HTTP connections <listitem><para>The maximum number of parallel HTTP connections

View file

@ -208,12 +208,15 @@ sub getAvailableCaches {
push @urls, strToList($url); push @urls, strToList($url);
} }
push @urls, strToList($Nix::Config::config{"extra-binary-caches"} // "");
# Allow Nix daemon users to override the binary caches to a subset # Allow Nix daemon users to override the binary caches to a subset
# of those listed in the config file. Note that untrusted-* # of those listed in the config file. Note that untrusted-*
# denotes options passed by the client. # denotes options passed by the client.
my @trustedUrls = uniq(@urls, strToList($Nix::Config::config{"trusted-binary-caches"} // ""));
if (defined $Nix::Config::config{"untrusted-binary-caches"}) { if (defined $Nix::Config::config{"untrusted-binary-caches"}) {
my @untrustedUrls = strToList $Nix::Config::config{"untrusted-binary-caches"}; my @untrustedUrls = strToList $Nix::Config::config{"untrusted-binary-caches"};
my @trustedUrls = uniq(@urls, strToList($Nix::Config::config{"trusted-binary-caches"} // ""));
@urls = (); @urls = ();
foreach my $url (@untrustedUrls) { foreach my $url (@untrustedUrls) {
die "binary cache $url is not trusted (please add it to trusted-binary-caches [@trustedUrls] in $Nix::Config::confDir/nix.conf)\n" die "binary cache $url is not trusted (please add it to trusted-binary-caches [@trustedUrls] in $Nix::Config::confDir/nix.conf)\n"
@ -222,6 +225,12 @@ sub getAvailableCaches {
} }
} }
my @untrustedUrls = strToList $Nix::Config::config{"untrusted-extra-binary-caches"};
foreach my $url (@untrustedUrls) {
next unless scalar(grep { $url eq $_ } @trustedUrls) > 0;
push @urls, $url;
}
foreach my $url (uniq @urls) { foreach my $url (uniq @urls) {
# FIXME: not atomic. # FIXME: not atomic.