forked from lix-project/lix
Move some stuff from Settings
to a new FetchSettings
.
Starting work on #5638 The exact boundary between `FetchSettings` and `EvalSettings` is not clear to me, but that's fine. First lets clean out `libstore`, and then worry about what, if anything, should be the separation between those two.
This commit is contained in:
parent
1c985428c4
commit
ea71da395f
9 changed files with 128 additions and 83 deletions
|
@ -1,5 +1,6 @@
|
||||||
#include "flake.hh"
|
#include "flake.hh"
|
||||||
#include "globals.hh"
|
#include "globals.hh"
|
||||||
|
#include "fetch-settings.hh"
|
||||||
|
|
||||||
#include <nlohmann/json.hpp>
|
#include <nlohmann/json.hpp>
|
||||||
|
|
||||||
|
@ -53,7 +54,7 @@ void ConfigFile::apply()
|
||||||
auto trustedList = readTrustedList();
|
auto trustedList = readTrustedList();
|
||||||
|
|
||||||
bool trusted = false;
|
bool trusted = false;
|
||||||
if (nix::settings.acceptFlakeConfig){
|
if (nix::fetchSettings.acceptFlakeConfig){
|
||||||
trusted = true;
|
trusted = true;
|
||||||
} else if (auto saved = get(get(trustedList, name).value_or(std::map<std::string, bool>()), valueS)) {
|
} else if (auto saved = get(get(trustedList, name).value_or(std::map<std::string, bool>()), valueS)) {
|
||||||
trusted = *saved;
|
trusted = *saved;
|
||||||
|
|
|
@ -6,6 +6,7 @@
|
||||||
#include "store-api.hh"
|
#include "store-api.hh"
|
||||||
#include "fetchers.hh"
|
#include "fetchers.hh"
|
||||||
#include "finally.hh"
|
#include "finally.hh"
|
||||||
|
#include "fetch-settings.hh"
|
||||||
|
|
||||||
namespace nix {
|
namespace nix {
|
||||||
|
|
||||||
|
@ -315,7 +316,7 @@ LockedFlake lockFlake(
|
||||||
|
|
||||||
FlakeCache flakeCache;
|
FlakeCache flakeCache;
|
||||||
|
|
||||||
auto useRegistries = lockFlags.useRegistries.value_or(settings.useRegistries);
|
auto useRegistries = lockFlags.useRegistries.value_or(fetchSettings.useRegistries);
|
||||||
|
|
||||||
auto flake = getFlake(state, topRef, useRegistries, flakeCache);
|
auto flake = getFlake(state, topRef, useRegistries, flakeCache);
|
||||||
|
|
||||||
|
@ -591,7 +592,7 @@ LockedFlake lockFlake(
|
||||||
if (lockFlags.writeLockFile) {
|
if (lockFlags.writeLockFile) {
|
||||||
if (auto sourcePath = topRef.input.getSourcePath()) {
|
if (auto sourcePath = topRef.input.getSourcePath()) {
|
||||||
if (!newLockFile.isImmutable()) {
|
if (!newLockFile.isImmutable()) {
|
||||||
if (settings.warnDirty)
|
if (fetchSettings.warnDirty)
|
||||||
warn("will not write lock file of flake '%s' because it has a mutable input", topRef);
|
warn("will not write lock file of flake '%s' because it has a mutable input", topRef);
|
||||||
} else {
|
} else {
|
||||||
if (!lockFlags.updateLockFile)
|
if (!lockFlags.updateLockFile)
|
||||||
|
@ -618,7 +619,7 @@ LockedFlake lockFlake(
|
||||||
if (lockFlags.commitLockFile) {
|
if (lockFlags.commitLockFile) {
|
||||||
std::string cm;
|
std::string cm;
|
||||||
|
|
||||||
cm = settings.commitLockFileSummary.get();
|
cm = fetchSettings.commitLockFileSummary.get();
|
||||||
|
|
||||||
if (cm == "") {
|
if (cm == "") {
|
||||||
cm = fmt("%s: %s", relPath, lockFileExists ? "Update" : "Add");
|
cm = fmt("%s: %s", relPath, lockFileExists ? "Update" : "Add");
|
||||||
|
@ -716,7 +717,7 @@ static void prim_getFlake(EvalState & state, const Pos & pos, Value * * args, Va
|
||||||
lockFlake(state, flakeRef,
|
lockFlake(state, flakeRef,
|
||||||
LockFlags {
|
LockFlags {
|
||||||
.updateLockFile = false,
|
.updateLockFile = false,
|
||||||
.useRegistries = !evalSettings.pureEval && settings.useRegistries,
|
.useRegistries = !evalSettings.pureEval && fetchSettings.useRegistries,
|
||||||
.allowMutable = !evalSettings.pureEval,
|
.allowMutable = !evalSettings.pureEval,
|
||||||
}),
|
}),
|
||||||
v);
|
v);
|
||||||
|
|
13
src/libfetchers/fetch-settings.cc
Normal file
13
src/libfetchers/fetch-settings.cc
Normal file
|
@ -0,0 +1,13 @@
|
||||||
|
#include "fetch-settings.hh"
|
||||||
|
|
||||||
|
namespace nix {
|
||||||
|
|
||||||
|
FetchSettings::FetchSettings()
|
||||||
|
{
|
||||||
|
}
|
||||||
|
|
||||||
|
FetchSettings fetchSettings;
|
||||||
|
|
||||||
|
static GlobalConfig::Register rFetchSettings(&fetchSettings);
|
||||||
|
|
||||||
|
}
|
93
src/libfetchers/fetch-settings.hh
Normal file
93
src/libfetchers/fetch-settings.hh
Normal file
|
@ -0,0 +1,93 @@
|
||||||
|
#pragma once
|
||||||
|
|
||||||
|
#include "types.hh"
|
||||||
|
#include "config.hh"
|
||||||
|
#include "util.hh"
|
||||||
|
|
||||||
|
#include <map>
|
||||||
|
#include <limits>
|
||||||
|
|
||||||
|
#include <sys/types.h>
|
||||||
|
|
||||||
|
namespace nix {
|
||||||
|
|
||||||
|
struct FetchSettings : public Config
|
||||||
|
{
|
||||||
|
FetchSettings();
|
||||||
|
|
||||||
|
Setting<StringMap> accessTokens{this, {}, "access-tokens",
|
||||||
|
R"(
|
||||||
|
Access tokens used to access protected GitHub, GitLab, or
|
||||||
|
other locations requiring token-based authentication.
|
||||||
|
|
||||||
|
Access tokens are specified as a string made up of
|
||||||
|
space-separated `host=token` values. The specific token
|
||||||
|
used is selected by matching the `host` portion against the
|
||||||
|
"host" specification of the input. The actual use of the
|
||||||
|
`token` value is determined by the type of resource being
|
||||||
|
accessed:
|
||||||
|
|
||||||
|
* Github: the token value is the OAUTH-TOKEN string obtained
|
||||||
|
as the Personal Access Token from the Github server (see
|
||||||
|
https://docs.github.com/en/developers/apps/authorizing-oath-apps).
|
||||||
|
|
||||||
|
* Gitlab: the token value is either the OAuth2 token or the
|
||||||
|
Personal Access Token (these are different types tokens
|
||||||
|
for gitlab, see
|
||||||
|
https://docs.gitlab.com/12.10/ee/api/README.html#authentication).
|
||||||
|
The `token` value should be `type:tokenstring` where
|
||||||
|
`type` is either `OAuth2` or `PAT` to indicate which type
|
||||||
|
of token is being specified.
|
||||||
|
|
||||||
|
Example `~/.config/nix/nix.conf`:
|
||||||
|
|
||||||
|
```
|
||||||
|
access-tokens = github.com=23ac...b289 gitlab.mycompany.com=PAT:A123Bp_Cd..EfG gitlab.com=OAuth2:1jklw3jk
|
||||||
|
```
|
||||||
|
|
||||||
|
Example `~/code/flake.nix`:
|
||||||
|
|
||||||
|
```nix
|
||||||
|
input.foo = {
|
||||||
|
type = "gitlab";
|
||||||
|
host = "gitlab.mycompany.com";
|
||||||
|
owner = "mycompany";
|
||||||
|
repo = "pro";
|
||||||
|
};
|
||||||
|
```
|
||||||
|
|
||||||
|
This example specifies three tokens, one each for accessing
|
||||||
|
github.com, gitlab.mycompany.com, and sourceforge.net.
|
||||||
|
|
||||||
|
The `input.foo` uses the "gitlab" fetcher, which might
|
||||||
|
requires specifying the token type along with the token
|
||||||
|
value.
|
||||||
|
)"};
|
||||||
|
|
||||||
|
Setting<bool> allowDirty{this, true, "allow-dirty",
|
||||||
|
"Whether to allow dirty Git/Mercurial trees."};
|
||||||
|
|
||||||
|
Setting<bool> warnDirty{this, true, "warn-dirty",
|
||||||
|
"Whether to warn about dirty Git/Mercurial trees."};
|
||||||
|
|
||||||
|
Setting<std::string> flakeRegistry{this, "https://github.com/NixOS/flake-registry/raw/master/flake-registry.json", "flake-registry",
|
||||||
|
"Path or URI of the global flake registry."};
|
||||||
|
|
||||||
|
Setting<bool> useRegistries{this, true, "use-registries",
|
||||||
|
"Whether to use flake registries to resolve flake references."};
|
||||||
|
|
||||||
|
Setting<bool> acceptFlakeConfig{this, false, "accept-flake-config",
|
||||||
|
"Whether to accept nix configuration from a flake without prompting."};
|
||||||
|
|
||||||
|
Setting<std::string> commitLockFileSummary{
|
||||||
|
this, "", "commit-lockfile-summary",
|
||||||
|
R"(
|
||||||
|
The commit summary to use when committing changed flake lock files. If
|
||||||
|
empty, the summary is generated based on the action performed.
|
||||||
|
)"};
|
||||||
|
};
|
||||||
|
|
||||||
|
// FIXME: don't use a global variable.
|
||||||
|
extern FetchSettings fetchSettings;
|
||||||
|
|
||||||
|
}
|
|
@ -6,6 +6,8 @@
|
||||||
#include "url-parts.hh"
|
#include "url-parts.hh"
|
||||||
#include "pathlocks.hh"
|
#include "pathlocks.hh"
|
||||||
|
|
||||||
|
#include "fetch-settings.hh"
|
||||||
|
|
||||||
#include <sys/time.h>
|
#include <sys/time.h>
|
||||||
#include <sys/wait.h>
|
#include <sys/wait.h>
|
||||||
|
|
||||||
|
@ -246,10 +248,10 @@ struct GitInputScheme : InputScheme
|
||||||
|
|
||||||
/* This is an unclean working tree. So copy all tracked files. */
|
/* This is an unclean working tree. So copy all tracked files. */
|
||||||
|
|
||||||
if (!settings.allowDirty)
|
if (!fetchSettings.allowDirty)
|
||||||
throw Error("Git tree '%s' is dirty", actualUrl);
|
throw Error("Git tree '%s' is dirty", actualUrl);
|
||||||
|
|
||||||
if (settings.warnDirty)
|
if (fetchSettings.warnDirty)
|
||||||
warn("Git tree '%s' is dirty", actualUrl);
|
warn("Git tree '%s' is dirty", actualUrl);
|
||||||
|
|
||||||
auto gitOpts = Strings({ "-C", actualUrl, "ls-files", "-z" });
|
auto gitOpts = Strings({ "-C", actualUrl, "ls-files", "-z" });
|
||||||
|
|
|
@ -1,11 +1,13 @@
|
||||||
#include "filetransfer.hh"
|
#include "filetransfer.hh"
|
||||||
#include "cache.hh"
|
#include "cache.hh"
|
||||||
#include "fetchers.hh"
|
|
||||||
#include "globals.hh"
|
#include "globals.hh"
|
||||||
#include "store-api.hh"
|
#include "store-api.hh"
|
||||||
#include "types.hh"
|
#include "types.hh"
|
||||||
#include "url-parts.hh"
|
#include "url-parts.hh"
|
||||||
|
|
||||||
|
#include "fetchers.hh"
|
||||||
|
#include "fetch-settings.hh"
|
||||||
|
|
||||||
#include <optional>
|
#include <optional>
|
||||||
#include <nlohmann/json.hpp>
|
#include <nlohmann/json.hpp>
|
||||||
#include <fstream>
|
#include <fstream>
|
||||||
|
@ -157,7 +159,7 @@ struct GitArchiveInputScheme : InputScheme
|
||||||
|
|
||||||
std::optional<std::string> getAccessToken(const std::string & host) const
|
std::optional<std::string> getAccessToken(const std::string & host) const
|
||||||
{
|
{
|
||||||
auto tokens = settings.accessTokens.get();
|
auto tokens = fetchSettings.accessTokens.get();
|
||||||
if (auto token = get(tokens, host))
|
if (auto token = get(tokens, host))
|
||||||
return *token;
|
return *token;
|
||||||
return {};
|
return {};
|
||||||
|
|
|
@ -5,6 +5,8 @@
|
||||||
#include "store-api.hh"
|
#include "store-api.hh"
|
||||||
#include "url-parts.hh"
|
#include "url-parts.hh"
|
||||||
|
|
||||||
|
#include "fetch-settings.hh"
|
||||||
|
|
||||||
#include <sys/time.h>
|
#include <sys/time.h>
|
||||||
|
|
||||||
using namespace std::string_literals;
|
using namespace std::string_literals;
|
||||||
|
@ -165,10 +167,10 @@ struct MercurialInputScheme : InputScheme
|
||||||
/* This is an unclean working tree. So copy all tracked
|
/* This is an unclean working tree. So copy all tracked
|
||||||
files. */
|
files. */
|
||||||
|
|
||||||
if (!settings.allowDirty)
|
if (!fetchSettings.allowDirty)
|
||||||
throw Error("Mercurial tree '%s' is unclean", actualUrl);
|
throw Error("Mercurial tree '%s' is unclean", actualUrl);
|
||||||
|
|
||||||
if (settings.warnDirty)
|
if (fetchSettings.warnDirty)
|
||||||
warn("Mercurial tree '%s' is unclean", actualUrl);
|
warn("Mercurial tree '%s' is unclean", actualUrl);
|
||||||
|
|
||||||
input.attrs.insert_or_assign("ref", chomp(runHg({ "branch", "-R", actualUrl })));
|
input.attrs.insert_or_assign("ref", chomp(runHg({ "branch", "-R", actualUrl })));
|
||||||
|
|
|
@ -5,6 +5,8 @@
|
||||||
#include "store-api.hh"
|
#include "store-api.hh"
|
||||||
#include "local-fs-store.hh"
|
#include "local-fs-store.hh"
|
||||||
|
|
||||||
|
#include "fetch-settings.hh"
|
||||||
|
|
||||||
#include <nlohmann/json.hpp>
|
#include <nlohmann/json.hpp>
|
||||||
|
|
||||||
namespace nix::fetchers {
|
namespace nix::fetchers {
|
||||||
|
@ -150,7 +152,7 @@ void overrideRegistry(
|
||||||
static std::shared_ptr<Registry> getGlobalRegistry(ref<Store> store)
|
static std::shared_ptr<Registry> getGlobalRegistry(ref<Store> store)
|
||||||
{
|
{
|
||||||
static auto reg = [&]() {
|
static auto reg = [&]() {
|
||||||
auto path = settings.flakeRegistry.get();
|
auto path = fetchSettings.flakeRegistry.get();
|
||||||
|
|
||||||
if (!hasPrefix(path, "/")) {
|
if (!hasPrefix(path, "/")) {
|
||||||
auto storePath = downloadFile(store, path, "flake-registry.json", false).storePath;
|
auto storePath = downloadFile(store, path, "flake-registry.json", false).storePath;
|
||||||
|
|
|
@ -880,55 +880,6 @@ public:
|
||||||
are loaded as plugins (non-recursively).
|
are loaded as plugins (non-recursively).
|
||||||
)"};
|
)"};
|
||||||
|
|
||||||
Setting<StringMap> accessTokens{this, {}, "access-tokens",
|
|
||||||
R"(
|
|
||||||
Access tokens used to access protected GitHub, GitLab, or
|
|
||||||
other locations requiring token-based authentication.
|
|
||||||
|
|
||||||
Access tokens are specified as a string made up of
|
|
||||||
space-separated `host=token` values. The specific token
|
|
||||||
used is selected by matching the `host` portion against the
|
|
||||||
"host" specification of the input. The actual use of the
|
|
||||||
`token` value is determined by the type of resource being
|
|
||||||
accessed:
|
|
||||||
|
|
||||||
* Github: the token value is the OAUTH-TOKEN string obtained
|
|
||||||
as the Personal Access Token from the Github server (see
|
|
||||||
https://docs.github.com/en/developers/apps/authorizing-oath-apps).
|
|
||||||
|
|
||||||
* Gitlab: the token value is either the OAuth2 token or the
|
|
||||||
Personal Access Token (these are different types tokens
|
|
||||||
for gitlab, see
|
|
||||||
https://docs.gitlab.com/12.10/ee/api/README.html#authentication).
|
|
||||||
The `token` value should be `type:tokenstring` where
|
|
||||||
`type` is either `OAuth2` or `PAT` to indicate which type
|
|
||||||
of token is being specified.
|
|
||||||
|
|
||||||
Example `~/.config/nix/nix.conf`:
|
|
||||||
|
|
||||||
```
|
|
||||||
access-tokens = github.com=23ac...b289 gitlab.mycompany.com=PAT:A123Bp_Cd..EfG gitlab.com=OAuth2:1jklw3jk
|
|
||||||
```
|
|
||||||
|
|
||||||
Example `~/code/flake.nix`:
|
|
||||||
|
|
||||||
```nix
|
|
||||||
input.foo = {
|
|
||||||
type = "gitlab";
|
|
||||||
host = "gitlab.mycompany.com";
|
|
||||||
owner = "mycompany";
|
|
||||||
repo = "pro";
|
|
||||||
};
|
|
||||||
```
|
|
||||||
|
|
||||||
This example specifies three tokens, one each for accessing
|
|
||||||
github.com, gitlab.mycompany.com, and sourceforge.net.
|
|
||||||
|
|
||||||
The `input.foo` uses the "gitlab" fetcher, which might
|
|
||||||
requires specifying the token type along with the token
|
|
||||||
value.
|
|
||||||
)"};
|
|
||||||
|
|
||||||
Setting<std::set<ExperimentalFeature>> experimentalFeatures{this, {}, "experimental-features",
|
Setting<std::set<ExperimentalFeature>> experimentalFeatures{this, {}, "experimental-features",
|
||||||
"Experimental Nix features to enable."};
|
"Experimental Nix features to enable."};
|
||||||
|
|
||||||
|
@ -936,18 +887,9 @@ public:
|
||||||
|
|
||||||
void requireExperimentalFeature(const ExperimentalFeature &);
|
void requireExperimentalFeature(const ExperimentalFeature &);
|
||||||
|
|
||||||
Setting<bool> allowDirty{this, true, "allow-dirty",
|
|
||||||
"Whether to allow dirty Git/Mercurial trees."};
|
|
||||||
|
|
||||||
Setting<bool> warnDirty{this, true, "warn-dirty",
|
|
||||||
"Whether to warn about dirty Git/Mercurial trees."};
|
|
||||||
|
|
||||||
Setting<size_t> narBufferSize{this, 32 * 1024 * 1024, "nar-buffer-size",
|
Setting<size_t> narBufferSize{this, 32 * 1024 * 1024, "nar-buffer-size",
|
||||||
"Maximum size of NARs before spilling them to disk."};
|
"Maximum size of NARs before spilling them to disk."};
|
||||||
|
|
||||||
Setting<std::string> flakeRegistry{this, "https://github.com/NixOS/flake-registry/raw/master/flake-registry.json", "flake-registry",
|
|
||||||
"Path or URI of the global flake registry."};
|
|
||||||
|
|
||||||
Setting<bool> allowSymlinkedStore{
|
Setting<bool> allowSymlinkedStore{
|
||||||
this, false, "allow-symlinked-store",
|
this, false, "allow-symlinked-store",
|
||||||
R"(
|
R"(
|
||||||
|
@ -960,19 +902,6 @@ public:
|
||||||
resolves to a different location from that of the build machine. You
|
resolves to a different location from that of the build machine. You
|
||||||
can enable this setting if you are sure you're not going to do that.
|
can enable this setting if you are sure you're not going to do that.
|
||||||
)"};
|
)"};
|
||||||
|
|
||||||
Setting<bool> useRegistries{this, true, "use-registries",
|
|
||||||
"Whether to use flake registries to resolve flake references."};
|
|
||||||
|
|
||||||
Setting<bool> acceptFlakeConfig{this, false, "accept-flake-config",
|
|
||||||
"Whether to accept nix configuration from a flake without prompting."};
|
|
||||||
|
|
||||||
Setting<std::string> commitLockFileSummary{
|
|
||||||
this, "", "commit-lockfile-summary",
|
|
||||||
R"(
|
|
||||||
The commit summary to use when committing changed flake lock files. If
|
|
||||||
empty, the summary is generated based on the action performed.
|
|
||||||
)"};
|
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue