nix-testing
-> daemon-trust-override
And only enable in the tests that need it. This makes it less of a sledgehammer.
This commit is contained in:
parent
b1343e8ad1
commit
e95db8f2b9
|
@ -190,12 +190,13 @@ constexpr std::array<ExperimentalFeatureDetails, 12> xpFeatureDetails = {{
|
||||||
)",
|
)",
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
.tag = Xp::NixTesting,
|
.tag = Xp::DaemonTrustOverride,
|
||||||
.name = "nix-testing",
|
.name = "daemon-trust-override",
|
||||||
.description = R"(
|
.description = R"(
|
||||||
A "permanent" experimental feature for extra features we just need
|
Allow forcing trusting or not trusting clients with
|
||||||
for testing. Not actually an "experiment" in the sense of being
|
`nix-daemon`. This is useful for testing, but possibly also
|
||||||
prospective functionality for regular users.
|
useful for various experiments with `nix-daemon --stdio`
|
||||||
|
networking.
|
||||||
)",
|
)",
|
||||||
},
|
},
|
||||||
}};
|
}};
|
||||||
|
|
|
@ -28,7 +28,7 @@ enum struct ExperimentalFeature
|
||||||
AutoAllocateUids,
|
AutoAllocateUids,
|
||||||
Cgroups,
|
Cgroups,
|
||||||
DiscardReferences,
|
DiscardReferences,
|
||||||
NixTesting,
|
DaemonTrustOverride,
|
||||||
};
|
};
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
|
|
@ -472,13 +472,13 @@ static int main_nix_daemon(int argc, char * * argv)
|
||||||
else if (*arg == "--stdio")
|
else if (*arg == "--stdio")
|
||||||
stdio = true;
|
stdio = true;
|
||||||
else if (*arg == "--force-trusted") {
|
else if (*arg == "--force-trusted") {
|
||||||
experimentalFeatureSettings.require(Xp::NixTesting);
|
experimentalFeatureSettings.require(Xp::DaemonTrustOverride);
|
||||||
isTrustedOpt = Trusted;
|
isTrustedOpt = Trusted;
|
||||||
} else if (*arg == "--force-untrusted") {
|
} else if (*arg == "--force-untrusted") {
|
||||||
experimentalFeatureSettings.require(Xp::NixTesting);
|
experimentalFeatureSettings.require(Xp::DaemonTrustOverride);
|
||||||
isTrustedOpt = NotTrusted;
|
isTrustedOpt = NotTrusted;
|
||||||
} else if (*arg == "--default-trust") {
|
} else if (*arg == "--default-trust") {
|
||||||
experimentalFeatureSettings.require(Xp::NixTesting);
|
experimentalFeatureSettings.require(Xp::DaemonTrustOverride);
|
||||||
isTrustedOpt = std::nullopt;
|
isTrustedOpt = std::nullopt;
|
||||||
} else return false;
|
} else return false;
|
||||||
return true;
|
return true;
|
||||||
|
|
|
@ -1,5 +1,9 @@
|
||||||
source common.sh
|
source common.sh
|
||||||
|
|
||||||
|
enableFeatures "daemon-trust-override"
|
||||||
|
|
||||||
|
restartDaemon
|
||||||
|
|
||||||
[[ $busybox =~ busybox ]] || skipTest "no busybox"
|
[[ $busybox =~ busybox ]] || skipTest "no busybox"
|
||||||
|
|
||||||
unset NIX_STORE_DIR
|
unset NIX_STORE_DIR
|
||||||
|
|
|
@ -1,5 +1,9 @@
|
||||||
source common.sh
|
source common.sh
|
||||||
|
|
||||||
|
enableFeatures "daemon-trust-override"
|
||||||
|
|
||||||
|
restartDaemon
|
||||||
|
|
||||||
# Remote doesn't trust us
|
# Remote doesn't trust us
|
||||||
file=build-hook.nix
|
file=build-hook.nix
|
||||||
prog=$(readlink -e ./nix-daemon-untrusting.sh)
|
prog=$(readlink -e ./nix-daemon-untrusting.sh)
|
||||||
|
|
|
@ -1,5 +1,9 @@
|
||||||
source common.sh
|
source common.sh
|
||||||
|
|
||||||
|
enableFeatures "daemon-trust-override"
|
||||||
|
|
||||||
|
restartDaemon
|
||||||
|
|
||||||
# Remote doesn't trusts us, but this is fine because we are only
|
# Remote doesn't trusts us, but this is fine because we are only
|
||||||
# building (fixed) CA derivations.
|
# building (fixed) CA derivations.
|
||||||
file=build-hook-ca-fixed.nix
|
file=build-hook-ca-fixed.nix
|
||||||
|
|
|
@ -20,7 +20,7 @@ cat > "$NIX_CONF_DIR"/nix.conf <<EOF
|
||||||
build-users-group =
|
build-users-group =
|
||||||
keep-derivations = false
|
keep-derivations = false
|
||||||
sandbox = false
|
sandbox = false
|
||||||
experimental-features = nix-command flakes nix-testing
|
experimental-features = nix-command flakes
|
||||||
gc-reserved-space = 0
|
gc-reserved-space = 0
|
||||||
substituters =
|
substituters =
|
||||||
flake-registry = $TEST_ROOT/registry.json
|
flake-registry = $TEST_ROOT/registry.json
|
||||||
|
|
Loading…
Reference in a new issue