Flake registry entries can overlap with fully-qualified flake inputs #181

New issue

Closed

opened 2024-03-25 16:09:13 +00:00 by lunaphied · 3 comments

lunaphied commented

2024-03-25 16:09:13 +00:00

Owner

When adding something to the flake registry, the order of arguments is nix registry add <from-url> <to-url> and this is quite literal, <from-url> may be any string input. This means you can specify nonsensical things such as nix registry add github:nixos/nixpkgs nixpkgs which will add an indirect flake reference for the name github:nixos/nixpkgs that points to an unspecified nixpkgs indirect reference. If you then correct this by flipping those arguments without removing the previously added entry, you end up with a loop if you try to reference either.

This is completely insane behavior that I cannot imagine ever wanting, and while I have not tested thoroughly, I believe this is essentially never what a user wants, even for an overridden input I think this only half works due to how flakes are resolved though it's possible this can be used to add a permanent override for flakes not using registry references.

See also: #170

When adding something to the flake registry, the order of arguments is `nix registry add <from-url> <to-url>` and this is quite literal, `<from-url>` may be any string input. This means you can specify nonsensical things such as `nix registry add github:nixos/nixpkgs nixpkgs` which will add an indirect flake reference for the *name* `github:nixos/nixpkgs` that points to an unspecified `nixpkgs` indirect reference. If you then correct this by flipping those arguments without removing the previously added entry, you end up with a loop if you try to reference either. This is completely insane behavior that I cannot imagine ever wanting, and while I have not tested thoroughly, I believe this is essentially never what a user wants, even for an overridden input I think this only half works due to how flakes are resolved though it's possible this can be used to add a permanent override for flakes not using registry references. See also: https://git.lix.systems/lix-project/lix/issues/170

lunaphied added the

bug

labels 2024-03-25 16:09:13 +00:00

jade added the

Area/flakes

label 2024-03-30 00:04:22 +00:00

delan commented

2024-06-23 05:38:53 +00:00

do we also want to ban <from-url> values like flake:nixpkgs? banning these fully-qualified but indirect urls that flake ids desugar to may improve our protection against swapping the arguments.

similarly do we want to ban flake ids with branch like nixpkgs/nixos-20.03? this one’s probably not as important, and banning it would break one of the help examples.

do we also want to ban <from-url> values like `flake:nixpkgs`? banning these fully-qualified but indirect urls that flake ids desugar to may improve our protection against swapping the arguments. similarly do we want to ban flake ids with branch like `nixpkgs/nixos-20.03`? this one’s probably not as important, and banning it would break one of the help examples.

delan commented

2024-06-23 11:05:21 +00:00

https://gerrit.lix.systems/c/lix/+/1494

lix-bot commented

2024-06-23 11:05:33 +00:00

Member

This issue was mentioned on Gerrit on the following CLs:

commit message in cl/1494 ("Reject fully-qualified URLs in 'from' argument of nix registry add")

This issue was mentioned on Gerrit on the following CLs: * commit message in [cl/1494](https://gerrit.lix.systems/c/lix/+/1494) ("Reject fully-qualified URLs in 'from' argument of `nix registry add`")