From 30496af5980fd03706f587eef014e630e9d9d318 Mon Sep 17 00:00:00 2001 From: Tom Bereknyei Date: Fri, 12 Nov 2021 09:50:07 -0500 Subject: [PATCH 1/2] Adds an accept-flake-config flag --- src/libexpr/flake/config.cc | 23 +++++++++++------------ src/libstore/globals.hh | 3 +++ 2 files changed, 14 insertions(+), 12 deletions(-) diff --git a/src/libexpr/flake/config.cc b/src/libexpr/flake/config.cc index 41b6f78ed..c03f4106c 100644 --- a/src/libexpr/flake/config.cc +++ b/src/libexpr/flake/config.cc @@ -1,4 +1,5 @@ #include "flake.hh" +#include "globals.hh" #include @@ -52,21 +53,19 @@ void ConfigFile::apply() auto trustedList = readTrustedList(); bool trusted = false; - - if (auto saved = get(get(trustedList, name).value_or(std::map()), valueS)) { + if (nix::settings.acceptFlakeConfig){ + trusted = true; + } else if (auto saved = get(get(trustedList, name).value_or(std::map()), valueS)) { trusted = *saved; + warn("Using saved setting for '%s = %s' from ~/.local/share/nix/trusted-settings.json.", name,valueS); } else { // FIXME: filter ANSI escapes, newlines, \r, etc. - if (std::tolower(logger->ask(fmt("do you want to allow configuration setting '%s' to be set to '" ANSI_RED "%s" ANSI_NORMAL "' (y/N)?", name, valueS)).value_or('n')) != 'y') { - if (std::tolower(logger->ask("do you want to permanently mark this value as untrusted (y/N)?").value_or('n')) == 'y') { - trustedList[name][valueS] = false; - writeTrustedList(trustedList); - } - } else { - if (std::tolower(logger->ask("do you want to permanently mark this value as trusted (y/N)?").value_or('n')) == 'y') { - trustedList[name][valueS] = trusted = true; - writeTrustedList(trustedList); - } + if (std::tolower(logger->ask(fmt("do you want to allow configuration setting '%s' to be set to '" ANSI_RED "%s" ANSI_NORMAL "' (y/N)?", name, valueS)).value_or('n')) == 'y') { + trusted = true; + } + if (std::tolower(logger->ask(fmt("do you want to permanently mark this value as %s (y/N)?", trusted ? "trusted": "untrusted" )).value_or('n')) == 'y') { + trustedList[name][valueS] = trusted; + writeTrustedList(trustedList); } } diff --git a/src/libstore/globals.hh b/src/libstore/globals.hh index 165639261..a50eb6803 100644 --- a/src/libstore/globals.hh +++ b/src/libstore/globals.hh @@ -951,6 +951,9 @@ public: Setting useRegistries{this, true, "use-registries", "Whether to use flake registries to resolve flake references."}; + + Setting acceptFlakeConfig{this, false, "accept-flake-config", + "Whether to accept nix configuration from a flake without prompting."}; }; From 83af9550a166ece787bbea6014d827d3e3af277b Mon Sep 17 00:00:00 2001 From: regnat Date: Fri, 12 Nov 2021 16:02:32 +0100 Subject: [PATCH 2/2] Add a test for the `--accept-flake-config` option --- tests/flake-local-settings.sh | 8 +------- 1 file changed, 1 insertion(+), 7 deletions(-) diff --git a/tests/flake-local-settings.sh b/tests/flake-local-settings.sh index c037431c8..6ee6b17d6 100644 --- a/tests/flake-local-settings.sh +++ b/tests/flake-local-settings.sh @@ -25,11 +25,5 @@ cat < flake.nix } EOF -# Ugly hack for testing -mkdir -p .local/share/nix -cat < .local/share/nix/trusted-settings.json -{"post-build-hook":{"$PWD/echoing-post-hook.sh":true}} -EOF - -nix build +nix build --accept-flake-config test -f post-hook-ran || fail "The post hook should have ran"