Improve the build remote comment.

This commit is contained in:
John Ericson 2023-04-17 09:56:32 -04:00
parent e95db8f2b9
commit 79ba0ba37a

View file

@ -290,9 +290,30 @@ connected:
auto drv = store->readDerivation(*drvPath); auto drv = store->readDerivation(*drvPath);
std::optional<BuildResult> optResult; std::optional<BuildResult> optResult;
// Let's break this down
//
// ### Trust part
//
// ```
// std::optional trust = sshStore->isTrustedClient(); (!trust || *trust)
// ```
//
// If we don't know whether we are trusted (e.g. `ssh://` // If we don't know whether we are trusted (e.g. `ssh://`
// stores), we assume we are. This is neccessary for backwards // stores), we assume we are. This is necessary for backwards
// compat. // compat.
//
// ### Content-addressing part
//
// ```
// ...trustCond... || drv.type().isCA()
// ```
//
// See the very large comment in `case wopBuildDerivation:` in
// `src/libstore/daemon.cc` that explains the trust model here.
//
// This condition mirrors that: that code enforces the "rules";
// we do the best we can given those "rules".
if (std::optional trust = sshStore->isTrustedClient(); (!trust || *trust) || drv.type().isCA()) { if (std::optional trust = sshStore->isTrustedClient(); (!trust || *trust) || drv.type().isCA()) {
// Hijack the inputs paths of the derivation to include all // Hijack the inputs paths of the derivation to include all
// the paths that come from the `inputDrvs` set. We dont do // the paths that come from the `inputDrvs` set. We dont do