diff --git a/src/libutil/experimental-features.cc b/src/libutil/experimental-features.cc index be5a2c088..bd1899662 100644 --- a/src/libutil/experimental-features.cc +++ b/src/libutil/experimental-features.cc @@ -190,12 +190,13 @@ constexpr std::array xpFeatureDetails = {{ )", }, { - .tag = Xp::NixTesting, - .name = "nix-testing", + .tag = Xp::DaemonTrustOverride, + .name = "daemon-trust-override", .description = R"( - A "permanent" experimental feature for extra features we just need - for testing. Not actually an "experiment" in the sense of being - prospective functionality for regular users. + Allow forcing trusting or not trusting clients with + `nix-daemon`. This is useful for testing, but possibly also + useful for various experiments with `nix-daemon --stdio` + networking. )", }, }}; diff --git a/src/libutil/experimental-features.hh b/src/libutil/experimental-features.hh index c41f73fa0..3c00bc4e5 100644 --- a/src/libutil/experimental-features.hh +++ b/src/libutil/experimental-features.hh @@ -28,7 +28,7 @@ enum struct ExperimentalFeature AutoAllocateUids, Cgroups, DiscardReferences, - NixTesting, + DaemonTrustOverride, }; /** diff --git a/src/nix/daemon.cc b/src/nix/daemon.cc index 4be93bb1c..35e8a5f87 100644 --- a/src/nix/daemon.cc +++ b/src/nix/daemon.cc @@ -472,13 +472,13 @@ static int main_nix_daemon(int argc, char * * argv) else if (*arg == "--stdio") stdio = true; else if (*arg == "--force-trusted") { - experimentalFeatureSettings.require(Xp::NixTesting); + experimentalFeatureSettings.require(Xp::DaemonTrustOverride); isTrustedOpt = Trusted; } else if (*arg == "--force-untrusted") { - experimentalFeatureSettings.require(Xp::NixTesting); + experimentalFeatureSettings.require(Xp::DaemonTrustOverride); isTrustedOpt = NotTrusted; } else if (*arg == "--default-trust") { - experimentalFeatureSettings.require(Xp::NixTesting); + experimentalFeatureSettings.require(Xp::DaemonTrustOverride); isTrustedOpt = std::nullopt; } else return false; return true; diff --git a/tests/build-remote-trustless-should-fail-0.sh b/tests/build-remote-trustless-should-fail-0.sh index b5cedb544..fad1def59 100644 --- a/tests/build-remote-trustless-should-fail-0.sh +++ b/tests/build-remote-trustless-should-fail-0.sh @@ -1,5 +1,9 @@ source common.sh +enableFeatures "daemon-trust-override" + +restartDaemon + [[ $busybox =~ busybox ]] || skipTest "no busybox" unset NIX_STORE_DIR diff --git a/tests/build-remote-trustless-should-pass-2.sh b/tests/build-remote-trustless-should-pass-2.sh index 6383f5489..b769a88f0 100644 --- a/tests/build-remote-trustless-should-pass-2.sh +++ b/tests/build-remote-trustless-should-pass-2.sh @@ -1,5 +1,9 @@ source common.sh +enableFeatures "daemon-trust-override" + +restartDaemon + # Remote doesn't trust us file=build-hook.nix prog=$(readlink -e ./nix-daemon-untrusting.sh) diff --git a/tests/build-remote-trustless-should-pass-3.sh b/tests/build-remote-trustless-should-pass-3.sh index c3ec359fb..40f81da5a 100644 --- a/tests/build-remote-trustless-should-pass-3.sh +++ b/tests/build-remote-trustless-should-pass-3.sh @@ -1,5 +1,9 @@ source common.sh +enableFeatures "daemon-trust-override" + +restartDaemon + # Remote doesn't trusts us, but this is fine because we are only # building (fixed) CA derivations. file=build-hook-ca-fixed.nix diff --git a/tests/init.sh b/tests/init.sh index 2c4f4a2f3..c420e8c9f 100755 --- a/tests/init.sh +++ b/tests/init.sh @@ -20,7 +20,7 @@ cat > "$NIX_CONF_DIR"/nix.conf <