qyriad/lix
1
0
Fork 0
forked from lix-project/lix
Code Pull requests Activity

nix-testing -> daemon-trust-override

Browse source 
And only enable in the tests that need it. This makes it less of a
sledgehammer.
This commit is contained in:
John Ericson 2023-04-17 09:35:43 -04:00
parent b1343e8ad1
commit e95db8f2b9
7 changed files with 23 additions and 10 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

11
src/libutil/experimental-features.cc
View file

@ -190,12 +190,13 @@ constexpr std::array<ExperimentalFeatureDetails, 12> xpFeatureDetails = {{
)", )",
}, },
{ {
.tag = Xp::NixTesting, .tag = Xp::DaemonTrustOverride,
.name = "nix-testing", .name = "daemon-trust-override",
.description = R"( .description = R"(
A "permanent" experimental feature for extra features we just need Allow forcing trusting or not trusting clients with
for testing. Not actually an "experiment" in the sense of being `nix-daemon`. This is useful for testing, but possibly also
prospective functionality for regular users. useful for various experiments with `nix-daemon --stdio`
networking.
)", )",
}, },
}}; }};

2
src/libutil/experimental-features.hh
View file

@ -28,7 +28,7 @@ enum struct ExperimentalFeature
AutoAllocateUids, AutoAllocateUids,
Cgroups, Cgroups,
DiscardReferences, DiscardReferences,
NixTesting, DaemonTrustOverride,
}; };
/** /**

6
src/nix/daemon.cc
View file

@ -472,13 +472,13 @@ static int main_nix_daemon(int argc, char * * argv)
else if (*arg == "--stdio") else if (*arg == "--stdio")
stdio = true; stdio = true;
else if (*arg == "--force-trusted") { else if (*arg == "--force-trusted") {
experimentalFeatureSettings.require(Xp::NixTesting); experimentalFeatureSettings.require(Xp::DaemonTrustOverride);
isTrustedOpt = Trusted; isTrustedOpt = Trusted;
} else if (*arg == "--force-untrusted") { } else if (*arg == "--force-untrusted") {
experimentalFeatureSettings.require(Xp::NixTesting); experimentalFeatureSettings.require(Xp::DaemonTrustOverride);
isTrustedOpt = NotTrusted; isTrustedOpt = NotTrusted;
} else if (*arg == "--default-trust") { } else if (*arg == "--default-trust") {
experimentalFeatureSettings.require(Xp::NixTesting); experimentalFeatureSettings.require(Xp::DaemonTrustOverride);
isTrustedOpt = std::nullopt; isTrustedOpt = std::nullopt;
} else return false; } else return false;
return true; return true;

4
tests/build-remote-trustless-should-fail-0.sh
View file

@ -1,5 +1,9 @@
source common.sh source common.sh
enableFeatures "daemon-trust-override"
restartDaemon
[[ $busybox =~ busybox ]] || skipTest "no busybox" [[ $busybox =~ busybox ]] || skipTest "no busybox"
unset NIX_STORE_DIR unset NIX_STORE_DIR

4
tests/build-remote-trustless-should-pass-2.sh
View file

@ -1,5 +1,9 @@
source common.sh source common.sh
enableFeatures "daemon-trust-override"
restartDaemon
# Remote doesn't trust us # Remote doesn't trust us
file=build-hook.nix file=build-hook.nix
prog=$(readlink -e ./nix-daemon-untrusting.sh) prog=$(readlink -e ./nix-daemon-untrusting.sh)

4
tests/build-remote-trustless-should-pass-3.sh
View file

@ -1,5 +1,9 @@
source common.sh source common.sh
enableFeatures "daemon-trust-override"
restartDaemon
# Remote doesn't trusts us, but this is fine because we are only # Remote doesn't trusts us, but this is fine because we are only
# building (fixed) CA derivations. # building (fixed) CA derivations.
file=build-hook-ca-fixed.nix file=build-hook-ca-fixed.nix

2
tests/init.sh
View file

@ -20,7 +20,7 @@ cat > "$NIX_CONF_DIR"/nix.conf <<EOF
build-users-group = build-users-group =
keep-derivations = false keep-derivations = false
sandbox = false sandbox = false
experimental-features = nix-command flakes nix-testing experimental-features = nix-command flakes
gc-reserved-space = 0 gc-reserved-space = 0
substituters = substituters =
flake-registry = $TEST_ROOT/registry.json flake-registry = $TEST_ROOT/registry.json