diff options
author | John Ericson <John.Ericson@Obsidian.Systems> | 2023-04-17 09:56:32 -0400 |
---|---|---|
committer | John Ericson <John.Ericson@Obsidian.Systems> | 2023-04-17 13:49:14 -0400 |
commit | 79ba0ba37ab35ac5ea94fa1db1fc46a5b7588ece (patch) | |
tree | 9b91d9afe34dcd1a99698478341e590a74749408 /src/build-remote/build-remote.cc | |
parent | e95db8f2b9aebbb4079805cb7ecfc751af41e0b4 (diff) |
Improve the build remote comment.
Diffstat (limited to 'src/build-remote/build-remote.cc')
-rw-r--r-- | src/build-remote/build-remote.cc | 23 |
1 files changed, 22 insertions, 1 deletions
diff --git a/src/build-remote/build-remote.cc b/src/build-remote/build-remote.cc index 3d4dbc3d6..b0bc8a9ff 100644 --- a/src/build-remote/build-remote.cc +++ b/src/build-remote/build-remote.cc @@ -290,9 +290,30 @@ connected: auto drv = store->readDerivation(*drvPath); std::optional<BuildResult> optResult; + + // Let's break this down + // + // ### Trust part + // + // ``` + // std::optional trust = sshStore->isTrustedClient(); (!trust || *trust) + // ``` + // // If we don't know whether we are trusted (e.g. `ssh://` - // stores), we assume we are. This is neccessary for backwards + // stores), we assume we are. This is necessary for backwards // compat. + // + // ### Content-addressing part + // + // ``` + // ...trustCond... || drv.type().isCA() + // ``` + // + // See the very large comment in `case wopBuildDerivation:` in + // `src/libstore/daemon.cc` that explains the trust model here. + // + // This condition mirrors that: that code enforces the "rules"; + // we do the best we can given those "rules". if (std::optional trust = sshStore->isTrustedClient(); (!trust || *trust) || drv.type().isCA()) { // Hijack the inputs paths of the derivation to include all // the paths that come from the `inputDrvs` set. We don’t do |