diff options
| author | Eelco Dolstra <edolstra@gmail.com> | 2017-04-20 13:20:49 +0200 |
|---|---|---|
| committer | Eelco Dolstra <edolstra@gmail.com> | 2017-04-20 13:41:29 +0200 |
| commit | 76cb3c702cc1769438940b65b83971f483cca062 (patch) | |
| tree | 139514c32f0af84345e2d64e499746bfffeb4d99 /src/nix-daemon | |
| parent | 9cc8047f44b3d333c2c55c140165bfd507f4d41e (diff) | |
Reimplement trusted-substituters (aka trusted-binary-caches)
Diffstat (limited to 'src/nix-daemon')
| -rw-r--r-- | src/nix-daemon/nix-daemon.cc | 48 |
1 files changed, 42 insertions, 6 deletions
diff --git a/src/nix-daemon/nix-daemon.cc b/src/nix-daemon/nix-daemon.cc index 1389353bb..5c2641eac 100644 --- a/src/nix-daemon/nix-daemon.cc +++ b/src/nix-daemon/nix-daemon.cc @@ -448,20 +448,56 @@ static void performOp(ref<LocalStore> store, bool trusted, unsigned int clientVe readInt(from); // obsolete printBuildTrace settings.buildCores = readInt(from); settings.useSubstitutes = readInt(from); + + StringMap overrides; if (GET_PROTOCOL_MINOR(clientVersion) >= 12) { unsigned int n = readInt(from); for (unsigned int i = 0; i < n; i++) { string name = readString(from); string value = readString(from); - try { - if (trusted || name == "build-timeout") - settings.set(name, value); - } catch (UsageError & e) { - warn(e.what()); - } + overrides.emplace(name, value); } } + startWork(); + + for (auto & i : overrides) { + auto & name(i.first); + auto & value(i.second); + + auto setSubstituters = [&](Setting<Strings> & res) { + if (name != res.name && res.aliases.count(name) == 0) + return false; + StringSet trusted = settings.trustedSubstituters; + for (auto & s : settings.substituters.get()) + trusted.insert(s); + Strings subs; + auto ss = tokenizeString<Strings>(value); + for (auto & s : ss) + if (trusted.count(s)) + subs.push_back(s); + else + warn("ignoring untrusted substituter '%s'", s); + res = subs; + return true; + }; + + try { + if (trusted + || name == settings.buildTimeout.name + || name == settings.connectTimeout.name) + settings.set(name, value); + else if (setSubstituters(settings.substituters)) + ; + else if (setSubstituters(settings.extraSubstituters)) + ; + else + debug("ignoring untrusted setting '%s'", name); + } catch (UsageError & e) { + warn(e.what()); + } + } + stopWork(); break; } |