diff options
| -rw-r--r-- | doc/manual/command-ref/conf-file.xml | 28 | ||||
| -rw-r--r-- | src/libstore/builtins.cc | 15 | ||||
| -rw-r--r-- | src/libstore/globals.hh | 3 | ||||
| -rw-r--r-- | tests/fetchurl.sh | 4 |
4 files changed, 42 insertions, 8 deletions
diff --git a/doc/manual/command-ref/conf-file.xml b/doc/manual/command-ref/conf-file.xml index cde32b35f..3512777dd 100644 --- a/doc/manual/command-ref/conf-file.xml +++ b/doc/manual/command-ref/conf-file.xml @@ -660,6 +660,34 @@ password <replaceable>my-password</replaceable> </varlistentry> + <varlistentry xml:id="conf-hashed-mirrors"><term><literal>hashed-mirrors</literal></term> + + <listitem><para>A list of web servers used by + <function>builtins.fetchurl</function> to obtain files by + hash. The default is + <literal>http://tarballs.nixos.org/</literal>. Given a hash type + <replaceable>ht</replaceable> and a base-16 hash + <replaceable>h</replaceable>, Nix will try to download the file + from + <literal>hashed-mirror/<replaceable>ht</replaceable>/<replaceable>h</replaceable></literal>. + This allows files to be downloaded even if they have disappeared + from their original URI. For example, given the default mirror + <literal>http://tarballs.nixos.org/</literal>, when building the derivation + +<programlisting> +builtins.fetchurl { + url = https://example.org/foo-1.2.3.tar.xz; + sha256 = "2c26b46b68ffc68ff99b453c1d30413413422d706483bfa0f98a5e886266e7ae"; +} +</programlisting> + + Nix will attempt to download this file from + <literal>http://tarballs.nixos.org/sha256/2c26b46b68ffc68ff99b453c1d30413413422d706483bfa0f98a5e886266e7ae</literal> + first. If it is not available there, if will try the original URI.</para></listitem> + + </varlistentry> + + </variablelist> </para> diff --git a/src/libstore/builtins.cc b/src/libstore/builtins.cc index 8a5cf3327..b51b6f85c 100644 --- a/src/libstore/builtins.cc +++ b/src/libstore/builtins.cc @@ -38,12 +38,15 @@ void builtinFetchurl(const BasicDerivation & drv, const std::string & netrcData) std::shared_ptr<std::string> data; - try { - if (getAttr("outputHashMode") == "flat") - data = fetch("http://tarballs.nixos.org/" + getAttr("outputHashAlgo") + "/" + getAttr("outputHash")); - } catch (Error & e) { - debug(e.what()); - } + if (getAttr("outputHashMode") == "flat") + for (auto hashedMirror : settings.hashedMirrors.get()) + try { + if (!hasSuffix(hashedMirror, "/")) hashedMirror += '/'; + data = fetch(hashedMirror + getAttr("outputHashAlgo") + "/" + getAttr("outputHash")); + break; + } catch (Error & e) { + debug(e.what()); + } if (!data) data = fetch(getAttr("url")); diff --git a/src/libstore/globals.hh b/src/libstore/globals.hh index c8d67b071..9ebbf7b47 100644 --- a/src/libstore/globals.hh +++ b/src/libstore/globals.hh @@ -327,6 +327,9 @@ public: "Whether builders can acquire new privileges by calling programs with " "setuid/setgid bits or with file capabilities."}; #endif + + Setting<Strings> hashedMirrors{this, {"http://tarballs.nixos.org/"}, "hashed-mirrors", + "A list of servers used by builtins.fetchurl to fetch files by hash."}; }; diff --git a/tests/fetchurl.sh b/tests/fetchurl.sh index 808f46025..02b83525b 100644 --- a/tests/fetchurl.sh +++ b/tests/fetchurl.sh @@ -5,7 +5,7 @@ clearStore # Test fetching a flat file. hash=$(nix-hash --flat --type sha256 ./fetchurl.sh) -outPath=$(nix-build '<nix/fetchurl.nix>' --argstr url file://$(pwd)/fetchurl.sh --argstr sha256 $hash --no-out-link) +outPath=$(nix-build '<nix/fetchurl.nix>' --argstr url file://$(pwd)/fetchurl.sh --argstr sha256 $hash --no-out-link --option hashed-mirrors '') cmp $outPath fetchurl.sh @@ -14,7 +14,7 @@ clearStore hash=$(nix hash-file --type sha512 --base64 ./fetchurl.sh) -outPath=$(nix-build '<nix/fetchurl.nix>' --argstr url file://$(pwd)/fetchurl.sh --argstr sha512 $hash --no-out-link) +outPath=$(nix-build '<nix/fetchurl.nix>' --argstr url file://$(pwd)/fetchurl.sh --argstr sha512 $hash --no-out-link --option hashed-mirrors '') cmp $outPath fetchurl.sh |