Add option ‘extra-binary-caches’

This allows providing additional binary caches, useful in scripts like Hydra's build reproduction scripts, in particular because untrusted caches are ignored.
2013-05-07 15:37:28 +02:00 · 2013-05-07 15:37:28 +02:00 · ea019e9a26
commit ea019e9a26
parent cc837e2458
2 changed files with 24 additions and 3 deletions
--- a/doc/manual/conf-file.xml
+++ b/doc/manual/conf-file.xml
@ -350,13 +350,25 @@ flag, e.g. <literal>--option gc-keep-outputs false</literal>.</para>
    whitespace.  These are not used by default, but can be enabled by
    users of the Nix daemon by specifying <literal>--option
    binary-caches <replaceable>urls</replaceable></literal> on the
-    command line.  Daemon users are only allowed to pass a subset of
-    the URLs listed in <literal>binary-caches</literal> and
+    command line.  Unprivileged users are only allowed to pass a
+    subset of the URLs listed in <literal>binary-caches</literal> and
    <literal>trusted-binary-caches</literal>.</para></listitem>

  </varlistentry>


+  <varlistentry><term><literal>extra-binary-caches</literal></term>
+
+    <listitem><para>Additional binary caches appended to those
+    specified in <option>binary-caches</option> and
+    <option>binary-caches-files</option>.  When used by unprivileged
+    users, untrusted binary caches (i.e. those not listed in
+    <option>trusted-binary-caches</option>) are silently
+    ignored.</para></listitem>
+
+  </varlistentry>
+
+
  <varlistentry><term><literal>binary-caches-parallel-connections</literal></term>

    <listitem><para>The maximum number of parallel HTTP connections
--- a/scripts/download-from-binary-cache.pl.in
+++ b/scripts/download-from-binary-cache.pl.in
@ -208,12 +208,15 @@ sub getAvailableCaches {
        push @urls, strToList($url);
    }

+    push @urls, strToList($Nix::Config::config{"extra-binary-caches"} // "");
+
    # Allow Nix daemon users to override the binary caches to a subset
    # of those listed in the config file.  Note that ‘untrusted-*’
    # denotes options passed by the client.
+    my @trustedUrls = uniq(@urls, strToList($Nix::Config::config{"trusted-binary-caches"} // ""));
+
    if (defined $Nix::Config::config{"untrusted-binary-caches"}) {
        my @untrustedUrls = strToList $Nix::Config::config{"untrusted-binary-caches"};
-        my @trustedUrls = uniq(@urls, strToList($Nix::Config::config{"trusted-binary-caches"} // ""));
        @urls = ();
        foreach my $url (@untrustedUrls) {
            die "binary cache ‘$url’ is not trusted (please add it to ‘trusted-binary-caches’ [@trustedUrls] in $Nix::Config::confDir/nix.conf)\n"
@ -222,6 +225,12 @@ sub getAvailableCaches {
        }
    }

+    my @untrustedUrls = strToList $Nix::Config::config{"untrusted-extra-binary-caches"};
+    foreach my $url (@untrustedUrls) {
+        next unless scalar(grep { $url eq $_ } @trustedUrls) > 0;
+        push @urls, $url;
+    }
+
    foreach my $url (uniq @urls) {

        # FIXME: not atomic.