Commits on Feb 2, 2023

1. Move trustedUsers and allowedUsers to separate config struct …

   These settings are not needed for libstore at all, they are just used by
   the nix daemon *command* for authorization on unix domain sockets. My
   moving them to a new configuration struct just in that file, we avoid
   them leaking anywhere else.
   
   Also, it is good to break up the mammoth `Settings` struct in general.
   Issue NixOS#5638 tracks this.
   
   The message is not changed because I do not want to regress in
   convenience to the user. Just saying "this connection is not trusted"
   doesn't tell them out to fix the issue. The ideal thing to do would be
   to somehow parameterize `processCommand` on how the error should be
   displayed, so different sorts of connections can display different
   information to the user based on how authentication is performed for the
   connection in question. This, however, is a good bit more work, so it is
   left for the future.
   
   This came up with me thinking about the tcp:// store (NixOS#5265). The larger
   project is not TCP *per se*, but the idea that it should be possible for
   something else to manage access control to services like the Nix Daemon,
   and those services simply trust or trust the incoming connection as they
   are told. This is a more capability-oriented way of thinking about trust
   than "every server implements its own auth separately" as we are used to today.
   
   Its very great that libstore itself already implements just this model,
   and so via this refactor I basically want to "enshrine" that so it
   continues to be the case.

   

   Ericson2314 committed Feb 2, 2023
   Configuration menu

   • View commit details
   • Copy full SHA for a47e055
   • Browse repository at this point

   Copy the full SHA

   a47e055 View commit details

   Browse the repository at this point in the history