Skip to content

Commit

Permalink
Move some stuff from Settings to a new FetchSettings.
Browse files Browse the repository at this point in the history 
Starting work on NixOS#5638

The exact boundary between `FetchSettings` and `EvalSettings` is not
clear to me, but that's fine. First lets clean out `libstore`, and then
worry about what, if anything, should be the separation between those
two.
  • Loading branch information
@Ericson2314
Ericson2314 committed Mar 1, 2022
1 parent 1c98542 commit ea71da3
Show file tree
Hide file tree
Showing 9 changed files with 128 additions and 83 deletions.
3 changes: 2 additions & 1 deletion src/libexpr/flake/config.cc
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,6 @@
#include "flake.hh"
#include "globals.hh"
#include "fetch-settings.hh"

#include <nlohmann/json.hpp>

Expand Down Expand Up @@ -53,7 +54,7 @@ void ConfigFile::apply()
auto trustedList = readTrustedList();

bool trusted = false;
if (nix::settings.acceptFlakeConfig){
if (nix::fetchSettings.acceptFlakeConfig){
trusted = true;
} else if (auto saved = get(get(trustedList, name).value_or(std::map<std::string, bool>()), valueS)) {
trusted = *saved;
Expand Down
9 changes: 5 additions & 4 deletions src/libexpr/flake/flake.cc
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,7 @@
#include "store-api.hh"
#include "fetchers.hh"
#include "finally.hh"
#include "fetch-settings.hh"

namespace nix {

Expand Down Expand Up @@ -315,7 +316,7 @@ LockedFlake lockFlake(

FlakeCache flakeCache;

auto useRegistries = lockFlags.useRegistries.value_or(settings.useRegistries);
auto useRegistries = lockFlags.useRegistries.value_or(fetchSettings.useRegistries);

auto flake = getFlake(state, topRef, useRegistries, flakeCache);

Expand Down Expand Up @@ -591,7 +592,7 @@ LockedFlake lockFlake(
if (lockFlags.writeLockFile) {
if (auto sourcePath = topRef.input.getSourcePath()) {
if (!newLockFile.isImmutable()) {
if (settings.warnDirty)
if (fetchSettings.warnDirty)
warn("will not write lock file of flake '%s' because it has a mutable input", topRef);
} else {
if (!lockFlags.updateLockFile)
Expand All @@ -618,7 +619,7 @@ LockedFlake lockFlake(
if (lockFlags.commitLockFile) {
std::string cm;

cm = settings.commitLockFileSummary.get();
cm = fetchSettings.commitLockFileSummary.get();

if (cm == "") {
cm = fmt("%s: %s", relPath, lockFileExists ? "Update" : "Add");
Expand Down Expand Up @@ -716,7 +717,7 @@ static void prim_getFlake(EvalState & state, const Pos & pos, Value * * args, Va
lockFlake(state, flakeRef,
LockFlags {
.updateLockFile = false,
.useRegistries = !evalSettings.pureEval && settings.useRegistries,
.useRegistries = !evalSettings.pureEval && fetchSettings.useRegistries,
.allowMutable = !evalSettings.pureEval,
}),
v);
Expand Down
13 changes: 13 additions & 0 deletions src/libfetchers/fetch-settings.cc
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,13 @@
#include "fetch-settings.hh"

namespace nix {

FetchSettings::FetchSettings()
{
}

FetchSettings fetchSettings;

static GlobalConfig::Register rFetchSettings(&fetchSettings);

}
93 changes: 93 additions & 0 deletions src/libfetchers/fetch-settings.hh
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,93 @@
#pragma once

#include "types.hh"
#include "config.hh"
#include "util.hh"

#include <map>
#include <limits>

#include <sys/types.h>

namespace nix {

struct FetchSettings : public Config
{
FetchSettings();

Setting<StringMap> accessTokens{this, {}, "access-tokens",
R"(
Access tokens used to access protected GitHub, GitLab, or
other locations requiring token-based authentication.
Access tokens are specified as a string made up of
space-separated `host=token` values. The specific token
used is selected by matching the `host` portion against the
"host" specification of the input. The actual use of the
`token` value is determined by the type of resource being
accessed:
* Github: the token value is the OAUTH-TOKEN string obtained
as the Personal Access Token from the Github server (see
https://docs.github.com/en/developers/apps/authorizing-oath-apps).
* Gitlab: the token value is either the OAuth2 token or the
Personal Access Token (these are different types tokens
for gitlab, see
https://docs.gitlab.com/12.10/ee/api/README.html#authentication).
The `token` value should be `type:tokenstring` where
`type` is either `OAuth2` or `PAT` to indicate which type
of token is being specified.
Example `~/.config/nix/nix.conf`:
```
access-tokens = github.com=23ac...b289 gitlab.mycompany.com=PAT:A123Bp_Cd..EfG gitlab.com=OAuth2:1jklw3jk
```
Example `~/code/flake.nix`:
```nix
input.foo = {
type = "gitlab";
host = "gitlab.mycompany.com";
owner = "mycompany";
repo = "pro";
};
```
This example specifies three tokens, one each for accessing
github.com, gitlab.mycompany.com, and sourceforge.net.
The `input.foo` uses the "gitlab" fetcher, which might
requires specifying the token type along with the token
value.
)"};

Setting<bool> allowDirty{this, true, "allow-dirty",
"Whether to allow dirty Git/Mercurial trees."};

Setting<bool> warnDirty{this, true, "warn-dirty",
"Whether to warn about dirty Git/Mercurial trees."};

Setting<std::string> flakeRegistry{this, "https://github.com/NixOS/flake-registry/raw/master/flake-registry.json", "flake-registry",
"Path or URI of the global flake registry."};

Setting<bool> useRegistries{this, true, "use-registries",
"Whether to use flake registries to resolve flake references."};

Setting<bool> acceptFlakeConfig{this, false, "accept-flake-config",
"Whether to accept nix configuration from a flake without prompting."};

Setting<std::string> commitLockFileSummary{
this, "", "commit-lockfile-summary",
R"(
The commit summary to use when committing changed flake lock files. If
empty, the summary is generated based on the action performed.
)"};
};

// FIXME: don't use a global variable.
extern FetchSettings fetchSettings;

}
6 changes: 4 additions & 2 deletions src/libfetchers/git.cc
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,8 @@
#include "url-parts.hh"
#include "pathlocks.hh"

#include "fetch-settings.hh"

#include <sys/time.h>
#include <sys/wait.h>

Expand Down Expand Up @@ -246,10 +248,10 @@ struct GitInputScheme : InputScheme

/* This is an unclean working tree. So copy all tracked files. */

if (!settings.allowDirty)
if (!fetchSettings.allowDirty)
throw Error("Git tree '%s' is dirty", actualUrl);

if (settings.warnDirty)
if (fetchSettings.warnDirty)
warn("Git tree '%s' is dirty", actualUrl);

auto gitOpts = Strings({ "-C", actualUrl, "ls-files", "-z" });
Expand Down
6 changes: 4 additions & 2 deletions src/libfetchers/github.cc
View file
Original file line number Diff line number Diff line change
@@ -1,11 +1,13 @@
#include "filetransfer.hh"
#include "cache.hh"
#include "fetchers.hh"
#include "globals.hh"
#include "store-api.hh"
#include "types.hh"
#include "url-parts.hh"

#include "fetchers.hh"
#include "fetch-settings.hh"

#include <optional>
#include <nlohmann/json.hpp>
#include <fstream>
Expand Down Expand Up @@ -157,7 +159,7 @@ struct GitArchiveInputScheme : InputScheme

std::optional<std::string> getAccessToken(const std::string & host) const
{
auto tokens = settings.accessTokens.get();
auto tokens = fetchSettings.accessTokens.get();
if (auto token = get(tokens, host))
return *token;
return {};
Expand Down
6 changes: 4 additions & 2 deletions src/libfetchers/mercurial.cc
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,8 @@
#include "store-api.hh"
#include "url-parts.hh"

#include "fetch-settings.hh"

#include <sys/time.h>

using namespace std::string_literals;
Expand Down Expand Up @@ -165,10 +167,10 @@ struct MercurialInputScheme : InputScheme
/* This is an unclean working tree. So copy all tracked
files. */

if (!settings.allowDirty)
if (!fetchSettings.allowDirty)
throw Error("Mercurial tree '%s' is unclean", actualUrl);

if (settings.warnDirty)
if (fetchSettings.warnDirty)
warn("Mercurial tree '%s' is unclean", actualUrl);

input.attrs.insert_or_assign("ref", chomp(runHg({ "branch", "-R", actualUrl })));
Expand Down
4 changes: 3 additions & 1 deletion src/libfetchers/registry.cc
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,8 @@
#include "store-api.hh"
#include "local-fs-store.hh"

#include "fetch-settings.hh"

#include <nlohmann/json.hpp>

namespace nix::fetchers {
Expand Down Expand Up @@ -150,7 +152,7 @@ void overrideRegistry(
static std::shared_ptr<Registry> getGlobalRegistry(ref<Store> store)
{
static auto reg = [&]() {
auto path = settings.flakeRegistry.get();
auto path = fetchSettings.flakeRegistry.get();

if (!hasPrefix(path, "/")) {
auto storePath = downloadFile(store, path, "flake-registry.json", false).storePath;
Expand Down
71 changes: 0 additions & 71 deletions src/libstore/globals.hh
View file
Original file line number Diff line number Diff line change
Expand Up @@ -880,74 +880,16 @@ public:
are loaded as plugins (non-recursively).
)"};

Setting<StringMap> accessTokens{this, {}, "access-tokens",
R"(
Access tokens used to access protected GitHub, GitLab, or
other locations requiring token-based authentication.
Access tokens are specified as a string made up of
space-separated `host=token` values. The specific token
used is selected by matching the `host` portion against the
"host" specification of the input. The actual use of the
`token` value is determined by the type of resource being
accessed:
* Github: the token value is the OAUTH-TOKEN string obtained
as the Personal Access Token from the Github server (see
https://docs.github.com/en/developers/apps/authorizing-oath-apps).
* Gitlab: the token value is either the OAuth2 token or the
Personal Access Token (these are different types tokens
for gitlab, see
https://docs.gitlab.com/12.10/ee/api/README.html#authentication).
The `token` value should be `type:tokenstring` where
`type` is either `OAuth2` or `PAT` to indicate which type
of token is being specified.
Example `~/.config/nix/nix.conf`:
```
access-tokens = github.com=23ac...b289 gitlab.mycompany.com=PAT:A123Bp_Cd..EfG gitlab.com=OAuth2:1jklw3jk
```
Example `~/code/flake.nix`:
```nix
input.foo = {
type = "gitlab";
host = "gitlab.mycompany.com";
owner = "mycompany";
repo = "pro";
};
```
This example specifies three tokens, one each for accessing
github.com, gitlab.mycompany.com, and sourceforge.net.
The `input.foo` uses the "gitlab" fetcher, which might
requires specifying the token type along with the token
value.
)"};

Setting<std::set<ExperimentalFeature>> experimentalFeatures{this, {}, "experimental-features",
"Experimental Nix features to enable."};

bool isExperimentalFeatureEnabled(const ExperimentalFeature &);

void requireExperimentalFeature(const ExperimentalFeature &);

Setting<bool> allowDirty{this, true, "allow-dirty",
"Whether to allow dirty Git/Mercurial trees."};

Setting<bool> warnDirty{this, true, "warn-dirty",
"Whether to warn about dirty Git/Mercurial trees."};

Setting<size_t> narBufferSize{this, 32 * 1024 * 1024, "nar-buffer-size",
"Maximum size of NARs before spilling them to disk."};

Setting<std::string> flakeRegistry{this, "https://github.com/NixOS/flake-registry/raw/master/flake-registry.json", "flake-registry",
"Path or URI of the global flake registry."};

Setting<bool> allowSymlinkedStore{
this, false, "allow-symlinked-store",
R"(
Expand All @@ -960,19 +902,6 @@ public:
resolves to a different location from that of the build machine. You
can enable this setting if you are sure you're not going to do that.
)"};

Setting<bool> useRegistries{this, true, "use-registries",
"Whether to use flake registries to resolve flake references."};

Setting<bool> acceptFlakeConfig{this, false, "accept-flake-config",
"Whether to accept nix configuration from a flake without prompting."};

Setting<std::string> commitLockFileSummary{
this, "", "commit-lockfile-summary",
R"(
The commit summary to use when committing changed flake lock files. If
empty, the summary is generated based on the action performed.
)"};
};


Expand Down

0 comments on commit ea71da3

Please sign in to comment.