diff options
author | Eelco Dolstra <edolstra@gmail.com> | 2018-12-09T11·59+0100 |
---|---|---|
committer | GitHub <noreply@github.com> | 2018-12-09T11·59+0100 |
commit | 18ecd087ae772885fb223e1771b93a6b0eee1a31 (patch) | |
tree | d461bc85040bbf540e8023bc1f5c58d18c733fd6 | |
parent | 05f0543a1761357f4790e388ac74c8e284b9bb3e (diff) | |
parent | 77cc632186d6a0bb63c1e16238f628857bc6e7bd (diff) |
Merge pull request #2566 from LnL7/s3-scheme
s3: make scheme configurable
-rw-r--r-- | doc/manual/packages/s3-substituter.xml | 14 | ||||
-rw-r--r-- | src/libstore/download.cc | 2 | ||||
-rw-r--r-- | src/libstore/s3-binary-cache-store.cc | 12 | ||||
-rw-r--r-- | src/libstore/s3.hh | 4 |
4 files changed, 24 insertions, 8 deletions
diff --git a/doc/manual/packages/s3-substituter.xml b/doc/manual/packages/s3-substituter.xml index ea654392c6b1..2ec9687a0c60 100644 --- a/doc/manual/packages/s3-substituter.xml +++ b/doc/manual/packages/s3-substituter.xml @@ -51,6 +51,18 @@ the S3 URL:</para> addressing.</para></note> </listitem> </varlistentry> + + <varlistentry><term><literal>scheme</literal></term> + <listitem> + <para> + The scheme used for S3 requests, <literal>https</literal> + (default) or <literal>http</literal>. This option allows you to + disable HTTPS for binary caches which don't support it. + </para> + <note><para>HTTPS should be used if the cache might contain + sensitive information.</para></note> + </listitem> + </varlistentry> </variablelist> <para>In this example we will use the bucket named @@ -165,7 +177,7 @@ the S3 URL:</para> </example> <example><title>Uploading to an S3-Compatible Binary Cache</title> - <para><command>nix copy --to 's3://example-nix-cache?profile=cache-upload&endpoint=minio.example.com' nixpkgs.hello</command></para> + <para><command>nix copy --to 's3://example-nix-cache?profile=cache-upload&scheme=https&endpoint=minio.example.com' nixpkgs.hello</command></para> </example> </section> </section> diff --git a/src/libstore/download.cc b/src/libstore/download.cc index 7773d903265b..fef2cf7a388a 100644 --- a/src/libstore/download.cc +++ b/src/libstore/download.cc @@ -622,7 +622,7 @@ struct CurlDownloader : public Downloader // FIXME: do this on a worker thread try { #ifdef ENABLE_S3 - S3Helper s3Helper("", Aws::Region::US_EAST_1, ""); // FIXME: make configurable + S3Helper s3Helper("", Aws::Region::US_EAST_1, "", ""); // FIXME: make configurable auto slash = request.uri.find('/', 5); if (slash == std::string::npos) throw nix::Error("bad S3 URI '%s'", request.uri); diff --git a/src/libstore/s3-binary-cache-store.cc b/src/libstore/s3-binary-cache-store.cc index 4f1e23198ffe..51de89e0d92f 100644 --- a/src/libstore/s3-binary-cache-store.cc +++ b/src/libstore/s3-binary-cache-store.cc @@ -82,8 +82,8 @@ static void initAWS() }); } -S3Helper::S3Helper(const std::string & profile, const std::string & region, const std::string & endpoint) - : config(makeConfig(region, endpoint)) +S3Helper::S3Helper(const string & profile, const string & region, const string & scheme, const string & endpoint) + : config(makeConfig(region, scheme, endpoint)) , client(make_ref<Aws::S3::S3Client>( profile == "" ? std::dynamic_pointer_cast<Aws::Auth::AWSCredentialsProvider>( @@ -114,11 +114,14 @@ class RetryStrategy : public Aws::Client::DefaultRetryStrategy } }; -ref<Aws::Client::ClientConfiguration> S3Helper::makeConfig(const string & region, const string & endpoint) +ref<Aws::Client::ClientConfiguration> S3Helper::makeConfig(const string & region, const string & scheme, const string & endpoint) { initAWS(); auto res = make_ref<Aws::Client::ClientConfiguration>(); res->region = region; + if (!scheme.empty()) { + res->scheme = Aws::Http::SchemeMapper::FromString(scheme.c_str()); + } if (!endpoint.empty()) { res->endpointOverride = endpoint; } @@ -169,6 +172,7 @@ struct S3BinaryCacheStoreImpl : public S3BinaryCacheStore { const Setting<std::string> profile{this, "", "profile", "The name of the AWS configuration profile to use."}; const Setting<std::string> region{this, Aws::Region::US_EAST_1, "region", {"aws-region"}}; + const Setting<std::string> scheme{this, "", "scheme", "The scheme to use for S3 requests, https by default."}; const Setting<std::string> endpoint{this, "", "endpoint", "An optional override of the endpoint to use when talking to S3."}; const Setting<std::string> narinfoCompression{this, "", "narinfo-compression", "compression method for .narinfo files"}; const Setting<std::string> lsCompression{this, "", "ls-compression", "compression method for .ls files"}; @@ -188,7 +192,7 @@ struct S3BinaryCacheStoreImpl : public S3BinaryCacheStore const Params & params, const std::string & bucketName) : S3BinaryCacheStore(params) , bucketName(bucketName) - , s3Helper(profile, region, endpoint) + , s3Helper(profile, region, scheme, endpoint) { diskCache = getNarInfoDiskCache(); } diff --git a/src/libstore/s3.hh b/src/libstore/s3.hh index 95d612b66335..ef5f23d0f253 100644 --- a/src/libstore/s3.hh +++ b/src/libstore/s3.hh @@ -14,9 +14,9 @@ struct S3Helper ref<Aws::Client::ClientConfiguration> config; ref<Aws::S3::S3Client> client; - S3Helper(const std::string & profile, const std::string & region, const std::string & endpoint); + S3Helper(const std::string & profile, const std::string & region, const std::string & scheme, const std::string & endpoint); - ref<Aws::Client::ClientConfiguration> makeConfig(const std::string & region, const std::string & endpoint); + ref<Aws::Client::ClientConfiguration> makeConfig(const std::string & region, const std::string & scheme, const std::string & endpoint); struct DownloadResult { |