about summary refs log tree commit diff
path: root/src/nix-daemon
diff options
context:
space:
mode:
authorEelco Dolstra <edolstra@gmail.com>2017-04-20T11·20+0200
committerEelco Dolstra <edolstra@gmail.com>2017-04-20T11·41+0200
commit76cb3c702cc1769438940b65b83971f483cca062 (patch)
tree139514c32f0af84345e2d64e499746bfffeb4d99 /src/nix-daemon
parent9cc8047f44b3d333c2c55c140165bfd507f4d41e (diff)
Reimplement trusted-substituters (aka trusted-binary-caches)
Diffstat (limited to 'src/nix-daemon')
-rw-r--r--src/nix-daemon/nix-daemon.cc48
1 files changed, 42 insertions, 6 deletions
diff --git a/src/nix-daemon/nix-daemon.cc b/src/nix-daemon/nix-daemon.cc
index 1389353bb5d8..5c2641eac6ff 100644
--- a/src/nix-daemon/nix-daemon.cc
+++ b/src/nix-daemon/nix-daemon.cc
@@ -448,20 +448,56 @@ static void performOp(ref<LocalStore> store, bool trusted, unsigned int clientVe
         readInt(from); // obsolete printBuildTrace
         settings.buildCores = readInt(from);
         settings.useSubstitutes  = readInt(from);
+
+        StringMap overrides;
         if (GET_PROTOCOL_MINOR(clientVersion) >= 12) {
             unsigned int n = readInt(from);
             for (unsigned int i = 0; i < n; i++) {
                 string name = readString(from);
                 string value = readString(from);
-                try {
-                    if (trusted || name == "build-timeout")
-                        settings.set(name, value);
-                } catch (UsageError & e) {
-                    warn(e.what());
-                }
+                overrides.emplace(name, value);
             }
         }
+
         startWork();
+
+        for (auto & i : overrides) {
+            auto & name(i.first);
+            auto & value(i.second);
+
+            auto setSubstituters = [&](Setting<Strings> & res) {
+                if (name != res.name && res.aliases.count(name) == 0)
+                    return false;
+                StringSet trusted = settings.trustedSubstituters;
+                for (auto & s : settings.substituters.get())
+                    trusted.insert(s);
+                Strings subs;
+                auto ss = tokenizeString<Strings>(value);
+                for (auto & s : ss)
+                    if (trusted.count(s))
+                        subs.push_back(s);
+                    else
+                        warn("ignoring untrusted substituter '%s'", s);
+                res = subs;
+                return true;
+            };
+
+            try {
+                if (trusted
+                    || name == settings.buildTimeout.name
+                    || name == settings.connectTimeout.name)
+                    settings.set(name, value);
+                else if (setSubstituters(settings.substituters))
+                    ;
+                else if (setSubstituters(settings.extraSubstituters))
+                    ;
+                else
+                    debug("ignoring untrusted setting '%s'", name);
+            } catch (UsageError & e) {
+                warn(e.what());
+            }
+        }
+
         stopWork();
         break;
     }