Tidy up and comment daemon CLI #8180
Conversation
Ericson2314
force-pushed
the
factor-out-daemon-cmd-helpers
branch
from
764b711
to
aca1cd8
Compare
| /* Auth hook is empty because in this mode we blindly trust the | ||
| standard streams. Limiting access to those is explicitly | ||
| not `nix-daemon`'s responsibility. */ | ||
| processConnection(store, from, to, Trusted, NotRecursive); |
There was a problem hiding this comment.
Instead of documenting a limitation, I think we could make it work.
| processConnection(store, from, to, Trusted, NotRecursive); | |
| processConnection(store, from, to, store->isTrustedClient(), NotRecursive); |
The point of this mode of operation is that we forward everything, so that should probably include informing the client about their trustedness correctly.
There was a problem hiding this comment.
I actually went with the first one for 3 reasons:
- I hope this can be a pure refactor and not change any behavior.
- I don't think that change is enough to warrant removing the note: in the case where the underlying store is a
LocalStore, for example, it will blindly returnTrusted. So standard streams + non-RemoteStorestill means an invalidated client. - It is good to kindly ferry along the whether the "next" store trusts the client, but we could do that in both the stdio and non-stdio cases.
So bottom line is I think this is a good idea, but it deserves is own follow-up PR.
There was a problem hiding this comment.
Also I remembered that the way it works today is that the trusting of operations in processConnection is based solely on this parameter, but the trusting status returned to the client already takes store->isTrustedClient() into account.
That means in a chained daemon situation that even if an intermediate daemon trusts the the client (and doesn't block any request) the result of store->isTrustedClient() is still the intersection of the trust of each link in the chain.
I actually think that might be good semantics:
- Don't block requests on behalf of another store further down the chain, let the first untrusting store do the blocking.
- Do accurately report to the eventual client whether privileged requests will actually go all the way through.
Ericson2314
force-pushed
the
factor-out-daemon-cmd-helpers
branch
from
7908d7a
to
bd35d19
Compare
Some of the factoring out was taken from NixOS#7912 by @mupdt. Thanks! No behavior should be changed in this commit. Co-Authored-By: mupdt <25388474+mupdt@users.noreply.github.com> Co-authored-by: Robert Hensing <roberth@users.noreply.github.com>
Ericson2314
force-pushed
the
factor-out-daemon-cmd-helpers
branch
from
bd35d19
to
8f44edc
Compare
fricklerhandwerk
added
documentation
contributor-experience
Motivation
This is somewhat overkill as none of these functions are public a header, but I just like making all the code really nice and pretty :).
I hope the next person to touch this code will benefit.
Context
Some of the factoring out was taken from #7912 by @mupdt. Thanks!
Checklist for maintainers
Maintainers: tick if completed or explain if not relevant
tests/**.shsrc/*/teststests/nixos/*Priorities
Add 馃憤 to pull requests you find important.