-
-
Notifications
You must be signed in to change notification settings - Fork 1.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We鈥檒l occasionally send you account related emails.
Already on GitHub? Sign in to your account
Port the flags of nix-daemon to nix daemon #8788
Merged
tomberek
merged 9 commits into
NixOS:master
from
bryanhonof:bryanhonof/nix-daemon-flag-port
Aug 28, 2023
Merged
Changes from 8 commits
Commits
Show all changes
9 commits
Select commit
Hold shift + click to select a range
2c94ac5
chore(nix/daemon): port the flags of nix-daemon to nix daemon
bryanhonof 3bb079e
Update src/nix/daemon.cc
bryanhonof a96d63f
Update src/nix/daemon.cc
bryanhonof 747da01
Update src/nix/daemon.cc
bryanhonof a29afa7
Update src/nix/daemon.cc
bryanhonof 7649cac
docs(daemon): clarify the daemon trust override flags
bryanhonof f84c8d5
fix: change decleration order
bryanhonof 39add5e
docs: add examples of nix daemon usage
bryanhonof 2787820
Apply suggestions from code review
tomberek File filter
Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change | ||||
---|---|---|---|---|---|---|
|
@@ -500,6 +500,45 @@ static RegisterLegacyCommand r_nix_daemon("nix-daemon", main_nix_daemon); | |||||
|
||||||
struct CmdDaemon : StoreCommand | ||||||
{ | ||||||
bool stdio = false; | ||||||
std::optional<TrustedFlag> isTrustedOpt = std::nullopt; | ||||||
|
||||||
CmdDaemon() | ||||||
{ | ||||||
addFlag({ | ||||||
.longName = "stdio", | ||||||
.description = "Attach to standard I/O, instead of trying to bind to a UNIX socket.", | ||||||
.handler = {&stdio, true}, | ||||||
}); | ||||||
|
||||||
addFlag({ | ||||||
.longName = "force-trusted", | ||||||
.description = "Forces the daemon to trust connecting clients, forwarding the connection without the receiving daemon processing it.", | ||||||
tomberek marked this conversation as resolved.
Show resolved
Hide resolved
|
||||||
.handler = {[&]() { | ||||||
isTrustedOpt = Trusted; | ||||||
}}, | ||||||
.experimentalFeature = Xp::DaemonTrustOverride, | ||||||
}); | ||||||
|
||||||
addFlag({ | ||||||
.longName = "force-untrusted", | ||||||
.description = "Forces the daemon to not trust connecting clients, the connection will be processed by the receiving daemon before forwarding commands.", | ||||||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more.
Suggested change
tomberek marked this conversation as resolved.
Show resolved
Hide resolved
|
||||||
.handler = {[&]() { | ||||||
isTrustedOpt = NotTrusted; | ||||||
}}, | ||||||
.experimentalFeature = Xp::DaemonTrustOverride, | ||||||
}); | ||||||
|
||||||
addFlag({ | ||||||
.longName = "default-trust", | ||||||
.description = "Use Nix's default trust.", | ||||||
.handler = {[&]() { | ||||||
isTrustedOpt = std::nullopt; | ||||||
}}, | ||||||
.experimentalFeature = Xp::DaemonTrustOverride, | ||||||
}); | ||||||
} | ||||||
|
||||||
std::string description() override | ||||||
{ | ||||||
return "daemon to perform store operations on behalf of non-root clients"; | ||||||
|
@@ -516,7 +555,7 @@ struct CmdDaemon : StoreCommand | |||||
|
||||||
void run(ref<Store> store) override | ||||||
{ | ||||||
runDaemon(false, std::nullopt); | ||||||
runDaemon(stdio, isTrustedOpt); | ||||||
} | ||||||
}; | ||||||
|
||||||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Does this actually forward the connection? I assume that depends on
nix daemon
's own--store
parameter: If it's "local", then it won't forward to another daemon.There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
That is true. Forcing untrusted does make not force in the
--stdio
case when--store
is aRemoteStore
subclass, but forcing trusted (if I am reading the code above right) doesn't seem to affect when forwarding happens.There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
So, just "Forces the daemon to trust connecting clients." would be enough as a description in this case?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yes I think that is good