mirror of
https://github.com/privatevoid-net/nix-super.git
synced 2024-11-27 00:06:16 +02:00
* Configuration options for trusted local builds.
This commit is contained in:
parent
89cd0f57b1
commit
8d06842a76
3 changed files with 43 additions and 5 deletions
|
@ -47,3 +47,34 @@ gc-keep-derivations = true
|
||||||
# while this option was enabled, while `gc-keep-derivations' only
|
# while this option was enabled, while `gc-keep-derivations' only
|
||||||
# applies at the moment the garbage collector is run.
|
# applies at the moment the garbage collector is run.
|
||||||
env-keep-derivations = false
|
env-keep-derivations = false
|
||||||
|
|
||||||
|
|
||||||
|
### Option `build-allow-root'
|
||||||
|
#
|
||||||
|
# This option controls Nix's behaviour when it is invoked under the
|
||||||
|
# `root' user (or setuid-root). If `true' (default), builds are
|
||||||
|
# performed under the `root' user. If `false', builds are performed
|
||||||
|
# under one of the users listed in the `build-users' option (see
|
||||||
|
# below).
|
||||||
|
build-allow-root = true
|
||||||
|
|
||||||
|
|
||||||
|
### Option `build-users'
|
||||||
|
#
|
||||||
|
# This option is only applicable if `build-allow-root' is `false' and
|
||||||
|
# Nix is invoked under the `root' user (or setuid-root). It contains
|
||||||
|
# a list of user names under which Nix can execute builds. Builds
|
||||||
|
# cannot be performed by root since that would allow users to take
|
||||||
|
# over the system by supplying specially crafted builders; and they
|
||||||
|
# cannot be performed by the calling user since that would allow
|
||||||
|
# him/her to influence the build result.
|
||||||
|
#
|
||||||
|
# Thus this list should contain a number of `special' user accounts
|
||||||
|
# created specifically for Nix, e.g., `nix-builder-1',
|
||||||
|
# `nix-builder-2', and so on. The more users the better, since at
|
||||||
|
# most a number of builds equal to the number of build users can be
|
||||||
|
# started.
|
||||||
|
#
|
||||||
|
# Example:
|
||||||
|
# build-users = nix-builder-1 nix-builder-2 nix-builder-3
|
||||||
|
build-users =
|
||||||
|
|
|
@ -11,16 +11,13 @@ string nixDBPath = "/UNINIT";
|
||||||
string nixConfDir = "/UNINIT";
|
string nixConfDir = "/UNINIT";
|
||||||
|
|
||||||
bool keepFailed = false;
|
bool keepFailed = false;
|
||||||
|
|
||||||
bool keepGoing = false;
|
bool keepGoing = false;
|
||||||
|
|
||||||
bool tryFallback = false;
|
bool tryFallback = false;
|
||||||
|
|
||||||
Verbosity buildVerbosity = lvlInfo;
|
Verbosity buildVerbosity = lvlInfo;
|
||||||
|
|
||||||
unsigned int maxBuildJobs = 1;
|
unsigned int maxBuildJobs = 1;
|
||||||
|
|
||||||
bool readOnlyMode = false;
|
bool readOnlyMode = false;
|
||||||
|
bool buildAllowRoot = true;
|
||||||
|
list<string> buildUsers;
|
||||||
|
|
||||||
|
|
||||||
static bool settingsRead = false;
|
static bool settingsRead = false;
|
||||||
|
|
|
@ -2,6 +2,7 @@
|
||||||
#define __GLOBALS_H
|
#define __GLOBALS_H
|
||||||
|
|
||||||
#include <string>
|
#include <string>
|
||||||
|
#include <set>
|
||||||
#include "util.hh"
|
#include "util.hh"
|
||||||
|
|
||||||
using namespace std;
|
using namespace std;
|
||||||
|
@ -52,6 +53,15 @@ extern unsigned int maxBuildJobs;
|
||||||
database. */
|
database. */
|
||||||
extern bool readOnlyMode;
|
extern bool readOnlyMode;
|
||||||
|
|
||||||
|
/* Whether to allow builds by root. Corresponds to the
|
||||||
|
`build-allow-root' configuration option. */
|
||||||
|
extern bool buildAllowRoot;
|
||||||
|
|
||||||
|
/* The list of users under which root-initiated builds can be
|
||||||
|
performed. Correspons to the `build-users' configuration
|
||||||
|
option. */
|
||||||
|
extern list<string> buildUsers;
|
||||||
|
|
||||||
|
|
||||||
string querySetting(const string & name, const string & def);
|
string querySetting(const string & name, const string & def);
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue