mirror of
https://github.com/privatevoid-net/nix-super.git
synced 2024-11-26 15:56:18 +02:00
Add --process-ops
flag to nix-daemon
This commit is contained in:
parent
949f5841f8
commit
9796ebd7ef
1 changed files with 29 additions and 4 deletions
|
@ -443,16 +443,23 @@ static void processStdioConnection(ref<Store> store, TrustedFlag trustClient)
|
||||||
*
|
*
|
||||||
* @param forceTrustClientOpt See `daemonLoop()` and the parameter with
|
* @param forceTrustClientOpt See `daemonLoop()` and the parameter with
|
||||||
* the same name over there for details.
|
* the same name over there for details.
|
||||||
|
*
|
||||||
|
* @param procesOps Whether to force processing ops even if the next
|
||||||
|
* store also is a remote store and could process it directly.
|
||||||
*/
|
*/
|
||||||
static void runDaemon(bool stdio, std::optional<TrustedFlag> forceTrustClientOpt)
|
static void runDaemon(bool stdio, std::optional<TrustedFlag> forceTrustClientOpt, bool processOps)
|
||||||
{
|
{
|
||||||
if (stdio) {
|
if (stdio) {
|
||||||
auto store = openUncachedStore();
|
auto store = openUncachedStore();
|
||||||
|
|
||||||
|
std::shared_ptr<RemoteStore> remoteStore;
|
||||||
|
|
||||||
// If --force-untrusted is passed, we cannot forward the connection and
|
// If --force-untrusted is passed, we cannot forward the connection and
|
||||||
// must process it ourselves (before delegating to the next store) to
|
// must process it ourselves (before delegating to the next store) to
|
||||||
// force untrusting the client.
|
// force untrusting the client.
|
||||||
if (auto remoteStore = store.dynamic_pointer_cast<RemoteStore>(); remoteStore && (!forceTrustClientOpt || *forceTrustClientOpt != NotTrusted))
|
processOps |= !forceTrustClientOpt || *forceTrustClientOpt != NotTrusted;
|
||||||
|
|
||||||
|
if (!processOps && (remoteStore = store.dynamic_pointer_cast<RemoteStore>()))
|
||||||
forwardStdioConnection(*remoteStore);
|
forwardStdioConnection(*remoteStore);
|
||||||
else
|
else
|
||||||
// `Trusted` is passed in the auto (no override case) because we
|
// `Trusted` is passed in the auto (no override case) because we
|
||||||
|
@ -468,6 +475,7 @@ static int main_nix_daemon(int argc, char * * argv)
|
||||||
{
|
{
|
||||||
auto stdio = false;
|
auto stdio = false;
|
||||||
std::optional<TrustedFlag> isTrustedOpt = std::nullopt;
|
std::optional<TrustedFlag> isTrustedOpt = std::nullopt;
|
||||||
|
auto processOps = false;
|
||||||
|
|
||||||
parseCmdLine(argc, argv, [&](Strings::iterator & arg, const Strings::iterator & end) {
|
parseCmdLine(argc, argv, [&](Strings::iterator & arg, const Strings::iterator & end) {
|
||||||
if (*arg == "--daemon")
|
if (*arg == "--daemon")
|
||||||
|
@ -487,11 +495,14 @@ static int main_nix_daemon(int argc, char * * argv)
|
||||||
} else if (*arg == "--default-trust") {
|
} else if (*arg == "--default-trust") {
|
||||||
experimentalFeatureSettings.require(Xp::DaemonTrustOverride);
|
experimentalFeatureSettings.require(Xp::DaemonTrustOverride);
|
||||||
isTrustedOpt = std::nullopt;
|
isTrustedOpt = std::nullopt;
|
||||||
|
} else if (*arg == "--process-ops") {
|
||||||
|
experimentalFeatureSettings.require(Xp::MountedSSHStore);
|
||||||
|
processOps = true;
|
||||||
} else return false;
|
} else return false;
|
||||||
return true;
|
return true;
|
||||||
});
|
});
|
||||||
|
|
||||||
runDaemon(stdio, isTrustedOpt);
|
runDaemon(stdio, isTrustedOpt, processOps);
|
||||||
|
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
@ -503,6 +514,7 @@ struct CmdDaemon : StoreCommand
|
||||||
{
|
{
|
||||||
bool stdio = false;
|
bool stdio = false;
|
||||||
std::optional<TrustedFlag> isTrustedOpt = std::nullopt;
|
std::optional<TrustedFlag> isTrustedOpt = std::nullopt;
|
||||||
|
bool processOps = false;
|
||||||
|
|
||||||
CmdDaemon()
|
CmdDaemon()
|
||||||
{
|
{
|
||||||
|
@ -538,6 +550,19 @@ struct CmdDaemon : StoreCommand
|
||||||
}},
|
}},
|
||||||
.experimentalFeature = Xp::DaemonTrustOverride,
|
.experimentalFeature = Xp::DaemonTrustOverride,
|
||||||
});
|
});
|
||||||
|
|
||||||
|
addFlag({
|
||||||
|
.longName = "process-ops",
|
||||||
|
.description = R"(
|
||||||
|
Forces the daemon to process received commands itself rather than forwarding the commands straight to the remote store.
|
||||||
|
|
||||||
|
This is useful for the `mounted-ssh://` store where some actions need to be performed on the remote end but as connected user, and not as the user of the underlying daemon on the remote end.
|
||||||
|
)",
|
||||||
|
.handler = {[&]() {
|
||||||
|
processOps = true;
|
||||||
|
}},
|
||||||
|
.experimentalFeature = Xp::MountedSSHStore,
|
||||||
|
});
|
||||||
}
|
}
|
||||||
|
|
||||||
std::string description() override
|
std::string description() override
|
||||||
|
@ -556,7 +581,7 @@ struct CmdDaemon : StoreCommand
|
||||||
|
|
||||||
void run(ref<Store> store) override
|
void run(ref<Store> store) override
|
||||||
{
|
{
|
||||||
runDaemon(stdio, isTrustedOpt);
|
runDaemon(stdio, isTrustedOpt, processOps);
|
||||||
}
|
}
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue