Eelco Dolstra
589f6f267b
fetchClosure: Don't allow URL query parameters
...
Allowing this is a potential security hole, since it allows the user
to specify parameters like 'local-nar-cache'.
2022-04-06 11:52:51 +02:00
Eelco Dolstra
86b05ccd54
Only provide builtin.{getFlake,fetchClosure} is the corresponding experimental feature is enabled
...
This allows writing fallback code like
if builtins ? fetchClosure then
builtins.fetchClose { ... }
else
builtins.storePath ...
2022-03-25 14:04:18 +01:00
Eelco Dolstra
f902f3c2cb
Add experimental feature 'fetch-closure'
2022-03-24 21:33:33 +01:00
Eelco Dolstra
e5f7029ba4
nix store make-content-addressed: Support --from / --to
2022-03-24 21:33:33 +01:00
Eelco Dolstra
98658ae9d2
Document fetchClosure
2022-03-24 21:33:33 +01:00
Eelco Dolstra
28186b7044
Add a test for fetchClosure and 'nix store make-content-addressed'
2022-03-24 21:33:33 +01:00
Eelco Dolstra
4120930ac1
fetchClosure: Only allow some "safe" store types
2022-03-24 21:33:33 +01:00
Eelco Dolstra
7ffda0af6e
fetchClosure: Skip makeContentAddressed() if toPath is already valid
2022-03-24 21:33:33 +01:00
Eelco Dolstra
545c2d0d8c
fetchClosure: Allow a path to be rewritten to CA on the fly
...
The advantage is that the resulting closure doesn't need to be signed,
so you don't need to configure any binary cache keys on the client.
2022-03-24 21:33:33 +01:00
Eelco Dolstra
7f6fe8ca1d
Rename
2022-03-24 21:33:33 +01:00
Eelco Dolstra
41659418cf
fetchClosure: Require a CA path in pure mode
2022-03-24 21:33:33 +01:00
Eelco Dolstra
f4bafc412f
Add builtins.fetchClosure
...
This allows closures to be imported at evaluation time, without
requiring the user to configure substituters. E.g.
builtins.fetchClosure {
storePath = /nix/store/f89g6yi63m1ywfxj96whv5sxsm74w5ka-python3.9-sqlparse-0.4.2;
from = "https://cache.ngi0.nixos.org ";
}
2022-03-24 21:33:33 +01:00
