Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add setting 'client-only-settings' to prevent forwarding to the daemon #11223

Open
wants to merge 6 commits into
base: master
Choose a base branch
from
Open

Add setting 'client-only-settings' to prevent forwarding to the daemon #11223

wants to merge 6 commits into from

Conversation

edolstra
Copy link
Member

@edolstra edolstra commented Jul 30, 2024
edited
Loading

Motivation

We may not want to forward settings like netrc-file, e.g. if it contains passwords that are only intended for fetching sources. In addition, we currently get annoying warnings like

warning: ignoring the client-specified setting 'netrc-file', because it is a restricted setting and you are not a trusted user

if the client is not trusted.

This PR adds a new setting client-only-settings that allows the user to selectively disable forwarding to the daemon, e.g.

netrc-file = /home/eelco/bla/netrc
client-only-settings = netrc-file

Context

Priorities and Process

Add 👍 to pull requests you find important.

The Nix maintainer team uses a GitHub project board to schedule and track reviews.

@edolstra
Add setting 'unforwarded-settings' to prevent forwarding to the daemon
f500925 
This is useful for settings like netrc-file that we might not want to
forward, and can avoid annoying warnings if the user is not trusted.
@edolstra edolstra requested a review from Ericson2314 as a code owner July 30, 2024 21:51
@github-actions github-actions bot added with-tests Issues related to testing. PRs with tests have some priority store Issues and pull requests concerning the Nix store labels Jul 30, 2024
@grahamc
Copy link
Member

grahamc commented Jul 30, 2024

How about something like client-only-settings?

@roberth roberth added the settings Settings, global flags, nix.conf label Jul 31, 2024
@edolstra edolstra changed the title Add setting 'unforwarded-settings' to prevent forwarding to the daemon Add setting 'client-only-settings' to prevent forwarding to the daemon Jul 31, 2024
@roberth
Copy link
Member

roberth commented Jul 31, 2024

This would also be useful for locking down the daemon, rather than exclusively a client side option.

@Ericson2314
Copy link
Member

This is a weakly-held opinion, but I sort of don't wish for new settings knob sat this time, at least just to silence a warning, when there whole way the settings works is suspect.

After the Meson stuff I get back to #11139, and then, yes, a counterpart for the main settings, and then bigger changes that would avoid the need for this are possible. We want Nix to have smarter defaults, and a better understanding of which settings affect which components, after all.

@roberth roberth self-assigned this Sep 2, 2024
@nixos-discourse
Copy link

This pull request has been mentioned on NixOS Discourse. There might be relevant details there:

https://discourse.nixos.org/t/2024-08-02-nix-team-meeting-minutes-174/51512/1

@edolstra
Copy link
Member Author

edolstra commented Sep 3, 2024

@roberth This is ready now. The daemon now also applies client-only-settings.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Ericson2314 Ericson2314 Awaiting requested review from Ericson2314 Ericson2314 is a code owner

Assignees

@roberth roberth

Labels
settings Settings, global flags, nix.conf store Issues and pull requests concerning the Nix store with-tests Issues related to testing. PRs with tests have some priority
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@edolstra @grahamc @roberth @Ericson2314 @nixos-discourse