diff --git a/corepkgs/unpack-channel.nix b/corepkgs/unpack-channel.nix index bbc54c7d1e..57d5a09a07 100644 --- a/corepkgs/unpack-channel.nix +++ b/corepkgs/unpack-channel.nix @@ -6,19 +6,23 @@ let '' mkdir $out cd $out - ${bzip2} -d < $src | ${tar} xf - --warning=no-timestamp + ${bzip2} -d < $src | ${tar} xf - --warning=no-timestamp mv * $out/$channelName + if [ -n "$binaryCacheURL" ]; then + mkdir $out/binary-caches + echo -n "$binaryCacheURL" > $out/binary-caches/$channelName + fi ''; in -{ name, channelName, src }: +{ name, channelName, src, binaryCacheURL ? "" }: derivation { system = builtins.currentSystem; builder = shell; args = [ "-e" builder ]; - inherit name channelName src; + inherit name channelName src binaryCacheURL; PATH = "${nixBinDir}:${coreutils}"; diff --git a/doc/manual/conf-file.xml b/doc/manual/conf-file.xml index c09d46206a..ae167fb787 100644 --- a/doc/manual/conf-file.xml +++ b/doc/manual/conf-file.xml @@ -329,6 +329,18 @@ build-use-chroot = /dev /proc /bin + binary-caches-files + + A list of names of files that will be read to + obtain additional binary cache URLs. The default is + /nix/var/nix/profiles/per-user/root/channels/binary-caches/*, + which ensures that Nix will use the binary caches corresponding to + the channels installed by root. Do not set this option to read + files created by untrusted users! + + + + trusted-binary-caches A list of URLs of binary caches, separated by diff --git a/scripts/download-from-binary-cache.pl.in b/scripts/download-from-binary-cache.pl.in index f7f1f73460..76306405cc 100644 --- a/scripts/download-from-binary-cache.pl.in +++ b/scripts/download-from-binary-cache.pl.in @@ -176,6 +176,16 @@ sub getAvailableCaches { ($Nix::Config::config{"binary-caches"} // ($Nix::Config::storeDir eq "/nix/store" ? "http://nixos.org/binary-cache" : "")); + my $urlsFiles = $Nix::Config::config{"binary-cache-files"} + // "/nix/var/nix/profiles/per-user/root/channels/binary-caches/*"; + foreach my $urlFile (glob $urlsFiles) { + next unless -f $urlFile; + open FILE, "<$urlFile" or die "cannot open ‘$urlFile’\n"; + my $url = ; chomp $url; + close FILE; + push @urls, strToList($url); + } + # Allow Nix daemon users to override the binary caches to a subset # of those listed in the config file. Note that ‘untrusted-*’ # denotes options passed by the client. diff --git a/scripts/nix-channel.in b/scripts/nix-channel.in index e7a4b0900e..e057cc9167 100755 --- a/scripts/nix-channel.in +++ b/scripts/nix-channel.in @@ -22,7 +22,7 @@ my $nixDefExpr = "$home/.nix-defexpr"; my $userName = getpwuid($<) or die "cannot figure out user name"; my $profile = "$Nix::Config::stateDir/profiles/per-user/$userName/channels"; mkpath(dirname $profile, 0, 0755); - + my %channels; @@ -77,20 +77,14 @@ sub removeChannel { # channels. sub update { my @channelNames = @_; - + readChannels; - # Create the manifests directory if it doesn't exist. - mkdir $manifestDir, 0755 unless -e $manifestDir; - - # Do we have write permission to the manifests directory? - die "$0: you do not have write permission to `$manifestDir'!\n" unless -W $manifestDir; - # Download each channel. my $exprs = ""; foreach my $name (keys %channels) { next if scalar @channelNames > 0 && ! grep { $_ eq $name } @{channelNames}; - + my $url = $channels{$name}; my $origUrl = "$url/MANIFEST"; @@ -101,11 +95,20 @@ sub update { die "$0: unable to check `$url'\n" if $? != 0; $headers =~ s/\r//g; $url = $1 if $headers =~ /^Location:\s*(.*)\s*$/m; - - # Pull the channel manifest. - $ENV{'NIX_ORIG_URL'} = $origUrl; - system("$Nix::Config::binDir/nix-pull", "--skip-wrong-store", "$url/MANIFEST") == 0 - or die "cannot pull manifest from `$url'\n"; + + # Check if the channel advertises a binary cache. + my $binaryCacheURL = `$Nix::Config::curl --silent '$url'/binary-cache-url`; + my $extraAttrs = ""; + if ($? == 0 && $binaryCacheURL ne "") { + $extraAttrs .= "binaryCacheURL = \"$binaryCacheURL\"; "; + } else { + # No binary cache, so pull the channel manifest. + mkdir $manifestDir, 0755 unless -e $manifestDir; + die "$0: you do not have write permission to `$manifestDir'!\n" unless -W $manifestDir; + $ENV{'NIX_ORIG_URL'} = $origUrl; + system("$Nix::Config::binDir/nix-pull", "--skip-wrong-store", "$url/MANIFEST") == 0 + or die "cannot pull manifest from `$url'\n"; + } # Download the channel tarball. my $fullURL = "$url/nixexprs.tar.bz2"; @@ -120,7 +123,7 @@ sub update { my $cname = $name; $cname .= $1 if basename($url) =~ /(-\d.*)$/; - $exprs .= "'f: f { name = \"$cname\"; channelName = \"$name\"; src = builtins.storePath \"$path\"; }' "; + $exprs .= "'f: f { name = \"$cname\"; channelName = \"$name\"; src = builtins.storePath \"$path\"; $extraAttrs }' "; } # Unpack the channel tarballs into the Nix store and install them @@ -189,7 +192,7 @@ while (scalar @ARGV) { update(@ARGV); last; } - + elsif ($arg eq "--help") { usageError; } @@ -198,7 +201,7 @@ while (scalar @ARGV) { print "nix-channel (Nix) $Nix::Config::version\n"; exit 0; } - + else { die "unknown argument `$arg'; try `--help'"; }