nix-testing -> daemon-trust-override

And only enable in the tests that need it. This makes it less of a
sledgehammer.
This commit is contained in:
John Ericson 2023-04-17 09:35:43 -04:00
parent b1343e8ad1
commit e95db8f2b9
7 changed files with 23 additions and 10 deletions

View File

@ -190,12 +190,13 @@ constexpr std::array<ExperimentalFeatureDetails, 12> xpFeatureDetails = {{
)",
},
{
.tag = Xp::NixTesting,
.name = "nix-testing",
.tag = Xp::DaemonTrustOverride,
.name = "daemon-trust-override",
.description = R"(
A "permanent" experimental feature for extra features we just need
for testing. Not actually an "experiment" in the sense of being
prospective functionality for regular users.
Allow forcing trusting or not trusting clients with
`nix-daemon`. This is useful for testing, but possibly also
useful for various experiments with `nix-daemon --stdio`
networking.
)",
},
}};

View File

@ -28,7 +28,7 @@ enum struct ExperimentalFeature
AutoAllocateUids,
Cgroups,
DiscardReferences,
NixTesting,
DaemonTrustOverride,
};
/**

View File

@ -472,13 +472,13 @@ static int main_nix_daemon(int argc, char * * argv)
else if (*arg == "--stdio")
stdio = true;
else if (*arg == "--force-trusted") {
experimentalFeatureSettings.require(Xp::NixTesting);
experimentalFeatureSettings.require(Xp::DaemonTrustOverride);
isTrustedOpt = Trusted;
} else if (*arg == "--force-untrusted") {
experimentalFeatureSettings.require(Xp::NixTesting);
experimentalFeatureSettings.require(Xp::DaemonTrustOverride);
isTrustedOpt = NotTrusted;
} else if (*arg == "--default-trust") {
experimentalFeatureSettings.require(Xp::NixTesting);
experimentalFeatureSettings.require(Xp::DaemonTrustOverride);
isTrustedOpt = std::nullopt;
} else return false;
return true;

View File

@ -1,5 +1,9 @@
source common.sh
enableFeatures "daemon-trust-override"
restartDaemon
[[ $busybox =~ busybox ]] || skipTest "no busybox"
unset NIX_STORE_DIR

View File

@ -1,5 +1,9 @@
source common.sh
enableFeatures "daemon-trust-override"
restartDaemon
# Remote doesn't trust us
file=build-hook.nix
prog=$(readlink -e ./nix-daemon-untrusting.sh)

View File

@ -1,5 +1,9 @@
source common.sh
enableFeatures "daemon-trust-override"
restartDaemon
# Remote doesn't trusts us, but this is fine because we are only
# building (fixed) CA derivations.
file=build-hook-ca-fixed.nix

View File

@ -20,7 +20,7 @@ cat > "$NIX_CONF_DIR"/nix.conf <<EOF
build-users-group =
keep-derivations = false
sandbox = false
experimental-features = nix-command flakes nix-testing
experimental-features = nix-command flakes
gc-reserved-space = 0
substituters =
flake-registry = $TEST_ROOT/registry.json