Add setting 'unforwarded-settings' to prevent forwarding to the daemon

This is useful for settings like netrc-file that we might not want to forward, and can avoid annoying warnings if the user is not trusted.
DeterminateSystems · Jul 30, 2024 · f500925 · f500925
1 parent ee86e7f
commit f500925
Show file tree

Hide file tree

Showing 4 changed files with 17 additions and 1 deletion.
diff --git a/src/libstore/globals.hh b/src/libstore/globals.hh
@@ -99,6 +99,12 @@ public:
      */
     Path nixDaemonSocketFile;
 
+    Setting<StringSet> unforwardedSettings{this, {}, "unforwarded-settings",
+        R"(
+          The names of settings that will not be forwarded from the
+          Nix client to the Nix daemon.
+        )"};
+
     Setting<std::string> storeUri{this, getEnv("NIX_REMOTE").value_or("auto"), "store",
         R"(
           The [URL of the Nix store](@docroot@/store/types/index.md#store-url-format)

diff --git a/src/libstore/remote-store.cc b/src/libstore/remote-store.cc
@@ -129,6 +129,9 @@ void RemoteStore::setOptions(Connection & conn)
         overrides.erase(loggerSettings.showTrace.name);
         overrides.erase(experimentalFeatureSettings.experimentalFeatures.name);
         overrides.erase("plugin-files");
+        overrides.erase(settings.unforwardedSettings.name);
+        for (auto & i : settings.unforwardedSettings.get())
+            overrides.erase(i);
         conn.to << overrides.size();
         for (auto & i : overrides)
             conn.to << i.first << i.second.value;

diff --git a/tests/functional/common/vars-and-functions.sh b/tests/functional/common/vars-and-functions.sh
@@ -123,7 +123,7 @@ startDaemon() {
     fi
     # Start the daemon, wait for the socket to appear.
     rm -f $NIX_DAEMON_SOCKET_PATH
-    PATH=$DAEMON_PATH nix --extra-experimental-features 'nix-command' daemon &
+    PATH=$DAEMON_PATH nix --extra-experimental-features 'nix-command' daemon "${extraDaemonFlags[@]}" &
     _NIX_TEST_DAEMON_PID=$!
     export _NIX_TEST_DAEMON_PID
     for ((i = 0; i < 300; i++)); do

diff --git a/tests/functional/remote-store.sh b/tests/functional/remote-store.sh
@@ -36,3 +36,10 @@ NIX_REMOTE= nix-store --dump-db > $TEST_ROOT/d2
 cmp $TEST_ROOT/d1 $TEST_ROOT/d2
 
 killDaemon
+
+# Test 'unforwarded-settings'.
+extraDaemonFlags=("--trusted-users" "")
+startDaemon
+nix store info --netrc-file /foo 2>&1 | grepQuiet "ignoring the client-specified setting 'netrc-file'"
+nix store info --netrc-file /foo --unforwarded-settings netrc-file 2>&1 | grep -v "ignoring the client-specified setting 'netrc-file'"
+killDaemon