wroclaw-git-backups/nix
1
0
Fork 0
mirror of https://github.com/NixOS/nix synced 2025-07-08 11:03:54 +02:00
Code Activity

Merge pull request #10340 from edolstra/trust-github

Browse source 
Add trust-tarballs-from-git-forges setting
This commit is contained in:
Théophane Hufschmitt 2024-04-02 16:08:57 +02:00 committed by GitHub
commit 29c3e4f580
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
3 changed files with 25 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

7
tests/nixos/github-flakes.nix
View file

@ -187,9 +187,14 @@ in
client.succeed("nix flake metadata nixpkgs --tarball-ttl 0 >&2")
# Test fetchTree on a github URL.
hash = client.succeed(f"nix eval --raw --expr '(fetchTree {info['url']}).narHash'")
hash = client.succeed(f"nix eval --no-trust-tarballs-from-git-forges --raw --expr '(fetchTree {info['url']}).narHash'")
assert hash == info['locked']['narHash']
# Fetching without a narHash should succeed if trust-github is set and fail otherwise.
client.succeed(f"nix eval --raw --expr 'builtins.fetchTree github:github:fancy-enterprise/private-flake/{info['revision']}'")
out = client.fail(f"nix eval --no-trust-tarballs-from-git-forges --raw --expr 'builtins.fetchTree github:github:fancy-enterprise/private-flake/{info['revision']}' 2>&1")
assert "will not fetch unlocked input" in out, "--no-trust-tarballs-from-git-forges did not fail with the expected error"
# Shut down the web server. The flake should be cached on the client.
github.succeed("systemctl stop httpd.service")