NixOS/nix
NixOS/nix
1
0
Fork 0
mirror of https://github.com/NixOS/nix synced 2024-09-19 10:50:24 -04:00
Code Activity

libstore: Enable kerberos negotiation for http binary caches

Browse source
This commit is contained in:
George Shammas 2024-04-19 18:59:31 -04:00
parent 18485d2d53
commit 1c97877ec9
4 changed files with 16 additions and 6 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
src/libstore/filetransfer.cc
View file

@ -320,7 +320,7 @@ struct curlFileTransfer : public FileTransfer
curl_easy_setopt(req, CURLOPT_PIPEWAIT, 1); curl_easy_setopt(req, CURLOPT_PIPEWAIT, 1);
#endif #endif
#if LIBCURL_VERSION_NUM >= 0x072f00 #if LIBCURL_VERSION_NUM >= 0x072f00
if (fileTransferSettings.enableHttp2) if (fileTransferSettings.enableHttp2 && !request.negotiate)
curl_easy_setopt(req, CURLOPT_HTTP_VERSION, CURL_HTTP_VERSION_2TLS); curl_easy_setopt(req, CURLOPT_HTTP_VERSION, CURL_HTTP_VERSION_2TLS);
else else
curl_easy_setopt(req, CURLOPT_HTTP_VERSION, CURL_HTTP_VERSION_1_1); curl_easy_setopt(req, CURLOPT_HTTP_VERSION, CURL_HTTP_VERSION_1_1);
@ -357,6 +357,12 @@ struct curlFileTransfer : public FileTransfer
curl_easy_setopt(req, CURLOPT_SSL_VERIFYHOST, 0); curl_easy_setopt(req, CURLOPT_SSL_VERIFYHOST, 0);
} }
if (request.negotiate) {
curl_easy_setopt(req, CURLOPT_HTTPAUTH, CURLAUTH_NEGOTIATE);
curl_easy_setopt(req, CURLOPT_USERNAME, "");
curl_easy_setopt(req, CURLOPT_PASSWORD, "");
}
curl_easy_setopt(req, CURLOPT_CONNECTTIMEOUT, fileTransferSettings.connectTimeout.get()); curl_easy_setopt(req, CURLOPT_CONNECTTIMEOUT, fileTransferSettings.connectTimeout.get());
curl_easy_setopt(req, CURLOPT_LOW_SPEED_LIMIT, 1L); curl_easy_setopt(req, CURLOPT_LOW_SPEED_LIMIT, 1L);

1
src/libstore/filetransfer.hh
View file

@ -64,6 +64,7 @@ struct FileTransferRequest
std::string expectedETag; std::string expectedETag;
bool verifyTLS = true; bool verifyTLS = true;
bool head = false; bool head = false;
bool negotiate = false;
size_t tries = fileTransferSettings.tries; size_t tries = fileTransferSettings.tries;
unsigned int baseRetryTimeMs = 250; unsigned int baseRetryTimeMs = 250;
ActivityId parentAct; ActivityId parentAct;

8
src/libstore/http-binary-cache-store.cc
View file

@ -26,15 +26,13 @@ HttpBinaryCacheStoreConfig::HttpBinaryCacheStoreConfig(
cacheUri.pop_back(); cacheUri.pop_back();
} }
std::string HttpBinaryCacheStoreConfig::doc() std::string HttpBinaryCacheStoreConfig::doc()
{ {
return return
#include "http-binary-cache-store.md" #include "http-binary-cache-store.md"
; ;
} }
class HttpBinaryCacheStore : public virtual HttpBinaryCacheStoreConfig, public virtual BinaryCacheStore class HttpBinaryCacheStore : public virtual HttpBinaryCacheStoreConfig, public virtual BinaryCacheStore
{ {
private: private:
@ -143,10 +141,12 @@ protected:
FileTransferRequest makeRequest(const std::string & path) FileTransferRequest makeRequest(const std::string & path)
{ {
return FileTransferRequest( auto request = FileTransferRequest(
hasPrefix(path, "https://") || hasPrefix(path, "http://") || hasPrefix(path, "file://") hasPrefix(path, "https://") || hasPrefix(path, "http://") || hasPrefix(path, "file://")
? path ? path
: cacheUri + "/" + path); : cacheUri + "/" + path);
request.negotiate = negotiate;
return request;
} }

3
src/libstore/http-binary-cache-store.hh
View file

@ -10,6 +10,9 @@ struct HttpBinaryCacheStoreConfig : virtual BinaryCacheStoreConfig
Path cacheUri; Path cacheUri;
const Setting<bool> negotiate{this, false, "negotiate",
"Whether to do kerberos negotiate when talking to the http binary cache."};
const std::string name() override const std::string name() override
{ {
return "HTTP Binary Cache Store"; return "HTTP Binary Cache Store";