nixbld: work around for hydra input issues in restricted mode

This commit is contained in:
Sebastien Bourdeauducq 2024-06-03 22:39:00 +08:00
parent f49a0f825e
commit 18a41e1c88
2 changed files with 1 additions and 14 deletions

View File

@ -733,6 +733,7 @@ in
secret-key-files = /etc/nixos/secret/nixbld.m-labs.hk-1 secret-key-files = /etc/nixos/secret/nixbld.m-labs.hk-1
experimental-features = nix-command flakes experimental-features = nix-command flakes
''; '';
nix.settings.allowed-uris = "github: gitlab: git+https://"; # https://github.com/NixOS/nix/issues/5039
nix.settings.extra-sandbox-paths = ["/opt"]; nix.settings.extra-sandbox-paths = ["/opt"];
services.mlabs-backup.enable = true; services.mlabs-backup.enable = true;
@ -798,7 +799,6 @@ in
./hydra-conda.patch ./hydra-conda.patch
./hydra-msys2.patch ./hydra-msys2.patch
./hydra-restrictdist.patch ./hydra-restrictdist.patch
./hydra-hack-allowed-uris.patch # work around https://github.com/NixOS/nix/issues/5039
]; ];
hydraPath = oa.hydraPath + ":" + super.lib.makeBinPath [ super.jq ]; hydraPath = oa.hydraPath + ":" + super.lib.makeBinPath [ super.jq ];
doCheck = false; # FIXME: ldap tests fail on hydra rebuild, seems unrelated to patches above. doCheck = false; # FIXME: ldap tests fail on hydra rebuild, seems unrelated to patches above.

View File

@ -1,13 +0,0 @@
diff --git a/src/hydra-eval-jobs/hydra-eval-jobs.cc b/src/hydra-eval-jobs/hydra-eval-jobs.cc
index 934bf42e..48f2d248 100644
--- a/src/hydra-eval-jobs/hydra-eval-jobs.cc
+++ b/src/hydra-eval-jobs/hydra-eval-jobs.cc
@@ -281,6 +281,8 @@ int main(int argc, char * * argv)
to the environment. */
evalSettings.restrictEval = true;
+ evalSettings.allowedUris = {"https://github.com/m-labs/", "https://git.m-labs.hk/m-labs/", "https://gitlab.com/duke-artiq/"};
+
/* When building a flake, use pure evaluation (no access to
'getEnv', 'currentSystem' etc. */
evalSettings.pureEval = myArgs.flake;