nixbld: work around for hydra input issues in restricted mode
This commit is contained in:
parent
f49a0f825e
commit
18a41e1c88
@ -733,6 +733,7 @@ in
|
||||
secret-key-files = /etc/nixos/secret/nixbld.m-labs.hk-1
|
||||
experimental-features = nix-command flakes
|
||||
'';
|
||||
nix.settings.allowed-uris = "github: gitlab: git+https://"; # https://github.com/NixOS/nix/issues/5039
|
||||
nix.settings.extra-sandbox-paths = ["/opt"];
|
||||
|
||||
services.mlabs-backup.enable = true;
|
||||
@ -798,7 +799,6 @@ in
|
||||
./hydra-conda.patch
|
||||
./hydra-msys2.patch
|
||||
./hydra-restrictdist.patch
|
||||
./hydra-hack-allowed-uris.patch # work around https://github.com/NixOS/nix/issues/5039
|
||||
];
|
||||
hydraPath = oa.hydraPath + ":" + super.lib.makeBinPath [ super.jq ];
|
||||
doCheck = false; # FIXME: ldap tests fail on hydra rebuild, seems unrelated to patches above.
|
||||
|
@ -1,13 +0,0 @@
|
||||
diff --git a/src/hydra-eval-jobs/hydra-eval-jobs.cc b/src/hydra-eval-jobs/hydra-eval-jobs.cc
|
||||
index 934bf42e..48f2d248 100644
|
||||
--- a/src/hydra-eval-jobs/hydra-eval-jobs.cc
|
||||
+++ b/src/hydra-eval-jobs/hydra-eval-jobs.cc
|
||||
@@ -281,6 +281,8 @@ int main(int argc, char * * argv)
|
||||
to the environment. */
|
||||
evalSettings.restrictEval = true;
|
||||
|
||||
+ evalSettings.allowedUris = {"https://github.com/m-labs/", "https://git.m-labs.hk/m-labs/", "https://gitlab.com/duke-artiq/"};
|
||||
+
|
||||
/* When building a flake, use pure evaluation (no access to
|
||||
'getEnv', 'currentSystem' etc. */
|
||||
evalSettings.pureEval = myArgs.flake;
|
Loading…
Reference in New Issue
Block a user