From 45037cb46466938cdc80d86f93b53bd7989cbede Mon Sep 17 00:00:00 2001
From: Astro <astro@spaceboyz.net>
Date: Fri, 26 Jun 2020 20:20:03 +0200
Subject: [PATCH] nixbld: add hydra-restrictdist.patch

Preparation for https://git.m-labs.hk/M-Labs/nix-scripts/issues/26
---
 nixbld-etc-nixos/configuration.nix        |  7 ++++-
 nixbld-etc-nixos/hydra-restrictdist.patch | 32 +++++++++++++++++++++++
 2 files changed, 38 insertions(+), 1 deletion(-)
 create mode 100644 nixbld-etc-nixos/hydra-restrictdist.patch

diff --git a/nixbld-etc-nixos/configuration.nix b/nixbld-etc-nixos/configuration.nix
index f10a0ae..a4b66d8 100644
--- a/nixbld-etc-nixos/configuration.nix
+++ b/nixbld-etc-nixos/configuration.nix
@@ -379,7 +379,12 @@ in
  
   nixpkgs.config.packageOverrides = super: let self = super.pkgs; in {
     hydra-unstable = super.hydra-unstable.overrideAttrs(oa: {
-      patches = oa.patches or [] ++ [ ./hydra-conda.patch ./hydra-retry.patch ./hydra-unbreak-sysbuild.patch ];
+      patches = oa.patches or [] ++ [
+        ./hydra-conda.patch
+        ./hydra-retry.patch
+        ./hydra-unbreak-sysbuild.patch
+        ./hydra-restrictdist.patch
+      ];
       hydraPath = oa.hydraPath + ":" + super.lib.makeBinPath [ super.jq ];
     });
     matterbridge = super.matterbridge.overrideAttrs(oa: {
diff --git a/nixbld-etc-nixos/hydra-restrictdist.patch b/nixbld-etc-nixos/hydra-restrictdist.patch
new file mode 100644
index 0000000..a346f10
--- /dev/null
+++ b/nixbld-etc-nixos/hydra-restrictdist.patch
@@ -0,0 +1,32 @@
+diff --git src/lib/Hydra/Controller/Root.pm src/lib/Hydra/Controller/Root.pm
+index a9b0d558..71869ba0 100644
+--- a/src/lib/Hydra/Controller/Root.pm
++++ b/src/lib/Hydra/Controller/Root.pm
+@@ -19,6 +19,11 @@ use Net::Prometheus;
+ # Put this controller at top-level.
+ __PACKAGE__->config->{namespace} = '';
+ 
++sub isRedistRestricted {
++  my ($path) = @_;
++
++  return index($path, "-RESTRICTDIST-") >= 0;
++}
+ 
+ sub noLoginNeeded {
+   my ($c) = @_;
+@@ -319,6 +324,7 @@ sub nar :Local :Args(1) {
+         $path = $Nix::Config::storeDir . "/$path";
+ 
+         gone($c, "Path " . $path . " is no longer available.") unless isValidPath($path);
++        notFound($c, "Redistribution restricted") if isRedistRestricted($path);
+ 
+         $c->stash->{current_view} = 'NixNAR';
+         $c->stash->{storePath} = $path;
+@@ -368,6 +374,7 @@ sub narinfo :LocalRegex('^([a-z0-9]+).narinfo$') :Args(0) {
+             setCacheHeaders($c, 60 * 60);
+             return;
+         }
++        notFound($c, "Redistribution restricted") if isRedistRestricted($path);
+ 
+         $c->stash->{storePath} = $path;
+         $c->forward('Hydra::View::NARInfo');