disable redistribution of proprietary software via Hydra #26
Loading…
Reference in New Issue
Block a user
No description provided.
Delete Branch "%!s()"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
WFVM is going to load the nixbld.m-labs.hk Nix store with proprietary crapware from Micro$oft (Win10, Visual Studio), and Hydra distributes it publicly, which goes against the EULAs.
I propose to solve this by adding an attribute on derivations that blocks Hydra downloads.
Ideally, downloads from the M-Labs LAN should still be available, in order to facilitate troubleshooting Windoze-related issues.
https://github.com/NixOS/hydra/issues/143
Here is an example of the URLs that are fetched from client Nix stores:
Seems to be handled here in Hydra:
Should be a matter of returning 404 Not Found for both hash.narinfo and /nar/hash*
The error handling is done in the callers here:
0b300e80ad/src/lib/Hydra/Controller/Root.pm (L350)
0b300e80ad/src/lib/Hydra/Controller/Root.pm (L309)
A simple solution could be to add an empty
/nix-support/do-not-distribute
file into the derivation outputs. Getting the meta info of the package (with the license) seems more difficult.I am about to test this before committing
but Hydra doesn't build for me right now, neither on 20.03 nor on master. Ok, hydra-2020-06-23 builds successfully for me...Nitpick:
restrict-distribution
seems to be a better name thando-not-distribute
.There has been some mess with Hydra recently, the recommended package is now called
hydra-unstable
and it builds as of 20.03.2176.a84b797b28e.Is the Windows ISO redistributable? What about the VS bootstrap installer?
We may still have a problem with
fetchurl
, and the fetchurl store paths are clearly visible e.g. https://nixbld.m-labs.hk/build/69946/nixlog/27A simple hack - that would work also for fetchurl - would be to start the relevant derivation names with "RESTRICTDIST" :)
e.g. /nix/store/pf3jkpq8nxycv4a3i5z4rnbp1wx512bx-RESTRICTDIST-windows10.iso
RESTRICTDIST
in the name is a good idea as that allows the feature for Nix store entries that are not directories.fetchurl
accepts an additionalname
attribute which I made use of in #30.It works!
https://nixbld.m-labs.hk/nar/xks67i4frg8k7rmlv5298aac0s4n5nih-RESTRICTDIST-release_svc_refresh_CLIENT_LTSC_EVAL_x64FRE_en-us.iso