forked from M-Labs/it-infra
nixbld: work around for hydra input issues in restricted mode
This commit is contained in:
parent
f49a0f825e
commit
18a41e1c88
|
@ -733,6 +733,7 @@ in
|
||||||
secret-key-files = /etc/nixos/secret/nixbld.m-labs.hk-1
|
secret-key-files = /etc/nixos/secret/nixbld.m-labs.hk-1
|
||||||
experimental-features = nix-command flakes
|
experimental-features = nix-command flakes
|
||||||
'';
|
'';
|
||||||
|
nix.settings.allowed-uris = "github: gitlab: git+https://"; # https://github.com/NixOS/nix/issues/5039
|
||||||
nix.settings.extra-sandbox-paths = ["/opt"];
|
nix.settings.extra-sandbox-paths = ["/opt"];
|
||||||
|
|
||||||
services.mlabs-backup.enable = true;
|
services.mlabs-backup.enable = true;
|
||||||
|
@ -798,7 +799,6 @@ in
|
||||||
./hydra-conda.patch
|
./hydra-conda.patch
|
||||||
./hydra-msys2.patch
|
./hydra-msys2.patch
|
||||||
./hydra-restrictdist.patch
|
./hydra-restrictdist.patch
|
||||||
./hydra-hack-allowed-uris.patch # work around https://github.com/NixOS/nix/issues/5039
|
|
||||||
];
|
];
|
||||||
hydraPath = oa.hydraPath + ":" + super.lib.makeBinPath [ super.jq ];
|
hydraPath = oa.hydraPath + ":" + super.lib.makeBinPath [ super.jq ];
|
||||||
doCheck = false; # FIXME: ldap tests fail on hydra rebuild, seems unrelated to patches above.
|
doCheck = false; # FIXME: ldap tests fail on hydra rebuild, seems unrelated to patches above.
|
||||||
|
|
|
@ -1,13 +0,0 @@
|
||||||
diff --git a/src/hydra-eval-jobs/hydra-eval-jobs.cc b/src/hydra-eval-jobs/hydra-eval-jobs.cc
|
|
||||||
index 934bf42e..48f2d248 100644
|
|
||||||
--- a/src/hydra-eval-jobs/hydra-eval-jobs.cc
|
|
||||||
+++ b/src/hydra-eval-jobs/hydra-eval-jobs.cc
|
|
||||||
@@ -281,6 +281,8 @@ int main(int argc, char * * argv)
|
|
||||||
to the environment. */
|
|
||||||
evalSettings.restrictEval = true;
|
|
||||||
|
|
||||||
+ evalSettings.allowedUris = {"https://github.com/m-labs/", "https://git.m-labs.hk/m-labs/", "https://gitlab.com/duke-artiq/"};
|
|
||||||
+
|
|
||||||
/* When building a flake, use pure evaluation (no access to
|
|
||||||
'getEnv', 'currentSystem' etc. */
|
|
||||||
evalSettings.pureEval = myArgs.flake;
|
|
Loading…
Reference in New Issue