From 18a41e1c881b9520b93cb92de8ca5c26ead8adf8 Mon Sep 17 00:00:00 2001 From: Sebastien Bourdeauducq Date: Mon, 3 Jun 2024 22:39:00 +0800 Subject: [PATCH] nixbld: work around for hydra input issues in restricted mode --- nixbld-etc-nixos/configuration.nix | 2 +- nixbld-etc-nixos/hydra-hack-allowed-uris.patch | 13 ------------- 2 files changed, 1 insertion(+), 14 deletions(-) delete mode 100644 nixbld-etc-nixos/hydra-hack-allowed-uris.patch diff --git a/nixbld-etc-nixos/configuration.nix b/nixbld-etc-nixos/configuration.nix index 13af32f3..df2cbca9 100644 --- a/nixbld-etc-nixos/configuration.nix +++ b/nixbld-etc-nixos/configuration.nix @@ -733,6 +733,7 @@ in secret-key-files = /etc/nixos/secret/nixbld.m-labs.hk-1 experimental-features = nix-command flakes ''; + nix.settings.allowed-uris = "github: gitlab: git+https://"; # https://github.com/NixOS/nix/issues/5039 nix.settings.extra-sandbox-paths = ["/opt"]; services.mlabs-backup.enable = true; @@ -798,7 +799,6 @@ in ./hydra-conda.patch ./hydra-msys2.patch ./hydra-restrictdist.patch - ./hydra-hack-allowed-uris.patch # work around https://github.com/NixOS/nix/issues/5039 ]; hydraPath = oa.hydraPath + ":" + super.lib.makeBinPath [ super.jq ]; doCheck = false; # FIXME: ldap tests fail on hydra rebuild, seems unrelated to patches above. diff --git a/nixbld-etc-nixos/hydra-hack-allowed-uris.patch b/nixbld-etc-nixos/hydra-hack-allowed-uris.patch deleted file mode 100644 index 9f76bb4c..00000000 --- a/nixbld-etc-nixos/hydra-hack-allowed-uris.patch +++ /dev/null @@ -1,13 +0,0 @@ -diff --git a/src/hydra-eval-jobs/hydra-eval-jobs.cc b/src/hydra-eval-jobs/hydra-eval-jobs.cc -index 934bf42e..48f2d248 100644 ---- a/src/hydra-eval-jobs/hydra-eval-jobs.cc -+++ b/src/hydra-eval-jobs/hydra-eval-jobs.cc -@@ -281,6 +281,8 @@ int main(int argc, char * * argv) - to the environment. */ - evalSettings.restrictEval = true; - -+ evalSettings.allowedUris = {"https://github.com/m-labs/", "https://git.m-labs.hk/m-labs/", "https://gitlab.com/duke-artiq/"}; -+ - /* When building a flake, use pure evaluation (no access to - 'getEnv', 'currentSystem' etc. */ - evalSettings.pureEval = myArgs.flake;