status-im/status-mobile
2
0
Fork 0
mirror of https://github.com/status-im/status-mobile.git synced 2025-01-13 10:16:01 +00:00
Code Issues Projects Releases Wiki Activity

nix: fix cache usage by modifying global config

Browse Source 
Otherwise Nix produces warnings like this:
```
warning: ignoring untrusted substituter 'https://nix-cache.status.im/', you are not a trusted user.
```
Since adding users to `trusted-users` essentially gives them `root`:

>Adding a user to trusted-users is essentially equivalent to giving that user root access to the system.
> — https://nixos.org/manual/nix/stable/command-ref/conf-file.html#conf-trusted-users

A more kosher approach might be to just add the cache config itself globally.

Signed-off-by: Jakub Sokołowski <jakub@status.im>
This commit is contained in:
Jakub Sokołowski 2023-06-21 21:34:13 +02:00
parent 9767c3f3a5
commit 5e6d488a3e
No known key found for this signature in database
GPG Key ID: FE65CD384D5BF7B4
3 changed files with 54 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

36
nix/scripts/lib.sh
View File

@ -1,4 +1,6 @@
#!/usr/bin/env bash #!/usr/bin/env bash
set -eo pipefail
GIT_ROOT=$(cd "${BASH_SOURCE%/*}" && git rev-parse --show-toplevel)
# Checking group ownership to identify installation type. # Checking group ownership to identify installation type.
file_group() { file_group() {
@ -52,3 +54,37 @@ nix_root() {
nix_current_version() { nix_current_version() {
nix-env --version | awk '{print $3}' nix-env --version | awk '{print $3}'
} }
nix_get_local_setting() {
local NIX_LOCAL_CONFIG="${GIT_ROOT}/nix/nix.conf"
local KEY="${1}"
awk -F' = ' "/^${KEY} *=/{print \$2}" nix/nix.conf
}
nix_set_global_setting() {
local NIX_GLOBAL_CONFIG="/etc/nix/nix.conf"
local KEY="${1}"
local VAL="${2}"
if grep "${KEY}" "${NIX_GLOBAL_CONFIG}" 2>/dev/null; then
sed -i "s/${KEY} = \(.*\)$/${KEY} = ${VAL}/" "${NIX_GLOBAL_CONFIG}"
else
echo "${KEY} = ${VAL}" | sudo tee -a "${NIX_GLOBAL_CONFIG}" >/dev/null
fi
}
nix_daemon_restart() {
# Restarting Nix Daemon makes sense only on a multi-user install.
[[ $(nix_install_type) != "multi" ]] && return
if [[ "$(uname -s)" == "Darwin" ]]; then
echo "Restarting Nix daemon Launchd service..." >&2
sudo launchctl unload /Library/LaunchDaemons/org.nixos.nix-daemon.plist
sudo launchctl load /Library/LaunchDaemons/org.nixos.nix-daemon.plist
elif [[ "$(uname -s)" == "Linux" ]] && [[ "$(nix_install_type)" == "multi" ]]; then
echo "Restarting Nix daemon Systemd service..." >&2
sudo systemctl daemon-reload
sudo systemctl restart nix-daemon
else
echo "Unknown platform! Unable to restart daemon!" >&2
exit 1
fi
}

16
nix/scripts/setup.sh
View File

@ -38,6 +38,22 @@ nix_install() {
echo "Please see: https://nixos.org/nix/manual/#chap-installation" >&2 echo "Please see: https://nixos.org/nix/manual/#chap-installation" >&2
exit 1 exit 1
fi fi
# Additional fixes
nix_add_extra_cache
nix_daemon_restart
}
# Adding directly to global config to avoid warnings like this:
# "ignoring untrusted substituter 'https://nix-cache.status.im/', you are not a trusted user."
nix_add_extra_cache() {
# Single-user installations do not have this issue.
[[ ! -f /etc/nix/nix.conf ]] && return
echo -e 'Adding our cache to Nix daemon config...' >&2
local NIX_SETTINGS=('substituters' 'trusted-substituters' 'trusted-public-keys')
for NIX_SETTING in "${NIX_SETTINGS[@]}"; do
nix_set_global_setting "${NIX_SETTING}" "$(nix_get_local_setting "${NIX_SETTING}")"
done
} }
if [[ ! -x "$(command -v sha256sum)" ]]; then if [[ ! -x "$(command -v sha256sum)" ]]; then

11
nix/scripts/upgrade.sh
View File

@ -5,6 +5,7 @@ set -eo pipefail
GIT_ROOT=$(cd "${BASH_SOURCE%/*}" && git rev-parse --show-toplevel) GIT_ROOT=$(cd "${BASH_SOURCE%/*}" && git rev-parse --show-toplevel)
source "${GIT_ROOT}/scripts/colors.sh" source "${GIT_ROOT}/scripts/colors.sh"
source "${GIT_ROOT}/nix/scripts/lib.sh"
source "${GIT_ROOT}/nix/scripts/source.sh" source "${GIT_ROOT}/nix/scripts/source.sh"
source "${GIT_ROOT}/nix/scripts/version.sh" source "${GIT_ROOT}/nix/scripts/version.sh"
@ -12,15 +13,7 @@ nix_upgrade() {
echo -e "Upgrading Nix interpreter to: ${GRN}${NIX_VERSION}${RST}" >&2 echo -e "Upgrading Nix interpreter to: ${GRN}${NIX_VERSION}${RST}" >&2
nix-channel --update nix-channel --update
nix-env --install --attr "nixpkgs.${NIX_PACKAGE}" "nixpkgs.cacert" nix-env --install --attr "nixpkgs.${NIX_PACKAGE}" "nixpkgs.cacert"
if [[ "$(uname -s)" == "Darwin" ]]; then nix_daemon_restart
echo "Restarting Nix daemon Launchd service" >&2
launchctl unload /Library/LaunchDaemons/org.nixos.nix-daemon.plist
launchctl load /Library/LaunchDaemons/org.nixos.nix-daemon.plist
elif [[ "$(uname -s)" == "Linux" ]] && [[ "$(nix_install_type)" == "multi" ]]; then
echo "Restarting Nix daemon Systemd service" >&2
systemctl daemon-reload
systemctl restart nix-daemon
fi
} }
# Allow for sourcing the script # Allow for sourcing the script