libstore/openStore: fix stores with IPv6 addresses #4319

Ma27 · 2020-12-05T14:53:21Z

In nixStable (2.3.7 to be precise) it's possible to connect to stores
using an IPv6 address:

nix ping-store --store ssh://root@2001:db8::1

This is also useful for nixops(1) where you could specify an IPv6
address in deployment.targetHost.

However, this behavior is broken on nixUnstable and fails with the
following error:

$ nix store ping --store ssh://root@2001:db8::1
don't know how to open Nix store 'ssh://root@2001:db8::1'

This happened because openStore from libstore uses the parseURL
function from libfetchers which expects a valid URL as defined in
RFC2732. However, this is unsupported by ssh(1):

$ nix store ping --store 'ssh://root@[2001:db8::1]'
cannot connect to 'root@[2001:db8::1]'

This patch now allows both ways of specifying a store (root@2001:db8::1) and
also root@[2001:db8::1] since the latter one is useful to pass query
parameters to the remote store.

In order to achieve this, the following changes were made:

The URL regex from url-parts.hh now allows an IPv6 address in the
form 2001:db8::1 and also [2001:db8::1].
In libstore, a new function named extractConnStr ensures that a
proper URL is passed to e.g. ssh(1):
- If a URL looks like either [2001:db8::1] or root@[2001:db8::1],
  the brackets will be removed using a regex. No additional validation
  is done here as only strings parsed by parseURL are expected.
- In any other case, the string will be left untouched.

Unresolved questions:

I'm not really sure whether we want to allow both variants of IPv6
addresses in the URL parser. However it should be noted that both seem
to be possible according to RFC2732:

This document incudes an update to the generic syntax for Uniform
Resource Identifiers defined in RFC 2396 [URL]. It defines a syntax
for IPv6 addresses and allows the use of "[" and "]" within a URI
explicitly for this reserved purpose.
Currently, it's not supported to specify a port number behind the
hostname, however it seems as this is not really supported by the URL
parser. Hence, this is probably out of scope here.

Ma27 · 2020-12-07T21:33:05Z

cc @edolstra would you mind taking a look? :)

src/libstore/store-api.cc

In `nixStable` (2.3.7 to be precise) it's possible to connect to stores using an IPv6 address: nix ping-store --store ssh://root@2001:db8::1 This is also useful for `nixops(1)` where you could specify an IPv6 address in `deployment.targetHost`. However, this behavior is broken on `nixUnstable` and fails with the following error: $ nix store ping --store ssh://root@2001:db8::1 don't know how to open Nix store 'ssh://root@2001:db8::1' This happened because `openStore` from `libstore` uses the `parseURL` function from `libfetchers` which expects a valid URL as defined in RFC2732. However, this is unsupported by `ssh(1)`: $ nix store ping --store 'ssh://root@[2001:db8::1]' cannot connect to 'root@[2001:db8::1]' This patch now allows both ways of specifying a store (`root@2001:db8::1`) and also `root@[2001:db8::1]` since the latter one is useful to pass query parameters to the remote store. In order to achieve this, the following changes were made: * The URL regex from `url-parts.hh` now allows an IPv6 address in the form `2001:db8::1` and also `[2001:db8::1]`. * In `libstore`, a new function named `extractConnStr` ensures that a proper URL is passed to e.g. `ssh(1)`: * If a URL looks like either `[2001:db8::1]` or `root@[2001:db8::1]`, the brackets will be removed using a regex. No additional validation is done here as only strings parsed by `parseURL` are expected. * In any other case, the string will be left untouched. * The rules above only apply for `LegacySSHStore` and `SSHStore` (a.k.a `ssh://` and `ssh-ng://`). Unresolved questions: * I'm not really sure whether we want to allow both variants of IPv6 addresses in the URL parser. However it should be noted that both seem to be possible according to RFC2732: > This document incudes an update to the generic syntax for Uniform > Resource Identifiers defined in RFC 2396 [URL]. It defines a syntax > for IPv6 addresses and allows the use of "[" and "]" within a URI > explicitly for this reserved purpose. * Currently, it's not supported to specify a port number behind the hostname, however it seems as this is not really supported by the URL parser. Hence, this is probably out of scope here.

Ma27 · 2020-12-09T11:24:25Z

@edolstra fixed :)

blaggacao · 2021-03-16T12:02:20Z

@Ma27 what do you think of #4490 ?
It seems that the %ifidentifier is not properly recognized. Would that be fixable, in principle?

Duplicate #4643 has additional context.

Ericson2314 approved these changes Dec 5, 2020

View reviewed changes

edolstra reviewed Dec 8, 2020

View reviewed changes

src/libstore/store-api.cc Outdated Show resolved Hide resolved

Ma27 force-pushed the store-v6-addr branch from 91df644 to 93a8a00 Compare December 9, 2020 11:24

Ma27 requested a review from edolstra December 9, 2020 11:24

edolstra merged commit eb458ad into NixOS:master Dec 9, 2020

Ma27 deleted the store-v6-addr branch December 9, 2020 11:38

ajs124 mentioned this pull request Jan 29, 2021

Link-local address store broke recently #4490

Closed

zhaofengli mentioned this pull request Feb 11, 2021

Raw IPv6 addresses in targetHost don't seem to be handled properly zhaofengli/colmena#7

Closed

ldesgoui mentioned this pull request Aug 1, 2021

Write Nix 2.4 release notes #4521

Closed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

libstore/openStore: fix stores with IPv6 addresses #4319

libstore/openStore: fix stores with IPv6 addresses #4319

Ma27 commented Dec 5, 2020

Ma27 commented Dec 7, 2020

Ma27 commented Dec 9, 2020

blaggacao commented Mar 16, 2021 •

edited

libstore/openStore: fix stores with IPv6 addresses #4319

libstore/openStore: fix stores with IPv6 addresses #4319

Conversation

Ma27 commented Dec 5, 2020

Ma27 commented Dec 7, 2020

Ma27 commented Dec 9, 2020

blaggacao commented Mar 16, 2021 • edited

blaggacao commented Mar 16, 2021 •

edited