NixOS · Nov 26, 2020 · Nov 26, 2020 · Nov 26, 2020
Showing with 113 additions and 44 deletions.

+81 −0 src/libexpr/flake/config.cc

+17 −43 src/libexpr/flake/flake.cc

+1 −1 src/libexpr/flake/flake.hh

+11 −0 src/libmain/progress-bar.cc

+3 −0 src/libutil/logging.hh
diff --git a/src/libexpr/flake/config.cc b/src/libexpr/flake/config.cc
@@ -0,0 +1,81 @@
+#include "flake.hh"
+
+#include <nlohmann/json.hpp>
+
+namespace nix::flake {
+
+// setting name -> setting value -> allow or ignore.
+typedef std::map<std::string, std::map<std::string, bool>> TrustedList;
+
+Path trustedListPath()
+{
+    return getDataDir() + "/nix/trusted-settings.json";
+}
+
+static TrustedList readTrustedList()
+{
+    auto path = trustedListPath();
+    if (!pathExists(path)) return {};
+    auto json = nlohmann::json::parse(readFile(path));
+    return json;
+}
+
+static void writeTrustedList(const TrustedList & trustedList)
+{
+    writeFile(trustedListPath(), nlohmann::json(trustedList).dump());
+}
+
+void ConfigFile::apply()
+{
+    std::set<std::string> whitelist{"bash-prompt", "bash-prompt-suffix"};
+
+    for (auto & [name, value] : settings) {
+
+        auto baseName = hasPrefix(name, "extra-") ? std::string(name, 6) : name;
+
+        // FIXME: Move into libutil/config.cc.
+        std::string valueS;
+        if (auto s = std::get_if<std::string>(&value))
+            valueS = *s;
+        else if (auto n = std::get_if<int64_t>(&value))
+            valueS = fmt("%d", n);
+        else if (auto b = std::get_if<Explicit<bool>>(&value))
+            valueS = b->t ? "true" : "false";
+        else if (auto ss = std::get_if<std::vector<std::string>>(&value))
+            valueS = concatStringsSep(" ", *ss); // FIXME: evil
+        else
+            assert(false);
+
+        if (!whitelist.count(baseName)) {
+            auto trustedList = readTrustedList();
+
+            bool trusted = false;
+
+            if (auto saved = get(get(trustedList, name).value_or(std::map<std::string, bool>()), valueS)) {
+                trusted = *saved;
+            } else {
+                // FIXME: filter ANSI escapes, newlines, \r, etc.
+                if (std::tolower(logger->ask(fmt("do you want to allow configuration setting '%s' to be set to '" ANSI_RED "%s" ANSI_NORMAL "' (y/N)?", name, valueS)).value_or('n')) != 'y') {
+                    if (std::tolower(logger->ask("do you want to permanently mark this value as untrusted (y/N)?").value_or('n')) == 'y') {
+                        trustedList[name][valueS] = false;
+                        writeTrustedList(trustedList);
+                    }
+                } else {
+                    if (std::tolower(logger->ask("do you want to permanently mark this value as trusted (y/N)?").value_or('n')) == 'y') {
+                        trustedList[name][valueS] = trusted = true;
+                        writeTrustedList(trustedList);
+                    }
+                }
+            }
+
+            if (!trusted) {
+                warn("ignoring untrusted flake configuration setting '%s'", name);
+                continue;
+            }
+        }
+
+        globalConfig.set(name, valueS);
+    }
+}
+
+}
diff --git a/src/libexpr/flake/flake.cc b/src/libexpr/flake/flake.cc
@@ -233,28 +233,28 @@ static Flake getFlake(
     if (auto nixConfig = vInfo.attrs->get(sNixConfig)) {
         expectType(state, tAttrs, *nixConfig->value, *nixConfig->pos);
 
-        for (auto & option : *nixConfig->value->attrs) {
-            forceTrivialValue(state, *option.value, *option.pos);
-            if (option.value->type == tString)
-                flake.config.options.insert({option.name, state.forceStringNoCtx(*option.value, *option.pos)});
-            else if (option.value->type == tInt)
-                flake.config.options.insert({option.name, state.forceInt(*option.value, *option.pos)});
-            else if (option.value->type == tBool)
-                flake.config.options.insert({option.name, state.forceBool(*option.value, *option.pos)});
-            else if (option.value->isList()) {
+        for (auto & setting : *nixConfig->value->attrs) {
+            forceTrivialValue(state, *setting.value, *setting.pos);
+            if (setting.value->type == tString)
+                flake.config.settings.insert({setting.name, state.forceStringNoCtx(*setting.value, *setting.pos)});
+            else if (setting.value->type == tInt)
+                flake.config.settings.insert({setting.name, state.forceInt(*setting.value, *setting.pos)});
+            else if (setting.value->type == tBool)
+                flake.config.settings.insert({setting.name, state.forceBool(*setting.value, *setting.pos)});
+            else if (setting.value->isList()) {
                 std::vector<std::string> ss;
-                for (unsigned int n = 0; n < option.value->listSize(); ++n) {
-                    auto elem = option.value->listElems()[n];
+                for (unsigned int n = 0; n < setting.value->listSize(); ++n) {
+                    auto elem = setting.value->listElems()[n];
                     if (elem->type != tString)
-                        throw TypeError("list element in flake configuration option '%s' is %s while a string is expected",
-                            option.name, showType(*option.value));
-                    ss.push_back(state.forceStringNoCtx(*elem, *option.pos));
+                        throw TypeError("list element in flake configuration setting '%s' is %s while a string is expected",
+                            setting.name, showType(*setting.value));
+                    ss.push_back(state.forceStringNoCtx(*elem, *setting.pos));
                 }
-                flake.config.options.insert({option.name, ss});
+                flake.config.settings.insert({setting.name, ss});
             }
             else
-                throw TypeError("flake configuration option '%s' is %s",
-                    option.name, showType(*option.value));
+                throw TypeError("flake configuration setting '%s' is %s",
+                    setting.name, showType(*setting.value));
         }
     }
 
@@ -635,30 +635,4 @@ Fingerprint LockedFlake::getFingerprint() const
 
 Flake::~Flake() { }
 
-void ConfigFile::apply()
-{
-    for (auto & [name, value] : options) {
-        // FIXME: support 'trusted-public-keys' (and other options), but make it TOFU.
-        if (name != "bash-prompt-suffix" &&
-            name != "bash-prompt" &&
-            name != "substituters" &&
-            name != "extra-substituters")
-        {
-            warn("ignoring untrusted flake configuration option '%s'", name);
-            continue;
-        }
-        // FIXME: Move into libutil/config.cc.
-        if (auto s = std::get_if<std::string>(&value))
-            globalConfig.set(name, *s);
-        else if (auto n = std::get_if<int64_t>(&value))
-            globalConfig.set(name, fmt("%d", n));
-        else if (auto b = std::get_if<Explicit<bool>>(&value))
-            globalConfig.set(name, b->t ? "true" : "false");
-        else if (auto ss = std::get_if<std::vector<std::string>>(&value))
-            globalConfig.set(name, concatStringsSep(" ", *ss)); // FIXME: evil
-        else
-            assert(false);
-    }
-}
-
 }
diff --git a/src/libexpr/flake/flake.hh b/src/libexpr/flake/flake.hh
@@ -51,7 +51,7 @@ struct ConfigFile
 {
     using ConfigValue = std::variant<std::string, int64_t, Explicit<bool>, std::vector<std::string>>;
 
-    std::map<std::string, ConfigValue> options;
+    std::map<std::string, ConfigValue> settings;
 
     void apply();
 };

diff --git a/src/libmain/progress-bar.cc b/src/libmain/progress-bar.cc
@@ -466,6 +466,17 @@ class ProgressBar : public Logger
             Logger::writeToStdout(s);
         }
     }
+
+    std::optional<char> ask(std::string_view msg) override
+    {
+        auto state(state_.lock());
+        if (!state->active || !isatty(STDIN_FILENO)) return {};
+        std::cerr << fmt("\r\e[K%s ", msg);
+        auto s = trim(readLine(STDIN_FILENO));
+        if (s.size() != 1) return {};
+        draw(*state);
+        return s[0];
+    }
 };
 
 Logger * makeProgressBar(bool printBuildLogs)

diff --git a/src/libutil/logging.hh b/src/libutil/logging.hh
@@ -106,6 +106,9 @@ public:
         formatHelper(f, args...);
         writeToStdout(f.str());
     }
+
+    virtual std::optional<char> ask(std::string_view s)
+    { return {}; }
 };
 
 ActivityId getCurActivity();