Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Ignoring nixConfig (extra-substituters, extra-trusted-pubic-keys). #11

Open
dschrempf opened this issue Oct 10, 2022 · 2 comments
Open

Ignoring nixConfig (extra-substituters, extra-trusted-pubic-keys). #11

dschrempf opened this issue Oct 10, 2022 · 2 comments
Labels
enhancement New feature or request

Comments

@dschrempf
Copy link

Hi!

I have a question with respect to the extra-subsituters and extra-trusted-public-keys, which are set by the nixConfig attribute of this flake.

When I run an unfree program for the first time, I have to say that I am OK with these untrusted settings. Then, they are stored in ~/.local/share/nix/trusted-settings.json. Then, I get the following message when running programs:

warning: Using saved setting for 'extra-substituters = https://nixpkgs-unfree.cachix.org' from ~/.local/share/nix/trusted-settings.json.
warning: ignoring untrusted flake configuration setting 'extra-substituters'
warning: Using saved setting for 'extra-trusted-public-keys = nixpkgs-unfree.cachix.org-1:hqvoInulhbV4nJ9yJOEr+4wxhDV4xq2d1DK7S6Nj6rs=' from ~/.local/share/nix/trusted-settings.json.
warning: ignoring untrusted flake configuration setting 'extra-trusted-public-keys'

This is all fine and expected. However, I want a declarative setup and no hidden configuration files.

So, I added the substituter and the public key to nix.settings.substituters and nix.settings.trusted-public-keys, respectively. Nevertheless, I get the same procedure as described above. The declarative settings are not used. How can I load the Nixpkgs-Unfree flake and ignore the nixConfig bits? I could fork this repository, but that defeats its purpose, doesn't it?
@dschrempf dschrempf added the enhancement New feature or request label Oct 10, 2022
@zimbatm
Copy link
Member

zimbatm commented Oct 10, 2022

Good question.

It looks like right now, Nix doesn't filter out known values from the nixConfig. Except for the internal whitelist items, all the other values are checked against the trusted list config. The only other option is to blindly trust all values with --accept-flake-config

See
https://github.com/nixos/nix/blob/ac0fb38e8a5a25a84fa17704bd31b453211263eb/src/libexpr/flake/config.cc#L53-L74

@dschrempf
Copy link
Author

dschrempf commented Oct 12, 2022
edited
Loading

I do not think this is the right place for discussing this, but it would be great if one can set the configuratin of a flake during import, like with inputs.flakeWithDifferentNixpkgs.inputs.nixpkgs = "nixpkgs";.

Something like

inputs.nixpkgs-unfree.nixConf = {};

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@zimbatm @dschrempf