fetchurl: add user agent #17757
fetchurl: add user agent #17757
Conversation
copumpkin
added
0.kind: enhancement
|
@copumpkin, thanks for your PR! By analyzing the annotation information on this pull request, we identified @edolstra, @domenkozar and @urkud to be potential reviewers |
|
@cleverca22 pointed out that Nix's built-in downloader already sets the UA to "Nix/", so I should probably replicate that format (but still want the Nixpkgs revision). https://github.com/NixOS/nix/blob/master/src/libstore/download.cc#L138 |
|
I'm curious: why is the nixpkgs revision interesting? |
|
Because it affects behavior, and can help explain why the HTTP request is being made the way it is. Same reason the Nix version is, really. |
| @@ -124,6 +124,8 @@ if (!hasHash) then throw "Specify hash for fetchurl fixed-output derivation: ${s | |||
|
|
|||
| inherit curlOpts showURLs mirrorsFile impureEnvVars postFetch downloadToTemp executable; | |||
|
|
|||
| userAgent = "Nix ${builtins.nixVersion} on nixpkgs ${stdenv.lib.nixpkgsVersion}"; | |||
There was a problem hiding this comment.
Doing this will cause all .drv files to change every time you update Nixpkgs, which is a lot of unnecessary I/O.
Also, shouldn't this be the other way around ("Nixpkgs on Nix")?
There was a problem hiding this comment.
What if we tracked a version specifically for fetchurl, which changes way less than nixpkgs?
There was a problem hiding this comment.
Could be the hash of the fetchurl files, I suppose!
There was a problem hiding this comment.
Not ideal (hard to track back to what it is) but sounds good to me.
On Wed, Aug 31, 2016 at 10:17 PM Daniel Peebles notifications@github.com
wrote:
In pkgs/build-support/fetchurl/default.nix
#17757 (comment):@@ -124,6 +124,8 @@ if (!hasHash) then throw "Specify hash for fetchurl fixed-output derivation: ${s
inherit curlOpts showURLs mirrorsFile impureEnvVars postFetch downloadToTemp executable;
- userAgent = "Nix ${builtins.nixVersion} on nixpkgs ${stdenv.lib.nixpkgsVersion}";
Could be the hash of the fetchurl files, I suppose!
—
You are receiving this because you commented.Reply to this email directly, view it on GitHub
https://github.com/NixOS/nixpkgs/pull/17757/files/75b22922b8f285cf0e36ab900a807e3ca5f4ca6f#r77104796,
or mute the thread
https://github.com/notifications/unsubscribe-auth/AAErrNsyIUwykglYvGFe5RECxzM05YBiks5qljXEgaJpZM4Jkbay
.
There was a problem hiding this comment.
I think it would be enough to put "current nixos version" in there, e.g. 16.09 ATM, or are there any expectations about the version?
There was a problem hiding this comment.
None, but many of us aren't on NixOS :P
On Fri, Sep 2, 2016 at 11:31 Vladimír Čunát notifications@github.com
wrote:
In pkgs/build-support/fetchurl/default.nix
#17757 (comment):@@ -124,6 +124,8 @@ if (!hasHash) then throw "Specify hash for fetchurl fixed-output derivation: ${s
inherit curlOpts showURLs mirrorsFile impureEnvVars postFetch downloadToTemp executable;
- userAgent = "Nix ${builtins.nixVersion} on nixpkgs ${stdenv.lib.nixpkgsVersion}";
I think it would be enough to put nixos version in there, e.g. 16.09 ATM,
or are there any expectations about the version?—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
https://github.com/NixOS/nixpkgs/pull/17757/files/75b22922b8f285cf0e36ab900a807e3ca5f4ca6f#r77365738,
or mute the thread
https://github.com/notifications/unsubscribe-auth/AAAKP03oU-w8_fc6yA-SfjoQgse6O4cTks5qmEE2gaJpZM4Jkbay
.
|
I am a huge fan of this change, as it gives mirrors and upstreams a way to identify and get in touch with us. |
|
What I'd really like to do here is compute the git tree-style hash of the entire But as far as I can tell, it's a huge pain in the ass to manually compute the git tree hash that respects all of git's semantics so I might just go with a recursive @edolstra @grahamc @vcunat does that seem reasonable to you? Basically, it would be the same as this one, but the .drvs would only change when |
|
Can you please make it easy to override/completely disable setting this value? I've never liked the concept of the UA field, dislike the privacy leak and would prefer that servers do proper feature detection instead of sniffing/guessing. |
|
@aneeshusa This is for stats, not for sniffing/guessing. Currently used User-Agent leaks the fact that you use curl and which particular version you have installed. Since including Nixpkgs version will cause a lot of I/O, I think that having some custom User-Agent is more beneficial even if it is omitted. I propose the following User-Agent: It is compatible with one that is currently used, it states curl version (which is the actual fetcher), and it additionally states Nix version. |
lukateras
force-pushed
the
fetchurl-user-agent
branch
from
75b2292 to
e258ec6
Compare
GrahamcOfBorg
added
10.rebuild-darwin-stdenv
lukateras
force-pushed
the
fetchurl-user-agent
branch
from
e258ec6 to
720cf53
Compare
lukateras
force-pushed
the
fetchurl-user-agent
branch
from
720cf53 to
84bdc22
Compare
|
I've dropped Nixpkgs version from User-Agent until perhaps we do that via |
lukateras
added
1.severity: mass-rebuild
|
I'm not convinced that depending on the Nix version is a good idea. That just leads to spurious .drv changes (e.g. an identical Nixpkgs expression evaluation with Nix 1.11.15 and 1.11.16 will produce a different result). |
|
It would be better to include the Nixpkgs major version, e.g. |
lukateras
force-pushed
the
fetchurl-user-agent
branch
from
84bdc22 to
df29d72
Compare
|
I agree, Nixpkgs version makes more sense. Fixed, now user agent is:
|
It would be nice to be able to track Nix requests. It's not trustworthy, but can be helpful for stats and routing in HTTP logs. Since `fetchurl` is used so widely, we should "magically" get a UA on `fetchzip`, `fetchFromGitHub`, and other related fetchers. Since `fetchurl` is only used for fixed-output derivations, this should cause no mass rebuild. User-Agent example: curl/7.57.0 Nixpkgs/18.03
lukateras
force-pushed
the
fetchurl-user-agent
branch
from
d30f1e9 to
0cb623c
Compare
| @@ -2,20 +2,23 @@ source $stdenv/setup | |||
|
|
|||
| source $mirrorsFile | |||
|
|
|||
| curlVersion=$(curl -V | head -1 | cut -d' ' -f2) | |||
There was a problem hiding this comment.
I'm doing this instead of curl.version to support native stdenv (e.g. on Darwin).
GrahamcOfBorg
added
10.rebuild-darwin: 0
|
@edolstra: I think this is ready to merge ( |
|
There is no way to edit fetchurl's |
|
@copumpkin said:
Also I haven't noticed any mass rebuilds when I was testing my changes locally. |
|
Ah, ok. I was looking at the wrong metric: this changes almost all |
| @@ -132,6 +132,8 @@ else stdenv.mkDerivation { | |||
|
|
|||
| impureEnvVars = impureEnvVars ++ netrcImpureEnvVars; | |||
|
|
|||
| nixpkgsVersion = fileContents ../../../.version; | |||
There was a problem hiding this comment.
Why not just export the major version from lib?
There was a problem hiding this comment.
lib doesn't export major version specifically, only suffixed version:
Lines 62 to 65 in b5a61f2
|
This looks ready, or close to it, shall we go ahead with this? |
| @@ -135,6 +133,8 @@ stdenvNoCC.mkDerivation { | |||
|
|
|||
| impureEnvVars = impureEnvVars ++ netrcImpureEnvVars; | |||
|
|
|||
| nixpkgsVersion = lib.fileContents ../../../.version; | |||
There was a problem hiding this comment.
You might be able to use lib.versionlib.release now?
|
|
||
| # Curl flags to handle redirects, not use EPSV, handle cookies for | ||
| # servers to need them during redirects, and work on SSL without a | ||
| # certificate (this isn't a security problem because we check the | ||
| # cryptographic hash of the output anyway). | ||
| curl="curl \ | ||
| --location --max-redirs 20 \ | ||
| --retry 3 \ |
There was a problem hiding this comment.
Was removing --retry 3 intentional?
|
May I go ahead and merge this? |
@copumpkin Do you feel this is ready? |
|
Yeah, if it doesn't cause excess .drv churn, this seems good! |
Only twice a year :-) |
|
Here goes... 😄 thanks! |
|
Thank you! |
[Looking for feedback, please don't merge yet as I haven't tested it]
It would be nice to be able to track Nix requests. It's not trustworthy, but can be helpful for stats and routing in HTTP logs.
Since
fetchurlis used so widely, we should "magically" get a UA onfetchzip,fetchFromGitHub, and other related fetchers.Since
fetchurlis only used for fixed-output derivations, this should cause no mass rebuild.