Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add .netrc support #82

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Conversation

mkosiba
Copy link

@mkosiba mkosiba commented Nov 26, 2024

This is to support something like an internal mirror (such as Artifactory).
It's possible to use an one by hand-crafting a repo.yaml file, but things get tricky if such a mirror requires authentication.
This adds support for basic auth driven by a .netrc file.

if err != nil {
return nil, fmt.Errorf("getting current user: %w", err)
}
n, err := netrc.Parse(filepath.Join(usr.HomeDir, ".netrc"))
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

bazaldnf is consumed internally by the bazel rules. It seems like this would break hermeticity in that case?

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

AFAICT this part of bazeldnf runs in the repository rule / loading phase, which is "allowed" to poke at local files and perform network calls.
Also, this is reading the .netrc file to supply credentials to a http GET request. The GET request itself is also not hermetic.

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Moreso what I was getting at is that this dependency is opaque to everything that consumes bazeldnf itself. ie: how would you identify this as something that you build depends on?

Copy link
Author

@mkosiba mkosiba Dec 2, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Bazel already defaults to reading ~/.netrc for the built in http_archive rules (see https://github.com/bazelbuild/bazel/blob/master/tools/build_defs/repo/http.bzl#L144 and https://github.com/bazelbuild/bazel/blob/master/tools/build_defs/repo/utils.bzl#L460 which show how it's implemented) without any additional configuration from the user. This is well established behaviour.

Actually, I had another look through the code and I'll go back on my previous statement. I don't think this code path runs as part of the build at all:

  • the bazeldnf target is only exposed as a user convenience, so you can bazel run it, and so we should not consider the entire bazeldnf command with all of its subcommands to be part of the build (though, yea, sure, someone could run it as part of their custom rule or a genrule, but that's on them),
  • the two rules that invoke bazeldnf are rpm2tar and tar2files, neither of which use the repo package, so they shouldn't hit this code path,
  • the rpm rules use Bazel's downloader to download the files.

In other words these changes only affect bazeldnf invocations that are performed by the user locally prior to the build (like bazeldnf rpmtree) and so build hermeticity concerns shouldn't come into play at all.

Copy link
Collaborator

@manuelnaranjo manuelnaranjo Jan 14, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This will only be used while resolving dependencies, all the rest of the time Bazel will use the rpm repo rule which under the hood uses the same mechanisms as http_archive.

Making it use netrc as the rest of Bazel makes sense, it's similar to what other rules like jvm_rules_external does

@@ -17,6 +17,7 @@ require (
github.com/golang/protobuf v1.5.2 // indirect
github.com/google/go-cmp v0.5.9 // indirect
github.com/inconshreveable/mousetrap v1.0.1 // indirect
github.com/jdx/go-netrc v1.0.0 // indirect
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Mind to rebase the branch and add some documentation so we can merge?

Could the path be configurable through some env variable? And then some test that does some url rewriting or something that requires no human interaction be created?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants