-
Notifications
You must be signed in to change notification settings - Fork 23
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add .netrc support #82
base: main
Are you sure you want to change the base?
Conversation
if err != nil { | ||
return nil, fmt.Errorf("getting current user: %w", err) | ||
} | ||
n, err := netrc.Parse(filepath.Join(usr.HomeDir, ".netrc")) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
bazaldnf is consumed internally by the bazel rules. It seems like this would break hermeticity in that case?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
AFAICT this part of bazeldnf runs in the repository rule / loading phase, which is "allowed" to poke at local files and perform network calls.
Also, this is reading the .netrc file to supply credentials to a http GET request. The GET request itself is also not hermetic.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Moreso what I was getting at is that this dependency is opaque to everything that consumes bazeldnf itself. ie: how would you identify this as something that you build depends on?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Bazel already defaults to reading ~/.netrc for the built in http_archive rules (see https://github.com/bazelbuild/bazel/blob/master/tools/build_defs/repo/http.bzl#L144 and https://github.com/bazelbuild/bazel/blob/master/tools/build_defs/repo/utils.bzl#L460 which show how it's implemented) without any additional configuration from the user. This is well established behaviour.
Actually, I had another look through the code and I'll go back on my previous statement. I don't think this code path runs as part of the build at all:
- the
bazeldnf
target is only exposed as a user convenience, so you canbazel run
it, and so we should not consider the entirebazeldnf
command with all of its subcommands to be part of the build (though, yea, sure, someone could run it as part of their custom rule or a genrule, but that's on them), - the two rules that invoke
bazeldnf
arerpm2tar
andtar2files
, neither of which use therepo
package, so they shouldn't hit this code path, - the
rpm
rules use Bazel's downloader to download the files.
In other words these changes only affect bazeldnf
invocations that are performed by the user locally prior to the build (like bazeldnf rpmtree
) and so build hermeticity concerns shouldn't come into play at all.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This will only be used while resolving dependencies, all the rest of the time Bazel will use the rpm repo rule which under the hood uses the same mechanisms as http_archive.
Making it use netrc as the rest of Bazel makes sense, it's similar to what other rules like jvm_rules_external
does
@@ -17,6 +17,7 @@ require ( | |||
github.com/golang/protobuf v1.5.2 // indirect | |||
github.com/google/go-cmp v0.5.9 // indirect | |||
github.com/inconshreveable/mousetrap v1.0.1 // indirect | |||
github.com/jdx/go-netrc v1.0.0 // indirect |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Mind to rebase the branch and add some documentation so we can merge?
Could the path be configurable through some env variable? And then some test that does some url rewriting or something that requires no human interaction be created?
This is to support something like an internal mirror (such as Artifactory).
It's possible to use an one by hand-crafting a
repo.yaml
file, but things get tricky if such a mirror requires authentication.This adds support for basic auth driven by a .netrc file.