Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fetchurl: add user agent #17757

Merged
merged 5 commits into from
Jun 11, 2018
Merged

Conversation

copumpkin
Copy link
Member

[Looking for feedback, please don't merge yet as I haven't tested it]

It would be nice to be able to track Nix requests. It's not trustworthy, but can be helpful for stats and routing in HTTP logs.

Since fetchurl is used so widely, we should "magically" get a UA on fetchzip, fetchFromGitHub, and other related fetchers.

Since fetchurl is only used for fixed-output derivations, this should cause no mass rebuild.

@copumpkin copumpkin added 0.kind: enhancement Add something new 9.needs: reporter feedback This issue needs the person who filed it to respond labels Aug 15, 2016
@mention-bot
Copy link

@copumpkin, thanks for your PR! By analyzing the annotation information on this pull request, we identified @edolstra, @domenkozar and @urkud to be potential reviewers

@copumpkin
Copy link
Member Author

@cleverca22 pointed out that Nix's built-in downloader already sets the UA to "Nix/", so I should probably replicate that format (but still want the Nixpkgs revision). https://github.com/NixOS/nix/blob/master/src/libstore/download.cc#L138

@joachifm
Copy link
Contributor

I'm curious: why is the nixpkgs revision interesting?

@copumpkin
Copy link
Member Author

Because it affects behavior, and can help explain why the HTTP request is being made the way it is. Same reason the Nix version is, really.

@@ -124,6 +124,8 @@ if (!hasHash) then throw "Specify hash for fetchurl fixed-output derivation: ${s

inherit curlOpts showURLs mirrorsFile impureEnvVars postFetch downloadToTemp executable;

userAgent = "Nix ${builtins.nixVersion} on nixpkgs ${stdenv.lib.nixpkgsVersion}";
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Doing this will cause all .drv files to change every time you update Nixpkgs, which is a lot of unnecessary I/O.

Also, shouldn't this be the other way around ("Nixpkgs on Nix")?

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

What if we tracked a version specifically for fetchurl, which changes way less than nixpkgs?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Could be the hash of the fetchurl files, I suppose!

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Not ideal (hard to track back to what it is) but sounds good to me.

On Wed, Aug 31, 2016 at 10:17 PM Daniel Peebles [email protected]
wrote:

In pkgs/build-support/fetchurl/default.nix
#17757 (comment):

@@ -124,6 +124,8 @@ if (!hasHash) then throw "Specify hash for fetchurl fixed-output derivation: ${s

inherit curlOpts showURLs mirrorsFile impureEnvVars postFetch downloadToTemp executable;

  • userAgent = "Nix ${builtins.nixVersion} on nixpkgs ${stdenv.lib.nixpkgsVersion}";

Could be the hash of the fetchurl files, I suppose!


You are receiving this because you commented.

Reply to this email directly, view it on GitHub
https://github.com/NixOS/nixpkgs/pull/17757/files/75b22922b8f285cf0e36ab900a807e3ca5f4ca6f#r77104796,
or mute the thread
https://github.com/notifications/unsubscribe-auth/AAErrNsyIUwykglYvGFe5RECxzM05YBiks5qljXEgaJpZM4Jkbay
.

Copy link
Member

@vcunat vcunat Sep 2, 2016

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think it would be enough to put "current nixos version" in there, e.g. 16.09 ATM, or are there any expectations about the version?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

None, but many of us aren't on NixOS :P
On Fri, Sep 2, 2016 at 11:31 Vladimír Čunát [email protected]
wrote:

In pkgs/build-support/fetchurl/default.nix
#17757 (comment):

@@ -124,6 +124,8 @@ if (!hasHash) then throw "Specify hash for fetchurl fixed-output derivation: ${s

inherit curlOpts showURLs mirrorsFile impureEnvVars postFetch downloadToTemp executable;

  • userAgent = "Nix ${builtins.nixVersion} on nixpkgs ${stdenv.lib.nixpkgsVersion}";

I think it would be enough to put nixos version in there, e.g. 16.09 ATM,
or are there any expectations about the version?


You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
https://github.com/NixOS/nixpkgs/pull/17757/files/75b22922b8f285cf0e36ab900a807e3ca5f4ca6f#r77365738,
or mute the thread
https://github.com/notifications/unsubscribe-auth/AAAKP03oU-w8_fc6yA-SfjoQgse6O4cTks5qmEE2gaJpZM4Jkbay
.

@grahamc
Copy link
Member

grahamc commented Sep 1, 2016

I am a huge fan of this change, as it gives mirrors and upstreams a way to identify and get in touch with us.

@copumpkin
Copy link
Member Author

What I'd really like to do here is compute the git tree-style hash of the entire fetchurl folder, so it becomes fairly straightforward to search the git repo for trees that match the hash in the user agent.

But as far as I can tell, it's a huge pain in the ass to manually compute the git tree hash that respects all of git's semantics so I might just go with a recursive nix-hash of the fetchurl folder for now and have people use git-bisect to track down a set of nixpkgs revisions that match the nix hash.

@edolstra @grahamc @vcunat does that seem reasonable to you? Basically, it would be the same as this one, but the .drvs would only change when fetchurl's source changes.

@aneeshusa
Copy link
Contributor

Can you please make it easy to override/completely disable setting this value? I've never liked the concept of the UA field, dislike the privacy leak and would prefer that servers do proper feature detection instead of sniffing/guessing.

@lukateras
Copy link
Member

lukateras commented Dec 20, 2017

@aneeshusa This is for stats, not for sniffing/guessing. Currently used User-Agent leaks the fact that you use curl and which particular version you have installed.


Since including Nixpkgs version will cause a lot of I/O, I think that having some custom User-Agent is more beneficial even if it is omitted. I propose the following User-Agent:

User-Agent: curl/7.57.0 Nix/1.11.16

It is compatible with one that is currently used, it states curl version (which is the actual fetcher), and it additionally states Nix version.

@lukateras lukateras self-assigned this Dec 20, 2017
@GrahamcOfBorg GrahamcOfBorg added 10.rebuild-darwin-stdenv This PR causes stdenv to rebuild 10.rebuild-darwin: 0 This PR does not cause any packages to rebuild on Darwin 10.rebuild-linux: 0 This PR does not cause any packages to rebuild on Linux labels Dec 20, 2017
@lukateras lukateras requested a review from edolstra December 20, 2017 18:54
@lukateras lukateras changed the base branch from master to staging December 20, 2017 18:58
@lukateras
Copy link
Member

I've dropped Nixpkgs version from User-Agent until perhaps we do that via impureEnvVars. @edolstra, could you take a look at this?

@lukateras lukateras added 1.severity: mass-rebuild This PR causes a large number of packages to rebuild and removed 9.needs: reporter feedback This issue needs the person who filed it to respond 10.rebuild-darwin: 0 This PR does not cause any packages to rebuild on Darwin 10.rebuild-linux: 0 This PR does not cause any packages to rebuild on Linux labels Dec 20, 2017
@edolstra
Copy link
Member

I'm not convinced that depending on the Nix version is a good idea. That just leads to spurious .drv changes (e.g. an identical Nixpkgs expression evaluation with Nix 1.11.15 and 1.11.16 will produce a different result).

@edolstra
Copy link
Member

It would be better to include the Nixpkgs major version, e.g. Nixpkgs/17.09.

@lukateras
Copy link
Member

lukateras commented Dec 21, 2017

I agree, Nixpkgs version makes more sense. Fixed, now user agent is:

User-Agent: curl/7.57.0 Nixpkgs/18.03

It would be nice to be able to track Nix requests. It's not trustworthy,
but can be helpful for stats and routing in HTTP logs.

Since `fetchurl` is used so widely, we should "magically" get a UA on
`fetchzip`, `fetchFromGitHub`, and other related fetchers.

Since `fetchurl` is only used for fixed-output derivations, this should
cause no mass rebuild.

User-Agent example: curl/7.57.0 Nixpkgs/18.03
@lukateras lukateras changed the base branch from staging to master December 23, 2017 22:21
@@ -2,20 +2,23 @@ source $stdenv/setup

source $mirrorsFile

curlVersion=$(curl -V | head -1 | cut -d' ' -f2)
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm doing this instead of curl.version to support native stdenv (e.g. on Darwin).

@GrahamcOfBorg GrahamcOfBorg added 10.rebuild-darwin: 0 This PR does not cause any packages to rebuild on Darwin 10.rebuild-linux: 0 This PR does not cause any packages to rebuild on Linux and removed 10.rebuild-darwin: 501+ 10.rebuild-linux: 501+ labels Dec 23, 2017
@lukateras
Copy link
Member

@edolstra: I think this is ready to merge (fetchurl user agent), also it now uses Nixpkgs version instead of Nix version and doesn't cause a mass rebuild. Do you approve it?

@orivej
Copy link
Contributor

orivej commented Dec 24, 2017

There is no way to edit fetchurl's builder.sh and not cause a mass rebuild; the bot must be wrong.

@lukateras
Copy link
Member

lukateras commented Dec 24, 2017

@copumpkin said:

Since fetchurl is only used for fixed-output derivations, this should cause no mass rebuild.

Also I haven't noticed any mass rebuilds when I was testing my changes locally.

@orivej
Copy link
Contributor

orivej commented Dec 24, 2017

Ah, ok. I was looking at the wrong metric: this changes almost all .drv files, but the outputs remain the same.

@@ -132,6 +132,8 @@ else stdenv.mkDerivation {

impureEnvVars = impureEnvVars ++ netrcImpureEnvVars;

nixpkgsVersion = fileContents ../../../.version;
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why not just export the major version from lib?

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lib doesn't export major version specifically, only suffixed version:

nixpkgs/lib/trivial.nix

Lines 62 to 65 in b5a61f2

nixpkgsVersion =
let suffixFile = ../.version-suffix; in
fileContents ../.version
+ (if pathExists suffixFile then fileContents suffixFile else "pre-git");

@dtzWill
Copy link
Member

dtzWill commented May 18, 2018

This looks ready, or close to it, shall we go ahead with this?

@@ -135,6 +133,8 @@ stdenvNoCC.mkDerivation {

impureEnvVars = impureEnvVars ++ netrcImpureEnvVars;

nixpkgsVersion = lib.fileContents ../../../.version;
Copy link
Member

@bobvanderlinden bobvanderlinden May 31, 2018

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

You might be able to use lib.version lib.release now?


# Curl flags to handle redirects, not use EPSV, handle cookies for
# servers to need them during redirects, and work on SSL without a
# certificate (this isn't a security problem because we check the
# cryptographic hash of the output anyway).
curl="curl \
--location --max-redirs 20 \
--retry 3 \
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Was removing --retry 3 intentional?

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Good catch, thanks!

@lukateras
Copy link
Member

May I go ahead and merge this?

@bobvanderlinden
Copy link
Member

Looking for feedback, please don't merge yet as I haven't tested it

@copumpkin Do you feel this is ready?

@copumpkin
Copy link
Member Author

Yeah, if it doesn't cause excess .drv churn, this seems good!

@lukateras
Copy link
Member

lukateras commented Jun 11, 2018

[...] if it doesn't cause excess .drv churn [...]

Only twice a year :-)

@copumpkin copumpkin merged commit 3633632 into NixOS:master Jun 11, 2018
@copumpkin
Copy link
Member Author

Here goes... 😄 thanks!

@lukateras
Copy link
Member

Thank you!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
0.kind: enhancement Add something new 1.severity: mass-rebuild This PR causes a large number of packages to rebuild 6.topic: fetch 10.rebuild-darwin: 0 This PR does not cause any packages to rebuild on Darwin 10.rebuild-darwin-stdenv This PR causes stdenv to rebuild 10.rebuild-linux: 0 This PR does not cause any packages to rebuild on Linux
Projects
None yet
Development

Successfully merging this pull request may close these issues.