Currently requireFile
sets allowSubstitutes = false
on all the derivations it produces. (since f194659). It reminds me a bit of this picture:
Presumably this was done because requireFile is expected to be used for non-redistributable files, so cache.nixos.org and other caches would not be allowed to host them. But there are two problems with this:
- This is backwards; It prevents the builder from querying the cache, but it does not prevent someone from accidentally copying the derivation to a binary cache.
-
requireFile
isn’t always used for non-redistributable files. Sometimes it’s used because there is no source offering a direct download, and sorequireFile
directs the user to a URL which requires a captcha or a sign-in or watch an ad or whatever. See for example apotheosis-x or upwork. There’s also liquidfun which probably shouldn’t be usingrequireFile
…
Normally I’d just open a PR to remove allowSubstitutes
but this needs to be “patched” from the other side first. That gets hairy very quickly, something like nix copy
refuses to copy derivations where meta.licences
includes unfree
, but only if it’s a binary cache and not other kinds of stores? But none of the requireFile
derivations currently set any licence information.
How do we fix this?