diff --git a/internal/devbox/devbox.go b/internal/devbox/devbox.go index e6cdc18387e..b70bfdc6fff 100644 --- a/internal/devbox/devbox.go +++ b/internal/devbox/devbox.go @@ -113,9 +113,16 @@ func Open(opts *devopt.Opts) (*Devbox, error) { } // if lockfile has any allow insecure, we need to set the env var to ensure // all nix commands work. - if lock.HasAllowInsecurePackages() { - nix.AllowInsecurePackages() + if err := box.moveAllowInsecureFromLockfile(box.stderr, lock, cfg); err != nil { + ux.Fwarning( + box.stderr, + "Failed to move allow_insecure from devbox.lock to devbox.json. An insecure package may "+ + "not work until you invoke `devbox add --allow-insecure=` again: %s\n", + err, + ) + // continue on, since we do not want to block user. } + box.pluginManager.ApplyOptions( plugin.WithDevbox(box), plugin.WithLockfile(lock), diff --git a/internal/devbox/packages.go b/internal/devbox/packages.go index a428f187548..d335163cbfe 100644 --- a/internal/devbox/packages.go +++ b/internal/devbox/packages.go @@ -6,6 +6,7 @@ package devbox import ( "context" "fmt" + "io" "io/fs" "os" "path/filepath" @@ -17,8 +18,10 @@ import ( "github.com/pkg/errors" "github.com/samber/lo" "go.jetpack.io/devbox/internal/devbox/devopt" + "go.jetpack.io/devbox/internal/devconfig" "go.jetpack.io/devbox/internal/devpkg" "go.jetpack.io/devbox/internal/devpkg/pkgtype" + "go.jetpack.io/devbox/internal/lock" "go.jetpack.io/devbox/internal/nix/nixprofile" "go.jetpack.io/devbox/internal/shellgen" @@ -516,3 +519,51 @@ func (d *Devbox) packagesToInstallInProfile(ctx context.Context) ([]*devpkg.Pack } return packagesToInstall, nil } + +// moveAllowInsecureFromLockfile will modernize a Devbox project by moving the allow_insecure: boolean +// setting from the devbox.lock file to the corresponding package in devbox.json. +// +// NOTE: ideally, this function would be in devconfig, but it leads to an import cycle with devpkg, so +// leaving in this "top-level" devbox package where we can import devconfig, devpkg and lock. +func (d *Devbox) moveAllowInsecureFromLockfile(writer io.Writer, lockfile *lock.File, cfg *devconfig.Config) error { + if !lockfile.HasAllowInsecurePackages() { + return nil + } + + insecurePackages := []string{} + for name, pkg := range lockfile.Packages { + if pkg.AllowInsecure { + insecurePackages = append(insecurePackages, name) + } + pkg.AllowInsecure = false + } + + // Set the devbox.json packages to allow_insecure + for _, versionedName := range insecurePackages { + pkg := devpkg.PackageFromStringWithDefaults(versionedName, lockfile) + storeName, err := pkg.StoreName() + if err != nil { + return fmt.Errorf("failed to get package's store name for package %q with error %w", versionedName, err) + } + if err := cfg.Packages.SetAllowInsecure(writer, versionedName, []string{storeName}); err != nil { + return fmt.Errorf("failed to set allow_insecure in devbox.json for package %q with error %w", versionedName, err) + } + } + + if err := d.saveCfg(); err != nil { + return err + } + + // Now, clear it from the lockfile + if err := lockfile.Save(); err != nil { + return err + } + + ux.Finfo( + writer, + "Modernized the allow_insecure setting for package %q by moving it from devbox.lock to devbox.json. Please commit the changes.\n", + strings.Join(insecurePackages, ", "), + ) + + return nil +} diff --git a/testscripts/testrunner/examplesrunner.go b/testscripts/testrunner/examplesrunner.go index 9a2fd55716f..be6ffcc0c20 100644 --- a/testscripts/testrunner/examplesrunner.go +++ b/testscripts/testrunner/examplesrunner.go @@ -75,12 +75,6 @@ func RunDevboxTestscripts(t *testing.T, dir string) { return nil } - if strings.Contains(path, "insecure") { - // TODO: next PR will fix this - t.Logf("skipping insecure, config at: %s\n", path) - return nil - } - t.Logf("running testscript for example: %s\n", path) runSingleDevboxTestscript(t, dir, path) return nil