Add experimental feature to enable provenance

Author: edolstra

src/libstore/daemon.cc

@@ -1047,8 +1047,12 @@ void processConnection(ref<Store> store, FdSource && from, FdSink && to, Trusted
 #endif
 
     /* Exchange the greeting. */
+    auto myFeatures = WorkerProto::allFeatures;
+    if (!experimentalFeatureSettings.isEnabled(Xp::Provenance))
+        myFeatures.erase(std::string(WorkerProto::featureProvenance));
+
     auto [protoVersion, features] =
-        WorkerProto::BasicServerConnection::handshake(to, from, PROTOCOL_VERSION, WorkerProto::allFeatures);
+        WorkerProto::BasicServerConnection::handshake(to, from, PROTOCOL_VERSION, myFeatures);
 
     if (protoVersion < MINIMUM_PROTOCOL_VERSION)
         throw Error("the Nix client version is too old");

src/libstore/local-store.cc

@@ -337,13 +337,16 @@ LocalStore::LocalStore(ref<const Config> config)
     /* Prepare SQL statements. */
     state->stmts->RegisterValidPath.create(
         state->db,
-        "insert into ValidPaths (path, hash, registrationTime, deriver, narSize, ultimate, sigs, ca, provenance) values (?, ?, ?, ?, ?, ?, ?, ?, ?);");
+        fmt("insert into ValidPaths (path, hash, registrationTime, deriver, narSize, ultimate, sigs, ca%s) values (?, ?, ?, ?, ?, ?, ?, ?%s);",
+            experimentalFeatureSettings.isEnabled(Xp::Provenance) ? ", provenance" : "",
+            experimentalFeatureSettings.isEnabled(Xp::Provenance) ? ", ?" : ""));
     state->stmts->UpdatePathInfo.create(
         state->db, "update ValidPaths set narSize = ?, hash = ?, ultimate = ?, sigs = ?, ca = ? where path = ?;");
     state->stmts->AddReference.create(state->db, "insert or replace into Refs (referrer, reference) values (?, ?);");
     state->stmts->QueryPathInfo.create(
         state->db,
-        "select id, hash, registrationTime, deriver, narSize, ultimate, sigs, ca, provenance from ValidPaths where path = ?;");
+        fmt("select id, hash, registrationTime, deriver, narSize, ultimate, sigs, ca%s from ValidPaths where path = ?;",
+            experimentalFeatureSettings.isEnabled(Xp::Provenance) ? ", provenance" : ""));
     state->stmts->QueryReferences.create(
         state->db, "select path from Refs join ValidPaths on reference = id where referrer = ?;");
     state->stmts->QueryReferrers.create(
@@ -599,7 +602,8 @@ void LocalStore::upgradeDBSchema(State & state)
 #include "ca-specific-schema.sql.gen.hh"
         );
 
-    doUpgrade("20241024-provenance", "alter table ValidPaths add column provenance text");
+    if (experimentalFeatureSettings.isEnabled(Xp::Provenance))
+        doUpgrade("20241024-provenance", "alter table ValidPaths add column provenance text");
 }
 
 /* To improve purity, users may want to make the Nix store a read-only
@@ -695,14 +699,14 @@ uint64_t LocalStore::addValidPath(State & state, const ValidPathInfo & info, boo
             "cannot add path '%s' to the Nix store because it claims to be content-addressed but isn't",
             printStorePath(info.path));
 
-    state.stmts->RegisterValidPath
-        .use()(printStorePath(info.path))(info.narHash.to_string(HashFormat::Base16, true))(
-            info.registrationTime == 0 ? time(0) : info.registrationTime)(
-            info.deriver ? printStorePath(*info.deriver) : "",
-            (bool) info.deriver)(info.narSize, info.narSize != 0)(info.ultimate ? 1 : 0, info.ultimate)(
-            concatStringsSep(" ", info.sigs), !info.sigs.empty())(renderContentAddress(info.ca), (bool) info.ca)(
-            info.provenance ? info.provenance->to_json_str() : "", (bool) info.provenance)
-        .exec();
+    auto query = state.stmts->RegisterValidPath.use()(printStorePath(info.path))(
+        info.narHash.to_string(HashFormat::Base16, true))(info.registrationTime == 0 ? time(0) : info.registrationTime)(
+        info.deriver ? printStorePath(*info.deriver) : "",
+        (bool) info.deriver)(info.narSize, info.narSize != 0)(info.ultimate ? 1 : 0, info.ultimate)(
+        concatStringsSep(" ", info.sigs), !info.sigs.empty())(renderContentAddress(info.ca), (bool) info.ca);
+    if (experimentalFeatureSettings.isEnabled(Xp::Provenance))
+        query(info.provenance ? info.provenance->to_json_str() : "", (bool) info.provenance);
+    query.exec();
     uint64_t id = state.db.getLastInsertedRowId();
 
     /* If this is a derivation, then store the derivation outputs in
@@ -792,9 +796,11 @@ std::shared_ptr<const ValidPathInfo> LocalStore::queryPathInfoInternal(State & s
     while (useQueryReferences.next())
         info->references.insert(parseStorePath(useQueryReferences.getStr(0)));
 
-    auto prov = (const char *) sqlite3_column_text(state.stmts->QueryPathInfo, 8);
-    if (prov)
-        info->provenance = Provenance::from_json_str(prov);
+    if (experimentalFeatureSettings.isEnabled(Xp::Provenance)) {
+        auto prov = (const char *) sqlite3_column_text(state.stmts->QueryPathInfo, 8);
+        if (prov)
+            info->provenance = Provenance::from_json_str(prov);
+    }
 
     return info;
 }

src/libstore/nar-info.cc

@@ -85,7 +85,7 @@ NarInfo::NarInfo(const StoreDirConfig & store, const std::string & s, const std:
                 throw corrupt("extra CA");
             // FIXME: allow blank ca or require skipping field?
             ca = ContentAddress::parseOpt(value);
-        } else if (name == "Provenance")
+        } else if (name == "Provenance" && experimentalFeatureSettings.isEnabled(Xp::Provenance))
             provenance = Provenance::from_json_str(value);
 
         pos = eol + 1;

src/libstore/path-info.cc

@@ -216,7 +216,8 @@ UnkeyedValidPathInfo::toJSON(const StoreDirConfig * store, bool includeImpureInf
         for (auto & sig : sigs)
             sigsObj.push_back(sig);
 
-        jsonObject["provenance"] = provenance ? provenance->to_json() : nullptr;
+        if (experimentalFeatureSettings.isEnabled(Xp::Provenance))
+            jsonObject["provenance"] = provenance ? provenance->to_json() : nullptr;
     }
 
     return jsonObject;
@@ -292,9 +293,11 @@ UnkeyedValidPathInfo UnkeyedValidPathInfo::fromJSON(const StoreDirConfig * store
     if (auto * rawSignatures = optionalValueAt(json, "signatures"))
         res.sigs = getStringSet(*rawSignatures);
 
-    auto prov = json.find("provenance");
-    if (prov != json.end() && !prov->second.is_null())
-        res.provenance = Provenance::from_json(prov->second);
+    if (experimentalFeatureSettings.isEnabled(Xp::Provenance)) {
+        auto prov = json.find("provenance");
+        if (prov != json.end() && !prov->second.is_null())
+            res.provenance = Provenance::from_json(prov->second);
+    }
 
     return res;
 }

src/libstore/remote-store.cc

@@ -72,8 +72,11 @@ void RemoteStore::initConnection(Connection & conn)
         StringSink saved;
         TeeSource tee(conn.from, saved);
         try {
+            auto myFeatures = WorkerProto::allFeatures;
+            if (!experimentalFeatureSettings.isEnabled(Xp::Provenance))
+                myFeatures.erase(std::string(WorkerProto::featureProvenance));
             auto [protoVersion, features] =
-                WorkerProto::BasicClientConnection::handshake(conn.to, tee, PROTOCOL_VERSION, WorkerProto::allFeatures);
+                WorkerProto::BasicClientConnection::handshake(conn.to, tee, PROTOCOL_VERSION, myFeatures);
             if (protoVersion < MINIMUM_PROTOCOL_VERSION)
                 throw Error("the Nix daemon version is too old");
             conn.protoVersion = protoVersion;

src/libutil/experimental-features.cc

@@ -25,7 +25,7 @@ struct ExperimentalFeatureDetails
  * feature, we either have no issue at all if few features are not added
  * at the end of the list, or a proper merge conflict if they are.
  */
-constexpr size_t numXpFeatures = 1 + static_cast<size_t>(Xp::ParallelEval);
+constexpr size_t numXpFeatures = 1 + static_cast<size_t>(Xp::Provenance);
 
 constexpr std::array<ExperimentalFeatureDetails, numXpFeatures> xpFeatureDetails = {{
     {
@@ -320,6 +320,14 @@ constexpr std::array<ExperimentalFeatureDetails, numXpFeatures> xpFeatureDetails
         )",
         .trackingUrl = "",
     },
+    {
+        .tag = Xp::Provenance,
+        .name = "provenance",
+        .description = R"(
+            Enable keeping track of the provenance of store paths.
+        )",
+        .trackingUrl = "",
+    },
 }};
 
 static_assert(

src/libutil/include/nix/util/experimental-features.hh

@@ -39,6 +39,7 @@ enum struct ExperimentalFeature {
     BLAKE3Hashes,
     BuildTimeFetchTree,
     ParallelEval,
+    Provenance,
 };
 
 extern std::set<std::string> stabilizedFeatures;