refactor(libstore): rename NIX_WITH_S3_SUPPORT to NIX_WITH_AWS_AUTH

The macro now accurately reflects its purpose: gating only AWS authentication code, not all S3 functionality. S3 URL parsing, store configuration, and public bucket access work regardless of this flag. This rename clarifies that: - S3 support is always available (URL parsing, store registration) - Only AWS credential resolution requires the flag - The flag controls AWS CRT SDK dependency, not S3 protocol support
2025-11-08 19:46:02 +01:00 · 2025-10-15 18:14:21 +00:00 · 2025-10-15 18:14:21 +00:00 · 3224636ab0
commit 3224636ab0
parent bb1f22a8df
9 changed files with 19 additions and 19 deletions
--- a/src/libstore/aws-creds.cc
+++ b/src/libstore/aws-creds.cc
@ -1,6 +1,6 @@
 #include "nix/store/aws-creds.hh"

-#if NIX_WITH_S3_SUPPORT
+#if NIX_WITH_AWS_AUTH

 #  include <aws/crt/Types.h>
 #  include "nix/store/s3-url.hh"
--- a/src/libstore/builtins/fetchurl.cc
+++ b/src/libstore/builtins/fetchurl.cc
@ -41,7 +41,7 @@ static void builtinFetchurl(const BuiltinBuilderContext & ctx)
            FileTransferRequest request(VerbatimURL{url});
            request.decompress = false;

-#if NIX_WITH_S3_SUPPORT
+#if NIX_WITH_AWS_AUTH
            // Use pre-resolved credentials if available
            if (ctx.awsCredentials && request.uri.scheme() == "s3") {
                debug("[pid=%d] Using pre-resolved AWS credentials from parent process", getpid());
--- a/src/libstore/filetransfer.cc
+++ b/src/libstore/filetransfer.cc
@ -10,7 +10,7 @@
 #include "store-config-private.hh"
 #include "nix/store/s3-url.hh"
 #include <optional>
-#if NIX_WITH_S3_SUPPORT
+#if NIX_WITH_AWS_AUTH
 #  include "nix/store/aws-creds.hh"
 #endif

@ -435,7 +435,7 @@ struct curlFileTransfer : public FileTransfer
                }
            }

-#if NIX_WITH_S3_SUPPORT
+#if NIX_WITH_AWS_AUTH
            // Set up AWS SigV4 signing if this is an S3 request
            // Note: AWS SigV4 support guaranteed available (curl >= 7.75.0 checked at build time)
            // The username/password (access key ID and secret key) are set via the general
@ -874,7 +874,7 @@ void FileTransferRequest::setupForS3()
    // Update the request URI to use HTTPS (works without AWS SDK)
    uri = parsedS3.toHttpsUrl();

-#if NIX_WITH_S3_SUPPORT
+#if NIX_WITH_AWS_AUTH
    // Auth-specific code only compiled when AWS support is available
    awsSigV4Provider = "aws:amz:" + parsedS3.region.value_or("us-east-1") + ":s3";

--- a/src/libstore/include/nix/store/aws-creds.hh
+++ b/src/libstore/include/nix/store/aws-creds.hh
@ -2,7 +2,7 @@
 ///@file
 #include "nix/store/config.hh"

-#if NIX_WITH_S3_SUPPORT
+#if NIX_WITH_AWS_AUTH

 #  include "nix/store/s3-url.hh"
 #  include "nix/util/error.hh"
--- a/src/libstore/include/nix/store/builtins.hh
+++ b/src/libstore/include/nix/store/builtins.hh
@ -4,7 +4,7 @@
 #include "nix/store/derivations.hh"
 #include "nix/store/config.hh"

-#if NIX_WITH_S3_SUPPORT
+#if NIX_WITH_AWS_AUTH
 #  include "nix/store/aws-creds.hh"
 #endif

@ -18,7 +18,7 @@ struct BuiltinBuilderContext
    std::string caFileData;
    Path tmpDirInSandbox;

-#if NIX_WITH_S3_SUPPORT
+#if NIX_WITH_AWS_AUTH
    /**
     * Pre-resolved AWS credentials for S3 URLs in builtin:fetchurl.
     * When present, these should be used instead of creating new credential providers.
--- a/src/libstore/include/nix/store/filetransfer.hh
+++ b/src/libstore/include/nix/store/filetransfer.hh
@ -12,7 +12,7 @@
 #include "nix/util/url.hh"

 #include "nix/store/config.hh"
-#if NIX_WITH_S3_SUPPORT
+#if NIX_WITH_AWS_AUTH
 #  include "nix/store/aws-creds.hh"
 #endif
 #include "nix/store/s3-url.hh"
@ -114,7 +114,7 @@ struct FileTransferRequest
     * When provided, these credentials will be used with curl's CURLOPT_USERNAME/PASSWORD option.
     */
    std::optional<UsernameAuth> usernameAuth;
-#if NIX_WITH_S3_SUPPORT
+#if NIX_WITH_AWS_AUTH
    /**
     * Pre-resolved AWS session token for S3 requests.
     * When provided along with usernameAuth, this will be used instead of fetching fresh credentials.
@ -136,7 +136,7 @@ struct FileTransferRequest
 private:
    friend struct curlFileTransfer;
    void setupForS3();
-#if NIX_WITH_S3_SUPPORT
+#if NIX_WITH_AWS_AUTH
    std::optional<std::string> awsSigV4Provider;
 #endif
 };
--- a/src/libstore/meson.build
+++ b/src/libstore/meson.build
@ -160,7 +160,7 @@ if curl_s3_store_opt.enabled()
  deps_other += aws_crt_cpp
 endif

-configdata_pub.set('NIX_WITH_S3_SUPPORT', curl_s3_store_opt.enabled().to_int())
+configdata_pub.set('NIX_WITH_AWS_AUTH', curl_s3_store_opt.enabled().to_int())

 subdir('nix-meson-build-support/generate-header')

--- a/src/libstore/unix/build/derivation-builder.cc
+++ b/src/libstore/unix/build/derivation-builder.cc
@ -46,7 +46,7 @@
 #include "store-config-private.hh"
 #include "build/derivation-check.hh"

-#if NIX_WITH_S3_SUPPORT
+#if NIX_WITH_AWS_AUTH
 #  include "nix/store/aws-creds.hh"
 #  include "nix/store/s3-url.hh"
 #  include "nix/util/url.hh"
@ -296,7 +296,7 @@ protected:
     */
    virtual void startChild();

-#if NIX_WITH_S3_SUPPORT
+#if NIX_WITH_AWS_AUTH
    /**
     * Pre-resolve AWS credentials for S3 URLs in builtin:fetchurl.
     * This should be called before forking to ensure credentials are available in child.
@ -359,7 +359,7 @@ protected:
     */
    struct RunChildArgs
    {
-#if NIX_WITH_S3_SUPPORT
+#if NIX_WITH_AWS_AUTH
        std::optional<AwsCredentials> awsCredentials;
 #endif
    };
@ -945,7 +945,7 @@ void DerivationBuilderImpl::openSlave()
        throw SysError("cannot pipe standard error into log file");
 }

-#if NIX_WITH_S3_SUPPORT
+#if NIX_WITH_AWS_AUTH
 std::optional<AwsCredentials> DerivationBuilderImpl::preResolveAwsCredentials()
 {
    if (drv.isBuiltin() && drv.builder == "builtin:fetchurl") {
@ -974,7 +974,7 @@ std::optional<AwsCredentials> DerivationBuilderImpl::preResolveAwsCredentials()
 void DerivationBuilderImpl::startChild()
 {
    RunChildArgs args{
-#if NIX_WITH_S3_SUPPORT
+#if NIX_WITH_AWS_AUTH
        .awsCredentials = preResolveAwsCredentials(),
 #endif
    };
@ -1255,7 +1255,7 @@ void DerivationBuilderImpl::runChild(RunChildArgs args)
        BuiltinBuilderContext ctx{
            .drv = drv,
            .tmpDirInSandbox = tmpDirInSandbox(),
-#if NIX_WITH_S3_SUPPORT
+#if NIX_WITH_AWS_AUTH
            .awsCredentials = args.awsCredentials,
 #endif
        };
--- a/src/libstore/unix/build/linux-derivation-builder.cc
+++ b/src/libstore/unix/build/linux-derivation-builder.cc
@ -277,7 +277,7 @@ struct ChrootLinuxDerivationBuilder : ChrootDerivationBuilder, LinuxDerivationBu
    void startChild() override
    {
        RunChildArgs args{
-#  if NIX_WITH_S3_SUPPORT
+#  if NIX_WITH_AWS_AUTH
            .awsCredentials = preResolveAwsCredentials(),
 #  endif
        };