Remove validation of URLs passed to FileTransferRequest verbatim

CURL is not very strict about validation of URLs passed to it. We should reflect this in our handling of URLs that we get from the user in <nix/fetchurl.nix> or builtins.fetchurl. ValidURL was an attempt to rectify this, but it turned out to be too strict. The only good way to resolve this is to pass (in some cases) the user-provided string verbatim to CURL. Other usages in libfetchers still benefit from using structured ParsedURL and validation though. nix store prefetch-file --name foo 'https://cdn.skypack.dev/big.js@^5.2.2' error: 'https://cdn.skypack.dev/big.js@^5.2.2' is not a valid URL: leftover
2025-11-21 09:49:36 +01:00 · 2025-10-13 22:05:46 +03:00 · 2025-10-13 22:05:46 +03:00 · 47f427a172
commit 47f427a172
parent 0f85ef3677
7 changed files with 44 additions and 37 deletions
--- a/src/libstore/builtins/fetchurl.cc
+++ b/src/libstore/builtins/fetchurl.cc
@ -37,7 +37,7 @@ static void builtinFetchurl(const BuiltinBuilderContext & ctx)

    auto fetch = [&](const std::string & url) {
        auto source = sinkToSource([&](Sink & sink) {
-            FileTransferRequest request(ValidURL{url});
+            FileTransferRequest request(VerbatimURL{url});
            request.decompress = false;

            auto decompressor = makeDecompressionSink(unpack && hasSuffix(mainUrl, ".xz") ? "xz" : "none", sink);
--- a/src/libstore/include/nix/store/filetransfer.hh
+++ b/src/libstore/include/nix/store/filetransfer.hh
@ -95,7 +95,7 @@ struct UsernameAuth

 struct FileTransferRequest
 {
-    ValidURL uri;
+    VerbatimURL uri;
    Headers headers;
    std::string expectedETag;
    bool verifyTLS = true;
@ -121,7 +121,7 @@ struct FileTransferRequest
    std::optional<std::string> preResolvedAwsSessionToken;
 #endif

-    FileTransferRequest(ValidURL uri)
+    FileTransferRequest(VerbatimURL uri)
        : uri(std::move(uri))
        , parentAct(getCurActivity())
    {