Move the default profiles to the user’s home

Rather than using `/nix/var/nix/{profiles,gcroots}/per-user/`, put the user profiles and gcroots under `$XDG_DATA_DIR/nix/{profiles,gcroots}`. This means that the daemon no longer needs to manage these paths itself (they are fully handled client-side). In particular, it doesn’t have to `chown` them anymore (removing one need for root). This does change the layout of the gc-roots created by nix-env, and is likely to break some stuff, so I’m not sure how to properly handle that.
2025-11-16 23:42:43 +01:00 · 2022-04-13 10:26:50 +02:00 · 2022-04-13 10:26:50 +02:00 · a5919f4754
commit a5919f4754
parent deb35c84b3
11 changed files with 42 additions and 41 deletions
--- a/src/libstore/build/local-derivation-goal.cc
+++ b/src/libstore/build/local-derivation-goal.cc
@ -1517,7 +1517,7 @@ void LocalDerivationGoal::startDaemon()
                try {
                    daemon::processConnection(store, from, to,
                        daemon::NotTrusted, daemon::Recursive,
-                        [&](Store & store) { store.createUser("nobody", 65535); });
+                        [&](Store & store) {});
                    debug("terminated daemon connection");
                } catch (SysError &) {
                    ignoreException();
--- a/src/libstore/local-store.cc
+++ b/src/libstore/local-store.cc
@ -201,8 +201,6 @@ LocalStore::LocalStore(const Params & params)
            throw SysError("could not set permissions on '%s' to 755", perUserDir);
    }

-    createUser(getUserName(), getuid());
-
    /* Optionally, create directories and set permissions for a
       multi-user install. */
    if (getuid() == 0 && settings.buildUsersGroup != "") {
@ -1824,20 +1822,6 @@ void LocalStore::signPathInfo(ValidPathInfo & info)
 }


-void LocalStore::createUser(const std::string & userName, uid_t userId)
-{
-    for (auto & dir : {
-        fmt("%s/profiles/per-user/%s", stateDir, userName),
-        fmt("%s/gcroots/per-user/%s", stateDir, userName)
-    }) {
-        createDirs(dir);
-        if (chmod(dir.c_str(), 0755) == -1)
-            throw SysError("changing permissions of directory '%s'", dir);
-        if (chown(dir.c_str(), userId, getgid()) == -1)
-            throw SysError("changing owner of directory '%s'", dir);
-    }
-}
-
 std::optional<std::pair<int64_t, Realisation>> LocalStore::queryRealisationCore_(
        LocalStore::State & state,
        const DrvOutput & id)
--- a/src/libstore/local-store.hh
+++ b/src/libstore/local-store.hh
@ -281,8 +281,6 @@ private:
    void signPathInfo(ValidPathInfo & info);
    void signRealisation(Realisation &);

-    void createUser(const std::string & userName, uid_t userId) override;
-
    // XXX: Make a generic `Store` method
    FixedOutputHash hashCAPath(
        const FileIngestionMethod & method,
--- a/src/libstore/profiles.cc
+++ b/src/libstore/profiles.cc
@ -280,16 +280,30 @@ std::string optimisticLockProfile(const Path & profile)
 }


+Path profilesDir()
+{
+    auto profileRoot = getDataDir() + "/nix/profiles";
+    createDirs(profileRoot);
+    return profileRoot;
+}
+
+
 Path getDefaultProfile()
 {
    Path profileLink = getHome() + "/.nix-profile";
    try {
-        if (!pathExists(profileLink)) {
-            replaceSymlink(
-                getuid() == 0
-                ? settings.nixStateDir + "/profiles/default"
-                : fmt("%s/profiles/per-user/%s/profile", settings.nixStateDir, getUserName()),
-                profileLink);
+        // Migrate from the “old-style” profiles stored under `/nix/var`:
+        // If the link exists and points to the old location, rewrite it to the
+        // new one (otherwise keep-it as-it-is as it might have been
+        // intentionnally changed, in which case we shouldn’t touch it)
+        auto legacyProfile = getuid() == 0
+            ? settings.nixStateDir + "/profiles/default"
+            : fmt("%s/profiles/per-user/%s/profile", settings.nixStateDir, getUserName());
+        if (!pathExists(profileLink) ||
+            (isLink(profileLink) &&
+            readLink(profileLink) == legacyProfile)
+            ) {
+            replaceSymlink(profilesDir() + "/profile", profileLink);
        }
        return absPath(readLink(profileLink), dirOf(profileLink));
    } catch (Error &) {
--- a/src/libstore/profiles.hh
+++ b/src/libstore/profiles.hh
@ -68,6 +68,10 @@ void lockProfile(PathLocks & lock, const Path & profile);
   rebuilt. */
 std::string optimisticLockProfile(const Path & profile);

+/* Creates and returns the path to a directory suitable for storing the user’s
+   profiles. */
+Path profilesDir();
+
 /* Resolve ~/.nix-profile. If ~/.nix-profile doesn't exist yet, create
   it. */
 Path getDefaultProfile();
--- a/src/libstore/store-api.hh
+++ b/src/libstore/store-api.hh
@ -657,9 +657,6 @@ public:
        return toRealPath(printStorePath(storePath));
    }

-    virtual void createUser(const std::string & userName, uid_t userId)
-    { }
-
    /*
     * Synchronises the options of the client with those of the daemon
     * (a no-op when there’s no daemon)