Cleanup config headers

There are two big changes: 1. Public and private config is now separated. Configuration variables that are only used internally do not go in a header which is installed. (Additionally, libutil has a unix-specific private config header, which should only be used in unix-specific code. This keeps things a bit more organized, in a purely private implementation-internal way.) 2. Secondly, there is no more `-include`. There are very few config items that need to be publically exposed, so now it is feasible to just make the headers that need them just including the (public) configuration header. And there are also a few more small cleanups on top of those: - The configuration files have better names. - The few CPP variables that remain exposed in the public headers are now also renamed to always start with `NIX_`. This ensures they should not conflict with variables defined elsewhere. - We now always use `#if` and not `#ifdef`/`#ifndef` for our configuration variables, which helps avoid bugs by requiring that variables must be defined in all cases.
2025-11-15 15:02:42 +01:00 · 2025-03-28 13:24:50 -04:00 · 2025-03-28 13:24:50 -04:00 · c204e307ac
commit c204e307ac
parent 5a8dedc45c
59 changed files with 333 additions and 385 deletions
--- a/src/libstore/gc.cc
+++ b/src/libstore/gc.cc
@ -6,6 +6,8 @@
 #include "nix/signals.hh"
 #include "nix/posix-fs-canonicalise.hh"

+#include "store-config-private.hh"
+
 #if !defined(__linux__)
 // For shelling out to lsof
 #  include "nix/processes.hh"
--- a/src/libstore/globals.cc
+++ b/src/libstore/globals.cc
@ -6,6 +6,7 @@
 #include "nix/abstract-setting-to-json.hh"
 #include "nix/compute-levels.hh"
 #include "nix/signals.hh"
+#include "nix/strings.hh"

 #include <algorithm>
 #include <map>
@ -35,7 +36,8 @@
 #include <sys/sysctl.h>
 #endif

-#include "nix/strings.hh"
+#include "store-config-private.hh"
+

 namespace nix {

@ -202,7 +204,7 @@ StringSet Settings::getDefaultExtraPlatforms()
 {
    StringSet extraPlatforms;

-    if (std::string{SYSTEM} == "x86_64-linux" && !isWSL1())
+    if (std::string{NIX_LOCAL_SYSTEM} == "x86_64-linux" && !isWSL1())
        extraPlatforms.insert("i686-linux");

 #if __linux__
@ -214,7 +216,7 @@ StringSet Settings::getDefaultExtraPlatforms()
    // machines. Note that we can’t force processes from executing
    // x86_64 in aarch64 environments or vice versa since they can
    // always exec with their own binary preferences.
-    if (std::string{SYSTEM} == "aarch64-darwin" &&
+    if (std::string{NIX_LOCAL_SYSTEM} == "aarch64-darwin" &&
        runProgram(RunOptions {.program = "arch", .args = {"-arch", "x86_64", "/usr/bin/true"}, .mergeStderrToStdout = true}).first == 0)
        extraPlatforms.insert("x86_64-darwin");
 #endif
--- a/src/libstore/include/nix/globals.hh
+++ b/src/libstore/include/nix/globals.hh
@ -1,16 +1,18 @@
 #pragma once
 ///@file

+#include <map>
+#include <limits>
+
+#include <sys/types.h>
+
 #include "nix/types.hh"
 #include "nix/config.hh"
 #include "nix/environment-variables.hh"
 #include "nix/experimental-features.hh"
 #include "nix/users.hh"

-#include <map>
-#include <limits>
-
-#include <sys/types.h>
+#include "nix/store-config.hh"

 namespace nix {

@ -181,7 +183,7 @@ public:
    bool readOnlyMode = false;

    Setting<std::string> thisSystem{
-        this, SYSTEM, "system",
+        this, NIX_LOCAL_SYSTEM, "system",
        R"(
          The system type of the current Nix installation.
          Nix will only build a given [store derivation](@docroot@/glossary.md#gloss-store-derivation) locally when its `system` attribute equals any of the values specified here or in [`extra-platforms`](#conf-extra-platforms).
@ -1089,7 +1091,7 @@ public:
        )"};
 #endif

-#if HAVE_ACL_SUPPORT
+#if NIX_SUPPORT_ACL
    Setting<StringSet> ignoredAcls{
        this, {"security.selinux", "system.nfs4_acl", "security.csm"}, "ignored-acls",
        R"(
--- a/src/libstore/include/nix/meson.build
+++ b/src/libstore/include/nix/meson.build
@ -4,12 +4,12 @@ include_dirs = [
  include_directories('..'),
 ]

-config_h = configure_file(
-  configuration : configdata,
-  output : 'config-store.hh',
+config_pub_h = configure_file(
+  configuration : configdata_pub,
+  output : 'store-config.hh',
 )

-headers = [config_h] + files(
+headers = [config_pub_h] + files(
  'binary-cache-store.hh',
  'build-result.hh',
  'build/derivation-goal.hh',
--- a/src/libstore/linux/include/nix/fchmodat2-compat.hh
+++ b/src/libstore/linux/include/nix/fchmodat2-compat.hh
@ -1,3 +1,5 @@
+#include "store-config-private.hh"
+
 /*
 * Determine the syscall number for `fchmodat2`.
 *
--- a/src/libstore/linux/personality.cc
+++ b/src/libstore/linux/personality.cc
@ -15,7 +15,7 @@ void setPersonality(std::string_view system)
        struct utsname utsbuf;
        uname(&utsbuf);
        if ((system == "i686-linux"
-                && (std::string_view(SYSTEM) == "x86_64-linux"
+                && (std::string_view(NIX_LOCAL_SYSTEM) == "x86_64-linux"
                    || (!strcmp(utsbuf.sysname, "Linux") && !strcmp(utsbuf.machine, "x86_64"))))
            || system == "armv7l-linux"
            || system == "armv6l-linux"
--- a/src/libstore/local-store.cc
+++ b/src/libstore/local-store.cc
@ -54,6 +54,8 @@

 #include "nix/strings.hh"

+#include "store-config-private.hh"
+

 namespace nix {

--- a/src/libstore/meson.build
+++ b/src/libstore/meson.build
@ -15,12 +15,20 @@ cxx = meson.get_compiler('cpp')

 subdir('nix-meson-build-support/deps-lists')

-configdata = configuration_data()
+configdata_pub = configuration_data()
+configdata_priv = configuration_data()

 # TODO rename, because it will conflict with downstream projects
-configdata.set_quoted('PACKAGE_VERSION', meson.project_version())
+configdata_priv.set_quoted('PACKAGE_VERSION', meson.project_version())

-configdata.set_quoted('SYSTEM', host_machine.cpu_family() + '-' + host_machine.system())
+# Used in public header.
+configdata_pub.set_quoted(
+  'NIX_LOCAL_SYSTEM',
+  host_machine.cpu_family() + '-' + host_machine.system(),
+  description :
+    'This is the system name Nix expects for local running instance of Nix.\n\n'
+    + 'See the "system" setting for additional details',
+)

 deps_private_maybe_subproject = [
 ]
@ -47,28 +55,30 @@ run_command('rm', '-f',
  check : true,
 )
 summary('can hardlink to symlink', can_link_symlink, bool_yn : true)
-configdata.set('CAN_LINK_SYMLINK', can_link_symlink.to_int())
+configdata_priv.set('CAN_LINK_SYMLINK', can_link_symlink.to_int())

 # Check for each of these functions, and create a define like `#define HAVE_LCHOWN 1`.
-#
-# Only need to do functions that deps (like `libnixutil`) didn't already
-# check for.
 check_funcs = [
  # Optionally used for canonicalising files from the build
  'lchown',
+  'posix_fallocate',
  'statvfs',
 ]
 foreach funcspec : check_funcs
  define_name = 'HAVE_' + funcspec.underscorify().to_upper()
  define_value = cxx.has_function(funcspec).to_int()
-  configdata.set(define_name, define_value)
+  configdata_priv.set(define_name, define_value)
 endforeach

 has_acl_support = cxx.has_header('sys/xattr.h') \
  and cxx.has_function('llistxattr') \
  and cxx.has_function('lremovexattr')
-# TODO: used in header - make proper public header and make sure it's included. Affects ABI!
-configdata.set('HAVE_ACL_SUPPORT', has_acl_support.to_int())
+# Used in public header. Affects ABI!
+configdata_pub.set(
+  'NIX_SUPPORT_ACL',
+  has_acl_support.to_int(),
+  description : 'FIXME: It\'s a bit peculiar that this needs to be exposed. The reason is that that it effects whether the settings struct in a header has a particular field. This is also odd, because it means when there is no ACL support one will just get an "unknown setting" warning from their configuration.',
+)

 if host_machine.system() == 'darwin'
  sandbox = cxx.find_library('sandbox')
@ -104,7 +114,7 @@ seccomp = dependency('libseccomp', 'seccomp', required : seccomp_required, versi
 if is_linux and not seccomp.found()
  warning('Sandbox security is reduced because libseccomp has not been found! Please provide libseccomp if it supports your CPU architecture.')
 endif
-configdata.set('HAVE_SECCOMP', seccomp.found().to_int())
+configdata_priv.set('HAVE_SECCOMP', seccomp.found().to_int())
 deps_private += seccomp

 nlohmann_json = dependency('nlohmann_json', version : '>= 3.9')
@ -116,7 +126,7 @@ deps_private += sqlite
 # AWS C++ SDK has bad pkg-config. See
 # https://github.com/aws/aws-sdk-cpp/issues/2673 for details.
 aws_s3 = dependency('aws-cpp-sdk-s3', required : false)
-configdata.set('ENABLE_S3', aws_s3.found().to_int())
+configdata_priv.set('ENABLE_S3', aws_s3.found().to_int())
 if aws_s3.found()
  aws_s3 = declare_dependency(
    include_directories: include_directories(aws_s3.get_variable('includedir')),
@ -148,7 +158,7 @@ if get_option('embedded-sandbox-shell')
  # The path to busybox is passed as a -D flag when compiling this_library.
  # This solution is inherited from the old make buildsystem
  # TODO: do this differently?
-  configdata.set('HAVE_EMBEDDED_SANDBOX_SHELL', 1)
+  configdata_priv.set('HAVE_EMBEDDED_SANDBOX_SHELL', 1)
  hexdump = find_program('hexdump', native : true)
  embedded_sandbox_shell_gen = custom_target(
    'embedded-sandbox-shell.gen.hh',
@ -166,12 +176,9 @@ if get_option('embedded-sandbox-shell')
  generated_headers += embedded_sandbox_shell_gen
 endif

-add_project_arguments(
-  # TODO(Qyriad): Yes this is how the autoconf+Make system did it.
-  # It would be nice for our headers to be idempotent instead.
-  '-include', 'nix/config-util.hh',
-  '-include', 'nix/config-store.hh',
-  language : 'cpp',
+config_priv_h = configure_file(
+  configuration : configdata_priv,
+  output : 'store-config-private.hh',
 )

 subdir('nix-meson-build-support/common')
@ -347,6 +354,7 @@ this_library = library(
  'nixstore',
  generated_headers,
  sources,
+  config_priv_h,
  dependencies : deps_public + deps_private + deps_other,
  include_directories : include_dirs,
  cpp_args : cpp_args,
--- a/src/libstore/posix-fs-canonicalise.cc
+++ b/src/libstore/posix-fs-canonicalise.cc
@ -1,13 +1,16 @@
-#if HAVE_ACL_SUPPORT
-# include <sys/xattr.h>
-#endif
-
 #include "nix/posix-fs-canonicalise.hh"
 #include "nix/file-system.hh"
 #include "nix/signals.hh"
 #include "nix/util.hh"
 #include "nix/globals.hh"
 #include "nix/store-api.hh"
+#include "nix/store-config.hh"
+
+#include "store-config-private.hh"
+
+#if NIX_SUPPORT_ACL
+# include <sys/xattr.h>
+#endif

 namespace nix {

@ -72,7 +75,7 @@ static void canonicalisePathMetaData_(
    if (!(S_ISREG(st.st_mode) || S_ISDIR(st.st_mode) || S_ISLNK(st.st_mode)))
        throw Error("file '%1%' has an unsupported type", path);

-#if HAVE_ACL_SUPPORT
+#if NIX_SUPPORT_ACL
    /* Remove extended attributes / ACLs. */
    ssize_t eaSize = llistxattr(path.c_str(), nullptr, 0);

--- a/src/libstore/unix/build/local-derivation-goal.cc
+++ b/src/libstore/unix/build/local-derivation-goal.cc
@ -22,6 +22,7 @@
 #include "nix/posix-fs-canonicalise.hh"
 #include "nix/posix-source-accessor.hh"
 #include "nix/restricted-store.hh"
+#include "nix/store-config.hh"

 #include <regex>
 #include <queue>
@ -34,6 +35,8 @@
 #include <sys/resource.h>
 #include <sys/socket.h>

+#include "store-config-private.hh"
+
 #if HAVE_STATVFS
 #include <sys/statvfs.h>
 #endif
@ -1785,7 +1788,7 @@ void setupSeccomp()
        seccomp_release(ctx);
    });

-    constexpr std::string_view nativeSystem = SYSTEM;
+    constexpr std::string_view nativeSystem = NIX_LOCAL_SYSTEM;

    if (nativeSystem == "x86_64-linux" &&
        seccomp_arch_add(ctx, SCMP_ARCH_X86) != 0)