diff --git a/src/libcmd/common-eval-args.cc b/src/libcmd/common-eval-args.cc index 2e6ca4344..f7e086c16 100644 --- a/src/libcmd/common-eval-args.cc +++ b/src/libcmd/common-eval-args.cc @@ -15,6 +15,7 @@ #include "nix/fetchers/fetch-to-store.hh" #include "nix/cmd/compatibility-settings.hh" #include "nix/expr/eval-settings.hh" +#include "nix/store/globals.hh" namespace nix { diff --git a/src/libexpr/eval-cache.cc b/src/libexpr/eval-cache.cc index dfb1b1a7e..8faa73028 100644 --- a/src/libexpr/eval-cache.cc +++ b/src/libexpr/eval-cache.cc @@ -4,6 +4,7 @@ #include "nix/expr/eval.hh" #include "nix/expr/eval-inline.hh" #include "nix/store/store-api.hh" +#include "nix/store/globals.hh" // Need specialization involving `SymbolStr` just in this one module. #include "nix/util/strings-inline.hh" diff --git a/src/libexpr/eval.cc b/src/libexpr/eval.cc index 293b05953..f0b199946 100644 --- a/src/libexpr/eval.cc +++ b/src/libexpr/eval.cc @@ -6,6 +6,7 @@ #include "nix/util/exit.hh" #include "nix/util/types.hh" #include "nix/util/util.hh" +#include "nix/util/environment-variables.hh" #include "nix/store/store-api.hh" #include "nix/store/derivations.hh" #include "nix/store/downstream-placeholder.hh" diff --git a/src/libexpr/primops.cc b/src/libexpr/primops.cc index 6af179e4e..ca84f3038 100644 --- a/src/libexpr/primops.cc +++ b/src/libexpr/primops.cc @@ -5,6 +5,7 @@ #include "nix/expr/eval-settings.hh" #include "nix/expr/gc-small-vector.hh" #include "nix/expr/json-to-value.hh" +#include "nix/store/globals.hh" #include "nix/store/names.hh" #include "nix/store/path-references.hh" #include "nix/store/store-api.hh" diff --git a/src/libexpr/primops/context.cc b/src/libexpr/primops/context.cc index 11b59efcd..f037fdb80 100644 --- a/src/libexpr/primops/context.cc +++ b/src/libexpr/primops/context.cc @@ -2,6 +2,7 @@ #include "nix/expr/eval-inline.hh" #include "nix/store/derivations.hh" #include "nix/store/store-api.hh" +#include "nix/store/globals.hh" namespace nix { diff --git a/src/libexpr/primops/fetchClosure.cc b/src/libexpr/primops/fetchClosure.cc index d3b38e5a3..469459818 100644 --- a/src/libexpr/primops/fetchClosure.cc +++ b/src/libexpr/primops/fetchClosure.cc @@ -3,6 +3,7 @@ #include "nix/store/realisation.hh" #include "nix/store/make-content-addressed.hh" #include "nix/util/url.hh" +#include "nix/util/environment-variables.hh" namespace nix { diff --git a/src/libfetchers-tests/git.cc b/src/libfetchers-tests/git.cc index 83ee1a1a2..af987e260 100644 --- a/src/libfetchers-tests/git.cc +++ b/src/libfetchers-tests/git.cc @@ -1,4 +1,5 @@ #include "nix/store/store-open.hh" +#include "nix/store/globals.hh" #include "nix/fetchers/fetch-settings.hh" #include "nix/fetchers/fetchers.hh" #include "nix/fetchers/git-utils.hh" diff --git a/src/libfetchers/cache.cc b/src/libfetchers/cache.cc index 85fd94590..ed4776704 100644 --- a/src/libfetchers/cache.cc +++ b/src/libfetchers/cache.cc @@ -4,6 +4,7 @@ #include "nix/store/sqlite.hh" #include "nix/util/sync.hh" #include "nix/store/store-api.hh" +#include "nix/store/globals.hh" #include diff --git a/src/libstore-test-support/include/nix/store/tests/libstore.hh b/src/libstore-test-support/include/nix/store/tests/libstore.hh index 822ec3aa8..28b29fa31 100644 --- a/src/libstore-test-support/include/nix/store/tests/libstore.hh +++ b/src/libstore-test-support/include/nix/store/tests/libstore.hh @@ -6,6 +6,7 @@ #include "nix/store/store-api.hh" #include "nix/store/store-open.hh" +#include "nix/store/globals.hh" namespace nix { diff --git a/src/libstore/build/derivation-building-goal.cc b/src/libstore/build/derivation-building-goal.cc index 32abde041..e0a8717a0 100644 --- a/src/libstore/build/derivation-building-goal.cc +++ b/src/libstore/build/derivation-building-goal.cc @@ -12,6 +12,7 @@ #include "nix/store/common-protocol.hh" #include "nix/store/common-protocol-impl.hh" #include "nix/store/local-store.hh" // TODO remove, along with remaining downcasts +#include "nix/store/globals.hh" #include #include diff --git a/src/libstore/build/derivation-goal.cc b/src/libstore/build/derivation-goal.cc index e8523569d..883121d94 100644 --- a/src/libstore/build/derivation-goal.cc +++ b/src/libstore/build/derivation-goal.cc @@ -11,7 +11,7 @@ #include "nix/util/compression.hh" #include "nix/store/common-protocol.hh" #include "nix/store/common-protocol-impl.hh" // Don't remove is actually needed -#include "nix/store/local-store.hh" // TODO remove, along with remaining downcasts +#include "nix/store/globals.hh" #include #include diff --git a/src/libstore/build/drv-output-substitution-goal.cc b/src/libstore/build/drv-output-substitution-goal.cc index 222cd8618..b6ace4784 100644 --- a/src/libstore/build/drv-output-substitution-goal.cc +++ b/src/libstore/build/drv-output-substitution-goal.cc @@ -4,6 +4,7 @@ #include "nix/store/build/substitution-goal.hh" #include "nix/util/callback.hh" #include "nix/store/store-open.hh" +#include "nix/store/globals.hh" namespace nix { diff --git a/src/libstore/build/goal.cc b/src/libstore/build/goal.cc index 2e9ca5bf7..6266329e7 100644 --- a/src/libstore/build/goal.cc +++ b/src/libstore/build/goal.cc @@ -1,5 +1,6 @@ #include "nix/store/build/goal.hh" #include "nix/store/build/worker.hh" +#include "nix/store/globals.hh" namespace nix { diff --git a/src/libstore/build/substitution-goal.cc b/src/libstore/build/substitution-goal.cc index 3c0e96152..ab95ea4a2 100644 --- a/src/libstore/build/substitution-goal.cc +++ b/src/libstore/build/substitution-goal.cc @@ -4,6 +4,8 @@ #include "nix/store/nar-info.hh" #include "nix/util/finally.hh" #include "nix/util/signals.hh" +#include "nix/store/globals.hh" + #include namespace nix { diff --git a/src/libstore/build/worker.cc b/src/libstore/build/worker.cc index 9cb36fa16..3e6e0bef0 100644 --- a/src/libstore/build/worker.cc +++ b/src/libstore/build/worker.cc @@ -10,6 +10,7 @@ # include "nix/store/build/hook-instance.hh" #endif #include "nix/util/signals.hh" +#include "nix/store/globals.hh" namespace nix { diff --git a/src/libstore/builtins/fetchurl.cc b/src/libstore/builtins/fetchurl.cc index 55add7876..519ad9428 100644 --- a/src/libstore/builtins/fetchurl.cc +++ b/src/libstore/builtins/fetchurl.cc @@ -1,6 +1,7 @@ #include "nix/store/builtins.hh" #include "nix/store/filetransfer.hh" #include "nix/store/store-api.hh" +#include "nix/store/globals.hh" #include "nix/util/archive.hh" #include "nix/util/compression.hh" diff --git a/src/libstore/daemon.cc b/src/libstore/daemon.cc index 6211850cb..4f28a1e0d 100644 --- a/src/libstore/daemon.cc +++ b/src/libstore/daemon.cc @@ -16,6 +16,7 @@ #include "nix/util/args.hh" #include "nix/util/git.hh" #include "nix/util/logging.hh" +#include "nix/store/globals.hh" #ifndef _WIN32 // TODO need graceful async exit support on Windows? # include "nix/util/monitor-fd.hh" diff --git a/src/libstore/derivation-options.cc b/src/libstore/derivation-options.cc index 6656a4798..b41b97f4c 100644 --- a/src/libstore/derivation-options.cc +++ b/src/libstore/derivation-options.cc @@ -5,6 +5,7 @@ #include "nix/store/store-api.hh" #include "nix/util/types.hh" #include "nix/util/util.hh" +#include "nix/store/globals.hh" #include #include diff --git a/src/libstore/globals.cc b/src/libstore/globals.cc index 966d37090..612e79ab0 100644 --- a/src/libstore/globals.cc +++ b/src/libstore/globals.cc @@ -86,13 +86,22 @@ Settings::Settings() } #if (defined(__linux__) || defined(__FreeBSD__)) && defined(SANDBOX_SHELL) - sandboxPaths = tokenizeString("/bin/sh=" SANDBOX_SHELL); + sandboxPaths = {{"/bin/sh", {.source = SANDBOX_SHELL}}}; #endif /* chroot-like behavior from Apple's sandbox */ #ifdef __APPLE__ - sandboxPaths = tokenizeString( - "/System/Library/Frameworks /System/Library/PrivateFrameworks /bin/sh /bin/bash /private/tmp /private/var/tmp /usr/lib"); + for (PathView p : { + "/System/Library/Frameworks", + "/System/Library/PrivateFrameworks", + "/bin/sh", + "/bin/bash", + "/private/tmp", + "/private/var/tmp", + "/usr/lib", + }) { + sandboxPaths.get().insert_or_assign(std::string{p}, ChrootPath{.source = std::string{p}}); + } allowedImpureHostPrefixes = tokenizeString("/System/Library /usr/lib /dev /bin/sh"); #endif } @@ -317,6 +326,42 @@ void BaseSetting::convertToArg(Args & args, const std::string & cat }); } +NLOHMANN_DEFINE_TYPE_NON_INTRUSIVE(ChrootPath, source, optional) + +template<> +PathsInChroot BaseSetting::parse(const std::string & str) const +{ + PathsInChroot pathsInChroot; + for (auto i : tokenizeString(str)) { + if (i.empty()) + continue; + bool optional = false; + if (i[i.size() - 1] == '?') { + optional = true; + i.pop_back(); + } + size_t p = i.find('='); + if (p == std::string::npos) + pathsInChroot[i] = {.source = i, .optional = optional}; + else + pathsInChroot[i.substr(0, p)] = {.source = i.substr(p + 1), .optional = optional}; + } + return pathsInChroot; +} + +template<> +std::string BaseSetting::to_string() const +{ + std::vector accum; + for (auto & [name, cp] : value) { + std::string s = name == cp.source ? name : name + "=" + cp.source; + if (cp.optional) + s += "?"; + accum.push_back(std::move(s)); + } + return concatStringsSep(" ", accum); +} + unsigned int MaxBuildJobsSetting::parse(const std::string & str) const { if (str == "auto") @@ -329,6 +374,14 @@ unsigned int MaxBuildJobsSetting::parse(const std::string & str) const } } +template<> +void BaseSetting::appendOrSet(PathsInChroot newValue, bool append) +{ + if (!append) + value.clear(); + value.insert(std::make_move_iterator(newValue.begin()), std::make_move_iterator(newValue.end())); +} + static void preloadNSS() { /* builtin:fetchurl can trigger a DNS lookup, which with glibc can trigger a dynamic library load of diff --git a/src/libstore/unix/include/nix/store/build/derivation-builder.hh b/src/libstore/include/nix/store/build/derivation-builder.hh similarity index 94% rename from src/libstore/unix/include/nix/store/build/derivation-builder.hh rename to src/libstore/include/nix/store/build/derivation-builder.hh index 8a36a6a8f..462352c76 100644 --- a/src/libstore/unix/include/nix/store/build/derivation-builder.hh +++ b/src/libstore/include/nix/store/build/derivation-builder.hh @@ -8,10 +8,20 @@ #include "nix/store/parsed-derivations.hh" #include "nix/util/processes.hh" #include "nix/store/restricted-store.hh" -#include "nix/store/user-lock.hh" namespace nix { +/** + * Stuff we need to pass to initChild(). + */ +struct ChrootPath +{ + Path source; + bool optional = false; +}; + +typedef std::map PathsInChroot; // maps target path to source path + /** * Parameters by (mostly) `const` reference for `DerivationBuilder`. */ @@ -178,7 +188,9 @@ struct DerivationBuilder : RestrictionContext virtual void killSandbox(bool getStats) = 0; }; +#ifndef _WIN32 // TODO enable `DerivationBuilder` on Windows std::unique_ptr makeDerivationBuilder( LocalStore & store, std::unique_ptr miscMethods, DerivationBuilderParams params); +#endif } // namespace nix diff --git a/src/libstore/include/nix/store/globals.hh b/src/libstore/include/nix/store/globals.hh index e97210892..2cd92467c 100644 --- a/src/libstore/include/nix/store/globals.hh +++ b/src/libstore/include/nix/store/globals.hh @@ -11,6 +11,7 @@ #include "nix/util/environment-variables.hh" #include "nix/util/experimental-features.hh" #include "nix/util/users.hh" +#include "nix/store/build/derivation-builder.hh" #include "nix/store/config.hh" @@ -23,6 +24,20 @@ SandboxMode BaseSetting::parse(const std::string & str) const; template<> std::string BaseSetting::to_string() const; +template<> +PathsInChroot BaseSetting::parse(const std::string & str) const; +template<> +std::string BaseSetting::to_string() const; + +template<> +struct BaseSetting::trait +{ + static constexpr bool appendable = true; +}; + +template<> +void BaseSetting::appendOrSet(PathsInChroot newValue, bool append); + struct MaxBuildJobsSetting : public BaseSetting { MaxBuildJobsSetting( @@ -697,7 +712,7 @@ public: )", {"build-use-chroot", "build-use-sandbox"}}; - Setting sandboxPaths{ + Setting sandboxPaths{ this, {}, "sandbox-paths", diff --git a/src/libstore/include/nix/store/local-fs-store.hh b/src/libstore/include/nix/store/local-fs-store.hh index cae50e762..84777f3d7 100644 --- a/src/libstore/include/nix/store/local-fs-store.hh +++ b/src/libstore/include/nix/store/local-fs-store.hh @@ -22,15 +22,31 @@ struct LocalFSStoreConfig : virtual StoreConfig OptionalPathSetting rootDir{this, std::nullopt, "root", "Directory prefixed to all other paths."}; +private: + + /** + * An indirection so that we don't need to refer to global settings + * in headers. + */ + static Path getDefaultStateDir(); + + /** + * An indirection so that we don't need to refer to global settings + * in headers. + */ + static Path getDefaultLogDir(); + +public: + PathSetting stateDir{ this, - rootDir.get() ? *rootDir.get() + "/nix/var/nix" : settings.nixStateDir, + rootDir.get() ? *rootDir.get() + "/nix/var/nix" : getDefaultStateDir(), "state", "Directory where Nix stores state."}; PathSetting logDir{ this, - rootDir.get() ? *rootDir.get() + "/nix/var/log/nix" : settings.nixLogDir, + rootDir.get() ? *rootDir.get() + "/nix/var/log/nix" : getDefaultLogDir(), "log", "directory where Nix stores log files."}; diff --git a/src/libstore/include/nix/store/local-store.hh b/src/libstore/include/nix/store/local-store.hh index 3d7e8301a..f7dfcb5ad 100644 --- a/src/libstore/include/nix/store/local-store.hh +++ b/src/libstore/include/nix/store/local-store.hh @@ -74,9 +74,19 @@ struct LocalStoreConfig : std::enable_shared_from_this, LocalStoreConfig(std::string_view scheme, std::string_view authority, const Params & params); +private: + + /** + * An indirection so that we don't need to refer to global settings + * in headers. + */ + bool getDefaultRequireSigs(); + +public: + Setting requireSigs{ this, - settings.requireSigs, + getDefaultRequireSigs(), "require-sigs", "Whether store paths copied into this store should have a trusted signature."}; diff --git a/src/libstore/include/nix/store/meson.build b/src/libstore/include/nix/store/meson.build index e41a7da4d..cba5d9ca5 100644 --- a/src/libstore/include/nix/store/meson.build +++ b/src/libstore/include/nix/store/meson.build @@ -12,6 +12,7 @@ config_pub_h = configure_file( headers = [ config_pub_h ] + files( 'binary-cache-store.hh', 'build-result.hh', + 'build/derivation-builder.hh', 'build/derivation-building-goal.hh', 'build/derivation-building-misc.hh', 'build/derivation-goal.hh', diff --git a/src/libstore/include/nix/store/restricted-store.hh b/src/libstore/include/nix/store/restricted-store.hh index b5680da4d..8bbb2ff54 100644 --- a/src/libstore/include/nix/store/restricted-store.hh +++ b/src/libstore/include/nix/store/restricted-store.hh @@ -1,10 +1,13 @@ #pragma once ///@file -#include "nix/store/local-store.hh" +#include "nix/store/store-api.hh" namespace nix { +class LocalStore; +struct LocalStoreConfig; + /** * A restricted store has a pointer to one of these, which manages the * restrictions that are in place. @@ -55,6 +58,6 @@ struct RestrictionContext /** * Create a shared pointer to a restricted store. */ -ref makeRestrictedStore(ref config, ref next, RestrictionContext & context); +ref makeRestrictedStore(ref config, ref next, RestrictionContext & context); } // namespace nix diff --git a/src/libstore/include/nix/store/store-api.hh b/src/libstore/include/nix/store/store-api.hh index 6393ccbc7..987ed4d48 100644 --- a/src/libstore/include/nix/store/store-api.hh +++ b/src/libstore/include/nix/store/store-api.hh @@ -8,7 +8,6 @@ #include "nix/util/serialise.hh" #include "nix/util/lru-cache.hh" #include "nix/util/sync.hh" -#include "nix/store/globals.hh" #include "nix/util/configuration.hh" #include "nix/store/path-info.hh" #include "nix/util/repair-flag.hh" @@ -89,9 +88,19 @@ struct StoreConfigBase : Config { using Config::Config; +private: + + /** + * An indirection so that we don't need to refer to global settings + * in headers. + */ + static Path getDefaultNixStoreDir(); + +public: + const PathSetting storeDir_{ this, - settings.nixStore, + getDefaultNixStoreDir(), "store", R"( Logical location of the Nix store, usually diff --git a/src/libstore/include/nix/store/store-dir-config.hh b/src/libstore/include/nix/store/store-dir-config.hh index 2dfd601f1..07cda5c12 100644 --- a/src/libstore/include/nix/store/store-dir-config.hh +++ b/src/libstore/include/nix/store/store-dir-config.hh @@ -3,7 +3,6 @@ #include "nix/store/path.hh" #include "nix/util/hash.hh" #include "nix/store/content-address.hh" -#include "nix/store/globals.hh" #include "nix/util/configuration.hh" #include diff --git a/src/libstore/include/nix/store/store-open.hh b/src/libstore/include/nix/store/store-open.hh index 0e8724990..ef7d81675 100644 --- a/src/libstore/include/nix/store/store-open.hh +++ b/src/libstore/include/nix/store/store-open.hh @@ -30,9 +30,12 @@ ref openStore(StoreReference && storeURI); * Opens the store at `uri`, where `uri` is in the format expected by * `StoreReference::parse` */ -ref openStore( - const std::string & uri = settings.storeUri.get(), - const StoreReference::Params & extraParams = StoreReference::Params()); +ref openStore(const std::string & uri, const StoreReference::Params & extraParams = StoreReference::Params()); + +/** + * Short-hand which opens the default store, according to global settings + */ +ref openStore(); /** * @return the default substituter stores, defined by the diff --git a/src/libstore/legacy-ssh-store.cc b/src/libstore/legacy-ssh-store.cc index 0435cfa62..0e9ee35bf 100644 --- a/src/libstore/legacy-ssh-store.cc +++ b/src/libstore/legacy-ssh-store.cc @@ -13,6 +13,7 @@ #include "nix/store/derivations.hh" #include "nix/util/callback.hh" #include "nix/store/store-registration.hh" +#include "nix/store/globals.hh" namespace nix { diff --git a/src/libstore/local-fs-store.cc b/src/libstore/local-fs-store.cc index fd1fe4459..e0f07b91b 100644 --- a/src/libstore/local-fs-store.cc +++ b/src/libstore/local-fs-store.cc @@ -8,6 +8,16 @@ namespace nix { +Path LocalFSStoreConfig::getDefaultStateDir() +{ + return settings.nixStateDir; +} + +Path LocalFSStoreConfig::getDefaultLogDir() +{ + return settings.nixLogDir; +} + LocalFSStoreConfig::LocalFSStoreConfig(PathView rootDir, const Params & params) : StoreConfig(params) // Default `?root` from `rootDir` if non set diff --git a/src/libstore/local-store.cc b/src/libstore/local-store.cc index 81768e4eb..55862477c 100644 --- a/src/libstore/local-store.cc +++ b/src/libstore/local-store.cc @@ -86,6 +86,11 @@ ref LocalStore::Config::openStore() const return make_ref(ref{shared_from_this()}); } +bool LocalStoreConfig::getDefaultRequireSigs() +{ + return settings.requireSigs; +} + struct LocalStore::State::Stmts { /* Some precompiled SQLite statements. */ diff --git a/src/libstore/profiles.cc b/src/libstore/profiles.cc index 2b679e2a3..3f6fcb6ff 100644 --- a/src/libstore/profiles.cc +++ b/src/libstore/profiles.cc @@ -1,5 +1,6 @@ #include "nix/store/profiles.hh" #include "nix/util/signals.hh" +#include "nix/store/globals.hh" #include "nix/store/store-api.hh" #include "nix/store/local-fs-store.hh" #include "nix/util/users.hh" diff --git a/src/libstore/restricted-store.cc b/src/libstore/restricted-store.cc index 1fb139dff..e0f43ab6c 100644 --- a/src/libstore/restricted-store.cc +++ b/src/libstore/restricted-store.cc @@ -2,6 +2,7 @@ #include "nix/store/build-result.hh" #include "nix/util/callback.hh" #include "nix/store/realisation.hh" +#include "nix/store/local-store.hh" namespace nix { diff --git a/src/libstore/store-api.cc b/src/libstore/store-api.cc index bd5ae9284..fad79a83e 100644 --- a/src/libstore/store-api.cc +++ b/src/libstore/store-api.cc @@ -27,6 +27,11 @@ using json = nlohmann::json; namespace nix { +Path StoreConfigBase::getDefaultNixStoreDir() +{ + return settings.nixStore; +} + StoreConfig::StoreConfig(const Params & params) : StoreConfigBase(params) , StoreDirConfig{storeDir_} diff --git a/src/libstore/store-registration.cc b/src/libstore/store-registration.cc index fd8d67437..cfaf86b1e 100644 --- a/src/libstore/store-registration.cc +++ b/src/libstore/store-registration.cc @@ -2,9 +2,15 @@ #include "nix/store/store-open.hh" #include "nix/store/local-store.hh" #include "nix/store/uds-remote-store.hh" +#include "nix/store/globals.hh" namespace nix { +ref openStore() +{ + return openStore(settings.storeUri.get()); +} + ref openStore(const std::string & uri, const Store::Config::Params & extraParams) { return openStore(StoreReference::parse(uri, extraParams)); diff --git a/src/libstore/uds-remote-store.cc b/src/libstore/uds-remote-store.cc index 1d3ecb415..4871b4913 100644 --- a/src/libstore/uds-remote-store.cc +++ b/src/libstore/uds-remote-store.cc @@ -2,6 +2,7 @@ #include "nix/util/unix-domain-socket.hh" #include "nix/store/worker-protocol.hh" #include "nix/store/store-registration.hh" +#include "nix/store/globals.hh" #include #include diff --git a/src/libstore/unix/build/chroot-derivation-builder.cc b/src/libstore/unix/build/chroot-derivation-builder.cc index 669e3ffb7..887bb47f0 100644 --- a/src/libstore/unix/build/chroot-derivation-builder.cc +++ b/src/libstore/unix/build/chroot-derivation-builder.cc @@ -135,7 +135,7 @@ struct ChrootDerivationBuilder : virtual DerivationBuilderImpl for (auto & i : inputPaths) { auto p = store.printStorePath(i); - pathsInChroot.insert_or_assign(p, store.toRealPath(p)); + pathsInChroot.insert_or_assign(p, ChrootPath{.source = store.toRealPath(p)}); } /* If we're repairing, checking or rebuilding part of a diff --git a/src/libstore/unix/build/darwin-derivation-builder.cc b/src/libstore/unix/build/darwin-derivation-builder.cc index 5889ecf8f..21b3c6cb9 100644 --- a/src/libstore/unix/build/darwin-derivation-builder.cc +++ b/src/libstore/unix/build/darwin-derivation-builder.cc @@ -69,7 +69,7 @@ struct DarwinDerivationBuilder : DerivationBuilderImpl /* Add all our input paths to the chroot */ for (auto & i : inputPaths) { auto p = store.printStorePath(i); - pathsInChroot.insert_or_assign(p, p); + pathsInChroot.insert_or_assign(p, ChrootPath{.source = p}); } /* Violations will go to the syslog if you set this. Unfortunately the destination does not appear to be diff --git a/src/libstore/unix/build/derivation-builder.cc b/src/libstore/unix/build/derivation-builder.cc index 3ea208924..f6546ec62 100644 --- a/src/libstore/unix/build/derivation-builder.cc +++ b/src/libstore/unix/build/derivation-builder.cc @@ -15,6 +15,8 @@ #include "nix/store/posix-fs-canonicalise.hh" #include "nix/util/posix-source-accessor.hh" #include "nix/store/restricted-store.hh" +#include "nix/store/user-lock.hh" +#include "nix/store/globals.hh" #include @@ -106,23 +108,6 @@ protected: */ const DerivationType derivationType; - /** - * Stuff we need to pass to initChild(). - */ - struct ChrootPath - { - Path source; - bool optional; - - ChrootPath(Path source = "", bool optional = false) - : source(source) - , optional(optional) - { - } - }; - - typedef std::map PathsInChroot; // maps target path to source path - typedef StringMap Environment; Environment env; @@ -870,30 +855,16 @@ void DerivationBuilderImpl::startBuilder() processSandboxSetupMessages(); } -DerivationBuilderImpl::PathsInChroot DerivationBuilderImpl::getPathsInSandbox() +PathsInChroot DerivationBuilderImpl::getPathsInSandbox() { - PathsInChroot pathsInChroot; - /* Allow a user-configurable set of directories from the host file system. */ - for (auto i : settings.sandboxPaths.get()) { - if (i.empty()) - continue; - bool optional = false; - if (i[i.size() - 1] == '?') { - optional = true; - i.pop_back(); - } - size_t p = i.find('='); - if (p == std::string::npos) - pathsInChroot[i] = {i, optional}; - else - pathsInChroot[i.substr(0, p)] = {i.substr(p + 1), optional}; - } + PathsInChroot pathsInChroot = settings.sandboxPaths.get(); + if (hasPrefix(store.storeDir, tmpDirInSandbox())) { throw Error("`sandbox-build-dir` must not contain the storeDir"); } - pathsInChroot[tmpDirInSandbox()] = tmpDir; + pathsInChroot[tmpDirInSandbox()] = {.source = tmpDir}; /* Add the closure of store paths to the chroot. */ StorePathSet closure; @@ -908,7 +879,7 @@ DerivationBuilderImpl::PathsInChroot DerivationBuilderImpl::getPathsInSandbox() } for (auto & i : closure) { auto p = store.printStorePath(i); - pathsInChroot.insert_or_assign(p, p); + pathsInChroot.insert_or_assign(p, ChrootPath{.source = p}); } PathSet allowedPaths = settings.allowedImpureHostPrefixes; @@ -964,9 +935,9 @@ DerivationBuilderImpl::PathsInChroot DerivationBuilderImpl::getPathsInSandbox() } else { auto p = line.find('='); if (p == std::string::npos) - pathsInChroot[line] = line; + pathsInChroot[line] = {.source = line}; else - pathsInChroot[line.substr(0, p)] = line.substr(p + 1); + pathsInChroot[line.substr(0, p)] = {.source = line.substr(p + 1)}; } } } diff --git a/src/libstore/unix/include/nix/store/meson.build b/src/libstore/unix/include/nix/store/meson.build index 7cf973223..bdc4b2f20 100644 --- a/src/libstore/unix/include/nix/store/meson.build +++ b/src/libstore/unix/include/nix/store/meson.build @@ -2,7 +2,6 @@ include_dirs += include_directories('../..') headers += files( 'build/child.hh', - 'build/derivation-builder.hh', 'build/hook-instance.hh', 'user-lock.hh', ) diff --git a/src/nix/build-remote/build-remote.cc b/src/nix/build-remote/build-remote.cc index 786085106..11df8cc5e 100644 --- a/src/nix/build-remote/build-remote.cc +++ b/src/nix/build-remote/build-remote.cc @@ -22,6 +22,7 @@ #include "nix/store/local-store.hh" #include "nix/cmd/legacy.hh" #include "nix/util/experimental-features.hh" +#include "nix/store/globals.hh" using namespace nix; using std::cin; diff --git a/src/nix/bundle.cc b/src/nix/bundle.cc index ed70ba47e..29960c281 100644 --- a/src/nix/bundle.cc +++ b/src/nix/bundle.cc @@ -5,6 +5,7 @@ #include "nix/store/store-api.hh" #include "nix/store/local-fs-store.hh" #include "nix/expr/eval-inline.hh" +#include "nix/store/globals.hh" namespace nix::fs { using namespace std::filesystem; diff --git a/src/nix/config-check.cc b/src/nix/config-check.cc index dc6453e27..c04943eab 100644 --- a/src/nix/config-check.cc +++ b/src/nix/config-check.cc @@ -9,6 +9,7 @@ #include "nix/store/local-fs-store.hh" #include "nix/store/worker-protocol.hh" #include "nix/util/executable-path.hh" +#include "nix/store/globals.hh" namespace nix::fs { using namespace std::filesystem; diff --git a/src/nix/develop.cc b/src/nix/develop.cc index d3381a988..f59dc5bee 100644 --- a/src/nix/develop.cc +++ b/src/nix/develop.cc @@ -5,6 +5,7 @@ #include "nix/main/common-args.hh" #include "nix/main/shared.hh" #include "nix/store/store-api.hh" +#include "nix/store/globals.hh" #include "nix/store/outputs-spec.hh" #include "nix/store/derivations.hh" diff --git a/src/nix/env.cc b/src/nix/env.cc index 277bd0fdd..d91ee72d7 100644 --- a/src/nix/env.cc +++ b/src/nix/env.cc @@ -6,6 +6,7 @@ #include "run.hh" #include "nix/util/strings.hh" #include "nix/util/executable-path.hh" +#include "nix/util/environment-variables.hh" using namespace nix; diff --git a/src/nix/flake.cc b/src/nix/flake.cc index a7b72c7e1..c04eab291 100644 --- a/src/nix/flake.cc +++ b/src/nix/flake.cc @@ -1,4 +1,3 @@ -#include "flake-command.hh" #include "nix/main/common-args.hh" #include "nix/main/shared.hh" #include "nix/expr/eval.hh" @@ -17,6 +16,7 @@ #include "nix/util/users.hh" #include "nix/fetchers/fetch-to-store.hh" #include "nix/store/local-fs-store.hh" +#include "nix/store/globals.hh" #include #include @@ -24,6 +24,9 @@ #include "nix/util/strings-inline.hh" +// FIXME is this supposed to be private or not? +#include "flake-command.hh" + namespace nix::fs { using namespace std::filesystem; } diff --git a/src/nix/formatter.cc b/src/nix/formatter.cc index 212bb8d70..f5eb966d6 100644 --- a/src/nix/formatter.cc +++ b/src/nix/formatter.cc @@ -5,6 +5,8 @@ #include "nix/store/local-fs-store.hh" #include "nix/cmd/installable-derived-path.hh" #include "nix/util/environment-variables.hh" +#include "nix/store/globals.hh" + #include "run.hh" using namespace nix; diff --git a/src/nix/log.cc b/src/nix/log.cc index cabe611fa..150b4b371 100644 --- a/src/nix/log.cc +++ b/src/nix/log.cc @@ -1,6 +1,7 @@ #include "nix/cmd/command.hh" #include "nix/main/common-args.hh" #include "nix/main/shared.hh" +#include "nix/store/globals.hh" #include "nix/store/store-open.hh" #include "nix/store/log-store.hh" diff --git a/src/nix/nix-store/nix-store.cc b/src/nix/nix-store/nix-store.cc index 93fe4df45..4191ea0d6 100644 --- a/src/nix/nix-store/nix-store.cc +++ b/src/nix/nix-store/nix-store.cc @@ -12,7 +12,9 @@ #include "graphml.hh" #include "nix/cmd/legacy.hh" #include "nix/util/posix-source-accessor.hh" +#include "nix/store/globals.hh" #include "nix/store/path-with-outputs.hh" + #include "man-pages.hh" #ifndef _WIN32 // TODO implement on Windows or provide allowed-to-noop interface diff --git a/src/nix/prefetch.cc b/src/nix/prefetch.cc index b651a4c97..b23b11d02 100644 --- a/src/nix/prefetch.cc +++ b/src/nix/prefetch.cc @@ -12,6 +12,7 @@ #include "nix/util/posix-source-accessor.hh" #include "nix/cmd/misc-store-flags.hh" #include "nix/util/terminal.hh" +#include "nix/util/environment-variables.hh" #include "man-pages.hh" diff --git a/src/nix/run.cc b/src/nix/run.cc index c3d416a6e..368a5ed57 100644 --- a/src/nix/run.cc +++ b/src/nix/run.cc @@ -11,6 +11,8 @@ #include "nix/util/source-accessor.hh" #include "nix/expr/eval.hh" #include "nix/util/util.hh" +#include "nix/store/globals.hh" + #include #ifdef __linux__ diff --git a/src/nix/upgrade-nix.cc b/src/nix/upgrade-nix.cc index 3037d1986..f6668f6dc 100644 --- a/src/nix/upgrade-nix.cc +++ b/src/nix/upgrade-nix.cc @@ -8,6 +8,7 @@ #include "nix/expr/attr-path.hh" #include "nix/store/names.hh" #include "nix/util/executable-path.hh" +#include "nix/store/globals.hh" #include "self-exe.hh" using namespace nix;