mirror of
https://github.com/NixOS/nix.git
synced 2025-11-22 02:09:36 +01:00
0da3b18520
Squashed commit of the following:
commit 04fff3a637d455cbb1d75937a235950e43008db9
Author: Eelco Dolstra <edolstra@gmail.com>
Date: Thu Jun 12 12:30:32 2025 +0200
Chown structured attr files safely
commit 5417ad445e414c649d0cfc71a05661c7bf8f3ef5
Author: Eelco Dolstra <edolstra@gmail.com>
Date: Thu Jun 12 12:14:04 2025 +0200
Replace 'bool sync' with an enum for clarity
And drop writeFileAndSync().
commit 7ae0141f328d8e8e1094be24665789c05f974ba6
Author: Eelco Dolstra <edolstra@gmail.com>
Date: Thu Jun 12 11:35:28 2025 +0200
Drop guessOrInventPathFromFD()
No need to do hacky stuff like that when we already know the original path.
commit 45b05098bd019da7c57cd4227a89bfd0fa65bb08
Author: Eelco Dolstra <edolstra@gmail.com>
Date: Thu Jun 12 11:15:58 2025 +0200
Tweak comment
commit 0af15b31209d1b7ec8addfae9a1a6b60d8f35848
Author: Raito Bezarius <raito@lix.systems>
Date: Thu Mar 27 12:22:26 2025 +0100
libstore: ensure that temporary directory is always 0o000 before deletion
In the case the deletion fails, we should ensure that the temporary
directory cannot be used for nefarious purposes.
Change-Id: I498a2dd0999a74195d13642f44a5de1e69d46120
Signed-off-by: Raito Bezarius <raito@lix.systems>
commit 2c20fa37b15cfa03ac6a1a6a47cdb2ed66c0827e
Author: Raito Bezarius <raito@lix.systems>
Date: Wed Mar 26 12:42:55 2025 +0100
libutil: ensure that `_deletePath` does NOT use absolute paths with dirfds
When calling `_deletePath` with a parent file descriptor, `openat` is
made effective by using relative paths to the directory file descriptor.
To avoid the problem, the signature is changed to resist misuse with an
assert in the prologue of the function.
Change-Id: I6b3fc766bad2afe54dc27d47d1df3873e188de96
Signed-off-by: Raito Bezarius <raito@lix.systems>
commit d3c370bbcae48bb825ce19fd0f73bb4eefd2c9ea
Author: Raito Bezarius <raito@lix.systems>
Date: Wed Mar 26 01:07:47 2025 +0100
libstore: ensure that `passAsFile` is created in the original temp dir
This ensures that `passAsFile` data is created inside the expected
temporary build directory by `openat()` from the parent directory file
descriptor.
This avoids a TOCTOU which is part of the attack chain of CVE-????.
Change-Id: Ie5273446c4a19403088d0389ae8e3f473af8879a
Signed-off-by: Raito Bezarius <raito@lix.systems>
commit 45d3598724f932d024ef6bc2ffb00c1bb90e6018
Author: Raito Bezarius <raito@lix.systems>
Date: Wed Mar 26 01:06:03 2025 +0100
libutil: writeFile variant for file descriptors
`writeFile` lose its `sync` boolean flag to make things simpler.
A new `writeFileAndSync` function is created and all call sites are
converted to it.
Change-Id: Ib871a5283a9c047db1e4fe48a241506e4aab9192
Signed-off-by: Raito Bezarius <raito@lix.systems>
commit 732bd9b98cabf4aaf95a01fd318923de303f9996
Author: Raito Bezarius <raito@lix.systems>
Date: Wed Mar 26 01:05:34 2025 +0100
libstore: chown to builder variant for file descriptors
We use it immediately for the build temporary directory.
Change-Id: I180193c63a2b98721f5fb8e542c4e39c099bb947
Signed-off-by: Raito Bezarius <raito@lix.systems>
commit 962c65f8dcd5570dd92c72370a862c7b38942e0d
Author: Raito Bezarius <raito@lix.systems>
Date: Wed Mar 26 01:04:59 2025 +0100
libstore: open build directory as a dirfd as well
We now keep around a proper AutoCloseFD around the temporary directory
which we plan to use for openat operations and avoiding the build
directory being swapped out while we are doing something else.
Change-Id: I18d387b0f123ebf2d20c6405cd47ebadc5505f2a
Signed-off-by: Raito Bezarius <raito@lix.systems>
commit c9b42462b75b5a37ee6564c2b53cff186c8323da
Author: Raito Bezarius <raito@lix.systems>
Date: Wed Mar 26 01:04:12 2025 +0100
libutil: guess or invent a path from file descriptors
This is useful for certain error recovery paths (no pun intended) that
does not thread through the original path name.
Change-Id: I2d800740cb4f9912e64c923120d3f977c58ccb7e
Signed-off-by: Raito Bezarius <raito@lix.systems>
369 lines
10 KiB
C++
369 lines
10 KiB
C++
#pragma once
|
|
/**
|
|
* @file
|
|
*
|
|
* Utiltities for working with the file sytem and file paths.
|
|
*/
|
|
|
|
#include "types.hh"
|
|
#include "error.hh"
|
|
#include "logging.hh"
|
|
#include "file-descriptor.hh"
|
|
#include "file-path.hh"
|
|
|
|
#include <sys/types.h>
|
|
#include <sys/stat.h>
|
|
#include <dirent.h>
|
|
#include <unistd.h>
|
|
#ifdef _WIN32
|
|
# include <windef.h>
|
|
#endif
|
|
#include <signal.h>
|
|
|
|
#include <atomic>
|
|
#include <functional>
|
|
#include <map>
|
|
#include <sstream>
|
|
#include <optional>
|
|
|
|
/**
|
|
* Polyfill for MinGW
|
|
*
|
|
* Windows does in fact support symlinks, but the C runtime interfaces predate this.
|
|
*
|
|
* @todo get rid of this, and stop using `stat` when we want `lstat` too.
|
|
*/
|
|
#ifndef S_ISLNK
|
|
# define S_ISLNK(m) false
|
|
#endif
|
|
|
|
namespace nix {
|
|
|
|
struct Sink;
|
|
struct Source;
|
|
|
|
/**
|
|
* Return whether the path denotes an absolute path.
|
|
*/
|
|
bool isAbsolute(PathView path);
|
|
|
|
/**
|
|
* @return An absolutized path, resolving paths relative to the
|
|
* specified directory, or the current directory otherwise. The path
|
|
* is also canonicalised.
|
|
*
|
|
* In the process of being deprecated for `std::filesystem::absolute`.
|
|
*/
|
|
Path absPath(PathView path,
|
|
std::optional<PathView> dir = {},
|
|
bool resolveSymlinks = false);
|
|
|
|
inline Path absPath(const Path & path,
|
|
std::optional<PathView> dir = {},
|
|
bool resolveSymlinks = false)
|
|
{
|
|
return absPath(PathView{path}, dir, resolveSymlinks);
|
|
}
|
|
|
|
std::filesystem::path absPath(const std::filesystem::path & path,
|
|
bool resolveSymlinks = false);
|
|
|
|
/**
|
|
* Canonicalise a path by removing all `.` or `..` components and
|
|
* double or trailing slashes. Optionally resolves all symlink
|
|
* components such that each component of the resulting path is *not*
|
|
* a symbolic link.
|
|
*
|
|
* In the process of being deprecated for
|
|
* `std::filesystem::path::lexically_normal` (for the `resolveSymlinks =
|
|
* false` case), and `std::filesystem::weakly_canonical` (for the
|
|
* `resolveSymlinks = true` case).
|
|
*/
|
|
Path canonPath(PathView path, bool resolveSymlinks = false);
|
|
|
|
/**
|
|
* @return The directory part of the given canonical path, i.e.,
|
|
* everything before the final `/`. If the path is the root or an
|
|
* immediate child thereof (e.g., `/foo`), this means `/`
|
|
* is returned.
|
|
*
|
|
* In the process of being deprecated for
|
|
* `std::filesystem::path::parent_path`.
|
|
*/
|
|
Path dirOf(const PathView path);
|
|
|
|
/**
|
|
* @return the base name of the given canonical path, i.e., everything
|
|
* following the final `/` (trailing slashes are removed).
|
|
*
|
|
* In the process of being deprecated for
|
|
* `std::filesystem::path::filename`.
|
|
*/
|
|
std::string_view baseNameOf(std::string_view path);
|
|
|
|
/**
|
|
* Check whether 'path' is a descendant of 'dir'. Both paths must be
|
|
* canonicalized.
|
|
*/
|
|
bool isInDir(std::string_view path, std::string_view dir);
|
|
|
|
/**
|
|
* Check whether 'path' is equal to 'dir' or a descendant of
|
|
* 'dir'. Both paths must be canonicalized.
|
|
*/
|
|
bool isDirOrInDir(std::string_view path, std::string_view dir);
|
|
|
|
/**
|
|
* Get status of `path`.
|
|
*/
|
|
struct stat stat(const Path & path);
|
|
struct stat lstat(const Path & path);
|
|
/**
|
|
* `lstat` the given path if it exists.
|
|
* @return std::nullopt if the path doesn't exist, or an optional containing the result of `lstat` otherwise
|
|
*/
|
|
std::optional<struct stat> maybeLstat(const Path & path);
|
|
|
|
/**
|
|
* @return true iff the given path exists.
|
|
*
|
|
* In the process of being deprecated for `fs::symlink_exists`.
|
|
*/
|
|
bool pathExists(const Path & path);
|
|
|
|
namespace fs {
|
|
|
|
/**
|
|
* TODO: we may actually want to use pathExists instead of this function
|
|
* ```
|
|
* symlink_exists(p) = std::filesystem::exists(std::filesystem::symlink_status(p))
|
|
* ```
|
|
* Missing convenience analogous to
|
|
* ```
|
|
* std::filesystem::exists(p) = std::filesystem::exists(std::filesystem::status(p))
|
|
* ```
|
|
*/
|
|
bool symlink_exists(const std::filesystem::path & path);
|
|
|
|
} // namespace fs
|
|
|
|
/**
|
|
* Canonicalize a path except for the last component.
|
|
*
|
|
* This is useful for getting the canonical location of a symlink.
|
|
*
|
|
* Consider the case where `foo/l` is a symlink. `canonical("foo/l")` will
|
|
* resolve the symlink `l` to its target.
|
|
* `makeParentCanonical("foo/l")` will not resolve the symlink `l` to its target,
|
|
* but does ensure that the returned parent part of the path, `foo` is resolved
|
|
* to `canonical("foo")`, and can therefore be retrieved without traversing any
|
|
* symlinks.
|
|
*
|
|
* If a relative path is passed, it will be made absolute, so that the parent
|
|
* can always be canonicalized.
|
|
*/
|
|
std::filesystem::path makeParentCanonical(const std::filesystem::path & path);
|
|
|
|
/**
|
|
* A version of pathExists that returns false on a permission error.
|
|
* Useful for inferring default paths across directories that might not
|
|
* be readable.
|
|
* @return true iff the given path can be accessed and exists
|
|
*/
|
|
bool pathAccessible(const std::filesystem::path & path);
|
|
|
|
/**
|
|
* Read the contents (target) of a symbolic link. The result is not
|
|
* in any way canonicalised.
|
|
*
|
|
* In the process of being deprecated for
|
|
* `std::filesystem::read_symlink`.
|
|
*/
|
|
Path readLink(const Path & path);
|
|
|
|
/**
|
|
* Open a `Descriptor` with read-only access to the given directory.
|
|
*/
|
|
Descriptor openDirectory(const std::filesystem::path & path);
|
|
|
|
/**
|
|
* Read the contents of a file into a string.
|
|
*/
|
|
std::string readFile(const Path & path);
|
|
std::string readFile(const std::filesystem::path & path);
|
|
void readFile(const Path & path, Sink & sink);
|
|
|
|
enum struct FsSync { Yes, No };
|
|
|
|
/**
|
|
* Write a string to a file.
|
|
*/
|
|
void writeFile(const Path & path, std::string_view s, mode_t mode = 0666, FsSync sync = FsSync::No);
|
|
|
|
static inline void writeFile(const std::filesystem::path & path, std::string_view s, mode_t mode = 0666, FsSync sync = FsSync::No)
|
|
{
|
|
return writeFile(path.string(), s, mode, sync);
|
|
}
|
|
|
|
void writeFile(const Path & path, Source & source, mode_t mode = 0666, FsSync sync = FsSync::No);
|
|
|
|
static inline void writeFile(const std::filesystem::path & path, Source & source, mode_t mode = 0666, FsSync sync = FsSync::No)
|
|
{
|
|
return writeFile(path.string(), source, mode, sync);
|
|
}
|
|
|
|
void writeFile(AutoCloseFD & fd, const Path & origPath, std::string_view s, mode_t mode = 0666, FsSync sync = FsSync::No);
|
|
|
|
/**
|
|
* Flush a path's parent directory to disk.
|
|
*/
|
|
void syncParent(const Path & path);
|
|
|
|
/**
|
|
* Flush a file or entire directory tree to disk.
|
|
*/
|
|
void recursiveSync(const Path & path);
|
|
|
|
/**
|
|
* Delete a path; i.e., in the case of a directory, it is deleted
|
|
* recursively. It's not an error if the path does not exist. The
|
|
* second variant returns the number of bytes and blocks freed.
|
|
*/
|
|
void deletePath(const std::filesystem::path & path);
|
|
|
|
void deletePath(const std::filesystem::path & path, uint64_t & bytesFreed);
|
|
|
|
/**
|
|
* Create a directory and all its parents, if necessary.
|
|
*
|
|
* Wrapper around `std::filesystem::create_directories` to handle exceptions.
|
|
*/
|
|
void createDirs(const std::filesystem::path & path);
|
|
|
|
/**
|
|
* Create a single directory.
|
|
*/
|
|
void createDir(const Path & path, mode_t mode = 0755);
|
|
|
|
/**
|
|
* Set the access and modification times of the given path, not
|
|
* following symlinks.
|
|
*
|
|
* @param accessedTime Specified in seconds.
|
|
*
|
|
* @param modificationTime Specified in seconds.
|
|
*
|
|
* @param isSymlink Whether the file in question is a symlink. Used for
|
|
* fallback code where we don't have `lutimes` or similar. if
|
|
* `std::optional` is passed, the information will be recomputed if it
|
|
* is needed. Race conditions are possible so be careful!
|
|
*/
|
|
void setWriteTime(
|
|
const std::filesystem::path & path,
|
|
time_t accessedTime,
|
|
time_t modificationTime,
|
|
std::optional<bool> isSymlink = std::nullopt);
|
|
|
|
/**
|
|
* Convenience wrapper that takes all arguments from the `struct stat`.
|
|
*/
|
|
void setWriteTime(const std::filesystem::path & path, const struct stat & st);
|
|
|
|
/**
|
|
* Create a symlink.
|
|
*
|
|
*/
|
|
void createSymlink(const Path & target, const Path & link);
|
|
|
|
/**
|
|
* Atomically create or replace a symlink.
|
|
*/
|
|
void replaceSymlink(const std::filesystem::path & target, const std::filesystem::path & link);
|
|
|
|
inline void replaceSymlink(const Path & target, const Path & link)
|
|
{
|
|
return replaceSymlink(std::filesystem::path{target}, std::filesystem::path{link});
|
|
}
|
|
|
|
/**
|
|
* Similar to 'renameFile', but fallback to a copy+remove if `src` and `dst`
|
|
* are on a different filesystem.
|
|
*
|
|
* Beware that this might not be atomic because of the copy that happens behind
|
|
* the scenes
|
|
*/
|
|
void moveFile(const Path & src, const Path & dst);
|
|
|
|
/**
|
|
* Recursively copy the content of `oldPath` to `newPath`. If `andDelete` is
|
|
* `true`, then also remove `oldPath` (making this equivalent to `moveFile`, but
|
|
* with the guaranty that the destination will be “fresh”, with no stale inode
|
|
* or file descriptor pointing to it).
|
|
*/
|
|
void copyFile(const std::filesystem::path & from, const std::filesystem::path & to, bool andDelete);
|
|
|
|
/**
|
|
* Automatic cleanup of resources.
|
|
*/
|
|
class AutoDelete
|
|
{
|
|
std::filesystem::path _path;
|
|
bool del;
|
|
bool recursive;
|
|
public:
|
|
AutoDelete();
|
|
AutoDelete(const std::filesystem::path & p, bool recursive = true);
|
|
~AutoDelete();
|
|
|
|
void cancel();
|
|
|
|
void reset(const std::filesystem::path & p, bool recursive = true);
|
|
|
|
const std::filesystem::path & path() const { return _path; }
|
|
PathViewNG view() const { return _path; }
|
|
|
|
operator const std::filesystem::path & () const { return _path; }
|
|
operator PathViewNG () const { return _path; }
|
|
};
|
|
|
|
|
|
struct DIRDeleter
|
|
{
|
|
void operator()(DIR * dir) const {
|
|
closedir(dir);
|
|
}
|
|
};
|
|
|
|
typedef std::unique_ptr<DIR, DIRDeleter> AutoCloseDir;
|
|
|
|
|
|
/**
|
|
* Create a temporary directory.
|
|
*/
|
|
Path createTempDir(const Path & tmpRoot = "", const Path & prefix = "nix",
|
|
bool includePid = true, bool useGlobalCounter = true, mode_t mode = 0755);
|
|
|
|
/**
|
|
* Create a temporary file, returning a file handle and its path.
|
|
*/
|
|
std::pair<AutoCloseFD, Path> createTempFile(const Path & prefix = "nix");
|
|
|
|
/**
|
|
* Return `TMPDIR`, or the default temporary directory if unset or empty.
|
|
*/
|
|
Path defaultTempDir();
|
|
|
|
/**
|
|
* Interpret `exe` as a location in the ambient file system and return
|
|
* whether it resolves to a file that is executable.
|
|
*/
|
|
bool isExecutableFileAmbient(const std::filesystem::path & exe);
|
|
|
|
/**
|
|
* Used in various places.
|
|
*/
|
|
typedef std::function<bool(const Path & path)> PathFilter;
|
|
|
|
extern PathFilter defaultPathFilter;
|
|
|
|
}
|