From 68dcbb187e540034e85b5b77d1b37cec1759a587 Mon Sep 17 00:00:00 2001 From: Eelco Dolstra Date: Fri, 21 Dec 2012 15:00:07 +0100 Subject: [PATCH] download-from-binary-cache: Use the channels of the calling user rather than root This should make live easier for single-user (non-daemon) installations. Note that when the daemon is used, the "calling user" is root so we're not using any untrusted caches. --- doc/manual/conf-file.xml | 10 ++++++---- scripts/download-from-binary-cache.pl.in | 4 +++- 2 files changed, 9 insertions(+), 5 deletions(-) diff --git a/doc/manual/conf-file.xml b/doc/manual/conf-file.xml index 6a575b9e3..70437686d 100644 --- a/doc/manual/conf-file.xml +++ b/doc/manual/conf-file.xml @@ -341,10 +341,12 @@ build-use-chroot = /dev /proc /bin A list of names of files that will be read to obtain additional binary cache URLs. The default is - /nix/var/nix/profiles/per-user/root/channels/binary-caches/*, - which ensures that Nix will use the binary caches corresponding to - the channels installed by root. Do not set this option to read - files created by untrusted users! + /nix/var/nix/profiles/per-user/username/channels/binary-caches/*. + Note that when you’re using the Nix daemon, + username is always equal to + root, so Nix will only use the binary caches + provided by the channels installed by root. Do not set this + option to read files created by untrusted users! diff --git a/scripts/download-from-binary-cache.pl.in b/scripts/download-from-binary-cache.pl.in index b82246671..98333dafb 100644 --- a/scripts/download-from-binary-cache.pl.in +++ b/scripts/download-from-binary-cache.pl.in @@ -36,6 +36,8 @@ my %requests; my %scheduled; my $caBundle = $ENV{"CURL_CA_BUNDLE"} // $ENV{"OPENSSL_X509_CERT_FILE"}; +my $userName = getpwuid($<) or die "cannot figure out user name"; + sub addRequest { my ($storePath, $url, $head) = @_; @@ -195,7 +197,7 @@ sub getAvailableCaches { # // ($Nix::Config::storeDir eq "/nix/store" ? "http://nixos.org/binary-cache" : "")); my $urlsFiles = $Nix::Config::config{"binary-cache-files"} - // "/nix/var/nix/profiles/per-user/root/channels/binary-caches/*"; + // "$Nix::Config::stateDir/profiles/per-user/$userName/channels/binary-caches/*"; foreach my $urlFile (glob $urlsFiles) { next unless -f $urlFile; open FILE, "<$urlFile" or die "cannot open ‘$urlFile’\n";