Merge pull request #4038 from maljub01/master
Add a nix.conf option for allowing a symlinked store
This commit is contained in:
commit
5b107f2c5f
|
@ -42,6 +42,7 @@ Settings::Settings()
|
||||||
{
|
{
|
||||||
buildUsersGroup = getuid() == 0 ? "nixbld" : "";
|
buildUsersGroup = getuid() == 0 ? "nixbld" : "";
|
||||||
lockCPU = getEnv("NIX_AFFINITY_HACK") == "1";
|
lockCPU = getEnv("NIX_AFFINITY_HACK") == "1";
|
||||||
|
allowSymlinkedStore = getEnv("NIX_IGNORE_SYMLINK_STORE") == "1";
|
||||||
|
|
||||||
caFile = getEnv("NIX_SSL_CERT_FILE").value_or(getEnv("SSL_CERT_FILE").value_or(""));
|
caFile = getEnv("NIX_SSL_CERT_FILE").value_or(getEnv("SSL_CERT_FILE").value_or(""));
|
||||||
if (caFile == "") {
|
if (caFile == "") {
|
||||||
|
|
|
@ -880,6 +880,19 @@ public:
|
||||||
|
|
||||||
Setting<std::string> flakeRegistry{this, "https://github.com/NixOS/flake-registry/raw/master/flake-registry.json", "flake-registry",
|
Setting<std::string> flakeRegistry{this, "https://github.com/NixOS/flake-registry/raw/master/flake-registry.json", "flake-registry",
|
||||||
"Path or URI of the global flake registry."};
|
"Path or URI of the global flake registry."};
|
||||||
|
|
||||||
|
Setting<bool> allowSymlinkedStore{
|
||||||
|
this, false, "allow-symlinked-store",
|
||||||
|
R"(
|
||||||
|
If set to `true`, Nix will stop complaining if the store directory
|
||||||
|
(typically /nix/store) contains symlink components.
|
||||||
|
|
||||||
|
This risks making some builds "impure" because builders sometimes
|
||||||
|
"canonicalise" paths by resolving all symlink components. Problems
|
||||||
|
occur if those builds are then deployed to machines where /nix/store
|
||||||
|
resolves to a different location from that of the build machine. You
|
||||||
|
can enable this setting if you are sure you're not going to do that.
|
||||||
|
)"};
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
||||||
|
|
|
@ -110,7 +110,7 @@ LocalStore::LocalStore(const Params & params)
|
||||||
}
|
}
|
||||||
|
|
||||||
/* Ensure that the store and its parents are not symlinks. */
|
/* Ensure that the store and its parents are not symlinks. */
|
||||||
if (getEnv("NIX_IGNORE_SYMLINK_STORE") != "1") {
|
if (!settings.allowSymlinkedStore) {
|
||||||
Path path = realStoreDir;
|
Path path = realStoreDir;
|
||||||
struct stat st;
|
struct stat st;
|
||||||
while (path != "/") {
|
while (path != "/") {
|
||||||
|
|
Loading…
Reference in a new issue