2003-06-16 13:33:38 +00:00
|
|
|
|
#include "globals.hh"
|
2006-09-04 21:06:23 +00:00
|
|
|
|
#include "util.hh"
|
2014-07-16 14:02:05 +00:00
|
|
|
|
#include "archive.hh"
|
2017-04-13 18:53:23 +00:00
|
|
|
|
#include "args.hh"
|
2003-06-16 13:33:38 +00:00
|
|
|
|
|
2005-09-22 15:43:22 +00:00
|
|
|
|
#include <algorithm>
|
2017-02-27 15:01:54 +00:00
|
|
|
|
#include <map>
|
|
|
|
|
|
#include <thread>
|
2005-02-01 22:07:48 +00:00
|
|
|
|
|
|
|
|
|
|
|
2006-09-04 21:06:23 +00:00
|
|
|
|
namespace nix {
|
|
|
|
|
|
|
|
|
|
|
|
|
2013-03-08 00:24:59 +00:00
|
|
|
|
/* The default location of the daemon socket, relative to nixStateDir.
|
|
|
|
|
|
The socket is in a directory to allow you to control access to the
|
|
|
|
|
|
Nix daemon by setting the mode/ownership of the directory
|
|
|
|
|
|
appropriately. (This wouldn't work on the socket itself since it
|
|
|
|
|
|
must be deleted and recreated on startup.) */
|
|
|
|
|
|
#define DEFAULT_SOCKET_PATH "/daemon-socket/socket"
|
|
|
|
|
|
|
Explicitly model all settings and fail on unrecognized ones
Previously, the Settings class allowed other code to query for string
properties, which led to a proliferation of code all over the place making
up new options without any sort of central registry of valid options. This
commit pulls all those options back into the central Settings class and
removes the public get() methods, to discourage future abuses like that.
Furthermore, because we know the full set of options ahead of time, we
now fail loudly if someone enters an unrecognized option, thus preventing
subtle typos. With some template fun, we could probably also dump the full
set of options (with documentation, defaults, etc.) to the command line,
but I'm not doing that yet here.
2017-02-22 03:50:18 +00:00
|
|
|
|
/* chroot-like behavior from Apple's sandbox */
|
|
|
|
|
|
#if __APPLE__
|
|
|
|
|
|
#define DEFAULT_ALLOWED_IMPURE_PREFIXES "/System/Library /usr/lib /dev /bin/sh"
|
|
|
|
|
|
#else
|
|
|
|
|
|
#define DEFAULT_ALLOWED_IMPURE_PREFIXES ""
|
|
|
|
|
|
#endif
|
2013-03-08 00:24:59 +00:00
|
|
|
|
|
2012-07-30 23:55:41 +00:00
|
|
|
|
Settings settings;
|
2003-07-31 13:47:13 +00:00
|
|
|
|
|
2012-07-30 23:55:41 +00:00
|
|
|
|
Settings::Settings()
|
2017-04-13 18:53:23 +00:00
|
|
|
|
: Config({})
|
|
|
|
|
|
, nixPrefix(NIX_PREFIX)
|
|
|
|
|
|
, nixStore(canonPath(getEnv("NIX_STORE_DIR", getEnv("NIX_STORE", NIX_STORE_DIR))))
|
|
|
|
|
|
, nixDataDir(canonPath(getEnv("NIX_DATA_DIR", NIX_DATA_DIR)))
|
|
|
|
|
|
, nixLogDir(canonPath(getEnv("NIX_LOG_DIR", NIX_LOG_DIR)))
|
|
|
|
|
|
, nixStateDir(canonPath(getEnv("NIX_STATE_DIR", NIX_STATE_DIR)))
|
|
|
|
|
|
, nixConfDir(canonPath(getEnv("NIX_CONF_DIR", NIX_CONF_DIR)))
|
|
|
|
|
|
, nixLibexecDir(canonPath(getEnv("NIX_LIBEXEC_DIR", NIX_LIBEXEC_DIR)))
|
|
|
|
|
|
, nixBinDir(canonPath(getEnv("NIX_BIN_DIR", NIX_BIN_DIR)))
|
|
|
|
|
|
, nixDaemonSocketFile(canonPath(nixStateDir + DEFAULT_SOCKET_PATH))
|
2012-07-30 23:55:41 +00:00
|
|
|
|
{
|
2014-05-02 10:46:03 +00:00
|
|
|
|
buildUsersGroup = getuid() == 0 ? "nixbld" : "";
|
2013-09-06 14:36:56 +00:00
|
|
|
|
lockCPU = getEnv("NIX_AFFINITY_HACK", "1") == "1";
|
2017-03-06 19:30:35 +00:00
|
|
|
|
caFile = getEnv("NIX_SSL_CERT_FILE", getEnv("SSL_CERT_FILE", "/etc/ssl/certs/ca-certificates.crt"));
|
Explicitly model all settings and fail on unrecognized ones
Previously, the Settings class allowed other code to query for string
properties, which led to a proliferation of code all over the place making
up new options without any sort of central registry of valid options. This
commit pulls all those options back into the central Settings class and
removes the public get() methods, to discourage future abuses like that.
Furthermore, because we know the full set of options ahead of time, we
now fail loudly if someone enters an unrecognized option, thus preventing
subtle typos. With some template fun, we could probably also dump the full
set of options (with documentation, defaults, etc.) to the command line,
but I'm not doing that yet here.
2017-02-22 03:50:18 +00:00
|
|
|
|
|
|
|
|
|
|
#if __linux__
|
|
|
|
|
|
sandboxPaths = tokenizeString<StringSet>("/bin/sh=" BASH_PATH);
|
|
|
|
|
|
#endif
|
|
|
|
|
|
|
|
|
|
|
|
allowedImpureHostPrefixes = tokenizeString<StringSet>(DEFAULT_ALLOWED_IMPURE_PREFIXES);
|
2005-09-22 15:43:22 +00:00
|
|
|
|
}
|
2005-02-01 22:07:48 +00:00
|
|
|
|
|
2012-07-30 23:55:41 +00:00
|
|
|
|
void Settings::loadConfFile()
|
2005-02-01 22:07:48 +00:00
|
|
|
|
{
|
2017-04-13 18:53:23 +00:00
|
|
|
|
applyConfigFile(nixConfDir + "/nix.conf");
|
2005-02-01 22:07:48 +00:00
|
|
|
|
}
|
|
|
|
|
|
|
2012-07-30 23:55:41 +00:00
|
|
|
|
void Settings::set(const string & name, const string & value)
|
2005-02-01 22:07:48 +00:00
|
|
|
|
{
|
2012-07-31 22:19:44 +00:00
|
|
|
|
overrides[name] = value;
|
2017-04-13 18:53:23 +00:00
|
|
|
|
Config::set(name, value);
|
2005-02-01 22:07:48 +00:00
|
|
|
|
}
|
2005-02-14 13:07:09 +00:00
|
|
|
|
|
2017-04-13 18:53:23 +00:00
|
|
|
|
StringMap Settings::getOverrides()
|
Explicitly model all settings and fail on unrecognized ones
Previously, the Settings class allowed other code to query for string
properties, which led to a proliferation of code all over the place making
up new options without any sort of central registry of valid options. This
commit pulls all those options back into the central Settings class and
removes the public get() methods, to discourage future abuses like that.
Furthermore, because we know the full set of options ahead of time, we
now fail loudly if someone enters an unrecognized option, thus preventing
subtle typos. With some template fun, we could probably also dump the full
set of options (with documentation, defaults, etc.) to the command line,
but I'm not doing that yet here.
2017-02-22 03:50:18 +00:00
|
|
|
|
{
|
2017-04-13 18:53:23 +00:00
|
|
|
|
return overrides;
|
2005-02-14 13:07:09 +00:00
|
|
|
|
}
|
2006-09-04 21:06:23 +00:00
|
|
|
|
|
2017-04-13 18:53:23 +00:00
|
|
|
|
unsigned int Settings::getDefaultCores()
|
2006-12-08 15:44:00 +00:00
|
|
|
|
{
|
2017-04-13 18:53:23 +00:00
|
|
|
|
return std::max(1U, std::thread::hardware_concurrency());
|
2009-02-27 11:04:41 +00:00
|
|
|
|
}
|
|
|
|
|
|
|
2017-04-13 18:53:23 +00:00
|
|
|
|
const string nixVersion = PACKAGE_VERSION;
|
2009-02-27 11:04:41 +00:00
|
|
|
|
|
2017-04-13 18:53:23 +00:00
|
|
|
|
template<> void Setting<SandboxMode>::set(const std::string & str)
|
2008-11-20 12:25:11 +00:00
|
|
|
|
{
|
2017-04-13 18:53:23 +00:00
|
|
|
|
if (str == "true") value = smEnabled;
|
|
|
|
|
|
else if (str == "relaxed") value = smRelaxed;
|
|
|
|
|
|
else if (str == "false") value = smDisabled;
|
|
|
|
|
|
else throw UsageError("option '%s' has invalid value '%s'", name, str);
|
Explicitly model all settings and fail on unrecognized ones
Previously, the Settings class allowed other code to query for string
properties, which led to a proliferation of code all over the place making
up new options without any sort of central registry of valid options. This
commit pulls all those options back into the central Settings class and
removes the public get() methods, to discourage future abuses like that.
Furthermore, because we know the full set of options ahead of time, we
now fail loudly if someone enters an unrecognized option, thus preventing
subtle typos. With some template fun, we could probably also dump the full
set of options (with documentation, defaults, etc.) to the command line,
but I'm not doing that yet here.
2017-02-22 03:50:18 +00:00
|
|
|
|
}
|
|
|
|
|
|
|
2017-04-13 18:53:23 +00:00
|
|
|
|
template<> std::string Setting<SandboxMode>::to_string()
|
Explicitly model all settings and fail on unrecognized ones
Previously, the Settings class allowed other code to query for string
properties, which led to a proliferation of code all over the place making
up new options without any sort of central registry of valid options. This
commit pulls all those options back into the central Settings class and
removes the public get() methods, to discourage future abuses like that.
Furthermore, because we know the full set of options ahead of time, we
now fail loudly if someone enters an unrecognized option, thus preventing
subtle typos. With some template fun, we could probably also dump the full
set of options (with documentation, defaults, etc.) to the command line,
but I'm not doing that yet here.
2017-02-22 03:50:18 +00:00
|
|
|
|
{
|
2017-04-13 18:53:23 +00:00
|
|
|
|
if (value == smEnabled) return "true";
|
|
|
|
|
|
else if (value == smRelaxed) return "relaxed";
|
|
|
|
|
|
else if (value == smDisabled) return "false";
|
|
|
|
|
|
else abort();
|
2008-11-20 12:25:11 +00:00
|
|
|
|
}
|
|
|
|
|
|
|
2017-04-13 18:53:23 +00:00
|
|
|
|
template<> void Setting<unsigned int, Settings::MaxBuildJobsTag>::set(const std::string & str)
|
2014-02-08 05:05:46 +00:00
|
|
|
|
{
|
2017-04-13 18:53:23 +00:00
|
|
|
|
if (str == "auto") value = std::max(1U, std::thread::hardware_concurrency());
|
|
|
|
|
|
else if (!string2Int(str, value))
|
|
|
|
|
|
throw UsageError("configuration setting ‘%s’ should be ‘auto’ or an integer", name);
|
2014-02-08 05:05:46 +00:00
|
|
|
|
}
|
|
|
|
|
|
|
2017-04-13 18:53:23 +00:00
|
|
|
|
template<> std::string Setting<unsigned int, Settings::MaxBuildJobsTag>::to_string()
|
2011-11-22 17:28:41 +00:00
|
|
|
|
{
|
2017-04-13 18:53:23 +00:00
|
|
|
|
return std::to_string(value);
|
2011-11-22 17:28:41 +00:00
|
|
|
|
}
|
|
|
|
|
|
|
2017-04-13 18:53:23 +00:00
|
|
|
|
template<> void Setting<bool, Settings::CaseHackTag>::set(const std::string & str)
|
2012-07-30 20:09:54 +00:00
|
|
|
|
{
|
2017-04-13 18:53:23 +00:00
|
|
|
|
value = parseBool(str);
|
|
|
|
|
|
nix::useCaseHack = true;
|
2012-07-30 20:09:54 +00:00
|
|
|
|
}
|
|
|
|
|
|
|
2017-04-13 18:53:23 +00:00
|
|
|
|
template<> std::string Setting<bool, Settings::CaseHackTag>::to_string()
|
2012-07-31 22:19:44 +00:00
|
|
|
|
{
|
2017-04-13 18:53:23 +00:00
|
|
|
|
return printBool(value);
|
2012-07-31 22:19:44 +00:00
|
|
|
|
}
|
|
|
|
|
|
|
2006-09-04 21:06:23 +00:00
|
|
|
|
}
|
