Refactoring: Add allowPath() method

This commit is contained in:
Eelco Dolstra 2021-10-07 12:11:00 +02:00
parent c9ee634f75
commit cfaad7168e
7 changed files with 21 additions and 17 deletions

View file

@ -445,12 +445,12 @@ EvalState::EvalState(
StorePathSet closure; StorePathSet closure;
store->computeFSClosure(store->toStorePath(r.second).first, closure); store->computeFSClosure(store->toStorePath(r.second).first, closure);
for (auto & path : closure) for (auto & path : closure)
allowedPaths->insert(store->printStorePath(path)); allowPath(store->printStorePath(path));
} catch (InvalidPath &) { } catch (InvalidPath &) {
allowedPaths->insert(r.second); allowPath(r.second);
} }
} else } else
allowedPaths->insert(r.second); allowPath(r.second);
} }
} }
@ -482,6 +482,12 @@ void EvalState::requireExperimentalFeatureOnEvaluation(
} }
} }
void EvalState::allowPath(const Path & path)
{
if (allowedPaths)
allowedPaths->insert(path);
}
Path EvalState::checkSourcePath(const Path & path_) Path EvalState::checkSourcePath(const Path & path_)
{ {
if (!allowedPaths) return path_; if (!allowedPaths) return path_;

View file

@ -150,6 +150,11 @@ public:
SearchPath getSearchPath() { return searchPath; } SearchPath getSearchPath() { return searchPath; }
/* Allow access to a path. */
void allowPath(const Path & path);
/* Check whether access to a path is allowed and throw an error if
not. Otherwise return the canonicalised path. */
Path checkSourcePath(const Path & path); Path checkSourcePath(const Path & path);
void checkURI(const std::string & uri); void checkURI(const std::string & uri);

View file

@ -64,8 +64,7 @@ static std::tuple<fetchers::Tree, FlakeRef, FlakeRef> fetchOrSubstituteTree(
debug("got tree '%s' from '%s'", debug("got tree '%s' from '%s'",
state.store->printStorePath(tree.storePath), lockedRef); state.store->printStorePath(tree.storePath), lockedRef);
if (state.allowedPaths) state.allowPath(tree.actualPath);
state.allowedPaths->insert(tree.actualPath);
assert(!originalRef.input.getNarHash() || tree.storePath == originalRef.input.computeStorePath(*state.store)); assert(!originalRef.input.getNarHash() || tree.storePath == originalRef.input.computeStorePath(*state.store));

View file

@ -1892,8 +1892,7 @@ static void addPath(EvalState & state, const Pos & pos, const string & name, con
mkString(v, dstPath, {dstPath}); mkString(v, dstPath, {dstPath});
if (state.allowedPaths) state.allowPath(v.string.s);
state.allowedPaths->insert(v.string.s);
} }

View file

@ -84,8 +84,7 @@ static void prim_fetchMercurial(EvalState & state, const Pos & pos, Value * * ar
mkInt(*state.allocAttr(v, state.symbols.create("revCount")), *revCount); mkInt(*state.allocAttr(v, state.symbols.create("revCount")), *revCount);
v.attrs->sort(); v.attrs->sort();
if (state.allowedPaths) state.allowPath(tree.actualPath);
state.allowedPaths->insert(tree.actualPath);
} }
static RegisterPrimOp r_fetchMercurial("fetchMercurial", 1, prim_fetchMercurial); static RegisterPrimOp r_fetchMercurial("fetchMercurial", 1, prim_fetchMercurial);

View file

@ -169,8 +169,7 @@ static void fetchTree(
auto [tree, input2] = input.fetch(state.store); auto [tree, input2] = input.fetch(state.store);
if (state.allowedPaths) state.allowPath(tree.actualPath);
state.allowedPaths->insert(tree.actualPath);
emitTreeAttrs(state, tree, input2, v, params.emptyRevFallback, false); emitTreeAttrs(state, tree, input2, v, params.emptyRevFallback, false);
} }
@ -245,8 +244,7 @@ static void fetch(EvalState & state, const Pos & pos, Value * * args, Value & v,
*url, expectedHash->to_string(Base32, true), hash.to_string(Base32, true)); *url, expectedHash->to_string(Base32, true), hash.to_string(Base32, true));
} }
if (state.allowedPaths) state.allowPath(realPath);
state.allowedPaths->insert(realPath);
auto path = state.store->printStorePath(storePath); auto path = state.store->printStorePath(storePath);
mkString(v, path, PathSet({path})); mkString(v, path, PathSet({path}));

View file

@ -98,10 +98,8 @@ struct ProfileManifest
else if (pathExists(profile + "/manifest.nix")) { else if (pathExists(profile + "/manifest.nix")) {
// FIXME: needed because of pure mode; ugly. // FIXME: needed because of pure mode; ugly.
if (state.allowedPaths) { state.allowPath(state.store->followLinksToStore(profile));
state.allowedPaths->insert(state.store->followLinksToStore(profile)); state.allowPath(state.store->followLinksToStore(profile + "/manifest.nix"));
state.allowedPaths->insert(state.store->followLinksToStore(profile + "/manifest.nix"));
}
auto drvInfos = queryInstalled(state, state.store->followLinksToStore(profile)); auto drvInfos = queryInstalled(state, state.store->followLinksToStore(profile));