create pathAccessible, use it to infer default dirs

This commit is contained in:
Yorick 2023-05-26 15:32:28 +02:00
parent a6c78ba367
commit 2c462486fe
No known key found for this signature in database
GPG key ID: D8D3CC6D951384DE
5 changed files with 26 additions and 14 deletions

View file

@ -2620,18 +2620,13 @@ Strings EvalSettings::getDefaultNixPath()
{ {
Strings res; Strings res;
auto add = [&](const Path & p, const std::string & s = std::string()) { auto add = [&](const Path & p, const std::string & s = std::string()) {
try { if (pathAccessible(p)) {
if (pathExists(p)) {
if (s.empty()) { if (s.empty()) {
res.push_back(p); res.push_back(p);
} else { } else {
res.push_back(s + "=" + p); res.push_back(s + "=" + p);
} }
} }
} catch (SysError & e) {
// swallow EPERM
if (e.errNo != EPERM) throw;
}
}; };
if (!evalSettings.restrictEval && !evalSettings.pureEval) { if (!evalSettings.restrictEval && !evalSettings.pureEval) {

View file

@ -57,8 +57,6 @@ Settings::Settings()
auto sslOverride = getEnv("NIX_SSL_CERT_FILE").value_or(getEnv("SSL_CERT_FILE").value_or("")); auto sslOverride = getEnv("NIX_SSL_CERT_FILE").value_or(getEnv("SSL_CERT_FILE").value_or(""));
if (sslOverride != "") if (sslOverride != "")
caFile = sslOverride; caFile = sslOverride;
else if (caFile == "")
caFile = getDefaultSSLCertFile();
/* Backwards compatibility. */ /* Backwards compatibility. */
auto s = getEnv("NIX_REMOTE_SYSTEMS"); auto s = getEnv("NIX_REMOTE_SYSTEMS");
@ -185,7 +183,7 @@ bool Settings::isWSL1()
Path Settings::getDefaultSSLCertFile() Path Settings::getDefaultSSLCertFile()
{ {
for (auto & fn : {"/etc/ssl/certs/ca-certificates.crt", "/nix/var/nix/profiles/default/etc/ssl/certs/ca-bundle.crt"}) for (auto & fn : {"/etc/ssl/certs/ca-certificates.crt", "/nix/var/nix/profiles/default/etc/ssl/certs/ca-bundle.crt"})
if (pathExists(fn)) return fn; if (pathAccessible(fn)) return fn;
return ""; return "";
} }

View file

@ -842,7 +842,7 @@ public:
)"}; )"};
Setting<Path> caFile{ Setting<Path> caFile{
this, "", "ssl-cert-file", this, getDefaultSSLCertFile(), "ssl-cert-file",
R"( R"(
The path of a file containing CA certificates used to The path of a file containing CA certificates used to
authenticate `https://` downloads. Nix by default will use authenticate `https://` downloads. Nix by default will use

View file

@ -266,6 +266,17 @@ bool pathExists(const Path & path)
return false; return false;
} }
bool pathAccessible(const Path & path)
{
try {
return pathExists(path);
} catch (SysError & e) {
// swallow EPERM
if (e.errNo == EPERM) return false;
throw;
}
}
Path readLink(const Path & path) Path readLink(const Path & path)
{ {

View file

@ -120,6 +120,14 @@ struct stat lstat(const Path & path);
*/ */
bool pathExists(const Path & path); bool pathExists(const Path & path);
/**
* A version of pathExists that returns false on a permission error.
* Useful for inferring default paths across directories that might not
* be readable.
* @return true iff the given path can be accessed and exists
*/
bool pathAccessible(const Path & path);
/** /**
* Read the contents (target) of a symbolic link. The result is not * Read the contents (target) of a symbolic link. The result is not
* in any way canonicalised. * in any way canonicalised.