lix/src/libstore/remote-store.hh
Eelco Dolstra 765bdfe542 * When NIX_REMOTE is set to "slave", fork off nix-worker in slave
mode.  Presumably nix-worker would be setuid to the Nix store user.
  The worker performs all operations on the Nix store and database, so
  the caller can be completely unprivileged.

  This is already much more secure than the old setuid scheme, since
  the worker doesn't need to do Nix expression evaluation and so on.
  Most importantly, this means that it doesn't need to access any user
  files, with all resulting security risks; it only performs pure
  store operations.

  Once this works, it is easy to move to a daemon model that forks off
  a worker for connections established through a Unix domain socket.
  That would be even more secure.
2006-11-30 19:54:43 +00:00

65 lines
1.1 KiB
C++

#ifndef __REMOTE_STORE_H
#define __REMOTE_STORE_H
#include <string>
#include "store-api.hh"
namespace nix {
class Pipe;
class Pid;
struct FdSink;
struct FdSource;
class RemoteStore : public StoreAPI
{
public:
RemoteStore();
~RemoteStore();
/* Implementations of abstract store API methods. */
bool isValidPath(const Path & path);
Substitutes querySubstitutes(const Path & srcPath);
Hash queryPathHash(const Path & path);
void queryReferences(const Path & storePath,
PathSet & references);
void queryReferrers(const Path & storePath,
PathSet & referrers);
Path addToStore(const Path & srcPath);
Path addToStoreFixed(bool recursive, string hashAlgo,
const Path & srcPath);
Path addTextToStore(const string & suffix, const string & s,
const PathSet & references);
void buildDerivations(const PathSet & drvPaths);
void ensurePath(const Path & storePath);
private:
Pipe toChild;
Pipe fromChild;
FdSink to;
FdSource from;
Pid child;
};
}
#endif /* !__REMOTE_STORE_H */