forked from lix-project/lix
* Add indirect root registration to the protocol so that unprivileged
processes can register indirect roots. Of course, there is still the problem that the garbage collector can only read the targets of the indirect roots when it's running as root...
This commit is contained in:
parent
0d40f6d7bb
commit
74033a844f
|
@ -82,6 +82,15 @@ void LocalStore::syncWithGC()
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
void LocalStore::addIndirectRoot(const Path & path)
|
||||||
|
{
|
||||||
|
string hash = printHash32(hashString(htSHA1, path));
|
||||||
|
Path realRoot = canonPath((format("%1%/%2%/auto/%3%")
|
||||||
|
% nixStateDir % gcRootsDir % hash).str());
|
||||||
|
createSymlink(realRoot, path, false);
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
Path addPermRoot(const Path & _storePath, const Path & _gcRoot,
|
Path addPermRoot(const Path & _storePath, const Path & _gcRoot,
|
||||||
bool indirect, bool allowOutsideRootsDir)
|
bool indirect, bool allowOutsideRootsDir)
|
||||||
{
|
{
|
||||||
|
@ -90,12 +99,8 @@ Path addPermRoot(const Path & _storePath, const Path & _gcRoot,
|
||||||
assertStorePath(storePath);
|
assertStorePath(storePath);
|
||||||
|
|
||||||
if (indirect) {
|
if (indirect) {
|
||||||
string hash = printHash32(hashString(htSHA1, gcRoot));
|
|
||||||
Path realRoot = canonPath((format("%1%/%2%/auto/%3%")
|
|
||||||
% nixStateDir % gcRootsDir % hash).str());
|
|
||||||
|
|
||||||
createSymlink(gcRoot, storePath, true);
|
createSymlink(gcRoot, storePath, true);
|
||||||
createSymlink(realRoot, gcRoot, false);
|
store->addIndirectRoot(gcRoot);
|
||||||
}
|
}
|
||||||
|
|
||||||
else {
|
else {
|
||||||
|
|
|
@ -61,6 +61,8 @@ public:
|
||||||
|
|
||||||
void addTempRoot(const Path & path);
|
void addTempRoot(const Path & path);
|
||||||
|
|
||||||
|
void addIndirectRoot(const Path & path);
|
||||||
|
|
||||||
void syncWithGC();
|
void syncWithGC();
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
|
@ -253,6 +253,15 @@ void RemoteStore::addTempRoot(const Path & path)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
void RemoteStore::addIndirectRoot(const Path & path)
|
||||||
|
{
|
||||||
|
writeInt(wopAddIndirectRoot, to);
|
||||||
|
writeString(path, to);
|
||||||
|
processStderr();
|
||||||
|
readInt(from);
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
void RemoteStore::syncWithGC()
|
void RemoteStore::syncWithGC()
|
||||||
{
|
{
|
||||||
writeInt(wopSyncWithGC, to);
|
writeInt(wopSyncWithGC, to);
|
||||||
|
|
|
@ -49,6 +49,8 @@ public:
|
||||||
|
|
||||||
void addTempRoot(const Path & path);
|
void addTempRoot(const Path & path);
|
||||||
|
|
||||||
|
void addIndirectRoot(const Path & path);
|
||||||
|
|
||||||
void syncWithGC();
|
void syncWithGC();
|
||||||
|
|
||||||
private:
|
private:
|
||||||
|
|
|
@ -91,6 +91,13 @@ public:
|
||||||
The root disappears as soon as we exit. */
|
The root disappears as soon as we exit. */
|
||||||
virtual void addTempRoot(const Path & path) = 0;
|
virtual void addTempRoot(const Path & path) = 0;
|
||||||
|
|
||||||
|
/* Add an indirect root, which is merely a symlink to `path' from
|
||||||
|
/nix/var/nix/gcroots/auto/<hash of `path'>. `path' is supposed
|
||||||
|
to be a symlink to a store path. The garbage collector will
|
||||||
|
automatically remove the indirect root when it finds that
|
||||||
|
`path' has disappeared. */
|
||||||
|
virtual void addIndirectRoot(const Path & path) = 0;
|
||||||
|
|
||||||
/* Acquire the global GC lock, then immediately release it. This
|
/* Acquire the global GC lock, then immediately release it. This
|
||||||
function must be called after registering a new permanent root,
|
function must be called after registering a new permanent root,
|
||||||
but before exiting. Otherwise, it is possible that a running
|
but before exiting. Otherwise, it is possible that a running
|
||||||
|
|
|
@ -19,7 +19,8 @@ typedef enum {
|
||||||
wopBuildDerivations,
|
wopBuildDerivations,
|
||||||
wopEnsurePath,
|
wopEnsurePath,
|
||||||
wopAddTempRoot,
|
wopAddTempRoot,
|
||||||
wopSyncWithGC
|
wopAddIndirectRoot,
|
||||||
|
wopSyncWithGC,
|
||||||
} WorkerOp;
|
} WorkerOp;
|
||||||
|
|
||||||
|
|
||||||
|
|
|
@ -269,6 +269,15 @@ static void performOp(Source & from, Sink & to, unsigned int op)
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
case wopAddIndirectRoot: {
|
||||||
|
Path path = absPath(readString(from));
|
||||||
|
startWork();
|
||||||
|
store->addIndirectRoot(path);
|
||||||
|
stopWork();
|
||||||
|
writeInt(1, to);
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
|
||||||
case wopSyncWithGC: {
|
case wopSyncWithGC: {
|
||||||
startWork();
|
startWork();
|
||||||
store->syncWithGC();
|
store->syncWithGC();
|
||||||
|
@ -473,6 +482,7 @@ void run(Strings args)
|
||||||
else if (daemon) {
|
else if (daemon) {
|
||||||
if (setuidMode)
|
if (setuidMode)
|
||||||
throw Error("daemon cannot be started in setuid mode");
|
throw Error("daemon cannot be started in setuid mode");
|
||||||
|
chdir("/");
|
||||||
daemonLoop();
|
daemonLoop();
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue