Drop support for running nix-worker in "slave" mode

AFAIK nobody uses this, setuid binaries are evil, and there is no good reason why people can't just run the daemon.
2012-10-03 17:30:45 -04:00 · 2012-10-03 17:30:45 -04:00 · 522ecab9b8
commit 522ecab9b8
parent 7586095504
6 changed files with 9 additions and 146 deletions
--- a/src/libstore/remote-store.cc
+++ b/src/libstore/remote-store.cc
@ -50,16 +50,12 @@ void RemoteStore::openConnection(bool reserveSpace)

    string remoteMode = getEnv("NIX_REMOTE");

-    if (remoteMode == "slave")
-        /* Fork off a setuid worker to do the privileged work. */
-        forkSlave();
-    else if (remoteMode == "daemon")
+    if (remoteMode == "daemon")
        /* Connect to a daemon that does the privileged work for
           us. */
-       connectToDaemon();
+        connectToDaemon();
    else
-         throw Error(format("invalid setting for NIX_REMOTE, `%1%'")
-             % remoteMode);
+        throw Error(format("invalid setting for NIX_REMOTE, `%1%'") % remoteMode);

    from.fd = fdSocket;
    to.fd = fdSocket;
@ -88,54 +84,6 @@ void RemoteStore::openConnection(bool reserveSpace)
 }


-void RemoteStore::forkSlave()
-{
-    int sockets[2];
-    if (socketpair(AF_UNIX, SOCK_STREAM, 0, sockets) == -1)
-        throw SysError("cannot create sockets");
-
-    fdSocket = sockets[0];
-    AutoCloseFD fdChild = sockets[1];
-
-    /* Start the worker. */
-    Path worker = getEnv("NIX_WORKER");
-    if (worker == "")
-        worker = settings.nixBinDir + "/nix-worker";
-
-    child = fork();
-
-    switch (child) {
-
-    case -1:
-        throw SysError("unable to fork");
-
-    case 0:
-        try { /* child */
-
-            if (dup2(fdChild, STDOUT_FILENO) == -1)
-                throw SysError("dupping write side");
-
-            if (dup2(fdChild, STDIN_FILENO) == -1)
-                throw SysError("dupping read side");
-
-            close(fdSocket);
-            close(fdChild);
-
-            execlp(worker.c_str(), worker.c_str(), "--slave", NULL);
-
-            throw SysError(format("executing `%1%'") % worker);
-
-        } catch (std::exception & e) {
-            std::cerr << format("child error: %1%\n") % e.what();
-        }
-        quickExit(1);
-    }
-
-    fdChild.close();
-
-}
-
-
 void RemoteStore::connectToDaemon()
 {
    fdSocket = socket(PF_UNIX, SOCK_STREAM, 0);