maurice/snix
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

feat(3p/nix): add --trace-file-access to nix-instantiate

Browse source 
This builds on edef's work with depot-scan by adding a dedicated
flag to the command. We piggyback on upstream's restricted-mode
implementation, the checkSourcePath function.

Change-Id: I52bb613549f40dbca1e8caa036635910c1a3d6d0
Reviewed-on: https://cl.tvl.fyi/c/depot/+/1654
Tested-by: BuildkiteCI
Reviewed-by: glittershark <grfn@gws.fyi>
This commit is contained in:
Kane York 2020-08-04 19:12:49 -07:00 committed by kanepyork
parent 6a128fc162
commit 68b5306c56
4 changed files with 49 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

15
third_party/nix/src/libexpr/eval.cc vendored
View file

@ -379,6 +379,7 @@ EvalState::EvalState(const Strings& _searchPath, const ref<Store>& store)
EvalState::~EvalState() = default;
Path EvalState::checkSourcePath(const Path& path_) {
TraceFileAccess(path_);
if (!allowedPaths) {
return path_;
}
@ -1819,6 +1820,20 @@ void EvalState::printStats() {
}
}
void EvalState::TraceFileAccess(const Path& realPath) {
if (file_access_trace_fn.has_value()) {
if (last_traced_file != realPath) {
(*file_access_trace_fn)(realPath);
// Basic deduplication.
last_traced_file = std::string(realPath);
}
}
}
void EvalState::EnableFileAccessTracing(std::function<void(const Path&)> fn) {
file_access_trace_fn = fn;
}
size_t valueSize(const Value& v) {
traceable_flat_hash_set<const Bindings*> seenBindings;
traceable_flat_hash_set<const Env*> seenEnvs;