maurice/snix
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Revert "Prevent config.h from being clobbered"

Browse source 
This reverts commit 28bba8c44f.
This commit is contained in:
Eelco Dolstra 2013-03-08 01:24:59 +01:00
parent e73d9e9488
commit bdd4646338
27 changed files with 277 additions and 165 deletions
Download patch file Download diff file Expand all files Collapse all files

18
src/libstore/build.cc
View file

@ -43,6 +43,12 @@
#include <sched.h>
#endif
/* In GNU libc 2.11, <sys/mount.h> does not define `MS_PRIVATE', but
<linux/fs.h> does. */
#if !defined MS_PRIVATE && defined HAVE_LINUX_FS_H
#include <linux/fs.h>
#endif
#define CHROOT_ENABLED HAVE_CHROOT && HAVE_UNSHARE && HAVE_SYS_MOUNT_H && defined(MS_BIND) && defined(MS_PRIVATE) && defined(CLONE_NEWNS)
#if CHROOT_ENABLED
@ -2281,7 +2287,7 @@ void DerivationGoal::computeClosure()
}
/* Get rid of all weird permissions. */
canonicalisePathMetaData(path);
canonicalisePathMetaData(path, buildUser.enabled() ? buildUser.getUID() : -1);
/* For this output path, find the references to other paths
contained in it. Compute the SHA-256 NAR hash at the same
@ -2343,13 +2349,15 @@ Path DerivationGoal::openLogFile()
{
if (!settings.keepLog) return "";
string baseName = baseNameOf(drvPath);
/* Create a log file. */
Path dir = (format("%1%/%2%") % settings.nixLogDir % drvsLogDir).str();
Path dir = (format("%1%/%2%/%3%/") % settings.nixLogDir % drvsLogDir % string(baseName, 0, 2)).str();
createDirs(dir);
if (settings.compressLog) {
Path logFileName = (format("%1%/%2%.bz2") % dir % baseNameOf(drvPath)).str();
Path logFileName = (format("%1%/%2%.bz2") % dir % string(baseName, 2)).str();
AutoCloseFD fd = open(logFileName.c_str(), O_CREAT | O_WRONLY | O_TRUNC, 0666);
if (fd == -1) throw SysError(format("creating log file `%1%'") % logFileName);
closeOnExec(fd);
@ -2364,7 +2372,7 @@ Path DerivationGoal::openLogFile()
return logFileName;
} else {
Path logFileName = (format("%1%/%2%") % dir % baseNameOf(drvPath)).str();
Path logFileName = (format("%1%/%2%") % dir % string(baseName, 2)).str();
fdLogFile = open(logFileName.c_str(), O_CREAT | O_WRONLY | O_TRUNC, 0666);
if (fdLogFile == -1) throw SysError(format("creating log file `%1%'") % logFileName);
closeOnExec(fdLogFile);
@ -2831,7 +2839,7 @@ void SubstitutionGoal::finished()
return;
}
canonicalisePathMetaData(destPath);
canonicalisePathMetaData(destPath, -1);
worker.store.optimisePath(destPath); // FIXME: combine with hashPath()

5
src/libstore/gc.cc
View file

@ -659,7 +659,10 @@ void LocalStore::collectGarbage(const GCOptions & options, GCResults & results)
increase, since we hold locks on everything. So everything
that is not reachable from `roots'. */
if (state.shouldDelete) createDirs(state.trashDir);
if (state.shouldDelete) {
if (pathExists(state.trashDir)) deleteGarbage(state, state.trashDir);
createDirs(state.trashDir);
}
/* Now either delete all garbage paths, or just the specified
paths (for gcDeleteSpecific). */

9
src/libstore/globals.cc
View file

@ -10,6 +10,14 @@
namespace nix {
/* The default location of the daemon socket, relative to nixStateDir.
The socket is in a directory to allow you to control access to the
Nix daemon by setting the mode/ownership of the directory
appropriately. (This wouldn't work on the socket itself since it
must be deleted and recreated on startup.) */
#define DEFAULT_SOCKET_PATH "/daemon-socket/socket"
Settings settings;
@ -58,6 +66,7 @@ void Settings::processEnvironment()
nixConfDir = canonPath(getEnv("NIX_CONF_DIR", NIX_CONF_DIR));
nixLibexecDir = canonPath(getEnv("NIX_LIBEXEC_DIR", NIX_LIBEXEC_DIR));
nixBinDir = canonPath(getEnv("NIX_BIN_DIR", NIX_BIN_DIR));
nixDaemonSocketFile = canonPath(nixStateDir + DEFAULT_SOCKET_PATH);
string subs = getEnv("NIX_SUBSTITUTERS", "default");
if (subs == "default") {

3
src/libstore/globals.hh
View file

@ -50,6 +50,9 @@ struct Settings {
/* The directory where the main programs are stored. */
Path nixBinDir;
/* File name of the socket the daemon listens to. */
Path nixDaemonSocketFile;
/* Whether to keep temporary directories of failed builds. */
bool keepFailed;

116
src/libstore/local-store.cc
View file

@ -47,7 +47,11 @@ static void throwSQLiteError(sqlite3 * db, const format & f)
{
int err = sqlite3_errcode(db);
if (err == SQLITE_BUSY) {
printMsg(lvlError, "warning: SQLite database is busy");
static bool warned = false;
if (!warned) {
printMsg(lvlError, "warning: SQLite database is busy");
warned = true;
}
/* Sleep for a while since retrying the transaction right away
is likely to fail again. */
#if HAVE_NANOSLEEP
@ -461,36 +465,8 @@ void LocalStore::makeStoreWritable()
const time_t mtimeStore = 1; /* 1 second into the epoch */
void canonicalisePathMetaData(const Path & path, bool recurse)
static void canonicaliseTimestampAndPermissions(const Path & path, const struct stat & st)
{
checkInterrupt();
struct stat st;
if (lstat(path.c_str(), &st))
throw SysError(format("getting attributes of path `%1%'") % path);
/* Really make sure that the path is of a supported type. This
has already been checked in dumpPath(). */
assert(S_ISREG(st.st_mode) || S_ISDIR(st.st_mode) || S_ISLNK(st.st_mode));
/* Change ownership to the current uid. If it's a symlink, use
lchown if available, otherwise don't bother. Wrong ownership
of a symlink doesn't matter, since the owning user can't change
the symlink and can't delete it because the directory is not
writable. The only exception is top-level paths in the Nix
store (since that directory is group-writable for the Nix build
users group); we check for this case below. */
if (st.st_uid != geteuid()) {
#if HAVE_LCHOWN
if (lchown(path.c_str(), geteuid(), (gid_t) -1) == -1)
#else
if (!S_ISLNK(st.st_mode) &&
chown(path.c_str(), geteuid(), (gid_t) -1) == -1)
#endif
throw SysError(format("changing owner of `%1%' to %2%")
% path % geteuid());
}
if (!S_ISLNK(st.st_mode)) {
/* Mask out all type related bits. */
@ -521,18 +497,84 @@ void canonicalisePathMetaData(const Path & path, bool recurse)
#endif
throw SysError(format("changing modification time of `%1%'") % path);
}
}
if (recurse && S_ISDIR(st.st_mode)) {
void canonicaliseTimestampAndPermissions(const Path & path)
{
struct stat st;
if (lstat(path.c_str(), &st))
throw SysError(format("getting attributes of path `%1%'") % path);
canonicaliseTimestampAndPermissions(path, st);
}
typedef std::pair<dev_t, ino_t> Inode;
typedef set<Inode> InodesSeen;
static void canonicalisePathMetaData_(const Path & path, uid_t fromUid, InodesSeen & inodesSeen)
{
checkInterrupt();
struct stat st;
if (lstat(path.c_str(), &st))
throw SysError(format("getting attributes of path `%1%'") % path);
/* Really make sure that the path is of a supported type. This
has already been checked in dumpPath(). */
assert(S_ISREG(st.st_mode) || S_ISDIR(st.st_mode) || S_ISLNK(st.st_mode));
/* Fail if the file is not owned by the build user. This prevents
us from messing up the ownership/permissions of files
hard-linked into the output (e.g. "ln /etc/shadow $out/foo").
However, ignore files that we chown'ed ourselves previously to
ensure that we don't fail on hard links within the same build
(i.e. "touch $out/foo; ln $out/foo $out/bar"). */
if (fromUid != (uid_t) -1 && st.st_uid != fromUid) {
assert(!S_ISDIR(st.st_mode));
if (inodesSeen.find(Inode(st.st_dev, st.st_ino)) == inodesSeen.end())
throw BuildError(format("invalid ownership on file `%1%'") % path);
mode_t mode = st.st_mode & ~S_IFMT;
assert(S_ISLNK(st.st_mode) || (st.st_uid == geteuid() && (mode == 0444 || mode == 0555) && st.st_mtime == mtimeStore));
return;
}
inodesSeen.insert(Inode(st.st_dev, st.st_ino));
canonicaliseTimestampAndPermissions(path, st);
/* Change ownership to the current uid. If it's a symlink, use
lchown if available, otherwise don't bother. Wrong ownership
of a symlink doesn't matter, since the owning user can't change
the symlink and can't delete it because the directory is not
writable. The only exception is top-level paths in the Nix
store (since that directory is group-writable for the Nix build
users group); we check for this case below. */
if (st.st_uid != geteuid()) {
#if HAVE_LCHOWN
if (lchown(path.c_str(), geteuid(), (gid_t) -1) == -1)
#else
if (!S_ISLNK(st.st_mode) &&
chown(path.c_str(), geteuid(), (gid_t) -1) == -1)
#endif
throw SysError(format("changing owner of `%1%' to %2%")
% path % geteuid());
}
if (S_ISDIR(st.st_mode)) {
Strings names = readDirectory(path);
foreach (Strings::iterator, i, names)
canonicalisePathMetaData(path + "/" + *i, true);
canonicalisePathMetaData_(path + "/" + *i, fromUid, inodesSeen);
}
}
void canonicalisePathMetaData(const Path & path)
void canonicalisePathMetaData(const Path & path, uid_t fromUid)
{
canonicalisePathMetaData(path, true);
InodesSeen inodesSeen;
canonicalisePathMetaData_(path, fromUid, inodesSeen);
/* On platforms that don't have lchown(), the top-level path can't
be a symlink, since we can't change its ownership. */
@ -1194,7 +1236,7 @@ Path LocalStore::addToStoreFromDump(const string & dump, const string & name,
} else
writeFile(dstPath, dump);
canonicalisePathMetaData(dstPath);
canonicalisePathMetaData(dstPath, -1);
/* Register the SHA-256 hash of the NAR serialisation of
the path in the database. We may just have computed it
@ -1259,7 +1301,7 @@ Path LocalStore::addTextToStore(const string & name, const string & s,
writeFile(dstPath, s);
canonicalisePathMetaData(dstPath);
canonicalisePathMetaData(dstPath, -1);
HashResult hash = hashPath(htSHA256, dstPath);
@ -1494,7 +1536,7 @@ Path LocalStore::importPath(bool requireSignature, Source & source)
throw SysError(format("cannot move `%1%' to `%2%'")
% unpacked % dstPath);
canonicalisePathMetaData(dstPath);
canonicalisePathMetaData(dstPath, -1);
/* !!! if we were clever, we could prevent the hashPath()
here. */

4
src/libstore/local-store.hh
View file

@ -307,9 +307,9 @@ private:
without execute permission; setuid bits etc. are cleared)
- the owner and group are set to the Nix user and group, if we're
in a setuid Nix installation. */
void canonicalisePathMetaData(const Path & path);
void canonicalisePathMetaData(const Path & path, uid_t fromUid);
void canonicalisePathMetaData(const Path & path, bool recurse);
void canonicaliseTimestampAndPermissions(const Path & path);
MakeError(PathInUse, Error);

2
src/libstore/optimise-store.cc
View file

@ -32,7 +32,7 @@ struct MakeReadOnly
{
try {
/* This will make the path read-only. */
if (path != "") canonicalisePathMetaData(path, false);
if (path != "") canonicaliseTimestampAndPermissions(path);
} catch (...) {
ignoreException();
}

2
src/libstore/remote-store.cc
View file

@ -91,7 +91,7 @@ void RemoteStore::connectToDaemon()
throw SysError("cannot create Unix domain socket");
closeOnExec(fdSocket);
string socketPath = settings.nixStateDir + DEFAULT_SOCKET_PATH;
string socketPath = settings.nixDaemonSocketFile;
/* Urgh, sockaddr_un allows path names of only 108 characters. So
chdir to the socket directory so that we can pass a relative

8
src/libstore/worker-protocol.hh
View file

@ -53,14 +53,6 @@ typedef enum {
#define STDERR_ERROR 0x63787470
/* The default location of the daemon socket, relative to nixStateDir.
The socket is in a directory to allow you to control access to the
Nix daemon by setting the mode/ownership of the directory
appropriately. (This wouldn't work on the socket itself since it
must be deleted and recreated on startup.) */
#define DEFAULT_SOCKET_PATH "/daemon-socket/socket"
Path readStorePath(Source & from);
template<class T> T readStorePaths(Source & from);