wroclaw-git-backups/nix
1
0
Fork 0
mirror of https://github.com/NixOS/nix synced 2025-07-08 06:53:54 +02:00
Code Activity

RestrictedStore: Move some definitions outside of the type declaration

Browse source 
Even when the type is not currently declared in a header, I still consider this a
more future-proof style.
This commit is contained in:
John Ericson 2025-03-17 11:01:18 -04:00
parent 5026d5af95
commit 5283589542
1 changed files with 170 additions and 125 deletions
Download patch file Download diff file Expand all files Collapse all files

235
src/libstore/restricted-store.cc
View file

@ -71,44 +71,15 @@ struct RestrictedStore : public virtual RestrictedStoreConfig, public virtual In
return next->getUri();
}
StorePathSet queryAllValidPaths() override
{
StorePathSet paths;
for (auto & p : goal.originalPaths())
paths.insert(p);
for (auto & p : goal.addedPaths)
paths.insert(p);
return paths;
}
StorePathSet queryAllValidPaths() override;
void queryPathInfoUncached(
const StorePath & path, Callback<std::shared_ptr<const ValidPathInfo>> callback) noexcept override
{
if (goal.isAllowed(path)) {
try {
/* Censor impure information. */
auto info = std::make_shared<ValidPathInfo>(*next->queryPathInfo(path));
info->deriver.reset();
info->registrationTime = 0;
info->ultimate = false;
info->sigs.clear();
callback(info);
} catch (InvalidPath &) {
callback(nullptr);
}
} else
callback(nullptr);
};
const StorePath & path, Callback<std::shared_ptr<const ValidPathInfo>> callback) noexcept override;
void queryReferrers(const StorePath & path, StorePathSet & referrers) override {}
void queryReferrers(const StorePath & path, StorePathSet & referrers) override;
std::map<std::string, std::optional<StorePath>>
queryPartialDerivationOutputMap(const StorePath & path, Store * evalStore = nullptr) override
{
if (!goal.isAllowed(path))
throw InvalidPath("cannot query output map for unknown path '%s' in recursive Nix", printStorePath(path));
return next->queryPartialDerivationOutputMap(path, evalStore);
}
queryPartialDerivationOutputMap(const StorePath & path, Store * evalStore = nullptr) override;
std::optional<StorePath> queryPathFromHashPart(const std::string & hashPart) override
{
@ -131,11 +102,7 @@ struct RestrictedStore : public virtual RestrictedStoreConfig, public virtual In
const ValidPathInfo & info,
Source & narSource,
RepairFlag repair = NoRepair,
CheckSigsFlag checkSigs = CheckSigs) override
{
next->addToStore(info, narSource, repair, checkSigs);
goal.addDependency(info.path);
}
CheckSigsFlag checkSigs = CheckSigs) override;
StorePath addToStoreFromDump(
Source & dump,
@ -144,36 +111,159 @@ struct RestrictedStore : public virtual RestrictedStoreConfig, public virtual In
ContentAddressMethod hashMethod,
HashAlgorithm hashAlgo,
const StorePathSet & references,
RepairFlag repair) override
RepairFlag repair) override;
void narFromPath(const StorePath & path, Sink & sink) override;
void ensurePath(const StorePath & path) override;
void registerDrvOutput(const Realisation & info) override;
void queryRealisationUncached(
const DrvOutput & id, Callback<std::shared_ptr<const Realisation>> callback) noexcept override;
void
buildPaths(const std::vector<DerivedPath> & paths, BuildMode buildMode, std::shared_ptr<Store> evalStore) override;
std::vector<KeyedBuildResult> buildPathsWithResults(
const std::vector<DerivedPath> & paths,
BuildMode buildMode = bmNormal,
std::shared_ptr<Store> evalStore = nullptr) override;
BuildResult
buildDerivation(const StorePath & drvPath, const BasicDerivation & drv, BuildMode buildMode = bmNormal) override
{
unsupported("buildDerivation");
}
void addTempRoot(const StorePath & path) override {}
void addIndirectRoot(const Path & path) override {}
Roots findRoots(bool censor) override
{
return Roots();
}
void collectGarbage(const GCOptions & options, GCResults & results) override {}
void addSignatures(const StorePath & storePath, const StringSet & sigs) override
{
unsupported("addSignatures");
}
void queryMissing(
const std::vector<DerivedPath> & targets,
StorePathSet & willBuild,
StorePathSet & willSubstitute,
StorePathSet & unknown,
uint64_t & downloadSize,
uint64_t & narSize) override;
virtual std::optional<std::string> getBuildLogExact(const StorePath & path) override
{
return std::nullopt;
}
virtual void addBuildLog(const StorePath & path, std::string_view log) override
{
unsupported("addBuildLog");
}
std::optional<TrustedFlag> isTrustedClient() override
{
return NotTrusted;
}
};
ref<Store> makeRestrictedStore(const Store::Params & params, ref<LocalStore> next, RestrictionContext & context)
{
return make_ref<RestrictedStore>(params, next, context);
}
StorePathSet RestrictedStore::queryAllValidPaths()
{
StorePathSet paths;
for (auto & p : goal.originalPaths())
paths.insert(p);
for (auto & p : goal.addedPaths)
paths.insert(p);
return paths;
}
void RestrictedStore::queryPathInfoUncached(
const StorePath & path, Callback<std::shared_ptr<const ValidPathInfo>> callback) noexcept
{
if (goal.isAllowed(path)) {
try {
/* Censor impure information. */
auto info = std::make_shared<ValidPathInfo>(*next->queryPathInfo(path));
info->deriver.reset();
info->registrationTime = 0;
info->ultimate = false;
info->sigs.clear();
callback(info);
} catch (InvalidPath &) {
callback(nullptr);
}
} else
callback(nullptr);
};
void RestrictedStore::queryReferrers(const StorePath & path, StorePathSet & referrers) {}
std::map<std::string, std::optional<StorePath>>
RestrictedStore::queryPartialDerivationOutputMap(const StorePath & path, Store * evalStore)
{
if (!goal.isAllowed(path))
throw InvalidPath("cannot query output map for unknown path '%s' in recursive Nix", printStorePath(path));
return next->queryPartialDerivationOutputMap(path, evalStore);
}
void RestrictedStore::addToStore(
const ValidPathInfo & info, Source & narSource, RepairFlag repair, CheckSigsFlag checkSigs)
{
next->addToStore(info, narSource, repair, checkSigs);
goal.addDependency(info.path);
}
StorePath RestrictedStore::addToStoreFromDump(
Source & dump,
std::string_view name,
FileSerialisationMethod dumpMethod,
ContentAddressMethod hashMethod,
HashAlgorithm hashAlgo,
const StorePathSet & references,
RepairFlag repair)
{
auto path = next->addToStoreFromDump(dump, name, dumpMethod, hashMethod, hashAlgo, references, repair);
goal.addDependency(path);
return path;
}
void narFromPath(const StorePath & path, Sink & sink) override
void RestrictedStore::narFromPath(const StorePath & path, Sink & sink)
{
if (!goal.isAllowed(path))
throw InvalidPath("cannot dump unknown path '%s' in recursive Nix", printStorePath(path));
LocalFSStore::narFromPath(path, sink);
}
void ensurePath(const StorePath & path) override
void RestrictedStore::ensurePath(const StorePath & path)
{
if (!goal.isAllowed(path))
throw InvalidPath("cannot substitute unknown path '%s' in recursive Nix", printStorePath(path));
/* Nothing to be done; 'path' must already be valid. */
}
void registerDrvOutput(const Realisation & info) override
void RestrictedStore::registerDrvOutput(const Realisation & info)
// XXX: This should probably be allowed as a no-op if the realisation
// corresponds to an allowed derivation
{
throw Error("registerDrvOutput");
}
void queryRealisationUncached(
const DrvOutput & id, Callback<std::shared_ptr<const Realisation>> callback) noexcept override
void RestrictedStore::queryRealisationUncached(
const DrvOutput & id, Callback<std::shared_ptr<const Realisation>> callback) noexcept
// XXX: This should probably be allowed if the realisation corresponds to
// an allowed derivation
{
@ -182,18 +272,16 @@ struct RestrictedStore : public virtual RestrictedStoreConfig, public virtual In
next->queryRealisation(id, std::move(callback));
}
void
buildPaths(const std::vector<DerivedPath> & paths, BuildMode buildMode, std::shared_ptr<Store> evalStore) override
void RestrictedStore::buildPaths(
const std::vector<DerivedPath> & paths, BuildMode buildMode, std::shared_ptr<Store> evalStore)
{
for (auto & result : buildPathsWithResults(paths, buildMode, evalStore))
if (!result.success())
result.rethrow();
}
std::vector<KeyedBuildResult> buildPathsWithResults(
const std::vector<DerivedPath> & paths,
BuildMode buildMode = bmNormal,
std::shared_ptr<Store> evalStore = nullptr) override
std::vector<KeyedBuildResult> RestrictedStore::buildPathsWithResults(
const std::vector<DerivedPath> & paths, BuildMode buildMode, std::shared_ptr<Store> evalStore)
{
assert(!evalStore);
@ -227,35 +315,13 @@ struct RestrictedStore : public virtual RestrictedStoreConfig, public virtual In
return results;
}
BuildResult
buildDerivation(const StorePath & drvPath, const BasicDerivation & drv, BuildMode buildMode = bmNormal) override
{
unsupported("buildDerivation");
}
void addTempRoot(const StorePath & path) override {}
void addIndirectRoot(const Path & path) override {}
Roots findRoots(bool censor) override
{
return Roots();
}
void collectGarbage(const GCOptions & options, GCResults & results) override {}
void addSignatures(const StorePath & storePath, const StringSet & sigs) override
{
unsupported("addSignatures");
}
void queryMissing(
void RestrictedStore::queryMissing(
const std::vector<DerivedPath> & targets,
StorePathSet & willBuild,
StorePathSet & willSubstitute,
StorePathSet & unknown,
uint64_t & downloadSize,
uint64_t & narSize) override
uint64_t & narSize)
{
/* This is slightly impure since it leaks information to the
client about what paths will be built/substituted or are
@ -272,25 +338,4 @@ struct RestrictedStore : public virtual RestrictedStoreConfig, public virtual In
next->queryMissing(allowed, willBuild, willSubstitute, unknown, downloadSize, narSize);
}
virtual std::optional<std::string> getBuildLogExact(const StorePath & path) override
{
return std::nullopt;
}
virtual void addBuildLog(const StorePath & path, std::string_view log) override
{
unsupported("addBuildLog");
}
std::optional<TrustedFlag> isTrustedClient() override
{
return NotTrusted;
}
};
ref<Store> makeRestrictedStore(const Store::Params & params, ref<LocalStore> next, RestrictionContext & context)
{
return make_ref<RestrictedStore>(params, next, context);
}
}