create pathAccessible, use it to infer default dirs

(cherry picked from commit 2c462486fe)
2025-07-07 18:31:49 +02:00 · 2023-05-26 15:32:28 +02:00 · 2023-05-26 15:32:28 +02:00 · 8a9b22b604
commit 8a9b22b604
parent a1c22a7c10
5 changed files with 26 additions and 14 deletions
--- a/src/libexpr/eval.cc
+++ b/src/libexpr/eval.cc
@ -2525,17 +2525,12 @@ Strings EvalSettings::getDefaultNixPath()
 {
    Strings res;
    auto add = [&](const Path & p, const std::string & s = std::string()) {
-        try {
-            if (pathExists(p)) {
-                if (s.empty()) {
-                    res.push_back(p);
-                } else {
-                    res.push_back(s + "=" + p);
-                }
+        if (pathAccessible(p)) {
+            if (s.empty()) {
+                res.push_back(p);
+            } else {
+                res.push_back(s + "=" + p);
            }
-        } catch (SysError & e) {
-            // swallow EPERM
-            if (e.errNo != EPERM) throw;
        }
    };

--- a/src/libstore/globals.cc
+++ b/src/libstore/globals.cc
@ -47,8 +47,6 @@ Settings::Settings()
    auto sslOverride = getEnv("NIX_SSL_CERT_FILE").value_or(getEnv("SSL_CERT_FILE").value_or(""));
    if (sslOverride != "")
        caFile = sslOverride;
-    else if (caFile == "")
-        caFile = getDefaultSSLCertFile();

    /* Backwards compatibility. */
    auto s = getEnv("NIX_REMOTE_SYSTEMS");
@ -175,7 +173,7 @@ bool Settings::isWSL1()
 Path Settings::getDefaultSSLCertFile()
 {
    for (auto & fn : {"/etc/ssl/certs/ca-certificates.crt", "/nix/var/nix/profiles/default/etc/ssl/certs/ca-bundle.crt"})
-        if (pathExists(fn)) return fn;
+        if (pathAccessible(fn)) return fn;
    return "";
 }

--- a/src/libstore/globals.hh
+++ b/src/libstore/globals.hh
@ -858,7 +858,7 @@ public:
        )"};

    Setting<Path> caFile{
-        this, "", "ssl-cert-file",
+        this, getDefaultSSLCertFile(), "ssl-cert-file",
        R"(
          The path of a file containing CA certificates used to
          authenticate `https://` downloads. Nix by default will use
--- a/src/libutil/util.cc
+++ b/src/libutil/util.cc
@ -263,6 +263,17 @@ bool pathExists(const Path & path)
    return false;
 }

+bool pathAccessible(const Path & path)
+{
+    try {
+        return pathExists(path);
+    } catch (SysError & e) {
+        // swallow EPERM
+        if (e.errNo == EPERM) return false;
+        throw;
+    }
+}
+

 Path readLink(const Path & path)
 {
--- a/src/libutil/util.hh
+++ b/src/libutil/util.hh
@ -119,6 +119,14 @@ struct stat lstat(const Path & path);
 */
 bool pathExists(const Path & path);

+/**
+ * A version of pathExists that returns false on a permission error.
+ * Useful for inferring default paths across directories that might not
+ * be readable.
+ * @return true iff the given path can be accessed and exists
+ */
+bool pathAccessible(const Path & path);
+
 /**
 * Read the contents (target) of a symbolic link.  The result is not
 * in any way canonicalised.