Skip to content

Commit

Permalink
dirsInChroot -> filesAndDirsInChroot
Browse files Browse the repository at this point in the history
  • Loading branch information
@Artturin
Artturin committed Sep 14, 2023
1 parent de8b972 commit 4e63ed3
Show file tree
Hide file tree
Showing 2 changed files with 23 additions and 23 deletions.
42 changes: 21 additions & 21 deletions src/libstore/build/local-derivation-goal.cc
View file
Original file line number Diff line number Diff line change
Expand Up @@ -581,7 +581,7 @@ void LocalDerivationGoal::startBuilder()

/* Allow a user-configurable set of directories from the
host file system. */
dirsInChroot.clear();
filesAndDirsInChroot.clear();

for (auto i : settings.sandboxPaths.get()) {
if (i.empty()) continue;
Expand All @@ -592,19 +592,19 @@ void LocalDerivationGoal::startBuilder()
}
size_t p = i.find('=');
if (p == std::string::npos)
dirsInChroot[i] = {i, optional};
filesAndDirsInChroot[i] = {i, optional};
else
dirsInChroot[i.substr(0, p)] = {i.substr(p + 1), optional};
filesAndDirsInChroot[i.substr(0, p)] = {i.substr(p + 1), optional};
}
if (hasPrefix(worker.store.storeDir, tmpDirInSandbox))
{
throw Error("`sandbox-build-dir` must not contain the storeDir");
}
dirsInChroot[tmpDirInSandbox] = tmpDir;
filesAndDirsInChroot[tmpDirInSandbox] = tmpDir;

/* Add the closure of store paths to the chroot. */
StorePathSet closure;
for (auto & i : dirsInChroot)
for (auto & i : filesAndDirsInChroot)
try {
if (worker.store.isInStore(i.second.source))
worker.store.computeFSClosure(worker.store.toStorePath(i.second.source).first, closure);
Expand All @@ -615,7 +615,7 @@ void LocalDerivationGoal::startBuilder()
}
for (auto & i : closure) {
auto p = worker.store.printStorePath(i);
dirsInChroot.insert_or_assign(p, p);
filesAndDirsInChroot.insert_or_assign(p, p);
}

PathSet allowedPaths = settings.allowedImpureHostPrefixes;
Expand Down Expand Up @@ -643,7 +643,7 @@ void LocalDerivationGoal::startBuilder()

/* Allow files in __impureHostDeps to be missing; e.g.
macOS 11+ has no /usr/lib/libSystem*.dylib */
dirsInChroot[i] = {i, true};
filesAndDirsInChroot[i] = {i, true};
}

#if __linux__
Expand Down Expand Up @@ -712,14 +712,14 @@ void LocalDerivationGoal::startBuilder()
auto p = worker.store.printStorePath(i);
Path r = worker.store.toRealPath(p);
if (S_ISDIR(lstat(r).st_mode))
dirsInChroot.insert_or_assign(p, r);
filesAndDirsInChroot.insert_or_assign(p, r);
else
filesInChroot.insert_or_assign(p, r);
}

/* If we're repairing, checking or rebuilding part of a
multiple-outputs derivation, it's possible that we're
rebuilding a path that is in settings.dirsInChroot
rebuilding a path that is in settings.sandbox-paths
(typically the dependencies of /bin/sh). Throw them
out. */
for (auto & i : drv->outputsAndOptPaths(worker.store)) {
Expand All @@ -729,7 +729,7 @@ void LocalDerivationGoal::startBuilder()
is already in the sandbox, so we don't need to worry about
removing it. */
if (i.second.second)
dirsInChroot.erase(worker.store.printStorePath(*i.second.second));
filesAndDirsInChroot.erase(worker.store.printStorePath(*i.second.second));
}

if (cgroup) {
Expand Down Expand Up @@ -787,9 +787,9 @@ void LocalDerivationGoal::startBuilder()
} else {
auto p = line.find('=');
if (p == std::string::npos)
dirsInChroot[line] = line;
filesAndDirsInChroot[line] = line;
else
dirsInChroot[line.substr(0, p)] = line.substr(p + 1);
filesAndDirsInChroot[line.substr(0, p)] = line.substr(p + 1);
}
}
}
Expand Down Expand Up @@ -1779,7 +1779,7 @@ void LocalDerivationGoal::runChild()
/* Set up a nearly empty /dev, unless the user asked to
bind-mount the host /dev. */
Strings ss;
if (dirsInChroot.find("/dev") == dirsInChroot.end()) {
if (filesAndDirsInChroot.find("/dev") == filesAndDirsInChroot.end()) {
createDirs(chrootRootDir + "/dev/shm");
createDirs(chrootRootDir + "/dev/pts");
ss.push_back("/dev/full");
Expand Down Expand Up @@ -1814,10 +1814,10 @@ void LocalDerivationGoal::runChild()
ss.push_back(path);

if (settings.caFile != "")
dirsInChroot.try_emplace("/etc/ssl/certs/ca-certificates.crt", settings.caFile, true);
filesAndDirsInChroot.try_emplace("/etc/ssl/certs/ca-certificates.crt", settings.caFile, true);
}

for (auto & i : ss) dirsInChroot.emplace(i, i);
for (auto & i : ss) filesAndDirsInChroot.emplace(i, i);

/* Bind-mount all the directories from the "host"
filesystem that we want in the chroot
Expand All @@ -1841,7 +1841,7 @@ void LocalDerivationGoal::runChild()
throw SysError("bind mount from '%1%' to '%2%' failed", source, target);
};

for (auto & i : dirsInChroot) {
for (auto & i : filesAndDirsInChroot) {
if (i.second.source == "/proc") continue; // backwards compatibility

#if HAVE_EMBEDDED_SANDBOX_SHELL
Expand Down Expand Up @@ -1886,7 +1886,7 @@ void LocalDerivationGoal::runChild()
if /dev/ptx/ptmx exists). */
if (pathExists("/dev/pts/ptmx") &&
!pathExists(chrootRootDir + "/dev/ptmx")
&& !dirsInChroot.count("/dev/pts"))
&& !filesAndDirsInChroot.count("/dev/pts"))
{
if (mount("none", (chrootRootDir + "/dev/pts").c_str(), "devpts", 0, "newinstance,mode=0620") == 0)
{
Expand Down Expand Up @@ -2021,15 +2021,15 @@ void LocalDerivationGoal::runChild()
/* We build the ancestry before adding all inputPaths to the store because we know they'll
all have the same parents (the store), and there might be lots of inputs. This isn't
particularly efficient... I doubt it'll be a bottleneck in practice */
for (auto & i : dirsInChroot) {
for (auto & i : filesAndDirsInChroot) {
Path cur = i.first;
while (cur.compare("/") != 0) {
cur = dirOf(cur);
ancestry.insert(cur);
}
}

/* And we want the store in there regardless of how empty dirsInChroot. We include the innermost
/* And we want the store in there regardless of how empty filesAndDirsInChroot. We include the innermost
path component this time, since it's typically /nix/store and we care about that. */
Path cur = worker.store.storeDir;
while (cur.compare("/") != 0) {
Expand All @@ -2040,7 +2040,7 @@ void LocalDerivationGoal::runChild()
/* Add all our input paths to the chroot */
for (auto & i : inputPaths) {
auto p = worker.store.printStorePath(i);
dirsInChroot[p] = p;
filesAndDirsInChroot[p] = p;
}

/* Violations will go to the syslog if you set this. Unfortunately the destination does not appear to be configurable */
Expand Down Expand Up @@ -2071,7 +2071,7 @@ void LocalDerivationGoal::runChild()
without file-write* allowed, access() incorrectly returns EPERM
*/
sandboxProfile += "(allow file-read* file-write* process-exec\n";
for (auto & i : dirsInChroot) {
for (auto & i : filesAndDirsInChroot) {
if (i.first != i.second.source)
throw Error(
"can't map '%1%' to '%2%': mismatched impure paths not supported on Darwin",
Expand Down
4 changes: 2 additions & 2 deletions src/libstore/build/local-derivation-goal.hh
View file
Original file line number Diff line number Diff line change
Expand Up @@ -86,8 +86,8 @@ struct LocalDerivationGoal : public DerivationGoal
: source(source), optional(optional)
{ }
};
typedef map<Path, ChrootPath> DirsInChroot; // maps target path to source path
DirsInChroot dirsInChroot;
typedef map<Path, ChrootPath> FilesAndDirsInChroot; // maps target path to source path
FilesAndDirsInChroot filesAndDirsInChroot;

typedef map<Path, ChrootPath> FilesInChroot; // maps target path to source path
FilesInChroot filesInChroot;
Expand Down

0 comments on commit 4e63ed3

Please sign in to comment.