create pathAccessible, use it to infer default dirs

This commit is contained in:
Yorick van Pelt 2023-05-26 15:32:28 +02:00
parent a6c78ba367
commit 2c462486fe
No known key found for this signature in database
GPG key ID: D8D3CC6D951384DE
5 changed files with 26 additions and 14 deletions

View file

@ -2620,18 +2620,13 @@ Strings EvalSettings::getDefaultNixPath()
{
Strings res;
auto add = [&](const Path & p, const std::string & s = std::string()) {
try {
if (pathExists(p)) {
if (pathAccessible(p)) {
if (s.empty()) {
res.push_back(p);
} else {
res.push_back(s + "=" + p);
}
}
} catch (SysError & e) {
// swallow EPERM
if (e.errNo != EPERM) throw;
}
};
if (!evalSettings.restrictEval && !evalSettings.pureEval) {

View file

@ -57,8 +57,6 @@ Settings::Settings()
auto sslOverride = getEnv("NIX_SSL_CERT_FILE").value_or(getEnv("SSL_CERT_FILE").value_or(""));
if (sslOverride != "")
caFile = sslOverride;
else if (caFile == "")
caFile = getDefaultSSLCertFile();
/* Backwards compatibility. */
auto s = getEnv("NIX_REMOTE_SYSTEMS");
@ -185,7 +183,7 @@ bool Settings::isWSL1()
Path Settings::getDefaultSSLCertFile()
{
for (auto & fn : {"/etc/ssl/certs/ca-certificates.crt", "/nix/var/nix/profiles/default/etc/ssl/certs/ca-bundle.crt"})
if (pathExists(fn)) return fn;
if (pathAccessible(fn)) return fn;
return "";
}

View file

@ -842,7 +842,7 @@ public:
)"};
Setting<Path> caFile{
this, "", "ssl-cert-file",
this, getDefaultSSLCertFile(), "ssl-cert-file",
R"(
The path of a file containing CA certificates used to
authenticate `https://` downloads. Nix by default will use

View file

@ -266,6 +266,17 @@ bool pathExists(const Path & path)
return false;
}
bool pathAccessible(const Path & path)
{
try {
return pathExists(path);
} catch (SysError & e) {
// swallow EPERM
if (e.errNo == EPERM) return false;
throw;
}
}
Path readLink(const Path & path)
{

View file

@ -120,6 +120,14 @@ struct stat lstat(const Path & path);
*/
bool pathExists(const Path & path);
/**
* A version of pathExists that returns false on a permission error.
* Useful for inferring default paths across directories that might not
* be readable.
* @return true iff the given path can be accessed and exists
*/
bool pathAccessible(const Path & path);
/**
* Read the contents (target) of a symbolic link. The result is not
* in any way canonicalised.