Merge "feat: unprivileged read-only open of SQLite DB" into main

This commit is contained in:
Raito Bezarius 2024-03-29 00:49:17 +00:00 committed by Gerrit Code Review
commit 55350bd68d

View file

@ -548,6 +548,15 @@ void LocalStore::openDB(State & state, bool create)
sqlite3_exec(db, ("pragma main.journal_mode = " + mode + ";").c_str(), 0, 0, 0) != SQLITE_OK) sqlite3_exec(db, ("pragma main.journal_mode = " + mode + ";").c_str(), 0, 0, 0) != SQLITE_OK)
SQLiteError::throw_(db, "setting journal mode"); SQLiteError::throw_(db, "setting journal mode");
if (mode == "wal" ) {
/* persist the WAL files when the DB connection is closed.
* This allows for read-only connections without any write permissions
* on the state directory to succeed on a closed database. */
int enable = 1;
if (sqlite3_file_control(db, NULL, SQLITE_FCNTL_PERSIST_WAL, &enable) != SQLITE_OK)
SQLiteError::throw_(db, "setting persistent WAL mode");
}
/* Increase the auto-checkpoint interval to 40000 pages. This /* Increase the auto-checkpoint interval to 40000 pages. This
seems enough to ensure that instantiating the NixOS system seems enough to ensure that instantiating the NixOS system
derivation is done in a single fsync(). */ derivation is done in a single fsync(). */