mirror of
https://github.com/NixOS/nix.git
synced 2024-10-31 06:10:59 +00:00
Merge pull request #10654 from edolstra/rename-input-accessor
Rename remaining instances of "InputAccessor" to "SourceAccessor"
This commit is contained in:
commit
79f03b794c
@ -113,15 +113,15 @@
|
||||
''^src/libfetchers/fetch-to-store\.cc$''
|
||||
''^src/libfetchers/fetchers\.cc$''
|
||||
''^src/libfetchers/fetchers\.hh$''
|
||||
''^src/libfetchers/filtering-input-accessor\.cc$''
|
||||
''^src/libfetchers/filtering-input-accessor\.hh$''
|
||||
''^src/libfetchers/fs-input-accessor\.cc$''
|
||||
''^src/libfetchers/fs-input-accessor\.hh$''
|
||||
''^src/libfetchers/filtering-source-accessor\.cc$''
|
||||
''^src/libfetchers/filtering-source-accessor\.hh$''
|
||||
''^src/libfetchers/fs-source-accessor\.cc$''
|
||||
''^src/libfetchers/fs-source-accessor\.hh$''
|
||||
''^src/libfetchers/git-utils\.cc$''
|
||||
''^src/libfetchers/git-utils\.hh$''
|
||||
''^src/libfetchers/github\.cc$''
|
||||
''^src/libfetchers/indirect\.cc$''
|
||||
''^src/libfetchers/memory-input-accessor\.cc$''
|
||||
''^src/libfetchers/memory-source-accessor\.cc$''
|
||||
''^src/libfetchers/path\.cc$''
|
||||
''^src/libfetchers/registry\.cc$''
|
||||
''^src/libfetchers/registry\.hh$''
|
||||
@ -302,7 +302,7 @@
|
||||
''^src/libutil/hash\.hh$''
|
||||
''^src/libutil/hilite\.cc$''
|
||||
''^src/libutil/hilite\.hh$''
|
||||
''^src/libutil/input-accessor\.hh$''
|
||||
''^src/libutil/source-accessor\.hh$''
|
||||
''^src/libutil/json-impls\.hh$''
|
||||
''^src/libutil/json-utils\.cc$''
|
||||
''^src/libutil/json-utils\.hh$''
|
||||
|
@ -15,7 +15,7 @@
|
||||
#include "function-trace.hh"
|
||||
#include "profiles.hh"
|
||||
#include "print.hh"
|
||||
#include "filtering-input-accessor.hh"
|
||||
#include "filtering-source-accessor.hh"
|
||||
#include "memory-source-accessor.hh"
|
||||
#include "signals.hh"
|
||||
#include "gc-small-vector.hh"
|
||||
@ -399,7 +399,7 @@ EvalState::EvalState(
|
||||
, emptyBindings(0)
|
||||
, rootFS(
|
||||
evalSettings.restrictEval || evalSettings.pureEval
|
||||
? ref<SourceAccessor>(AllowListInputAccessor::create(makeFSSourceAccessor(), {},
|
||||
? ref<SourceAccessor>(AllowListSourceAccessor::create(makeFSSourceAccessor(), {},
|
||||
[](const CanonPath & path) -> RestrictedPathError {
|
||||
auto modeInformation = evalSettings.pureEval
|
||||
? "in pure evaluation mode (use '--impure' to override)"
|
||||
@ -460,7 +460,7 @@ EvalState::EvalState(
|
||||
}
|
||||
|
||||
/* Allow access to all paths in the search path. */
|
||||
if (rootFS.dynamic_pointer_cast<AllowListInputAccessor>())
|
||||
if (rootFS.dynamic_pointer_cast<AllowListSourceAccessor>())
|
||||
for (auto & i : lookupPath.elements)
|
||||
resolveLookupPathPath(i.path, true);
|
||||
|
||||
@ -480,13 +480,13 @@ EvalState::~EvalState()
|
||||
|
||||
void EvalState::allowPath(const Path & path)
|
||||
{
|
||||
if (auto rootFS2 = rootFS.dynamic_pointer_cast<AllowListInputAccessor>())
|
||||
if (auto rootFS2 = rootFS.dynamic_pointer_cast<AllowListSourceAccessor>())
|
||||
rootFS2->allowPrefix(CanonPath(path));
|
||||
}
|
||||
|
||||
void EvalState::allowPath(const StorePath & storePath)
|
||||
{
|
||||
if (auto rootFS2 = rootFS.dynamic_pointer_cast<AllowListInputAccessor>())
|
||||
if (auto rootFS2 = rootFS.dynamic_pointer_cast<AllowListSourceAccessor>())
|
||||
rootFS2->allowPrefix(CanonPath(store->toRealPath(storePath)));
|
||||
}
|
||||
|
||||
@ -540,13 +540,13 @@ void EvalState::checkURI(const std::string & uri)
|
||||
/* If the URI is a path, then check it against allowedPaths as
|
||||
well. */
|
||||
if (hasPrefix(uri, "/")) {
|
||||
if (auto rootFS2 = rootFS.dynamic_pointer_cast<AllowListInputAccessor>())
|
||||
if (auto rootFS2 = rootFS.dynamic_pointer_cast<AllowListSourceAccessor>())
|
||||
rootFS2->checkAccess(CanonPath(uri));
|
||||
return;
|
||||
}
|
||||
|
||||
if (hasPrefix(uri, "file://")) {
|
||||
if (auto rootFS2 = rootFS.dynamic_pointer_cast<AllowListInputAccessor>())
|
||||
if (auto rootFS2 = rootFS.dynamic_pointer_cast<AllowListSourceAccessor>())
|
||||
rootFS2->checkAccess(CanonPath(uri.substr(7)));
|
||||
return;
|
||||
}
|
||||
|
@ -4,7 +4,7 @@
|
||||
lockFileStr:
|
||||
|
||||
# A mapping of lock file node IDs to { sourceInfo, subdir } attrsets,
|
||||
# with sourceInfo.outPath providing an InputAccessor to a previously
|
||||
# with sourceInfo.outPath providing an SourceAccessor to a previously
|
||||
# fetched tree. This is necessary for possibly unlocked inputs, in
|
||||
# particular the root input, but also --override-inputs pointing to
|
||||
# unlocked trees.
|
||||
|
@ -1,25 +1,25 @@
|
||||
#include "filtering-input-accessor.hh"
|
||||
#include "filtering-source-accessor.hh"
|
||||
|
||||
namespace nix {
|
||||
|
||||
std::string FilteringInputAccessor::readFile(const CanonPath & path)
|
||||
std::string FilteringSourceAccessor::readFile(const CanonPath & path)
|
||||
{
|
||||
checkAccess(path);
|
||||
return next->readFile(prefix / path);
|
||||
}
|
||||
|
||||
bool FilteringInputAccessor::pathExists(const CanonPath & path)
|
||||
bool FilteringSourceAccessor::pathExists(const CanonPath & path)
|
||||
{
|
||||
return isAllowed(path) && next->pathExists(prefix / path);
|
||||
}
|
||||
|
||||
std::optional<SourceAccessor::Stat> FilteringInputAccessor::maybeLstat(const CanonPath & path)
|
||||
std::optional<SourceAccessor::Stat> FilteringSourceAccessor::maybeLstat(const CanonPath & path)
|
||||
{
|
||||
checkAccess(path);
|
||||
return next->maybeLstat(prefix / path);
|
||||
}
|
||||
|
||||
SourceAccessor::DirEntries FilteringInputAccessor::readDirectory(const CanonPath & path)
|
||||
SourceAccessor::DirEntries FilteringSourceAccessor::readDirectory(const CanonPath & path)
|
||||
{
|
||||
checkAccess(path);
|
||||
DirEntries entries;
|
||||
@ -30,18 +30,18 @@ SourceAccessor::DirEntries FilteringInputAccessor::readDirectory(const CanonPath
|
||||
return entries;
|
||||
}
|
||||
|
||||
std::string FilteringInputAccessor::readLink(const CanonPath & path)
|
||||
std::string FilteringSourceAccessor::readLink(const CanonPath & path)
|
||||
{
|
||||
checkAccess(path);
|
||||
return next->readLink(prefix / path);
|
||||
}
|
||||
|
||||
std::string FilteringInputAccessor::showPath(const CanonPath & path)
|
||||
std::string FilteringSourceAccessor::showPath(const CanonPath & path)
|
||||
{
|
||||
return displayPrefix + next->showPath(prefix / path) + displaySuffix;
|
||||
}
|
||||
|
||||
void FilteringInputAccessor::checkAccess(const CanonPath & path)
|
||||
void FilteringSourceAccessor::checkAccess(const CanonPath & path)
|
||||
{
|
||||
if (!isAllowed(path))
|
||||
throw makeNotAllowedError
|
||||
@ -49,15 +49,15 @@ void FilteringInputAccessor::checkAccess(const CanonPath & path)
|
||||
: RestrictedPathError("access to path '%s' is forbidden", showPath(path));
|
||||
}
|
||||
|
||||
struct AllowListInputAccessorImpl : AllowListInputAccessor
|
||||
struct AllowListSourceAccessorImpl : AllowListSourceAccessor
|
||||
{
|
||||
std::set<CanonPath> allowedPrefixes;
|
||||
|
||||
AllowListInputAccessorImpl(
|
||||
AllowListSourceAccessorImpl(
|
||||
ref<SourceAccessor> next,
|
||||
std::set<CanonPath> && allowedPrefixes,
|
||||
MakeNotAllowedError && makeNotAllowedError)
|
||||
: AllowListInputAccessor(SourcePath(next), std::move(makeNotAllowedError))
|
||||
: AllowListSourceAccessor(SourcePath(next), std::move(makeNotAllowedError))
|
||||
, allowedPrefixes(std::move(allowedPrefixes))
|
||||
{ }
|
||||
|
||||
@ -72,15 +72,15 @@ struct AllowListInputAccessorImpl : AllowListInputAccessor
|
||||
}
|
||||
};
|
||||
|
||||
ref<AllowListInputAccessor> AllowListInputAccessor::create(
|
||||
ref<AllowListSourceAccessor> AllowListSourceAccessor::create(
|
||||
ref<SourceAccessor> next,
|
||||
std::set<CanonPath> && allowedPrefixes,
|
||||
MakeNotAllowedError && makeNotAllowedError)
|
||||
{
|
||||
return make_ref<AllowListInputAccessorImpl>(next, std::move(allowedPrefixes), std::move(makeNotAllowedError));
|
||||
return make_ref<AllowListSourceAccessorImpl>(next, std::move(allowedPrefixes), std::move(makeNotAllowedError));
|
||||
}
|
||||
|
||||
bool CachingFilteringInputAccessor::isAllowed(const CanonPath & path)
|
||||
bool CachingFilteringSourceAccessor::isAllowed(const CanonPath & path)
|
||||
{
|
||||
auto i = cache.find(path);
|
||||
if (i != cache.end()) return i->second;
|
@ -12,17 +12,17 @@ namespace nix {
|
||||
typedef std::function<RestrictedPathError(const CanonPath & path)> MakeNotAllowedError;
|
||||
|
||||
/**
|
||||
* An abstract wrapping `InputAccessor` that performs access
|
||||
* An abstract wrapping `SourceAccessor` that performs access
|
||||
* control. Subclasses should override `isAllowed()` to implement an
|
||||
* access control policy. The error message is customized at construction.
|
||||
*/
|
||||
struct FilteringInputAccessor : SourceAccessor
|
||||
struct FilteringSourceAccessor : SourceAccessor
|
||||
{
|
||||
ref<SourceAccessor> next;
|
||||
CanonPath prefix;
|
||||
MakeNotAllowedError makeNotAllowedError;
|
||||
|
||||
FilteringInputAccessor(const SourcePath & src, MakeNotAllowedError && makeNotAllowedError)
|
||||
FilteringSourceAccessor(const SourcePath & src, MakeNotAllowedError && makeNotAllowedError)
|
||||
: next(src.accessor)
|
||||
, prefix(src.path)
|
||||
, makeNotAllowedError(std::move(makeNotAllowedError))
|
||||
@ -55,32 +55,32 @@ struct FilteringInputAccessor : SourceAccessor
|
||||
};
|
||||
|
||||
/**
|
||||
* A wrapping `InputAccessor` that checks paths against a set of
|
||||
* A wrapping `SourceAccessor` that checks paths against a set of
|
||||
* allowed prefixes.
|
||||
*/
|
||||
struct AllowListInputAccessor : public FilteringInputAccessor
|
||||
struct AllowListSourceAccessor : public FilteringSourceAccessor
|
||||
{
|
||||
/**
|
||||
* Grant access to the specified prefix.
|
||||
*/
|
||||
virtual void allowPrefix(CanonPath prefix) = 0;
|
||||
|
||||
static ref<AllowListInputAccessor> create(
|
||||
static ref<AllowListSourceAccessor> create(
|
||||
ref<SourceAccessor> next,
|
||||
std::set<CanonPath> && allowedPrefixes,
|
||||
MakeNotAllowedError && makeNotAllowedError);
|
||||
|
||||
using FilteringInputAccessor::FilteringInputAccessor;
|
||||
using FilteringSourceAccessor::FilteringSourceAccessor;
|
||||
};
|
||||
|
||||
/**
|
||||
* A wrapping `InputAccessor` mix-in where `isAllowed()` caches the result of virtual `isAllowedUncached()`.
|
||||
* A wrapping `SourceAccessor` mix-in where `isAllowed()` caches the result of virtual `isAllowedUncached()`.
|
||||
*/
|
||||
struct CachingFilteringInputAccessor : FilteringInputAccessor
|
||||
struct CachingFilteringSourceAccessor : FilteringSourceAccessor
|
||||
{
|
||||
std::map<CanonPath, bool> cache;
|
||||
|
||||
using FilteringInputAccessor::FilteringInputAccessor;
|
||||
using FilteringSourceAccessor::FilteringSourceAccessor;
|
||||
|
||||
bool isAllowed(const CanonPath & path) override;
|
||||
|
@ -53,7 +53,7 @@ bool operator == (const git_oid & oid1, const git_oid & oid2)
|
||||
|
||||
namespace nix {
|
||||
|
||||
struct GitInputAccessor;
|
||||
struct GitSourceAccessor;
|
||||
|
||||
// Some wrapper types that ensure that the git_*_free functions get called.
|
||||
template<auto del>
|
||||
@ -330,9 +330,9 @@ struct GitRepoImpl : GitRepo, std::enable_shared_from_this<GitRepoImpl>
|
||||
}
|
||||
|
||||
/**
|
||||
* A 'GitInputAccessor' with no regard for export-ignore or any other transformations.
|
||||
* A 'GitSourceAccessor' with no regard for export-ignore or any other transformations.
|
||||
*/
|
||||
ref<GitInputAccessor> getRawAccessor(const Hash & rev);
|
||||
ref<GitSourceAccessor> getRawAccessor(const Hash & rev);
|
||||
|
||||
ref<SourceAccessor> getAccessor(const Hash & rev, bool exportIgnore) override;
|
||||
|
||||
@ -473,12 +473,12 @@ ref<GitRepo> GitRepo::openRepo(const std::filesystem::path & path, bool create,
|
||||
/**
|
||||
* Raw git tree input accessor.
|
||||
*/
|
||||
struct GitInputAccessor : SourceAccessor
|
||||
struct GitSourceAccessor : SourceAccessor
|
||||
{
|
||||
ref<GitRepoImpl> repo;
|
||||
Tree root;
|
||||
|
||||
GitInputAccessor(ref<GitRepoImpl> repo_, const Hash & rev)
|
||||
GitSourceAccessor(ref<GitRepoImpl> repo_, const Hash & rev)
|
||||
: repo(repo_)
|
||||
, root(peelObject<Tree>(*repo, lookupObject(*repo, hashToOID(rev)).get(), GIT_OBJECT_TREE))
|
||||
{
|
||||
@ -702,12 +702,12 @@ struct GitInputAccessor : SourceAccessor
|
||||
}
|
||||
};
|
||||
|
||||
struct GitExportIgnoreInputAccessor : CachingFilteringInputAccessor {
|
||||
struct GitExportIgnoreSourceAccessor : CachingFilteringSourceAccessor {
|
||||
ref<GitRepoImpl> repo;
|
||||
std::optional<Hash> rev;
|
||||
|
||||
GitExportIgnoreInputAccessor(ref<GitRepoImpl> repo, ref<SourceAccessor> next, std::optional<Hash> rev)
|
||||
: CachingFilteringInputAccessor(next, [&](const CanonPath & path) {
|
||||
GitExportIgnoreSourceAccessor(ref<GitRepoImpl> repo, ref<SourceAccessor> next, std::optional<Hash> rev)
|
||||
: CachingFilteringSourceAccessor(next, [&](const CanonPath & path) {
|
||||
return RestrictedPathError(fmt("'%s' does not exist because it was fetched with exportIgnore enabled", path));
|
||||
})
|
||||
, repo(repo)
|
||||
@ -918,18 +918,18 @@ struct GitFileSystemObjectSinkImpl : GitFileSystemObjectSink
|
||||
}
|
||||
};
|
||||
|
||||
ref<GitInputAccessor> GitRepoImpl::getRawAccessor(const Hash & rev)
|
||||
ref<GitSourceAccessor> GitRepoImpl::getRawAccessor(const Hash & rev)
|
||||
{
|
||||
auto self = ref<GitRepoImpl>(shared_from_this());
|
||||
return make_ref<GitInputAccessor>(self, rev);
|
||||
return make_ref<GitSourceAccessor>(self, rev);
|
||||
}
|
||||
|
||||
ref<SourceAccessor> GitRepoImpl::getAccessor(const Hash & rev, bool exportIgnore)
|
||||
{
|
||||
auto self = ref<GitRepoImpl>(shared_from_this());
|
||||
ref<GitInputAccessor> rawGitAccessor = getRawAccessor(rev);
|
||||
ref<GitSourceAccessor> rawGitAccessor = getRawAccessor(rev);
|
||||
if (exportIgnore) {
|
||||
return make_ref<GitExportIgnoreInputAccessor>(self, rawGitAccessor, rev);
|
||||
return make_ref<GitExportIgnoreSourceAccessor>(self, rawGitAccessor, rev);
|
||||
}
|
||||
else {
|
||||
return rawGitAccessor;
|
||||
@ -940,18 +940,18 @@ ref<SourceAccessor> GitRepoImpl::getAccessor(const WorkdirInfo & wd, bool export
|
||||
{
|
||||
auto self = ref<GitRepoImpl>(shared_from_this());
|
||||
/* In case of an empty workdir, return an empty in-memory tree. We
|
||||
cannot use AllowListInputAccessor because it would return an
|
||||
cannot use AllowListSourceAccessor because it would return an
|
||||
error for the root (and we can't add the root to the allow-list
|
||||
since that would allow access to all its children). */
|
||||
ref<SourceAccessor> fileAccessor =
|
||||
wd.files.empty()
|
||||
? makeEmptySourceAccessor()
|
||||
: AllowListInputAccessor::create(
|
||||
: AllowListSourceAccessor::create(
|
||||
makeFSSourceAccessor(path),
|
||||
std::set<CanonPath> { wd.files },
|
||||
std::move(makeNotAllowedError)).cast<SourceAccessor>();
|
||||
if (exportIgnore)
|
||||
return make_ref<GitExportIgnoreInputAccessor>(self, fileAccessor, std::nullopt);
|
||||
return make_ref<GitExportIgnoreSourceAccessor>(self, fileAccessor, std::nullopt);
|
||||
else
|
||||
return fileAccessor;
|
||||
}
|
||||
|
@ -1,6 +1,6 @@
|
||||
#pragma once
|
||||
|
||||
#include "filtering-input-accessor.hh"
|
||||
#include "filtering-source-accessor.hh"
|
||||
#include "fs-sink.hh"
|
||||
|
||||
namespace nix {
|
||||
|
@ -1,9 +0,0 @@
|
||||
#pragma once
|
||||
|
||||
#include "source-accessor.hh"
|
||||
|
||||
namespace nix {
|
||||
|
||||
ref<SourceAccessor> makeMountedInputAccessor(std::map<CanonPath, ref<SourceAccessor>> mounts);
|
||||
|
||||
}
|
@ -1,12 +1,12 @@
|
||||
#include "mounted-input-accessor.hh"
|
||||
#include "mounted-source-accessor.hh"
|
||||
|
||||
namespace nix {
|
||||
|
||||
struct MountedInputAccessor : SourceAccessor
|
||||
struct MountedSourceAccessor : SourceAccessor
|
||||
{
|
||||
std::map<CanonPath, ref<SourceAccessor>> mounts;
|
||||
|
||||
MountedInputAccessor(std::map<CanonPath, ref<SourceAccessor>> _mounts)
|
||||
MountedSourceAccessor(std::map<CanonPath, ref<SourceAccessor>> _mounts)
|
||||
: mounts(std::move(_mounts))
|
||||
{
|
||||
displayPrefix.clear();
|
||||
@ -71,9 +71,9 @@ struct MountedInputAccessor : SourceAccessor
|
||||
}
|
||||
};
|
||||
|
||||
ref<SourceAccessor> makeMountedInputAccessor(std::map<CanonPath, ref<SourceAccessor>> mounts)
|
||||
ref<SourceAccessor> makeMountedSourceAccessor(std::map<CanonPath, ref<SourceAccessor>> mounts)
|
||||
{
|
||||
return make_ref<MountedInputAccessor>(std::move(mounts));
|
||||
return make_ref<MountedSourceAccessor>(std::move(mounts));
|
||||
}
|
||||
|
||||
}
|
9
src/libfetchers/mounted-source-accessor.hh
Normal file
9
src/libfetchers/mounted-source-accessor.hh
Normal file
@ -0,0 +1,9 @@
|
||||
#pragma once
|
||||
|
||||
#include "source-accessor.hh"
|
||||
|
||||
namespace nix {
|
||||
|
||||
ref<SourceAccessor> makeMountedSourceAccessor(std::map<CanonPath, ref<SourceAccessor>> mounts);
|
||||
|
||||
}
|
@ -9,7 +9,7 @@
|
||||
#include "pathlocks.hh"
|
||||
#include "processes.hh"
|
||||
#include "git.hh"
|
||||
#include "mounted-input-accessor.hh"
|
||||
#include "mounted-source-accessor.hh"
|
||||
#include "git-utils.hh"
|
||||
#include "logging.hh"
|
||||
#include "finally.hh"
|
||||
@ -652,7 +652,7 @@ struct GitInputScheme : InputScheme
|
||||
|
||||
if (!mounts.empty()) {
|
||||
mounts.insert_or_assign(CanonPath::root, accessor);
|
||||
accessor = makeMountedInputAccessor(std::move(mounts));
|
||||
accessor = makeMountedSourceAccessor(std::move(mounts));
|
||||
}
|
||||
}
|
||||
|
||||
@ -715,7 +715,7 @@ struct GitInputScheme : InputScheme
|
||||
}
|
||||
|
||||
mounts.insert_or_assign(CanonPath::root, accessor);
|
||||
accessor = makeMountedInputAccessor(std::move(mounts));
|
||||
accessor = makeMountedSourceAccessor(std::move(mounts));
|
||||
}
|
||||
|
||||
if (!repoInfo.workdirInfo.isDirty) {
|
||||
|
@ -190,7 +190,7 @@ ref<SourceAccessor> makeEmptySourceAccessor();
|
||||
|
||||
/**
|
||||
* Exception thrown when accessing a filtered path (see
|
||||
* `FilteringInputAccessor`).
|
||||
* `FilteringSourceAccessor`).
|
||||
*/
|
||||
MakeError(RestrictedPathError, Error);
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user