From ef28c7329c68c8e792400c9e9dec65bd4c20584d Mon Sep 17 00:00:00 2001
From: Eelco Dolstra <edolstra@gmail.com>
Date: Mon, 6 May 2024 19:16:52 +0200
Subject: [PATCH] Rename makeFSSourceAccessor -> getFSSourceAccessor()

This makes it clearer that it returns a shared accessor object.
---
 src/libcmd/installables.cc                       | 2 +-
 src/libexpr/eval.cc                              | 4 ++--
 src/libfetchers/unix/mercurial.cc                | 4 ++--
 src/libstore/unix/build/local-derivation-goal.cc | 8 ++++----
 src/libstore/unix/local-store.cc                 | 4 ++--
 src/libutil/posix-source-accessor.cc             | 2 +-
 src/libutil/source-accessor.hh                   | 7 +++++--
 7 files changed, 17 insertions(+), 14 deletions(-)

diff --git a/src/libcmd/installables.cc b/src/libcmd/installables.cc
index 0d42a62cc..43e312540 100644
--- a/src/libcmd/installables.cc
+++ b/src/libcmd/installables.cc
@@ -146,7 +146,7 @@ MixFlakeOptions::MixFlakeOptions()
         .category = category,
         .labels = {"flake-lock-path"},
         .handler = {[&](std::string lockFilePath) {
-            lockFlags.referenceLockFilePath = {makeFSSourceAccessor(), CanonPath(absPath(lockFilePath))};
+            lockFlags.referenceLockFilePath = {getFSSourceAccessor(), CanonPath(absPath(lockFilePath))};
         }},
         .completer = completePath
     });
diff --git a/src/libexpr/eval.cc b/src/libexpr/eval.cc
index ad6cdc6d2..d7e3a2cdb 100644
--- a/src/libexpr/eval.cc
+++ b/src/libexpr/eval.cc
@@ -399,14 +399,14 @@ EvalState::EvalState(
     , emptyBindings(0)
     , rootFS(
         evalSettings.restrictEval || evalSettings.pureEval
-        ? ref<SourceAccessor>(AllowListSourceAccessor::create(makeFSSourceAccessor(), {},
+        ? ref<SourceAccessor>(AllowListSourceAccessor::create(getFSSourceAccessor(), {},
             [](const CanonPath & path) -> RestrictedPathError {
                 auto modeInformation = evalSettings.pureEval
                     ? "in pure evaluation mode (use '--impure' to override)"
                     : "in restricted mode";
                 throw RestrictedPathError("access to absolute path '%1%' is forbidden %2%", path, modeInformation);
             }))
-        : makeFSSourceAccessor())
+        : getFSSourceAccessor())
     , corepkgsFS(make_ref<MemorySourceAccessor>())
     , internalFS(make_ref<MemorySourceAccessor>())
     , derivationInternal{corepkgsFS->addFile(
diff --git a/src/libfetchers/unix/mercurial.cc b/src/libfetchers/unix/mercurial.cc
index 838cb41bf..049faffa8 100644
--- a/src/libfetchers/unix/mercurial.cc
+++ b/src/libfetchers/unix/mercurial.cc
@@ -212,7 +212,7 @@ struct MercurialInputScheme : InputScheme
 
                 auto storePath = store->addToStore(
                     input.getName(),
-                    {makeFSSourceAccessor(), CanonPath(actualPath)},
+                    {getFSSourceAccessor(), CanonPath(actualPath)},
                     FileIngestionMethod::Recursive, HashAlgorithm::SHA256, {},
                     filter);
 
@@ -318,7 +318,7 @@ struct MercurialInputScheme : InputScheme
 
         deletePath(tmpDir + "/.hg_archival.txt");
 
-        auto storePath = store->addToStore(name, {makeFSSourceAccessor(), CanonPath(tmpDir)});
+        auto storePath = store->addToStore(name, {getFSSourceAccessor(), CanonPath(tmpDir)});
 
         Attrs infoAttrs({
             {"rev", input.getRev()->gitRev()},
diff --git a/src/libstore/unix/build/local-derivation-goal.cc b/src/libstore/unix/build/local-derivation-goal.cc
index 24f6897c6..3b010350d 100644
--- a/src/libstore/unix/build/local-derivation-goal.cc
+++ b/src/libstore/unix/build/local-derivation-goal.cc
@@ -2492,7 +2492,7 @@ SingleDrvOutputs LocalDerivationGoal::registerOutputs()
                     HashModuloSink caSink { outputHash.hashAlgo, oldHashPart };
                     auto fim = outputHash.method.getFileIngestionMethod();
                     dumpPath(
-                        {makeFSSourceAccessor(), CanonPath(actualPath)},
+                        {getFSSourceAccessor(), CanonPath(actualPath)},
                         caSink,
                         (FileSerialisationMethod) fim);
                     return caSink.finish().first;
@@ -2500,7 +2500,7 @@ SingleDrvOutputs LocalDerivationGoal::registerOutputs()
                 case FileIngestionMethod::Git: {
                     return git::dumpHash(
                         outputHash.hashAlgo,
-                        {makeFSSourceAccessor(), CanonPath(tmpDir + "/tmp")}).hash;
+                        {getFSSourceAccessor(), CanonPath(tmpDir + "/tmp")}).hash;
                 }
                 }
                 assert(false);
@@ -2528,7 +2528,7 @@ SingleDrvOutputs LocalDerivationGoal::registerOutputs()
 
             {
                 HashResult narHashAndSize = hashPath(
-                    {makeFSSourceAccessor(), CanonPath(actualPath)},
+                    {getFSSourceAccessor(), CanonPath(actualPath)},
                     FileSerialisationMethod::Recursive, HashAlgorithm::SHA256);
                 newInfo0.narHash = narHashAndSize.first;
                 newInfo0.narSize = narHashAndSize.second;
@@ -2551,7 +2551,7 @@ SingleDrvOutputs LocalDerivationGoal::registerOutputs()
                         std::string { requiredFinalPath.hashPart() });
                 rewriteOutput(outputRewrites);
                 HashResult narHashAndSize = hashPath(
-                    {makeFSSourceAccessor(), CanonPath(actualPath)},
+                    {getFSSourceAccessor(), CanonPath(actualPath)},
                     FileSerialisationMethod::Recursive, HashAlgorithm::SHA256);
                 ValidPathInfo newInfo0 { requiredFinalPath, narHashAndSize.first };
                 newInfo0.narSize = narHashAndSize.second;
diff --git a/src/libstore/unix/local-store.cc b/src/libstore/unix/local-store.cc
index 7b3ba1347..a3de523a3 100644
--- a/src/libstore/unix/local-store.cc
+++ b/src/libstore/unix/local-store.cc
@@ -1252,7 +1252,7 @@ StorePath LocalStore::addToStoreFromDump(
         methodsMatch
             ? dumpHash
             : hashPath(
-                {makeFSSourceAccessor(), CanonPath(tempPath)},
+                {getFSSourceAccessor(), CanonPath(tempPath)},
                 hashMethod.getFileIngestionMethod(), hashAlgo),
         {
             .others = references,
@@ -1392,7 +1392,7 @@ bool LocalStore::verifyStore(bool checkContents, RepairFlag repair)
             Path linkPath = linksDir + "/" + link.name;
             PosixSourceAccessor accessor;
             std::string hash = hashPath(
-                {makeFSSourceAccessor(), CanonPath(linkPath)},
+                {getFSSourceAccessor(), CanonPath(linkPath)},
                 FileIngestionMethod::Recursive, HashAlgorithm::SHA256).to_string(HashFormat::Nix32, false);
             if (hash != link.name) {
                 printError("link '%s' was modified! expected hash '%s', got '%s'",
diff --git a/src/libutil/posix-source-accessor.cc b/src/libutil/posix-source-accessor.cc
index f3551db42..e9c554939 100644
--- a/src/libutil/posix-source-accessor.cc
+++ b/src/libutil/posix-source-accessor.cc
@@ -167,7 +167,7 @@ void PosixSourceAccessor::assertNoSymlinks(CanonPath path)
     }
 }
 
-ref<SourceAccessor> makeFSSourceAccessor()
+ref<SourceAccessor> getFSSourceAccessor()
 {
     static auto rootFS = make_ref<PosixSourceAccessor>();
     return rootFS;
diff --git a/src/libutil/source-accessor.hh b/src/libutil/source-accessor.hh
index b3fb9fe08..d7fb0af5f 100644
--- a/src/libutil/source-accessor.hh
+++ b/src/libutil/source-accessor.hh
@@ -197,10 +197,13 @@ MakeError(RestrictedPathError, Error);
 /**
  * Return an accessor for the root filesystem.
  */
-ref<SourceAccessor> makeFSSourceAccessor();
+ref<SourceAccessor> getFSSourceAccessor();
 
 /**
- * Return an accessor for the filesystem rooted at `root`.
+ * Construct an accessor for the filesystem rooted at `root`. Note
+ * that it is not possible to escape `root` by appending `..` path
+ * elements, and that absolute symlinks are resolved relative to
+ * `root`.
  */
 ref<SourceAccessor> makeFSSourceAccessor(std::filesystem::path root);