Skip to content

Some storeFS and similar cleanup #14080

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 4 commits into from
Sep 25, 2025
Merged

Some storeFS and similar cleanup #14080

merged 4 commits into from
Sep 25, 2025

Conversation

@Ericson2314
Copy link
Member

Motivation

A few small things I think would be useful to land right away, including a little bit of #14050.

Context

Thinking about #14050 and trying to get rid of the store-wide accessor.

Add 👍 to pull requests you find important.

The Nix maintainer team uses a GitHub project board to schedule and track reviews.

@github-actions github-actions bot added new-cli Relating to the "nix" command fetching Networking with the outside (non-Nix) world, input locking labels Sep 25, 2025
@Ericson2314 Ericson2314 mentioned this pull request Sep 25, 2025
Merged
Ericson2314
Ericson2314 commented Sep 25, 2025
View reviewed changes
src/libexpr/include/nix/expr/eval.hh
Comment on lines +493 to +494
* Only for restrict eval: pure eval just whitelist store paths,
* never arbitrary paths.
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The implementation doesn't yet enforce this, but I think this does track for the one place this is in fact used now.

Ericson2314
Ericson2314 commented Sep 25, 2025
View reviewed changes
src/nix/profile.cc
Comment on lines +180 to +181
state.allowPath(state.store->followLinksToStorePath(profile.string()));
state.allowPath(state.store->followLinksToStorePath((profile / "manifest.nix").string()));
Copy link
Member Author

@Ericson2314 Ericson2314 Sep 25, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don't want to whitelist just part of a store object, that feels weird. Now this does whole store objects.

@Ericson2314 Ericson2314 mentioned this pull request Sep 25, 2025
Draft
@Ericson2314 Ericson2314 merged commit 4609528 into master Sep 25, 2025
40 of 42 checks passed
@Ericson2314 Ericson2314 deleted the storeFS-prep branch September 25, 2025 14:50
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@Mic92 Mic92 Mic92 approved these changes

@edolstra edolstra Awaiting requested review from edolstra edolstra is a code owner

Assignees

No one assigned

Labels

fetching Networking with the outside (non-Nix) world, input locking new-cli Relating to the "nix" command

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@Ericson2314 @Mic92 @edolstra