aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorYorick van Pelt <yorick@yorickvanpelt.nl>2023-05-26 15:32:28 +0200
committerYorick van Pelt <yorick@yorickvanpelt.nl>2023-05-26 15:36:47 +0200
commit2c462486fe0c1bcb5b1142507d2875e98b2418df (patch)
tree3910b99966387323f21b464f77f25b2010e915a7
parenta6c78ba367725a81aa631a7df2d0840ddd25faf5 (diff)
create pathAccessible, use it to infer default dirs
-rw-r--r--src/libexpr/eval.cc15
-rw-r--r--src/libstore/globals.cc4
-rw-r--r--src/libstore/globals.hh2
-rw-r--r--src/libutil/util.cc11
-rw-r--r--src/libutil/util.hh8
5 files changed, 26 insertions, 14 deletions
diff --git a/src/libexpr/eval.cc b/src/libexpr/eval.cc
index 61012f2ab..71fd6e6e4 100644
--- a/src/libexpr/eval.cc
+++ b/src/libexpr/eval.cc
@@ -2620,17 +2620,12 @@ Strings EvalSettings::getDefaultNixPath()
{
Strings res;
auto add = [&](const Path & p, const std::string & s = std::string()) {
- try {
- if (pathExists(p)) {
- if (s.empty()) {
- res.push_back(p);
- } else {
- res.push_back(s + "=" + p);
- }
+ if (pathAccessible(p)) {
+ if (s.empty()) {
+ res.push_back(p);
+ } else {
+ res.push_back(s + "=" + p);
}
- } catch (SysError & e) {
- // swallow EPERM
- if (e.errNo != EPERM) throw;
}
};
diff --git a/src/libstore/globals.cc b/src/libstore/globals.cc
index a196c10e6..32e9a6ea9 100644
--- a/src/libstore/globals.cc
+++ b/src/libstore/globals.cc
@@ -57,8 +57,6 @@ Settings::Settings()
auto sslOverride = getEnv("NIX_SSL_CERT_FILE").value_or(getEnv("SSL_CERT_FILE").value_or(""));
if (sslOverride != "")
caFile = sslOverride;
- else if (caFile == "")
- caFile = getDefaultSSLCertFile();
/* Backwards compatibility. */
auto s = getEnv("NIX_REMOTE_SYSTEMS");
@@ -185,7 +183,7 @@ bool Settings::isWSL1()
Path Settings::getDefaultSSLCertFile()
{
for (auto & fn : {"/etc/ssl/certs/ca-certificates.crt", "/nix/var/nix/profiles/default/etc/ssl/certs/ca-bundle.crt"})
- if (pathExists(fn)) return fn;
+ if (pathAccessible(fn)) return fn;
return "";
}
diff --git a/src/libstore/globals.hh b/src/libstore/globals.hh
index 34b4f24a7..31dfe5b4e 100644
--- a/src/libstore/globals.hh
+++ b/src/libstore/globals.hh
@@ -842,7 +842,7 @@ public:
)"};
Setting<Path> caFile{
- this, "", "ssl-cert-file",
+ this, getDefaultSSLCertFile(), "ssl-cert-file",
R"(
The path of a file containing CA certificates used to
authenticate `https://` downloads. Nix by default will use
diff --git a/src/libutil/util.cc b/src/libutil/util.cc
index 3a8309149..aa0a154fd 100644
--- a/src/libutil/util.cc
+++ b/src/libutil/util.cc
@@ -266,6 +266,17 @@ bool pathExists(const Path & path)
return false;
}
+bool pathAccessible(const Path & path)
+{
+ try {
+ return pathExists(path);
+ } catch (SysError & e) {
+ // swallow EPERM
+ if (e.errNo == EPERM) return false;
+ throw;
+ }
+}
+
Path readLink(const Path & path)
{
diff --git a/src/libutil/util.hh b/src/libutil/util.hh
index a7907cd14..00fcb9b79 100644
--- a/src/libutil/util.hh
+++ b/src/libutil/util.hh
@@ -121,6 +121,14 @@ struct stat lstat(const Path & path);
bool pathExists(const Path & path);
/**
+ * A version of pathExists that returns false on a permission error.
+ * Useful for inferring default paths across directories that might not
+ * be readable.
+ * @return true iff the given path can be accessed and exists
+ */
+bool pathAccessible(const Path & path);
+
+/**
* Read the contents (target) of a symbolic link. The result is not
* in any way canonicalised.
*/