diff options
| author | Jude Taylor <me@jude.bio> | 2015-11-14 14:09:52 -0800 |
|---|---|---|
| committer | Jude Taylor <me@jude.bio> | 2015-11-14 14:11:03 -0800 |
| commit | bd09a4c96799275d105b5ffe9a6fcb60200deb5f (patch) | |
| tree | 2c05ef134f21c206a7b5da9d1b82e2f1868903dd /src/libstore/build.cc | |
| parent | 4876bb012e78e6e397f34fd7fb91f67520cbd744 (diff) | |
simplify build.cc using modern C++ features
Diffstat (limited to 'src/libstore/build.cc')
| -rw-r--r-- | src/libstore/build.cc | 64 |
1 files changed, 31 insertions, 33 deletions
diff --git a/src/libstore/build.cc b/src/libstore/build.cc index 32325a6b1..1dee1ca2c 100644 --- a/src/libstore/build.cc +++ b/src/libstore/build.cc @@ -1921,35 +1921,35 @@ void DerivationGoal::startBuilder() for (auto & i : closure) dirsInChroot[i] = i; - if(!SANDBOX_ENABLED) { - string allowed = settings.get("allowed-impure-host-deps", string(DEFAULT_ALLOWED_IMPURE_PREFIXES)); - PathSet allowedPaths = tokenizeString<StringSet>(allowed); - - /* This works like the above, except on a per-derivation level */ - Strings impurePaths = tokenizeString<Strings>(get(drv->env, "__impureHostDeps")); - - for (auto & i : impurePaths) { - bool found = false; - /* Note: we're not resolving symlinks here to prevent - giving a non-root user info about inaccessible - files. */ - Path canonI = canonPath(i); - /* If only we had a trie to do this more efficiently :) luckily, these are generally going to be pretty small */ - for (auto & a : allowedPaths) { - Path canonA = canonPath(a); - if (canonI == canonA || isInDir(canonI, canonA)) { - found = true; - break; - } - } - if (!found) - throw Error(format("derivation '%1%' requested impure path ‘%2%’, but it was not in allowed-impure-host-deps (‘%3%’)") % drvPath % i % allowed); - - dirsInChroot[i] = i; - } - } else { - additionalSandboxProfile = get(drv->env, "__sandboxProfile"); +#if SANDBOX_ENABLED + additionalSandboxProfile = get(drv->env, "__sandboxProfile"); +#else + string allowed = settings.get("allowed-impure-host-deps", string(DEFAULT_ALLOWED_IMPURE_PREFIXES)); + PathSet allowedPaths = tokenizeString<StringSet>(allowed); + + /* This works like the above, except on a per-derivation level */ + Strings impurePaths = tokenizeString<Strings>(get(drv->env, "__impureHostDeps")); + + for (auto & i : impurePaths) { + bool found = false; + /* Note: we're not resolving symlinks here to prevent + giving a non-root user info about inaccessible + files. */ + Path canonI = canonPath(i); + /* If only we had a trie to do this more efficiently :) luckily, these are generally going to be pretty small */ + for (auto & a : allowedPaths) { + Path canonA = canonPath(a); + if (canonI == canonA || isInDir(canonI, canonA)) { + found = true; + break; + } + } + if (!found) + throw Error(format("derivation '%1%' requested impure path ‘%2%’, but it was not in allowed-impure-host-deps (‘%3%’)") % drvPath % i % allowed); + + dirsInChroot[i] = i; } +#endif #if CHROOT_ENABLED /* Create a temporary directory in which we set up the chroot @@ -2527,17 +2527,15 @@ void DerivationGoal::runChild() debug("Generated sandbox profile:"); debug(sandboxProfile); - char *tmpProfile = strdup((format("%1%/nix-sandboxXXXXXX.sb") % globalTmpDir).str().c_str()); - int profileFd = mkstemps(tmpProfile, 3); - closeOnExec(profileFd); - writeFull(profileFd, sandboxProfile); + Path tmpProfile = createTempDir() + "/profile.sb"; + writeFile(tmpProfile, sandboxProfile); builder = "/usr/bin/sandbox-exec"; args.push_back("sandbox-exec"); args.push_back("-f"); args.push_back(tmpProfile); args.push_back("-D"); - args.push_back((format("_GLOBAL_TMP_DIR=%1%") % globalTmpDir).str()); + args.push_back("_GLOBAL_TMP_DIR=" + globalTmpDir); args.push_back(drv->builder); } else { builder = drv->builder.c_str(); |