Merge "feat: unprivileged read-only open of SQLite DB" into main

author: Raito Bezarius <raito@lix.systems> 2024-03-29 00:49:17 +0000
committer: Gerrit Code Review <gerrit@lix> 2024-03-29 00:49:17 +0000
commit: 55350bd68decdc1287a34e0b52a1f9fce9ae854b (patch)
tree: 0b53a8dad41040dc9523e2fe22915c8eae1488f8 /src
parent: 62332c12505adc033eca7355de2b8a469355664f (diff)
parent: 8044540c426b0dbe4919a74ea9434663ab5a13b2 (diff)
1 files changed, 9 insertions, 0 deletions
diff --git a/src/libstore/local-store.cc b/src/libstore/local-store.cc
index 29081244f..db3934d5e 100644
--- a/src/libstore/local-store.cc
+++ b/src/libstore/local-store.cc
@@ -548,6 +548,15 @@ void LocalStore::openDB(State & state, bool create)
         sqlite3_exec(db, ("pragma main.journal_mode = " + mode + ";").c_str(), 0, 0, 0) != SQLITE_OK)
         SQLiteError::throw_(db, "setting journal mode");
 
+    if (mode == "wal" ) {
+         /* persist the WAL files when the DB connection is closed.
+         * This allows for read-only connections without any write permissions
+         * on the state directory to succeed on a closed database. */
+        int enable = 1;
+        if (sqlite3_file_control(db, NULL, SQLITE_FCNTL_PERSIST_WAL, &enable) != SQLITE_OK)
+            SQLiteError::throw_(db, "setting persistent WAL mode");
+    }
+
     /* Increase the auto-checkpoint interval to 40000 pages.  This
        seems enough to ensure that instantiating the NixOS system
        derivation is done in a single fsync(). */
author	Raito Bezarius <raito@lix.systems>	2024-03-29 00:49:17 +0000
committer	Gerrit Code Review <gerrit@lix>	2024-03-29 00:49:17 +0000
commit	55350bd68decdc1287a34e0b52a1f9fce9ae854b (patch)
tree	0b53a8dad41040dc9523e2fe22915c8eae1488f8 /src
parent	62332c12505adc033eca7355de2b8a469355664f (diff)
parent	8044540c426b0dbe4919a74ea9434663ab5a13b2 (diff)