From fa03f239239e516a3585f9323d0eff7787fc999f Mon Sep 17 00:00:00 2001 From: eldritch horrors Date: Mon, 4 Mar 2024 07:13:00 +0100 Subject: Merge pull request #9587 from amjoseph-nixpkgs/pr/wopBuildDerivation/explain libstore/daemon.cc: note trust model difference in readDerivation()s (cherry picked from commit 5c917c32048ef185ea0eec352c3505485aa3212c) Change-Id: I9945bc84e9529b005eafdc5c08b5bf1553335340 --- src/libstore/daemon.cc | 9 +++++++++ 1 file changed, 9 insertions(+) (limited to 'src/libstore') diff --git a/src/libstore/daemon.cc b/src/libstore/daemon.cc index 3e44f6e31..18b2f64c1 100644 --- a/src/libstore/daemon.cc +++ b/src/libstore/daemon.cc @@ -574,6 +574,15 @@ static void performOp(TunnelLogger * logger, ref store, case WorkerProto::Op::BuildDerivation: { auto drvPath = store->parseStorePath(readString(from)); BasicDerivation drv; + /* + * Note: unlike wopEnsurePath, this operation reads a + * derivation-to-be-realized from the client with + * readDerivation(Source,Store) rather than reading it from + * the local store with Store::readDerivation(). Since the + * derivation-to-be-realized is not registered in the store + * it cannot be trusted that its outPath was calculated + * correctly. + */ readDerivation(from, *store, drv, Derivation::nameFromPath(drvPath)); BuildMode buildMode = (BuildMode) readInt(from); logger->startWork(); -- cgit v1.2.3