#pragma once #include "types.hh" #include "serialise.hh" namespace nix { /* dumpPath creates a Nix archive of the specified path. The format is as follows: IF path points to a REGULAR FILE: dump(path) = attrs( [ ("type", "regular") , ("contents", contents(path)) ]) IF path points to a DIRECTORY: dump(path) = attrs( [ ("type", "directory") , ("entries", concat(map(f, sort(entries(path))))) ]) where f(fn) = attrs( [ ("name", fn) , ("file", dump(path + "/" + fn)) ]) where: attrs(as) = concat(map(attr, as)) + encN(0) attrs((a, b)) = encS(a) + encS(b) encS(s) = encN(len(s)) + s + (padding until next 64-bit boundary) encN(n) = 64-bit little-endian encoding of n. contents(path) = the contents of a regular file. sort(strings) = lexicographic sort by 8-bit value (strcmp). entries(path) = the entries of a directory, without `.' and `..'. `+' denotes string concatenation. */ struct PathFilter { virtual ~PathFilter() { } virtual bool operator () (const Path & path) { return true; } }; extern PathFilter defaultPathFilter; void dumpPath(const Path & path, Sink & sink, PathFilter & filter = defaultPathFilter); struct ParseSink { virtual void createDirectory(const Path & path) { }; virtual void createRegularFile(const Path & path) { }; virtual void isExecutable() { }; virtual void preallocateContents(unsigned long long size) { }; virtual void receiveContents(unsigned char * data, unsigned int len) { }; virtual void createSymlink(const Path & path, const string & target) { }; }; void parseDump(ParseSink & sink, Source & source); void restorePath(const Path & path, Source & source); } msg
path: root/gnu/build/activation.scm
AgeCommit message (Expand)Author
2024-11-03activation: Create directory with specified perms in ‘mkdir-p/perms’....There is currently a window of time between when the desired directory is created and when its permissions are changed. During this time, its permissions are restricted only by the umask. Of course, in the "directory already exists" case, this doesn't matter, but if the directory has been specifically deleted ahead of time so that it is created afresh, this is an unnecessary window. We can avoid this by passing the caller-provided BITS to 'mkdirat' when attempting to create the last directory. * gnu/build/activation.scm (mkdir-p/perms): Create target directory with BITS permissions. Change-Id: I03d2c620872e86b6f591abe0f1c8317aa1245383 Signed-off-by: Ludovic Courtès <ludo@gnu.org> Reepca Russelstein
2024-09-06activation: Fix TOCTTOU in mkdir-p/perms....Fixes <https://issues.guix.gnu.org/47584>. I removed the 'Based upon mkdir-p from (guix build utils)' comment because it's quite a bit different now. * gnu/build/activation.scm (verify-not-symbolic): Delete. (mkdir-p/perms): Rewrite in terms of 'openat'. Signed-off-by: Ludovic Courtès <ludo@gnu.org> Change-Id: Id2f5bcbb903283afd45f6109190210d02eb383c7 Maxime Devos
2024-08-11privilege: Add POSIX capabilities(7) support....* gnu/system/privilege.scm (<privileged-program>): Add a field representing the program's POSIX capabilities. (privileged-program-capabilities): New public procedure. * doc/guix.texi (Privileged Programs): Document it. * gnu/build/activation.scm (activate-privileged-programs): Take a LIBCAP package argument providing setcap(8) to apply said capabilities. * gnu/services.scm (privileged-program->activation-gexp): Pass said package argument where supported. Include privileged-program-capabilities in the compatibility hack. Tobias Geerinckx-Rice
2024-08-11build: Rename activate-setuid-programs....* gnu/build/activation.scm (activate-setuid-programs): Rename this… (activate-privileged-programs): …to this. Operate on a list of <privileged-program> records. * gnu/services.scm (setuid-program->activation-gexp): Adjust caller. Tobias Geerinckx-Rice
2024-08-11services: setuid-program: Populate /run/privileged/bin....Create /run/setuid-programs compatibility symlinks so that we can migrate all users (both package and human) piecemeal at our leisure. Apart from being symlinks, this should be a user-invisible change. * gnu/build/activation.scm (%privileged-program-directory): New variable. [activate-setuid-programs]: Put privileged copies in %PRIVILEGED-PROGRAM-DIRECTORY, with compatibility symlinks to each in %SETUID-DIRECTORY. * gnu/services.scm (setuid-program-service-type): Update docstring. * doc/guix.texi (Setuid Programs): Update @file{} name accordingly. Tobias Geerinckx-Rice
2024-02-19services: activation: Ensure /run existence....* gnu/build/activation.scm (activation-script): Ensure /var/run existence. * gnu/build/install.scm (evaluate-populate-directive) [directives]: Remove directory /run. Change-Id: I19ca8e7605c0cff598ab89077a94e20390ba27b0 Signed-off-by: Ludovic Courtès <ludo@gnu.org> Nicolas Graves