nix-super/src/libstore/unix/posix-fs-canonicalise.hh

#pragma once
///@file

#include <sys/stat.h>
#include <sys/time.h>

#include "types.hh"
#include "error.hh"

namespace nix {

typedef std::pair<dev_t, ino_t> Inode;
typedef std::set<Inode> InodesSeen;


/**
 * "Fix", or canonicalise, the meta-data of the files in a store path
 * after it has been built.  In particular:
 *
 * - the last modification date on each file is set to 1 (i.e.,
 *   00:00:01 1/1/1970 UTC)
 *
 * - the permissions are set of 444 or 555 (i.e., read-only with or
 *   without execute permission; setuid bits etc. are cleared)
 *
 * - the owner and group are set to the Nix user and group, if we're
 *   running as root.
 *
 * If uidRange is not empty, this function will throw an error if it
 * encounters files owned by a user outside of the closed interval
 * [uidRange->first, uidRange->second].
 */
void canonicalisePathMetaData(
    const Path & path,
    std::optional<std::pair<uid_t, uid_t>> uidRange,
    InodesSeen & inodesSeen);
void canonicalisePathMetaData(
    const Path & path,
    std::optional<std::pair<uid_t, uid_t>> uidRange);

void canonicaliseTimestampAndPermissions(const Path & path);

MakeError(PathInUse, Error);

}
Put `canonicaliseTimestampAndPermissions` in its own header/file It is not inherently tied to `LocalStore`, it could probably even go in `libnixutil`. Functions not attached to `LocalStore` should not be declared in `local-store.hh`. I am moving it to facilitate experimenting for #9344. If canonicalisation should be done client-side in client-side builds, there wouldn't be a `LocalStore` at all so having to include that header to get this freestanding function is cumbersome and wrong. Perhaps canonicalisation should still be done server-side for security reasons --- I don't mean to make that judgement call now --- but even if so, this freestanding function still isn't connected to `LocalStore` so while less urgent it is still better to move out of this header. 2023-11-19 17:17:57 +02:00			`#pragma once`
			`///@file`

			`#include <sys/stat.h>`
			`#include <sys/time.h>`

			`#include "types.hh"`
			`#include "error.hh"`

			`namespace nix {`

			`typedef std::pair<dev_t, ino_t> Inode;`
			`typedef std::set<Inode> InodesSeen;`


			`/**`
			`* "Fix", or canonicalise, the meta-data of the files in a store path`
			`* after it has been built. In particular:`
			`*`
			`* - the last modification date on each file is set to 1 (i.e.,`
			`* 00:00:01 1/1/1970 UTC)`
			`*`
			`* - the permissions are set of 444 or 555 (i.e., read-only with or`
			`* without execute permission; setuid bits etc. are cleared)`
			`*`
			`* - the owner and group are set to the Nix user and group, if we're`
			`* running as root.`
			`*`
			`* If uidRange is not empty, this function will throw an error if it`
			`* encounters files owned by a user outside of the closed interval`
			`* [uidRange->first, uidRange->second].`
			`*/`
			`void canonicalisePathMetaData(`
			`const Path & path,`
			`std::optional<std::pair<uid_t, uid_t>> uidRange,`
			`InodesSeen & inodesSeen);`
			`void canonicalisePathMetaData(`
			`const Path & path,`
			`std::optional<std::pair<uid_t, uid_t>> uidRange);`

			`void canonicaliseTimestampAndPermissions(const Path & path);`

			`MakeError(PathInUse, Error);`

			`}`