Put read-only setting behind an experimental flag.

src/libstore/local-store.cc

@@ -202,6 +202,10 @@ LocalStore::LocalStore(const Params & params)
         createSymlink(profilesDir, gcRootsDir + "/profiles");
     }
 
+    if (readOnly) {
+        experimentalFeatureSettings.require(Xp::ReadOnlyLocalStore);
+    }
+
     for (auto & perUserDir : {profilesDir + "/per-user", gcRootsDir + "/per-user"}) {
         createDirs(perUserDir);
         if (!readOnly) {

src/libutil/experimental-features.cc

@@ -12,7 +12,7 @@ struct ExperimentalFeatureDetails
     std::string_view description;
 };
 
-constexpr std::array<ExperimentalFeatureDetails, 13> xpFeatureDetails = {{
+constexpr std::array<ExperimentalFeatureDetails, 14> xpFeatureDetails = {{
     {
         .tag = Xp::CaDerivations,
         .name = "ca-derivations",
@@ -209,6 +209,22 @@ constexpr std::array<ExperimentalFeatureDetails, 13> xpFeatureDetails = {{
                 files.
         )",
     },
+    {
+        .tag = Xp::ReadOnlyLocalStore,
+        .name = "read-only-local-store",
+        .description = R"(
+            Allow the use of the `read-only` parameter in local store URIs.
+
+            Set this parameter to `true` to allow stores with databases on read-only
+            filesystems to be opened for querying; ordinarily Nix will refuse to do this.
+
+            Enabling this setting disables the locking required for safe concurrent
+            access, so you should be certain that the database will not be changed.
+            While the filesystem the database resides on might be read-only to this
+            process, consider whether another user, process, or system, might have
+            write access to it.
+        )",
+    },
 }};
 
 static_assert(

src/libutil/experimental-features.hh

@@ -30,6 +30,7 @@ enum struct ExperimentalFeature
     DiscardReferences,
     DaemonTrustOverride,
     DynamicDerivations,
+    ReadOnlyLocalStore,
 };
 
 /**