diff --git a/src/libstore/local-store.cc b/src/libstore/local-store.cc index c25aa0e72..4188d413f 100644 --- a/src/libstore/local-store.cc +++ b/src/libstore/local-store.cc @@ -202,6 +202,10 @@ LocalStore::LocalStore(const Params & params) createSymlink(profilesDir, gcRootsDir + "/profiles"); } + if (readOnly) { + experimentalFeatureSettings.require(Xp::ReadOnlyLocalStore); + } + for (auto & perUserDir : {profilesDir + "/per-user", gcRootsDir + "/per-user"}) { createDirs(perUserDir); if (!readOnly) { diff --git a/src/libutil/experimental-features.cc b/src/libutil/experimental-features.cc index ad0ec0427..29f5b84db 100644 --- a/src/libutil/experimental-features.cc +++ b/src/libutil/experimental-features.cc @@ -12,7 +12,7 @@ struct ExperimentalFeatureDetails std::string_view description; }; -constexpr std::array xpFeatureDetails = {{ +constexpr std::array xpFeatureDetails = {{ { .tag = Xp::CaDerivations, .name = "ca-derivations", @@ -209,6 +209,22 @@ constexpr std::array xpFeatureDetails = {{ files. )", }, + { + .tag = Xp::ReadOnlyLocalStore, + .name = "read-only-local-store", + .description = R"( + Allow the use of the `read-only` parameter in local store URIs. + + Set this parameter to `true` to allow stores with databases on read-only + filesystems to be opened for querying; ordinarily Nix will refuse to do this. + + Enabling this setting disables the locking required for safe concurrent + access, so you should be certain that the database will not be changed. + While the filesystem the database resides on might be read-only to this + process, consider whether another user, process, or system, might have + write access to it. + )", + }, }}; static_assert( diff --git a/src/libutil/experimental-features.hh b/src/libutil/experimental-features.hh index 409100592..19d425b6d 100644 --- a/src/libutil/experimental-features.hh +++ b/src/libutil/experimental-features.hh @@ -30,6 +30,7 @@ enum struct ExperimentalFeature DiscardReferences, DaemonTrustOverride, DynamicDerivations, + ReadOnlyLocalStore, }; /**