diff --git a/maintainers/flake-module.nix b/maintainers/flake-module.nix index d35b03148..fdac87be3 100644 --- a/maintainers/flake-module.nix +++ b/maintainers/flake-module.nix @@ -113,15 +113,15 @@ ''^src/libfetchers/fetch-to-store\.cc$'' ''^src/libfetchers/fetchers\.cc$'' ''^src/libfetchers/fetchers\.hh$'' - ''^src/libfetchers/filtering-input-accessor\.cc$'' - ''^src/libfetchers/filtering-input-accessor\.hh$'' - ''^src/libfetchers/fs-input-accessor\.cc$'' - ''^src/libfetchers/fs-input-accessor\.hh$'' + ''^src/libfetchers/filtering-source-accessor\.cc$'' + ''^src/libfetchers/filtering-source-accessor\.hh$'' + ''^src/libfetchers/fs-source-accessor\.cc$'' + ''^src/libfetchers/fs-source-accessor\.hh$'' ''^src/libfetchers/git-utils\.cc$'' ''^src/libfetchers/git-utils\.hh$'' ''^src/libfetchers/github\.cc$'' ''^src/libfetchers/indirect\.cc$'' - ''^src/libfetchers/memory-input-accessor\.cc$'' + ''^src/libfetchers/memory-source-accessor\.cc$'' ''^src/libfetchers/path\.cc$'' ''^src/libfetchers/registry\.cc$'' ''^src/libfetchers/registry\.hh$'' @@ -302,7 +302,7 @@ ''^src/libutil/hash\.hh$'' ''^src/libutil/hilite\.cc$'' ''^src/libutil/hilite\.hh$'' - ''^src/libutil/input-accessor\.hh$'' + ''^src/libutil/source-accessor\.hh$'' ''^src/libutil/json-impls\.hh$'' ''^src/libutil/json-utils\.cc$'' ''^src/libutil/json-utils\.hh$'' diff --git a/src/libexpr/eval.cc b/src/libexpr/eval.cc index 6fd60084d..ad6cdc6d2 100644 --- a/src/libexpr/eval.cc +++ b/src/libexpr/eval.cc @@ -15,7 +15,7 @@ #include "function-trace.hh" #include "profiles.hh" #include "print.hh" -#include "filtering-input-accessor.hh" +#include "filtering-source-accessor.hh" #include "memory-source-accessor.hh" #include "signals.hh" #include "gc-small-vector.hh" @@ -399,7 +399,7 @@ EvalState::EvalState( , emptyBindings(0) , rootFS( evalSettings.restrictEval || evalSettings.pureEval - ? ref(AllowListInputAccessor::create(makeFSSourceAccessor(), {}, + ? ref(AllowListSourceAccessor::create(makeFSSourceAccessor(), {}, [](const CanonPath & path) -> RestrictedPathError { auto modeInformation = evalSettings.pureEval ? "in pure evaluation mode (use '--impure' to override)" @@ -460,7 +460,7 @@ EvalState::EvalState( } /* Allow access to all paths in the search path. */ - if (rootFS.dynamic_pointer_cast()) + if (rootFS.dynamic_pointer_cast()) for (auto & i : lookupPath.elements) resolveLookupPathPath(i.path, true); @@ -480,13 +480,13 @@ EvalState::~EvalState() void EvalState::allowPath(const Path & path) { - if (auto rootFS2 = rootFS.dynamic_pointer_cast()) + if (auto rootFS2 = rootFS.dynamic_pointer_cast()) rootFS2->allowPrefix(CanonPath(path)); } void EvalState::allowPath(const StorePath & storePath) { - if (auto rootFS2 = rootFS.dynamic_pointer_cast()) + if (auto rootFS2 = rootFS.dynamic_pointer_cast()) rootFS2->allowPrefix(CanonPath(store->toRealPath(storePath))); } @@ -540,13 +540,13 @@ void EvalState::checkURI(const std::string & uri) /* If the URI is a path, then check it against allowedPaths as well. */ if (hasPrefix(uri, "/")) { - if (auto rootFS2 = rootFS.dynamic_pointer_cast()) + if (auto rootFS2 = rootFS.dynamic_pointer_cast()) rootFS2->checkAccess(CanonPath(uri)); return; } if (hasPrefix(uri, "file://")) { - if (auto rootFS2 = rootFS.dynamic_pointer_cast()) + if (auto rootFS2 = rootFS.dynamic_pointer_cast()) rootFS2->checkAccess(CanonPath(uri.substr(7))); return; } diff --git a/src/libexpr/flake/call-flake.nix b/src/libexpr/flake/call-flake.nix index d0ccb1e37..a411564df 100644 --- a/src/libexpr/flake/call-flake.nix +++ b/src/libexpr/flake/call-flake.nix @@ -4,7 +4,7 @@ lockFileStr: # A mapping of lock file node IDs to { sourceInfo, subdir } attrsets, -# with sourceInfo.outPath providing an InputAccessor to a previously +# with sourceInfo.outPath providing an SourceAccessor to a previously # fetched tree. This is necessary for possibly unlocked inputs, in # particular the root input, but also --override-inputs pointing to # unlocked trees. diff --git a/src/libfetchers/filtering-input-accessor.cc b/src/libfetchers/filtering-source-accessor.cc similarity index 61% rename from src/libfetchers/filtering-input-accessor.cc rename to src/libfetchers/filtering-source-accessor.cc index d2b47b5e5..dfd9e536d 100644 --- a/src/libfetchers/filtering-input-accessor.cc +++ b/src/libfetchers/filtering-source-accessor.cc @@ -1,25 +1,25 @@ -#include "filtering-input-accessor.hh" +#include "filtering-source-accessor.hh" namespace nix { -std::string FilteringInputAccessor::readFile(const CanonPath & path) +std::string FilteringSourceAccessor::readFile(const CanonPath & path) { checkAccess(path); return next->readFile(prefix / path); } -bool FilteringInputAccessor::pathExists(const CanonPath & path) +bool FilteringSourceAccessor::pathExists(const CanonPath & path) { return isAllowed(path) && next->pathExists(prefix / path); } -std::optional FilteringInputAccessor::maybeLstat(const CanonPath & path) +std::optional FilteringSourceAccessor::maybeLstat(const CanonPath & path) { checkAccess(path); return next->maybeLstat(prefix / path); } -SourceAccessor::DirEntries FilteringInputAccessor::readDirectory(const CanonPath & path) +SourceAccessor::DirEntries FilteringSourceAccessor::readDirectory(const CanonPath & path) { checkAccess(path); DirEntries entries; @@ -30,18 +30,18 @@ SourceAccessor::DirEntries FilteringInputAccessor::readDirectory(const CanonPath return entries; } -std::string FilteringInputAccessor::readLink(const CanonPath & path) +std::string FilteringSourceAccessor::readLink(const CanonPath & path) { checkAccess(path); return next->readLink(prefix / path); } -std::string FilteringInputAccessor::showPath(const CanonPath & path) +std::string FilteringSourceAccessor::showPath(const CanonPath & path) { return displayPrefix + next->showPath(prefix / path) + displaySuffix; } -void FilteringInputAccessor::checkAccess(const CanonPath & path) +void FilteringSourceAccessor::checkAccess(const CanonPath & path) { if (!isAllowed(path)) throw makeNotAllowedError @@ -49,15 +49,15 @@ void FilteringInputAccessor::checkAccess(const CanonPath & path) : RestrictedPathError("access to path '%s' is forbidden", showPath(path)); } -struct AllowListInputAccessorImpl : AllowListInputAccessor +struct AllowListSourceAccessorImpl : AllowListSourceAccessor { std::set allowedPrefixes; - AllowListInputAccessorImpl( + AllowListSourceAccessorImpl( ref next, std::set && allowedPrefixes, MakeNotAllowedError && makeNotAllowedError) - : AllowListInputAccessor(SourcePath(next), std::move(makeNotAllowedError)) + : AllowListSourceAccessor(SourcePath(next), std::move(makeNotAllowedError)) , allowedPrefixes(std::move(allowedPrefixes)) { } @@ -72,15 +72,15 @@ struct AllowListInputAccessorImpl : AllowListInputAccessor } }; -ref AllowListInputAccessor::create( +ref AllowListSourceAccessor::create( ref next, std::set && allowedPrefixes, MakeNotAllowedError && makeNotAllowedError) { - return make_ref(next, std::move(allowedPrefixes), std::move(makeNotAllowedError)); + return make_ref(next, std::move(allowedPrefixes), std::move(makeNotAllowedError)); } -bool CachingFilteringInputAccessor::isAllowed(const CanonPath & path) +bool CachingFilteringSourceAccessor::isAllowed(const CanonPath & path) { auto i = cache.find(path); if (i != cache.end()) return i->second; diff --git a/src/libfetchers/filtering-input-accessor.hh b/src/libfetchers/filtering-source-accessor.hh similarity index 73% rename from src/libfetchers/filtering-input-accessor.hh rename to src/libfetchers/filtering-source-accessor.hh index ddf18eea4..9ec7bc21f 100644 --- a/src/libfetchers/filtering-input-accessor.hh +++ b/src/libfetchers/filtering-source-accessor.hh @@ -12,17 +12,17 @@ namespace nix { typedef std::function MakeNotAllowedError; /** - * An abstract wrapping `InputAccessor` that performs access + * An abstract wrapping `SourceAccessor` that performs access * control. Subclasses should override `isAllowed()` to implement an * access control policy. The error message is customized at construction. */ -struct FilteringInputAccessor : SourceAccessor +struct FilteringSourceAccessor : SourceAccessor { ref next; CanonPath prefix; MakeNotAllowedError makeNotAllowedError; - FilteringInputAccessor(const SourcePath & src, MakeNotAllowedError && makeNotAllowedError) + FilteringSourceAccessor(const SourcePath & src, MakeNotAllowedError && makeNotAllowedError) : next(src.accessor) , prefix(src.path) , makeNotAllowedError(std::move(makeNotAllowedError)) @@ -55,32 +55,32 @@ struct FilteringInputAccessor : SourceAccessor }; /** - * A wrapping `InputAccessor` that checks paths against a set of + * A wrapping `SourceAccessor` that checks paths against a set of * allowed prefixes. */ -struct AllowListInputAccessor : public FilteringInputAccessor +struct AllowListSourceAccessor : public FilteringSourceAccessor { /** * Grant access to the specified prefix. */ virtual void allowPrefix(CanonPath prefix) = 0; - static ref create( + static ref create( ref next, std::set && allowedPrefixes, MakeNotAllowedError && makeNotAllowedError); - using FilteringInputAccessor::FilteringInputAccessor; + using FilteringSourceAccessor::FilteringSourceAccessor; }; /** - * A wrapping `InputAccessor` mix-in where `isAllowed()` caches the result of virtual `isAllowedUncached()`. + * A wrapping `SourceAccessor` mix-in where `isAllowed()` caches the result of virtual `isAllowedUncached()`. */ -struct CachingFilteringInputAccessor : FilteringInputAccessor +struct CachingFilteringSourceAccessor : FilteringSourceAccessor { std::map cache; - using FilteringInputAccessor::FilteringInputAccessor; + using FilteringSourceAccessor::FilteringSourceAccessor; bool isAllowed(const CanonPath & path) override; diff --git a/src/libfetchers/git-utils.cc b/src/libfetchers/git-utils.cc index a91587cb4..160d1ac05 100644 --- a/src/libfetchers/git-utils.cc +++ b/src/libfetchers/git-utils.cc @@ -53,7 +53,7 @@ bool operator == (const git_oid & oid1, const git_oid & oid2) namespace nix { -struct GitInputAccessor; +struct GitSourceAccessor; // Some wrapper types that ensure that the git_*_free functions get called. template @@ -330,9 +330,9 @@ struct GitRepoImpl : GitRepo, std::enable_shared_from_this } /** - * A 'GitInputAccessor' with no regard for export-ignore or any other transformations. + * A 'GitSourceAccessor' with no regard for export-ignore or any other transformations. */ - ref getRawAccessor(const Hash & rev); + ref getRawAccessor(const Hash & rev); ref getAccessor(const Hash & rev, bool exportIgnore) override; @@ -473,12 +473,12 @@ ref GitRepo::openRepo(const std::filesystem::path & path, bool create, /** * Raw git tree input accessor. */ -struct GitInputAccessor : SourceAccessor +struct GitSourceAccessor : SourceAccessor { ref repo; Tree root; - GitInputAccessor(ref repo_, const Hash & rev) + GitSourceAccessor(ref repo_, const Hash & rev) : repo(repo_) , root(peelObject(*repo, lookupObject(*repo, hashToOID(rev)).get(), GIT_OBJECT_TREE)) { @@ -702,12 +702,12 @@ struct GitInputAccessor : SourceAccessor } }; -struct GitExportIgnoreInputAccessor : CachingFilteringInputAccessor { +struct GitExportIgnoreSourceAccessor : CachingFilteringSourceAccessor { ref repo; std::optional rev; - GitExportIgnoreInputAccessor(ref repo, ref next, std::optional rev) - : CachingFilteringInputAccessor(next, [&](const CanonPath & path) { + GitExportIgnoreSourceAccessor(ref repo, ref next, std::optional rev) + : CachingFilteringSourceAccessor(next, [&](const CanonPath & path) { return RestrictedPathError(fmt("'%s' does not exist because it was fetched with exportIgnore enabled", path)); }) , repo(repo) @@ -918,18 +918,18 @@ struct GitFileSystemObjectSinkImpl : GitFileSystemObjectSink } }; -ref GitRepoImpl::getRawAccessor(const Hash & rev) +ref GitRepoImpl::getRawAccessor(const Hash & rev) { auto self = ref(shared_from_this()); - return make_ref(self, rev); + return make_ref(self, rev); } ref GitRepoImpl::getAccessor(const Hash & rev, bool exportIgnore) { auto self = ref(shared_from_this()); - ref rawGitAccessor = getRawAccessor(rev); + ref rawGitAccessor = getRawAccessor(rev); if (exportIgnore) { - return make_ref(self, rawGitAccessor, rev); + return make_ref(self, rawGitAccessor, rev); } else { return rawGitAccessor; @@ -940,18 +940,18 @@ ref GitRepoImpl::getAccessor(const WorkdirInfo & wd, bool export { auto self = ref(shared_from_this()); /* In case of an empty workdir, return an empty in-memory tree. We - cannot use AllowListInputAccessor because it would return an + cannot use AllowListSourceAccessor because it would return an error for the root (and we can't add the root to the allow-list since that would allow access to all its children). */ ref fileAccessor = wd.files.empty() ? makeEmptySourceAccessor() - : AllowListInputAccessor::create( + : AllowListSourceAccessor::create( makeFSSourceAccessor(path), std::set { wd.files }, std::move(makeNotAllowedError)).cast(); if (exportIgnore) - return make_ref(self, fileAccessor, std::nullopt); + return make_ref(self, fileAccessor, std::nullopt); else return fileAccessor; } diff --git a/src/libfetchers/git-utils.hh b/src/libfetchers/git-utils.hh index e264b2f63..29d799554 100644 --- a/src/libfetchers/git-utils.hh +++ b/src/libfetchers/git-utils.hh @@ -1,6 +1,6 @@ #pragma once -#include "filtering-input-accessor.hh" +#include "filtering-source-accessor.hh" #include "fs-sink.hh" namespace nix { diff --git a/src/libfetchers/mounted-input-accessor.hh b/src/libfetchers/mounted-input-accessor.hh deleted file mode 100644 index 74e040f44..000000000 --- a/src/libfetchers/mounted-input-accessor.hh +++ /dev/null @@ -1,9 +0,0 @@ -#pragma once - -#include "source-accessor.hh" - -namespace nix { - -ref makeMountedInputAccessor(std::map> mounts); - -} diff --git a/src/libfetchers/mounted-input-accessor.cc b/src/libfetchers/mounted-source-accessor.cc similarity index 86% rename from src/libfetchers/mounted-input-accessor.cc rename to src/libfetchers/mounted-source-accessor.cc index 4d086c7ad..68f3a546b 100644 --- a/src/libfetchers/mounted-input-accessor.cc +++ b/src/libfetchers/mounted-source-accessor.cc @@ -1,12 +1,12 @@ -#include "mounted-input-accessor.hh" +#include "mounted-source-accessor.hh" namespace nix { -struct MountedInputAccessor : SourceAccessor +struct MountedSourceAccessor : SourceAccessor { std::map> mounts; - MountedInputAccessor(std::map> _mounts) + MountedSourceAccessor(std::map> _mounts) : mounts(std::move(_mounts)) { displayPrefix.clear(); @@ -71,9 +71,9 @@ struct MountedInputAccessor : SourceAccessor } }; -ref makeMountedInputAccessor(std::map> mounts) +ref makeMountedSourceAccessor(std::map> mounts) { - return make_ref(std::move(mounts)); + return make_ref(std::move(mounts)); } } diff --git a/src/libfetchers/mounted-source-accessor.hh b/src/libfetchers/mounted-source-accessor.hh new file mode 100644 index 000000000..45cbcb09a --- /dev/null +++ b/src/libfetchers/mounted-source-accessor.hh @@ -0,0 +1,9 @@ +#pragma once + +#include "source-accessor.hh" + +namespace nix { + +ref makeMountedSourceAccessor(std::map> mounts); + +} diff --git a/src/libfetchers/unix/git.cc b/src/libfetchers/unix/git.cc index c8fd295c0..46263c872 100644 --- a/src/libfetchers/unix/git.cc +++ b/src/libfetchers/unix/git.cc @@ -9,7 +9,7 @@ #include "pathlocks.hh" #include "processes.hh" #include "git.hh" -#include "mounted-input-accessor.hh" +#include "mounted-source-accessor.hh" #include "git-utils.hh" #include "logging.hh" #include "finally.hh" @@ -652,7 +652,7 @@ struct GitInputScheme : InputScheme if (!mounts.empty()) { mounts.insert_or_assign(CanonPath::root, accessor); - accessor = makeMountedInputAccessor(std::move(mounts)); + accessor = makeMountedSourceAccessor(std::move(mounts)); } } @@ -715,7 +715,7 @@ struct GitInputScheme : InputScheme } mounts.insert_or_assign(CanonPath::root, accessor); - accessor = makeMountedInputAccessor(std::move(mounts)); + accessor = makeMountedSourceAccessor(std::move(mounts)); } if (!repoInfo.workdirInfo.isDirty) { diff --git a/src/libutil/source-accessor.hh b/src/libutil/source-accessor.hh index 548feddfd..b3fb9fe08 100644 --- a/src/libutil/source-accessor.hh +++ b/src/libutil/source-accessor.hh @@ -190,7 +190,7 @@ ref makeEmptySourceAccessor(); /** * Exception thrown when accessing a filtered path (see - * `FilteringInputAccessor`). + * `FilteringSourceAccessor`). */ MakeError(RestrictedPathError, Error);