download-from-binary-cache: Use the channels of the calling user rather than root

This should make live easier for single-user (non-daemon)
installations.  Note that when the daemon is used, the "calling user"
is root so we're not using any untrusted caches.
This commit is contained in:
Eelco Dolstra 2012-12-21 15:00:07 +01:00
parent 5ee7d8fbab
commit 68dcbb187e
2 changed files with 9 additions and 5 deletions

View File

@ -341,10 +341,12 @@ build-use-chroot = /dev /proc /bin</programlisting>
<listitem><para>A list of names of files that will be read to <listitem><para>A list of names of files that will be read to
obtain additional binary cache URLs. The default is obtain additional binary cache URLs. The default is
<literal>/nix/var/nix/profiles/per-user/root/channels/binary-caches/*</literal>, <literal>/nix/var/nix/profiles/per-user/<replaceable>username</replaceable>/channels/binary-caches/*</literal>.
which ensures that Nix will use the binary caches corresponding to Note that when youre using the Nix daemon,
the channels installed by root. Do not set this option to read <replaceable>username</replaceable> is always equal to
files created by untrusted users!</para></listitem> <literal>root</literal>, so Nix will only use the binary caches
provided by the channels installed by root. Do not set this
option to read files created by untrusted users!</para></listitem>
</varlistentry> </varlistentry>

View File

@ -36,6 +36,8 @@ my %requests;
my %scheduled; my %scheduled;
my $caBundle = $ENV{"CURL_CA_BUNDLE"} // $ENV{"OPENSSL_X509_CERT_FILE"}; my $caBundle = $ENV{"CURL_CA_BUNDLE"} // $ENV{"OPENSSL_X509_CERT_FILE"};
my $userName = getpwuid($<) or die "cannot figure out user name";
sub addRequest { sub addRequest {
my ($storePath, $url, $head) = @_; my ($storePath, $url, $head) = @_;
@ -195,7 +197,7 @@ sub getAvailableCaches {
# // ($Nix::Config::storeDir eq "/nix/store" ? "http://nixos.org/binary-cache" : "")); # // ($Nix::Config::storeDir eq "/nix/store" ? "http://nixos.org/binary-cache" : ""));
my $urlsFiles = $Nix::Config::config{"binary-cache-files"} my $urlsFiles = $Nix::Config::config{"binary-cache-files"}
// "/nix/var/nix/profiles/per-user/root/channels/binary-caches/*"; // "$Nix::Config::stateDir/profiles/per-user/$userName/channels/binary-caches/*";
foreach my $urlFile (glob $urlsFiles) { foreach my $urlFile (glob $urlsFiles) {
next unless -f $urlFile; next unless -f $urlFile;
open FILE, "<$urlFile" or die "cannot open $urlFile\n"; open FILE, "<$urlFile" or die "cannot open $urlFile\n";