287 lines
8.2 KiB
C++
287 lines
8.2 KiB
C++
#include <iostream>
|
|
#include <cctype>
|
|
|
|
#include <sys/types.h>
|
|
#include <sys/stat.h>
|
|
#include <unistd.h>
|
|
|
|
#include <pwd.h>
|
|
#include <grp.h>
|
|
|
|
extern "C" {
|
|
#include <aterm2.h>
|
|
}
|
|
|
|
#include "globals.hh"
|
|
#include "shared.hh"
|
|
|
|
#include "config.h"
|
|
|
|
|
|
volatile sig_atomic_t blockInt = 0;
|
|
|
|
|
|
void sigintHandler(int signo)
|
|
{
|
|
if (!blockInt) {
|
|
_isInterrupted = 1;
|
|
blockInt = 1;
|
|
}
|
|
}
|
|
|
|
|
|
void setLogType(string lt)
|
|
{
|
|
if (lt == "pretty") logType = ltPretty;
|
|
else if (lt == "escapes") logType = ltEscapes;
|
|
else if (lt == "flat") logType = ltFlat;
|
|
else throw UsageError("unknown log type");
|
|
}
|
|
|
|
|
|
void checkStoreNotSymlink(Path path)
|
|
{
|
|
struct stat st;
|
|
while (path.size()) {
|
|
if (lstat(path.c_str(), &st))
|
|
throw SysError(format("getting status of `%1%'") % path);
|
|
if (S_ISLNK(st.st_mode))
|
|
throw Error(format(
|
|
"the path `%1%' is a symlink; "
|
|
"this is not allowed for the Nix store and its parent directories")
|
|
% path);
|
|
path = dirOf(path);
|
|
}
|
|
}
|
|
|
|
|
|
/* Initialize and reorder arguments, then call the actual argument
|
|
processor. */
|
|
static void initAndRun(int argc, char * * argv)
|
|
{
|
|
string root = getEnv("NIX_ROOT");
|
|
if (root != "") {
|
|
if (chroot(root.c_str()) != 0)
|
|
throw SysError(format("changing root to `%1%'") % root);
|
|
}
|
|
|
|
/* Setup Nix paths. */
|
|
nixStore = getEnv("NIX_STORE_DIR", canonPath(NIX_STORE_DIR));
|
|
nixDataDir = getEnv("NIX_DATA_DIR", canonPath(NIX_DATA_DIR));
|
|
nixLogDir = getEnv("NIX_LOG_DIR", canonPath(NIX_LOG_DIR));
|
|
nixStateDir = getEnv("NIX_STATE_DIR", canonPath(NIX_STATE_DIR));
|
|
nixDBPath = getEnv("NIX_DB_DIR", nixStateDir + "/db");
|
|
|
|
/* Check that the store directory and its parent are not
|
|
symlinks. */
|
|
if (getEnv("NIX_IGNORE_SYMLINK_STORE") != "1")
|
|
checkStoreNotSymlink(nixStore);
|
|
|
|
/* Catch SIGINT. */
|
|
struct sigaction act, oact;
|
|
act.sa_handler = sigintHandler;
|
|
sigfillset(&act.sa_mask);
|
|
act.sa_flags = 0;
|
|
if (sigaction(SIGINT, &act, &oact))
|
|
throw SysError("installing handler for SIGINT");
|
|
|
|
/* Ignore SIGPIPE. */
|
|
act.sa_handler = SIG_IGN;
|
|
act.sa_flags = 0;
|
|
if (sigaction(SIGPIPE, &act, &oact))
|
|
throw SysError("ignoring SIGPIPE");
|
|
|
|
/* Process the NIX_LOG_TYPE environment variable. */
|
|
string lt = getEnv("NIX_LOG_TYPE");
|
|
if (lt != "") setLogType(lt);
|
|
|
|
/* Put the arguments in a vector. */
|
|
Strings args, remaining;
|
|
while (argc--) args.push_back(*argv++);
|
|
args.erase(args.begin());
|
|
|
|
/* Expand compound dash options (i.e., `-qlf' -> `-q -l -f'), and
|
|
ignore options for the ATerm library. */
|
|
for (Strings::iterator i = args.begin(); i != args.end(); ++i) {
|
|
string arg = *i;
|
|
if (string(arg, 0, 4) == "-at-") ;
|
|
else if (arg.length() > 2 && arg[0] == '-' && arg[1] != '-') {
|
|
for (unsigned int j = 1; j < arg.length(); j++)
|
|
if (isalpha(arg[j]))
|
|
remaining.push_back((string) "-" + arg[j]);
|
|
else {
|
|
remaining.push_back(string(arg, j));
|
|
break;
|
|
}
|
|
} else remaining.push_back(arg);
|
|
}
|
|
args = remaining;
|
|
remaining.clear();
|
|
|
|
/* Process default options. */
|
|
for (Strings::iterator i = args.begin(); i != args.end(); ++i) {
|
|
string arg = *i;
|
|
if (arg == "--verbose" || arg == "-v")
|
|
verbosity = (Verbosity) ((int) verbosity + 1);
|
|
else if (arg == "--log-type") {
|
|
++i;
|
|
if (i == args.end()) throw UsageError("`--log-type' requires an argument");
|
|
setLogType(*i);
|
|
}
|
|
else if (arg == "--build-output" || arg == "-B")
|
|
; /* !!! obsolete - remove eventually */
|
|
else if (arg == "--no-build-output" || arg == "-Q")
|
|
buildVerbosity = lvlVomit;
|
|
else if (arg == "--help") {
|
|
printHelp();
|
|
return;
|
|
}
|
|
else if (arg == "--version") {
|
|
cout << format("%1% (Nix) %2%") % programId % NIX_VERSION << endl;
|
|
return;
|
|
}
|
|
else if (arg == "--keep-failed" || arg == "-K")
|
|
keepFailed = true;
|
|
else if (arg == "--keep-going" || arg == "-k")
|
|
keepGoing = true;
|
|
else if (arg == "--fallback")
|
|
tryFallback = true;
|
|
else if (arg == "--max-jobs" || arg == "-j") {
|
|
++i;
|
|
if (i == args.end()) throw UsageError("`--max-jobs' requires an argument");
|
|
istringstream str(*i);
|
|
int n;
|
|
str >> n;
|
|
if (!str || !str.eof() || n < 0)
|
|
throw UsageError(format("`--max-jobs' requires a non-negative integer"));
|
|
maxBuildJobs = n;
|
|
}
|
|
else remaining.push_back(arg);
|
|
}
|
|
|
|
run(remaining);
|
|
}
|
|
|
|
|
|
void switchToNixUser()
|
|
{
|
|
#if SETUID_HACK
|
|
|
|
/* Here we set the uid and gid to the Nix user and group,
|
|
respectively, IF the current (real) user is a member of the Nix
|
|
group. Otherwise we just drop all privileges. */
|
|
|
|
/* Lookup the Nix gid. */
|
|
struct group * gr = getgrnam(NIX_GROUP);
|
|
if (!gr) {
|
|
cerr << format("missing group `%1%'\n") % NIX_GROUP;
|
|
exit(1);
|
|
}
|
|
|
|
/* Get the supplementary group IDs for the current user. */
|
|
int maxGids = 512, nrGids;
|
|
gid_t gids[maxGids];
|
|
if ((nrGids = getgroups(maxGids, gids)) == -1) {
|
|
cerr << format("unable to query gids\n");
|
|
exit(1);
|
|
}
|
|
|
|
/* Check that the current user is a member of the Nix group. */
|
|
bool found = false;
|
|
for (int i = 0; i < nrGids; ++i)
|
|
if (gids[i] == gr->gr_gid) {
|
|
found = true;
|
|
break;
|
|
}
|
|
|
|
if (!found) {
|
|
/* Not in the Nix group - drop all root/Nix privileges. */
|
|
setgid(getgid());
|
|
setuid(getuid());
|
|
return;
|
|
}
|
|
|
|
/* Set the real, effective and saved gids to gr->gr_gid. Also
|
|
make very sure that this succeeded. We switch the gid first
|
|
because we cannot do it after we have dropped root uid. */
|
|
if (setgid(gr->gr_gid) != 0 ||
|
|
getgid() != gr->gr_gid ||
|
|
getegid() != gr->gr_gid)
|
|
{
|
|
cerr << format("unable to set gid to `%1%'\n") % NIX_GROUP;
|
|
exit(1);
|
|
}
|
|
|
|
/* Lookup the Nix uid. */
|
|
struct passwd * pw = getpwnam(NIX_USER);
|
|
if (!pw) {
|
|
cerr << format("missing user `%1%'\n") % NIX_USER;
|
|
exit(1);
|
|
}
|
|
|
|
/* This will drop all root privileges, setting the real, effective
|
|
and saved uids to pw->pw_uid. Also make very sure that this
|
|
succeeded.*/
|
|
if (setuid(pw->pw_uid) != 0 ||
|
|
getuid() != pw->pw_uid ||
|
|
geteuid() != pw->pw_uid)
|
|
{
|
|
cerr << format("unable to set uid to `%1%'\n") % NIX_USER;
|
|
exit(1);
|
|
}
|
|
|
|
#endif
|
|
}
|
|
|
|
|
|
static char buf[1024];
|
|
|
|
int main(int argc, char * * argv)
|
|
{
|
|
/* If we are setuid root, we have to get rid of the excess
|
|
privileges ASAP. */
|
|
printMsg(lvlError, format("%1% %2% %3% %4%\n") % getuid() % geteuid()
|
|
% getgid() % getegid());
|
|
switchToNixUser();
|
|
printMsg(lvlError, format("%1% %2% %3% %4%\n") % getuid() % geteuid()
|
|
% getgid() % getegid());
|
|
|
|
/* ATerm setup. */
|
|
ATerm bottomOfStack;
|
|
ATinit(argc, argv, &bottomOfStack);
|
|
|
|
/* Turn on buffering for cerr. */
|
|
#if HAVE_PUBSETBUF
|
|
cerr.rdbuf()->pubsetbuf(buf, sizeof(buf));
|
|
#endif
|
|
|
|
try {
|
|
try {
|
|
initAndRun(argc, argv);
|
|
} catch (...) {
|
|
/* Subtle: we have to make sure that any `interrupted'
|
|
condition is discharged before we reach printMsg()
|
|
below, since otherwise it will throw an (uncaught)
|
|
exception. */
|
|
blockInt = 1; /* ignore further SIGINTs */
|
|
_isInterrupted = 0;
|
|
throw;
|
|
}
|
|
} catch (UsageError & e) {
|
|
printMsg(lvlError,
|
|
format(
|
|
"error: %1%\n"
|
|
"Try `%2% --help' for more information.")
|
|
% e.what() % programId);
|
|
return 1;
|
|
} catch (Error & e) {
|
|
printMsg(lvlError, format("error: %1%") % e.msg());
|
|
return 1;
|
|
} catch (exception & e) {
|
|
printMsg(lvlError, format("error: %1%") % e.what());
|
|
return 1;
|
|
}
|
|
|
|
return 0;
|
|
}
|