mirror of
https://github.com/NixOS/nix
synced 2024-10-18 00:16:11 -04:00
pathExists: Return false on "/nix/store" in pure mode
AllowListInputAccessor has the invariant that if a path is accessible, its parent directories are also considered accessible (though reading them only yields the allowed subdirectories). As a result `builtins.pathExists "/nix/store"` returns true. However this wasn't the behaviour of previous path access control, where `builtins.pathExists "/nix/store"` returns false even if a subdirectory of the store is accessible. Fixes #9672.
This commit is contained in:
parent
d2a07a96ba
commit
4065f16888
|
@ -1561,6 +1561,17 @@ static void prim_pathExists(EvalState & state, const PosIdx pos, Value * * args,
|
|||
mustBeDir ? SymlinkResolution::Full : SymlinkResolution::Ancestors;
|
||||
auto path = realisePath(state, pos, arg, symlinkResolution);
|
||||
|
||||
/* Backward compatibility hack to retain Nix 2.18 behaviour:
|
||||
in pure mode, make `pathExists "/nix/store"` return
|
||||
false. */
|
||||
if ((evalSettings.restrictEval || evalSettings.pureEval)
|
||||
&& path.accessor == state.rootFS
|
||||
&& isDirOrInDir(state.store->storeDir, path.path.abs()))
|
||||
{
|
||||
v.mkBool(false);
|
||||
return;
|
||||
}
|
||||
|
||||
auto st = path.maybeLstat();
|
||||
auto exists = st && (!mustBeDir || st->type == SourceAccessor::tDirectory);
|
||||
v.mkBool(exists);
|
||||
|
|
|
@ -34,6 +34,7 @@ cat > "$flake2Dir/flake.nix" <<EOF
|
|||
|
||||
outputs = { self, flake1 }: rec {
|
||||
packages.$system.bar = flake1.packages.$system.foo;
|
||||
foo = builtins.pathExists (self + "/..");
|
||||
};
|
||||
}
|
||||
EOF
|
||||
|
@ -251,6 +252,9 @@ nix build -o "$TEST_ROOT/result" "$flake2Dir#bar" --commit-lock-file
|
|||
[[ -e "$flake2Dir/flake.lock" ]]
|
||||
[[ -z $(git -C "$flake2Dir" diff main || echo failed) ]]
|
||||
|
||||
# Test that pathExist on the parent of a flake returns false.
|
||||
[[ $(nix eval "$flake2Dir#foo") = false ]]
|
||||
|
||||
# Rerunning the build should not change the lockfile.
|
||||
nix build -o "$TEST_ROOT/result" "$flake2Dir#bar"
|
||||
[[ -z $(git -C "$flake2Dir" diff main || echo failed) ]]
|
||||
|
|
Loading…
Reference in a new issue