diff options
author | Eelco Dolstra <eelco.dolstra@logicblox.com> | 2012-12-21T14·00+0100 |
---|---|---|
committer | Eelco Dolstra <eelco.dolstra@logicblox.com> | 2012-12-21T14·00+0100 |
commit | 68dcbb187e540034e85b5b77d1b37cec1759a587 (patch) | |
tree | 5d7a45a3da8d39ebf6d63bcfd83e9b2c891f3178 | |
parent | 5ee7d8fbab71b9eef94f1eecd38de511d00f6149 (diff) |
download-from-binary-cache: Use the channels of the calling user rather than root
This should make live easier for single-user (non-daemon) installations. Note that when the daemon is used, the "calling user" is root so we're not using any untrusted caches.
-rw-r--r-- | doc/manual/conf-file.xml | 10 | ||||
-rw-r--r-- | scripts/download-from-binary-cache.pl.in | 4 |
2 files changed, 9 insertions, 5 deletions
diff --git a/doc/manual/conf-file.xml b/doc/manual/conf-file.xml index 6a575b9e3a0a..70437686d8bd 100644 --- a/doc/manual/conf-file.xml +++ b/doc/manual/conf-file.xml @@ -341,10 +341,12 @@ build-use-chroot = /dev /proc /bin</programlisting> <listitem><para>A list of names of files that will be read to obtain additional binary cache URLs. The default is - <literal>/nix/var/nix/profiles/per-user/root/channels/binary-caches/*</literal>, - which ensures that Nix will use the binary caches corresponding to - the channels installed by root. Do not set this option to read - files created by untrusted users!</para></listitem> + <literal>/nix/var/nix/profiles/per-user/<replaceable>username</replaceable>/channels/binary-caches/*</literal>. + Note that when you’re using the Nix daemon, + <replaceable>username</replaceable> is always equal to + <literal>root</literal>, so Nix will only use the binary caches + provided by the channels installed by root. Do not set this + option to read files created by untrusted users!</para></listitem> </varlistentry> diff --git a/scripts/download-from-binary-cache.pl.in b/scripts/download-from-binary-cache.pl.in index b822466719f2..98333dafb018 100644 --- a/scripts/download-from-binary-cache.pl.in +++ b/scripts/download-from-binary-cache.pl.in @@ -36,6 +36,8 @@ my %requests; my %scheduled; my $caBundle = $ENV{"CURL_CA_BUNDLE"} // $ENV{"OPENSSL_X509_CERT_FILE"}; +my $userName = getpwuid($<) or die "cannot figure out user name"; + sub addRequest { my ($storePath, $url, $head) = @_; @@ -195,7 +197,7 @@ sub getAvailableCaches { # // ($Nix::Config::storeDir eq "/nix/store" ? "http://nixos.org/binary-cache" : "")); my $urlsFiles = $Nix::Config::config{"binary-cache-files"} - // "/nix/var/nix/profiles/per-user/root/channels/binary-caches/*"; + // "$Nix::Config::stateDir/profiles/per-user/$userName/channels/binary-caches/*"; foreach my $urlFile (glob $urlsFiles) { next unless -f $urlFile; open FILE, "<$urlFile" or die "cannot open ‘$urlFile’\n"; |