about summary refs log tree commit diff
path: root/third_party/nix/src/libutil/util.cc
AgeCommit message (Collapse)AuthorFilesLines
2020-05-24 r/833 fix(3p/nix): Fix long paths permanently breaking GCAlyssa Ross1-13/+45
Suppose I have a path /nix/store/[hash]-[name]/a/a/a/a/a/[...]/a, long enough that everything after "/nix/store/" is longer than 4096 (MAX_PATH) bytes. Nix will happily allow such a path to be inserted into the store, because it doesn't look at all the nested structure. It just cares about the /nix/store/[hash]-[name] part. But, when the path is deleted, we encounter a problem. Nix will move the path to /nix/store/trash, but then when it's trying to recursively delete the trash directory, it will at some point try to unlink /nix/store/trash/[hash]-[name]/a/a/a/a/a/[...]/a. This will fail, because the path is too long. After this has failed, any store deletion operation will never work again, because Nix needs to delete the trash directory before recreating it to move new things to it. (I assume this is because otherwise a path being deleted could already exist in the trash, and then moving it would fail.) This means that if I can trick somebody into just fetching a tarball containing a path of the right length, they won't be able to delete store paths or garbage collect ever again, until the offending path is manually removed from /nix/store/trash. (And even fixing this manually is quite difficult if you don't understand the issue, because the absolute path that Nix says it failed to remove is also too long for rm(1).) This patch fixes the issue by making Nix's recursive delete operation use unlinkat(2). This function takes a relative path and a directory file descriptor. We ensure that the relative path is always just the name of the directory entry, and therefore its length will never exceed 255 bytes. This means that it will never even come close to AX_PATH, and Nix will therefore be able to handle removing arbitrarily deep directory hierachies. Since the directory file descriptor is used for recursion after being used in readDirectory, I made a variant of readDirectory that takes an already open directory stream, to avoid the directory being opened multiple times. As we have seen from this issue, the less we have to interact with paths, the better, and so it's good to reuse file descriptors where possible. I left _deletePath as succeeding even if the parent directory doesn't exist, even though that feels wrong to me, because without that early return, the linux-sandbox test failed. Reported-by: Alyssa Ross <hi@alyssa.is> Thanks-to: Puck Meerburg <puck@puckipedia.com> Tested-by: Puck Meerburg <puck@puckipedia.com> Reviewed-by: Puck Meerburg <puck@puckipedia.com> (cherry picked from commit c05e20daa1abb3446e378331697938b78af2b3d7)
2020-05-21 r/791 chore(3p/nix): Minor fixes to get rid of warningsVincent Ambo1-2/+0
2020-05-20 r/789 refactor(3p/nix): Apply clang-tidy's performance-* fixesVincent Ambo1-7/+7
This applies the performance fixes listed here: https://clang.llvm.org/extra/clang-tidy/checks/list.html
2020-05-20 r/788 refactor(3p/nix): Apply clang-tidy's readability-* fixesVincent Ambo1-44/+51
This applies the readability fixes listed here: https://clang.llvm.org/extra/clang-tidy/checks/list.html
2020-05-20 r/787 refactor(3p/nix): Apply clang-tidy's modernize-* fixesVincent Ambo1-12/+12
This applies the modernization fixes listed here: https://clang.llvm.org/extra/clang-tidy/checks/list.html The 'modernize-use-trailing-return-type' fix was excluded due to my personal preference (more specifically, I think the 'auto' keyword is misleading in that position).
2020-05-19 r/777 style(3p/nix): Final act in the brace-wrapping sagaVincent Ambo1-73/+130
This last change set was generated by a full clang-tidy run (including compilation): clang-tidy -p ~/projects/nix-build/ \ -checks=-*,readability-braces-around-statements -fix src/*/*.cc Actually running clang-tidy requires some massaging to make it play nice with Nix + meson, I'll be adding a wrapper or something for that soon.
2020-05-19 r/772 style(3p/nix): Add braces around single-line for-loopsVincent Ambo1-3/+9
These were not caught by the previous clang-tidy invocation, but were instead sorted out using amber[0] as such: ambr --regex 'for (\(.+\))\s([a-z].*;)' 'for $1 { $2 }' [0]: https://github.com/dalance/amber
2020-05-19 r/771 style(3p/nix): Add braces around single-line conditionalsVincent Ambo1-64/+192
These were not caught by the previous clang-tidy invocation, but were instead sorted out using amber[0] as such: ambr --regex 'if (\(.+\))\s([a-z].*;)' 'if $1 { $2 }' [0]: https://github.com/dalance/amber
2020-05-19 r/767 style(3p/nix): Enforce braces around loops and conditionalsVincent Ambo1-4/+8
This change was generated with: fd -e cc -e hh | xargs -I{} clang-tidy {} -p ~/projects/nix-build/ \ --checks='-*,readability-braces-around-statements' --fix \ -fix-errors Some manual fixes were applied because some convoluted unbraced statements couldn't be untangled by clang-tidy. This commit still includes invalid files, but I decided to clean them up in a subsequent commit so that it becomes more obvious where clang-tidy failed. Maybe this will allow for a bug-report to clang-tidy.
2020-05-19 r/766 style(3p/nix): Reformat all includes to match new styleVincent Ambo1-8/+11
2020-05-18 r/754 refactor(3p/nix/libutil): Replace internal logging library with glogVincent Ambo1-10/+14
2020-05-17 r/740 style(3p/nix): Reformat project in Google C++ styleVincent Ambo1-1161/+930
Reformatted with: fd . -e hh -e cc | xargs clang-format -i
2020-05-17 r/726 feat(3p/nix): added meson supportp01arst0rm1-2/+2
(cherry picked from commit 086a81b7a5bbe1fc022efb5935ff68f6ad71ddaf)
2020-05-17 r/724 Add 'third_party/nix/' from commit 'be66c7a6b24e3c3c6157fd37b86c7203d14acf10'Vincent Ambo1-0/+1552
git-subtree-dir: third_party/nix git-subtree-mainline: cf8cd640c1adf74a3706efbcb0ea4625da106fb2 git-subtree-split: be66c7a6b24e3c3c6157fd37b86c7203d14acf10