From 68b5306c562c30df5ede227b451eadbf92c5c311 Mon Sep 17 00:00:00 2001
From: Kane York <kanepyork@gmail.com>
Date: Tue, 4 Aug 2020 19:12:49 -0700
Subject: feat(3p/nix): add --trace-file-access to nix-instantiate

This builds on edef's work with depot-scan by adding a dedicated
flag to the command. We piggyback on upstream's restricted-mode
implementation, the checkSourcePath function.

Change-Id: I52bb613549f40dbca1e8caa036635910c1a3d6d0
Reviewed-on: https://cl.tvl.fyi/c/depot/+/1654
Tested-by: BuildkiteCI
Reviewed-by: glittershark <grfn@gws.fyi>
---
 third_party/nix/src/libexpr/eval.cc | 15 +++++++++++++++
 1 file changed, 15 insertions(+)

(limited to 'third_party/nix/src/libexpr/eval.cc')

diff --git a/third_party/nix/src/libexpr/eval.cc b/third_party/nix/src/libexpr/eval.cc
index 5f272b62b8b8..f068b6ba6a48 100644
--- a/third_party/nix/src/libexpr/eval.cc
+++ b/third_party/nix/src/libexpr/eval.cc
@@ -379,6 +379,7 @@ EvalState::EvalState(const Strings& _searchPath, const ref<Store>& store)
 EvalState::~EvalState() = default;
 
 Path EvalState::checkSourcePath(const Path& path_) {
+  TraceFileAccess(path_);
   if (!allowedPaths) {
     return path_;
   }
@@ -1819,6 +1820,20 @@ void EvalState::printStats() {
   }
 }
 
+void EvalState::TraceFileAccess(const Path& realPath) {
+  if (file_access_trace_fn.has_value()) {
+    if (last_traced_file != realPath) {
+      (*file_access_trace_fn)(realPath);
+      // Basic deduplication.
+      last_traced_file = std::string(realPath);
+    }
+  }
+}
+
+void EvalState::EnableFileAccessTracing(std::function<void(const Path&)> fn) {
+  file_access_trace_fn = fn;
+}
+
 size_t valueSize(const Value& v) {
   traceable_flat_hash_set<const Bindings*> seenBindings;
   traceable_flat_hash_set<const Env*> seenEnvs;
-- 
cgit 1.4.1