From 10481d25861f1c25b53cfbd8119199ef2e918f9f Mon Sep 17 00:00:00 2001 From: Vincent Ambo Date: Sun, 24 May 2020 00:48:30 +0100 Subject: [PATCH] chore(3p/nix): Remove some OS X specific defines This project will be dropping OS X support until the core is simplified. --- .../nix/src/build-remote/build-remote.cc | 7 - third_party/nix/src/libmain/shared.cc | 19 -- third_party/nix/src/libstore/build.cc | 185 +----------------- third_party/nix/src/libstore/globals.cc | 6 +- third_party/nix/src/libstore/globals.hh | 6 - third_party/nix/src/libstore/local-store.cc | 19 -- .../nix/src/libstore/optimise-store.cc | 12 -- third_party/nix/src/libutil/util.cc | 26 +-- third_party/nix/src/nix-daemon/nix-daemon.cc | 4 - 9 files changed, 3 insertions(+), 281 deletions(-) diff --git a/third_party/nix/src/build-remote/build-remote.cc b/third_party/nix/src/build-remote/build-remote.cc index 2802b49ac..04fcf3897 100644 --- a/third_party/nix/src/build-remote/build-remote.cc +++ b/third_party/nix/src/build-remote/build-remote.cc @@ -7,9 +7,6 @@ #include #include -#if __APPLE__ -#include -#endif #include "derivations.hh" #include "globals.hh" @@ -181,11 +178,7 @@ static int _main(int argc, char* argv[]) { break; } -#if __APPLE__ - futimes(bestSlotLock.get(), NULL); -#else futimens(bestSlotLock.get(), nullptr); -#endif lock = -1; diff --git a/third_party/nix/src/libmain/shared.cc b/third_party/nix/src/libmain/shared.cc index f6c80cae3..d2b2a2800 100644 --- a/third_party/nix/src/libmain/shared.cc +++ b/third_party/nix/src/libmain/shared.cc @@ -142,17 +142,6 @@ void initNix() { throw SysError("handling SIGUSR1"); } -#if __APPLE__ - /* HACK: on darwin, we need can’t use sigprocmask with SIGWINCH. - * Instead, add a dummy sigaction handler, and signalHandlerThread - * can handle the rest. */ - struct sigaction sa; - sa.sa_handler = sigHandler; - if (sigaction(SIGWINCH, &sa, 0)) { - throw SysError("handling SIGWINCH"); - } -#endif - /* Register a SIGSEGV handler to detect stack overflows. */ detectStackOverflow(); @@ -165,14 +154,6 @@ void initNix() { struct timeval tv; gettimeofday(&tv, nullptr); srandom(tv.tv_usec); - - /* On macOS, don't use the per-session TMPDIR (as set e.g. by - sshd). This breaks build users because they don't have access - to the TMPDIR, in particular in ‘nix-store --serve’. */ -#if __APPLE__ - if (getuid() == 0 && hasPrefix(getEnv("TMPDIR"), "/var/folders/")) - unsetenv("TMPDIR"); -#endif } LegacyArgs::LegacyArgs( diff --git a/third_party/nix/src/libstore/build.cc b/third_party/nix/src/libstore/build.cc index fe6463584..feac6fcbf 100644 --- a/third_party/nix/src/libstore/build.cc +++ b/third_party/nix/src/libstore/build.cc @@ -837,11 +837,6 @@ class DerivationGoal : public Goal { typedef map Environment; Environment env; -#if __APPLE__ - typedef string SandboxProfile; - SandboxProfile additionalSandboxProfile; -#endif - /* Hash rewriting. */ StringRewrites inputRewrites, outputRewrites; typedef map RedirectedOutputs; @@ -1041,12 +1036,7 @@ DerivationGoal::~DerivationGoal() { } inline bool DerivationGoal::needsHashRewrite() { -#if __linux__ return !useChroot; -#else - /* Darwin requires hash rewriting even when sandboxing is enabled. */ - return true; -#endif } void DerivationGoal::killChild() { @@ -1920,11 +1910,6 @@ void DerivationGoal::startBuilder() { preloadNSS(); } -#if __APPLE__ - additionalSandboxProfile = - parsedDrv->getStringAttr("__sandboxProfile").value_or(""); -#endif - /* Are we doing a chroot build? */ { auto noChroot = parsedDrv->getBoolAttr("__noChroot"); @@ -1934,13 +1919,6 @@ void DerivationGoal::startBuilder() { "but that's not allowed when 'sandbox' is 'true'") % drvPath); } -#if __APPLE__ - if (additionalSandboxProfile != "") - throw Error( - format("derivation '%1%' specifies a sandbox profile, " - "but this is only allowed when 'sandbox' is 'relaxed'") % - drvPath); -#endif useChroot = true; } else if (settings.sandboxMode == smDisabled) { useChroot = false; @@ -1950,29 +1928,17 @@ void DerivationGoal::startBuilder() { } if (worker.store.storeDir != worker.store.realStoreDir) { -#if __linux__ useChroot = true; -#else - throw Error( - "building using a diverted store is not supported on this platform"); -#endif } /* If `build-users-group' is not empty, then we have to build as one of the members of that group. */ if (settings.buildUsersGroup != "" && getuid() == 0) { -#if defined(__linux__) || defined(__APPLE__) buildUser = std::make_unique(); /* Make sure that no other processes are executing under this uid. */ buildUser->kill(); -#else - /* Don't know how to block the creation of setuid/setgid - binaries on this platform. */ - throw Error( - "build users are not supported on this platform for security reasons"); -#endif } /* Create a temporary directory where the build will take @@ -2093,7 +2059,6 @@ void DerivationGoal::startBuilder() { dirsInChroot[i] = ChrootPath(i); } -#if __linux__ /* Create a temporary directory in which we set up the chroot environment using bind-mounts. We put it in the Nix store to ensure that we can create hard-links to non-directory @@ -2200,13 +2165,6 @@ void DerivationGoal::startBuilder() { for (auto& i : drv->outputs) { dirsInChroot.erase(i.second.path); } - -#elif __APPLE__ - /* We don't really have any parent prep work to do (yet?) - All work happens in the child, instead. */ -#else - throw Error("sandboxing builds is not supported on this platform"); -#endif } if (needsHashRewrite()) { @@ -3147,148 +3105,7 @@ void DerivationGoal::runChild() { const char* builder = "invalid"; - if (drv->isBuiltin()) { - ; - } -#if __APPLE__ - else if (getEnv("_NIX_TEST_NO_SANDBOX") == "") { - /* This has to appear before import statements. */ - std::string sandboxProfile = "(version 1)\n"; - - if (useChroot) { - /* Lots and lots and lots of file functions freak out if they can't stat - * their full ancestry */ - PathSet ancestry; - - /* We build the ancestry before adding all inputPaths to the store - because we know they'll all have the same parents (the store), and - there might be lots of inputs. This isn't - particularly efficient... I doubt it'll be a bottleneck in practice - */ - for (auto& i : dirsInChroot) { - Path cur = i.first; - while (cur.compare("/") != 0) { - cur = dirOf(cur); - ancestry.insert(cur); - } - } - - /* And we want the store in there regardless of how empty dirsInChroot. - We include the innermost path component this time, since it's - typically /nix/store and we care about that. */ - Path cur = worker.store.storeDir; - while (cur.compare("/") != 0) { - ancestry.insert(cur); - cur = dirOf(cur); - } - - /* Add all our input paths to the chroot */ - for (auto& i : inputPaths) { - dirsInChroot[i] = i; - } - - /* Violations will go to the syslog if you set this. Unfortunately the - * destination does not appear to be configurable */ - if (settings.darwinLogSandboxViolations) { - sandboxProfile += "(deny default)\n"; - } else { - sandboxProfile += "(deny default (with no-log))\n"; - } - - sandboxProfile += "(import \"sandbox-defaults.sb\")\n"; - - if (fixedOutput) { - sandboxProfile += "(import \"sandbox-network.sb\")\n"; - } - - /* Our rwx outputs */ - sandboxProfile += "(allow file-read* file-write* process-exec\n"; - for (auto& i : missingPaths) { - sandboxProfile += (format("\t(subpath \"%1%\")\n") % i.c_str()).str(); - } - /* Also add redirected outputs to the chroot */ - for (auto& i : redirectedOutputs) { - sandboxProfile += - (format("\t(subpath \"%1%\")\n") % i.second.c_str()).str(); - } - sandboxProfile += ")\n"; - - /* Our inputs (transitive dependencies and any impurities computed - above) - - without file-write* allowed, access() incorrectly returns EPERM - */ - sandboxProfile += "(allow file-read* file-write* process-exec\n"; - for (auto& i : dirsInChroot) { - if (i.first != i.second.source) - throw Error(format("can't map '%1%' to '%2%': mismatched impure " - "paths not supported on Darwin") % - i.first % i.second.source); - - string path = i.first; - struct stat st; - if (lstat(path.c_str(), &st)) { - if (i.second.optional && errno == ENOENT) { - continue; - } - throw SysError(format("getting attributes of path '%1%'") % path); - } - if (S_ISDIR(st.st_mode)) - sandboxProfile += (format("\t(subpath \"%1%\")\n") % path).str(); - else - sandboxProfile += (format("\t(literal \"%1%\")\n") % path).str(); - } - sandboxProfile += ")\n"; - - /* Allow file-read* on full directory hierarchy to self. Allows - * realpath() */ - sandboxProfile += "(allow file-read*\n"; - for (auto& i : ancestry) { - sandboxProfile += (format("\t(literal \"%1%\")\n") % i.c_str()).str(); - } - sandboxProfile += ")\n"; - - sandboxProfile += additionalSandboxProfile; - } else - sandboxProfile += "(import \"sandbox-minimal.sb\")\n"; - - debug("Generated sandbox profile:"); - debug(sandboxProfile); - - Path sandboxFile = tmpDir + "/.sandbox.sb"; - - writeFile(sandboxFile, sandboxProfile); - - bool allowLocalNetworking = - parsedDrv->getBoolAttr("__darwinAllowLocalNetworking"); - - /* The tmpDir in scope points at the temporary build directory for our - derivation. Some packages try different mechanisms to find temporary - directories, so we want to open up a broader place for them to dump - their files, if needed. */ - Path globalTmpDir = canonPath(getEnv("TMPDIR", "/tmp"), true); - - /* They don't like trailing slashes on subpath directives */ - if (globalTmpDir.back() == '/') { - globalTmpDir.pop_back(); - } - - builder = "/usr/bin/sandbox-exec"; - args.push_back("sandbox-exec"); - args.push_back("-f"); - args.push_back(sandboxFile); - args.push_back("-D"); - args.push_back("_GLOBAL_TMP_DIR=" + globalTmpDir); - args.push_back("-D"); - args.push_back("IMPORT_DIR=" + settings.nixDataDir + "/nix/sandbox/"); - if (allowLocalNetworking) { - args.push_back("-D"); - args.push_back(string("_ALLOW_LOCAL_NETWORKING=1")); - } - args.push_back(drv->builder); - } -#endif - else { + if (!drv->isBuiltin()) { builder = drv->builder.c_str(); string builderBasename = baseNameOf(drv->builder); args.push_back(builderBasename); diff --git a/third_party/nix/src/libstore/globals.cc b/third_party/nix/src/libstore/globals.cc index 066de4436..856b85836 100644 --- a/third_party/nix/src/libstore/globals.cc +++ b/third_party/nix/src/libstore/globals.cc @@ -19,12 +19,8 @@ namespace nix { must be deleted and recreated on startup.) */ #define DEFAULT_SOCKET_PATH "/daemon-socket/socket" -/* chroot-like behavior from Apple's sandbox */ -#if __APPLE__ -#define DEFAULT_ALLOWED_IMPURE_PREFIXES "/System/Library /usr/lib /dev /bin/sh" -#else +// TODO(tazjin): this was __APPLE__ specific, still needed? #define DEFAULT_ALLOWED_IMPURE_PREFIXES "" -#endif Settings settings; diff --git a/third_party/nix/src/libstore/globals.hh b/third_party/nix/src/libstore/globals.hh index 8e04b0937..71bc2b1e7 100644 --- a/third_party/nix/src/libstore/globals.hh +++ b/third_party/nix/src/libstore/globals.hh @@ -299,12 +299,6 @@ class Settings : public Config { "Which prefixes to allow derivations to ask for access to (primarily for " "Darwin)."}; -#if __APPLE__ - Setting darwinLogSandboxViolations{ - this, false, "darwin-log-sandbox-violations", - "Whether to log Darwin sandbox access violations to the system log."}; -#endif - Setting runDiffHook{ this, false, "run-diff-hook", "Whether to run the program specified by the diff-hook setting " diff --git a/third_party/nix/src/libstore/local-store.cc b/third_party/nix/src/libstore/local-store.cc index 1d162ad6b..a89c6a797 100644 --- a/third_party/nix/src/libstore/local-store.cc +++ b/third_party/nix/src/libstore/local-store.cc @@ -24,18 +24,11 @@ #include "pathlocks.hh" #include "worker-protocol.hh" -#if __linux__ #include #include #include #include #include -#endif - -#ifdef __CYGWIN__ -#include -#endif - #include namespace nix { @@ -460,16 +453,6 @@ static void canonicalisePathMetaData_(const Path& path, uid_t fromUid, InodesSeen& inodesSeen) { checkInterrupt(); -#if __APPLE__ - /* Remove flags, in particular UF_IMMUTABLE which would prevent - the file from being garbage-collected. FIXME: Use - setattrlist() to remove other attributes as well. */ - if (lchflags(path.c_str(), 0)) { - if (errno != ENOTSUP) - throw SysError(format("clearing flags of path '%1%'") % path); - } -#endif - struct stat st; if (lstat(path.c_str(), &st) != 0) { throw SysError(format("getting attributes of path '%1%'") % path); @@ -480,7 +463,6 @@ static void canonicalisePathMetaData_(const Path& path, uid_t fromUid, throw Error(format("file '%1%' has an unsupported type") % path); } -#if __linux__ /* Remove extended attributes / ACLs. */ ssize_t eaSize = llistxattr(path.c_str(), nullptr, 0); @@ -508,7 +490,6 @@ static void canonicalisePathMetaData_(const Path& path, uid_t fromUid, } } } -#endif /* Fail if the file is not owned by the build user. This prevents us from messing up the ownership/permissions of files diff --git a/third_party/nix/src/libstore/optimise-store.cc b/third_party/nix/src/libstore/optimise-store.cc index d7cf2bb74..caeff7236 100644 --- a/third_party/nix/src/libstore/optimise-store.cc +++ b/third_party/nix/src/libstore/optimise-store.cc @@ -105,18 +105,6 @@ void LocalStore::optimisePath_(OptimiseStats& stats, const Path& path, throw SysError(format("getting attributes of path '%1%'") % path); } -#if __APPLE__ - /* HFS/macOS has some undocumented security feature disabling hardlinking for - special files within .app dirs. *.app/Contents/PkgInfo and - *.app/Contents/Resources/\*.lproj seem to be the only paths affected. See - https://github.com/NixOS/nix/issues/1443 for more discussion. */ - - if (std::regex_search(path, std::regex("\\.app/Contents/.+$"))) { - debug(format("'%1%' is not allowed to be linked in macOS") % path); - return; - } -#endif - if (S_ISDIR(st.st_mode)) { Strings names = readDirectoryIgnoringInodes(path, inodeHash); for (auto& i : names) { diff --git a/third_party/nix/src/libutil/util.cc b/third_party/nix/src/libutil/util.cc index b77fb8ac0..6076bdc39 100644 --- a/third_party/nix/src/libutil/util.cc +++ b/third_party/nix/src/libutil/util.cc @@ -16,6 +16,7 @@ #include #include #include +#include #include #include #include @@ -27,14 +28,6 @@ #include "serialise.hh" #include "sync.hh" -#ifdef __APPLE__ -#include -#endif - -#ifdef __linux__ -#include -#endif - namespace nix { const std::string nativeSystem = SYSTEM; @@ -819,12 +812,6 @@ int Pid::kill() { process group, send the signal to every process in the child process group (which hopefully includes *all* its children). */ if (::kill(separatePG ? -pid : pid, killSignal) != 0) { - /* On BSDs, killing a process group will return EPERM if all - processes in the group are zombies (or something like - that). So try to detect and ignore that situation. */ -#if __FreeBSD__ || __APPLE__ - if (errno != EPERM || ::kill(pid, 0) != 0) -#endif LOG(ERROR) << SysError("killing process %d", pid).msg(); } @@ -876,20 +863,9 @@ void killUser(uid_t uid) { } while (true) { -#ifdef __APPLE__ - /* OSX's kill syscall takes a third parameter that, among - other things, determines if kill(-1, signo) affects the - calling process. In the OSX libc, it's set to true, - which means "follow POSIX", which we don't want here - */ - if (syscall(SYS_kill, -1, SIGKILL, false) == 0) { - break; - } -#else if (kill(-1, SIGKILL) == 0) { break; } -#endif if (errno == ESRCH) { break; } /* no more processes */ diff --git a/third_party/nix/src/nix-daemon/nix-daemon.cc b/third_party/nix/src/nix-daemon/nix-daemon.cc index 9f5e8b7cb..5a38e023f 100644 --- a/third_party/nix/src/nix-daemon/nix-daemon.cc +++ b/third_party/nix/src/nix-daemon/nix-daemon.cc @@ -28,10 +28,6 @@ #include "util.hh" #include "worker-protocol.hh" -#if __APPLE__ || __FreeBSD__ -#include -#endif - using namespace nix; #ifndef __linux__