All geek questions in one place

When does the nix path type go into nix storage, and when not?

In the past, I noticed that the nixtype of path ./myfile.txtseems

  • sometimes rated before /home/myuser/mydir/myfile.txtand
  • sometimes up to /nix/store/55j24v9qwdarikv7kd3lc0pvxdr9r2y8-myfile.txt.

I would like to understand exactly when this will happen.

This is especially important for files containing any form of sensitive information, since all files in /nix/storeare readable by all users in the system.

(When used nixopsfor this purpose, there is a special function of "keys", see the "Key Management" section in the manual, but I think it is still important when and how this copying of the path to the repository occurs in itself nix.)

+4
source share
1 answer

User cleveron IRC #nixosexplained:

When will this happen

An extension to /nix/store/...occurs when you use a path inside ${}string interpolation , for example mystring = "cat ${./myfile.txt}.

This does not happen if you use a functiontoString , for example. toString ./myfile.txtwill not give you a path pointing to /nix/store.

For instance:

toString ./notes.txt == "/home/clever/apps/nixos-installer/installer-gui/notes.txt"
"${./notes.txt}"     == "/nix/store/55j24v9qwdarikv7kd3lc0pvxdr9r2y8-notes.txt"

How does this happen

The hash part 55j24v9qwdarikv7kd3lc0pvxdr9r2y8is taken from the contents of the referenced file, ./pathso that it changes when the file changes, and everything that depends on it can be rebuilt accordingly.

/nix/store nix-instantiate; nix- - ( ), ( "building" ) .

, nix "", , ( .drv).

, "/nix/store/rkvwvi007k7w8lp4cc0n10yhlz5xjfmk-hello-2.10" GNU hello , , hello. stdenv.mkDerivation, " " hello.

, builtins.substring. . nix , 1653 1657.

, builtins.unsafeDiscardStringContext.

nix

${} coerceToString, bool copyToStore, true:

/* String coercion.  Converts strings, paths and derivations to a
   string.  If `coerceMore' is set, also converts nulls, integers,
   booleans and lists to a string.  If `copyToStore' is set,
   referenced paths are copied to the Nix store as a side effect. */
string coerceToString(const Pos & pos, Value & v, PathSet & context,
                      bool coerceMore = false, bool copyToStore = true);

, ./path /nix/store :

if (v.type == tPath) {
    Path path(canonPath(v.path));
    return copyToStore ? copyPathToStore(context, path) : path;
}

toString prim_toString false copyToStore:

/* Convert the argument to a string.  Paths are *not* copied to the
   store, so `toString /foo/bar' yields `"/foo/bar"', not
   `"/nix/store/whatever..."'. */
static void prim_toString(EvalState & state, const Pos & pos, Value * * args, Value & v)
{
    PathSet context;
    string s = state.coerceToString(pos, *args[0], context, true, false);
    mkString(v, s, context);
}
+8

Source: https://habr.com/ru/post/1676662/

More articles:


All Articles