Add option disallow-copy-paths

hercules-ci · Oct 24, 2024 · ed3edf2 · ed3edf2
1 parent 1f087c1
commit ed3edf2
Show file tree

Hide file tree

Showing 5 changed files with 30 additions and 0 deletions.
diff --git a/src/libexpr/eval-settings.hh b/src/libexpr/eval-settings.hh
@@ -247,6 +247,15 @@ struct EvalSettings : Config
 
           This option can be enabled by setting `NIX_ABORT_ON_WARN=1` in the environment.
         )"};
+
+    Setting<std::set<std::string>> disallowCopyPaths{this, {}, "disallow-copy-paths",
+        R"(
+          A list of paths that are not allowed to be copied.
+
+          This is useful for finding expressions which copy sources, which can slow down evaluation.
+          You may find copied sources by running `nix` commands with increased verbosity, such as `nix build -vvvv 2>&1 | grep /nix/store`.
+          After identifying one more more paths, run `nix build --option disallow-copy-paths /nix/store/... --show-trace` to find the expression that copies the path, or add `--debugger`.
+        )"};
 };
 
 /**

diff --git a/src/libexpr/eval.cc b/src/libexpr/eval.cc
@@ -2384,6 +2384,9 @@ StorePath EvalState::fetchToStore(
     PathFilter * filter,
     RepairFlag repair)
 {
+    if (path.accessor == rootFS && settings.disallowCopyPaths.get().contains(path.path.abs())) {
+        error<EvalError>("not allowed to copy '%1%' due to option '%2%'", path.path.abs(), settings.disallowCopyPaths.name).debugThrow();
+    }
     return ::nix::fetchToStore(*store, path, mode, name, method, filter, repair);
 }
 

diff --git a/tests/functional/disallow-copy-paths.sh b/tests/functional/disallow-copy-paths.sh
@@ -0,0 +1,16 @@
+#!/usr/bin/env bash
+
+source common.sh
+
+clearStoreIfPossible
+
+# shellcheck disable=SC2016
+path="$(nix eval --raw --impure --expr '"${./disallow-copy-paths.sh}"')"
+
+# shellcheck disable=SC2016
+expectStderr 1 nix-instantiate \
+  --disallow-copy-paths "$path" \
+  --expr --strict \
+  --argstr path "$path" \
+  '{ path }: "${/. + path}" + "bla bla"' \
+  | grepQuiet "error.*not allowed to copy.*$path.* due to option.*disallow-copy-paths"
diff --git a/tests/functional/local.mk b/tests/functional/local.mk
@@ -1,5 +1,6 @@
 nix_tests = \
   test-infra.sh \
+  disallow-copy-paths.sh \
   gc.sh \
   nix-collect-garbage-d.sh \
   remote-store.sh \

diff --git a/tests/functional/meson.build b/tests/functional/meson.build
@@ -69,6 +69,7 @@ suites = [
     'deps': [],
     'tests': [
       'test-infra.sh',
+      'disallow-copy-paths.sh',
       'gc.sh',
       'nix-collect-garbage-d.sh',
       'remote-store.sh',