From 114e738e41aa88d63bb86d3c6bf8ff55729d4908 Mon Sep 17 00:00:00 2001 From: Gregor Kleen Date: Thu, 26 Jan 2017 12:56:53 +0100 Subject: [PATCH 1/3] locate: better mlocate support & cleanup --- nixos/modules/misc/locate.nix | 12 +++--------- nixos/modules/rename.nix | 3 +++ 2 files changed, 6 insertions(+), 9 deletions(-) diff --git a/nixos/modules/misc/locate.nix b/nixos/modules/misc/locate.nix index 3cb5bb1a351a..938c2d4401e5 100644 --- a/nixos/modules/misc/locate.nix +++ b/nixos/modules/misc/locate.nix @@ -18,6 +18,7 @@ in { locate = mkOption { type = types.package; default = pkgs.findutils; + defaultText = "pkgs.findutils"; example = "pkgs.mlocate"; description = '' The locate implementation to use @@ -38,9 +39,6 @@ in { ''; }; - # This is no longer supported, but we keep it to give a better warning below - period = mkOption { visible = false; }; - extraFlags = mkOption { type = types.listOf types.str; default = [ ]; @@ -58,7 +56,7 @@ in { }; localuser = mkOption { - type = types.str; + type = types.nullOr types.str; default = "nobody"; description = '' The user to search non-network directories as, using @@ -76,10 +74,6 @@ in { }; config = { - warnings = - let opt = options.services.locate.period; in - optional opt.isDefined "The ‘services.locate.period’ option in ${showFiles opt.files} has been removed; please replace it with ‘services.locate.interval’, using the systemd.time(7) calendar event format."; - systemd.services.update-locatedb = { description = "Update Locate Database"; path = [ pkgs.su ]; @@ -87,7 +81,7 @@ in { '' mkdir -m 0755 -p $(dirname ${toString cfg.output}) exec ${cfg.locate}/bin/updatedb \ - --localuser=${cfg.localuser} \ + ${optionalString (cfg.localuser != null) ''--localuser=${cfg.localuser}''} \ ${optionalString (!cfg.includeStore) "--prunepaths='/nix/store'"} \ --output=${toString cfg.output} ${concatStringsSep " " cfg.extraFlags} ''; diff --git a/nixos/modules/rename.nix b/nixos/modules/rename.nix index 8d3c0a66ef43..5b4ac07199d8 100644 --- a/nixos/modules/rename.nix +++ b/nixos/modules/rename.nix @@ -168,6 +168,9 @@ with lib; # dhcpd (mkRenamedOptionModule [ "services" "dhcpd" ] [ "services" "dhcpd4" ]) + # locate + (mkRenamedOptionModule [ "services" "locate" "period" ] [ "services" "locate" "interval" ]) + # Options that are obsolete and have no replacement. (mkRemovedOptionModule [ "boot" "initrd" "luks" "enable" ] "") (mkRemovedOptionModule [ "programs" "bash" "enable" ] "") From cc1ebd1db46e9d56feaf06b80ba88a632f8c5774 Mon Sep 17 00:00:00 2001 From: Gregor Kleen Date: Thu, 5 Jan 2017 18:57:45 +0100 Subject: [PATCH 2/3] locate: enhance mlocate support --- nixos/modules/misc/locate.nix | 82 ++++++++++++++++++++++++++++------- nixos/modules/rename.nix | 1 + 2 files changed, 67 insertions(+), 16 deletions(-) diff --git a/nixos/modules/misc/locate.nix b/nixos/modules/misc/locate.nix index 938c2d4401e5..e7fc25fc2078 100644 --- a/nixos/modules/misc/locate.nix +++ b/nixos/modules/misc/locate.nix @@ -4,10 +4,12 @@ with lib; let cfg = config.services.locate; + isMLocate = hasPrefix "mlocate" cfg.locate.name; + isFindutils = hasPrefix "findutils" cfg.locate.name; in { - options.services.locate = { + options.services.locate = with types; { enable = mkOption { - type = types.bool; + type = bool; default = false; description = '' If enabled, NixOS will periodically update the database of @@ -16,7 +18,7 @@ in { }; locate = mkOption { - type = types.package; + type = package; default = pkgs.findutils; defaultText = "pkgs.findutils"; example = "pkgs.mlocate"; @@ -26,7 +28,7 @@ in { }; interval = mkOption { - type = types.str; + type = str; default = "02:15"; example = "hourly"; description = '' @@ -40,7 +42,7 @@ in { }; extraFlags = mkOption { - type = types.listOf types.str; + type = listOf str; default = [ ]; description = '' Extra flags to pass to updatedb. @@ -48,7 +50,7 @@ in { }; output = mkOption { - type = types.path; + type = path; default = "/var/cache/locatedb"; description = '' The database file to build. @@ -56,7 +58,7 @@ in { }; localuser = mkOption { - type = types.nullOr types.str; + type = nullOr str; default = "nobody"; description = '' The user to search non-network directories as, using @@ -64,27 +66,75 @@ in { ''; }; - includeStore = mkOption { - type = types.bool; - default = false; + pruneFS = mkOption { + type = listOf str; + default = ["afs" "anon_inodefs" "auto" "autofs" "bdev" "binfmt" "binfmt_misc" "cgroup" "cifs" "coda" "configfs" "cramfs" "cpuset" "debugfs" "devfs" "devpts" "devtmpfs" "ecryptfs" "eventpollfs" "exofs" "futexfs" "ftpfs" "fuse" "fusectl" "gfs" "gfs2" "hostfs" "hugetlbfs" "inotifyfs" "iso9660" "jffs2" "lustre" "misc" "mqueue" "ncpfs" "nnpfs" "ocfs" "ocfs2" "pipefs" "proc" "ramfs" "rpc_pipefs" "securityfs" "selinuxfs" "sfs" "shfs" "smbfs" "sockfs" "spufs" "nfs" "NFS" "nfs4" "nfsd" "sshfs" "subfs" "supermount" "sysfs" "tmpfs" "ubifs" "udf" "usbfs" "vboxsf" "vperfctrfs" ]; description = '' - Whether to include /nix/store in the locate database. + Which filesystem types to exclude from indexing ''; }; + + prunePaths = mkOption { + type = listOf path; + default = ["/tmp" "/var/tmp" "/var/cache" "/var/lock" "/var/run" "/var/spool" "/nix/store"]; + description = '' + Which paths to exclude from indexing + ''; + }; + + pruneNames = mkOption { + type = listOf str; + default = []; + description = '' + Directory components which should exclude paths containing them from indexing + ''; + }; + + pruneBindMounts = mkOption { + type = bool; + default = false; + description = '' + Whether not to index bind mounts + ''; + }; + }; - config = { + config = mkIf cfg.enable { + users.extraGroups = mkIf isMLocate { mlocate = {}; }; + + security.setuidOwners = mkIf isMLocate + [ { group = "mlocate"; + owner = "root"; + permissions = "u+rx,g+x,o+x"; + setgid = true; + setuid = false; + program = "locate"; + } + ]; + + environment.systemPackages = [ cfg.locate ]; + + warnings = optional (isMLocate && cfg.localuser != null) "mlocate does not support searching as user other than root" + ++ optional (isFindutils && cfg.pruneNames != []) "findutils locate does not support pruning by directory component" + ++ optional (isFindutils && cfg.pruneBindMounts) "findutils locate does not support skipping bind mounts"; + systemd.services.update-locatedb = { description = "Update Locate Database"; - path = [ pkgs.su ]; + path = mkIf (!isMLocate) [ pkgs.su ]; script = '' - mkdir -m 0755 -p $(dirname ${toString cfg.output}) + install -m ${if isMLocate then "0750" else "0755"} -o root -g ${if isMLocate then "mlocate" else "root"} -d $(dirname ${cfg.output}) exec ${cfg.locate}/bin/updatedb \ ${optionalString (cfg.localuser != null) ''--localuser=${cfg.localuser}''} \ - ${optionalString (!cfg.includeStore) "--prunepaths='/nix/store'"} \ --output=${toString cfg.output} ${concatStringsSep " " cfg.extraFlags} ''; + environment = { + PRUNEFS = concatStringsSep " " cfg.pruneFS; + PRUNEPATHS = concatStringsSep " " cfg.prunePaths; + PRUNENAMES = concatStringsSep " " cfg.pruneNames; + PRUNE_BIND_MOUNTS = if cfg.pruneBindMounts then "yes" else "no"; + }; serviceConfig.Nice = 19; serviceConfig.IOSchedulingClass = "idle"; serviceConfig.PrivateTmp = "yes"; @@ -94,7 +144,7 @@ in { serviceConfig.ReadWriteDirectories = dirOf cfg.output; }; - systemd.timers.update-locatedb = mkIf cfg.enable + systemd.timers.update-locatedb = { description = "Update timer for locate database"; partOf = [ "update-locatedb.service" ]; wantedBy = [ "timers.target" ]; diff --git a/nixos/modules/rename.nix b/nixos/modules/rename.nix index 5b4ac07199d8..4e7f62fc8f5c 100644 --- a/nixos/modules/rename.nix +++ b/nixos/modules/rename.nix @@ -170,6 +170,7 @@ with lib; # locate (mkRenamedOptionModule [ "services" "locate" "period" ] [ "services" "locate" "interval" ]) + (mkRemovedOptionModule [ "services" "locate" "includeStore" ] "Use services.locate.prunePaths" ) # Options that are obsolete and have no replacement. (mkRemovedOptionModule [ "boot" "initrd" "luks" "enable" ] "") From 06211e700b2b45cf5ea20b9d032322fade3da7d9 Mon Sep 17 00:00:00 2001 From: Gregor Kleen Date: Thu, 5 Jan 2017 20:16:48 +0100 Subject: [PATCH 3/3] locate: build in correct dbpath --- nixos/modules/misc/locate.nix | 6 ++++++ nixos/modules/programs/environment.nix | 3 +-- pkgs/tools/misc/mlocate/default.nix | 7 +++++-- 3 files changed, 12 insertions(+), 4 deletions(-) diff --git a/nixos/modules/misc/locate.nix b/nixos/modules/misc/locate.nix index e7fc25fc2078..a9c84f6db243 100644 --- a/nixos/modules/misc/locate.nix +++ b/nixos/modules/misc/locate.nix @@ -113,8 +113,14 @@ in { } ]; + nixpkgs.config = { locate.dbfile = cfg.output; }; + environment.systemPackages = [ cfg.locate ]; + environment.variables = mkIf (!isMLocate) + { LOCATE_PATH = cfg.output; + }; + warnings = optional (isMLocate && cfg.localuser != null) "mlocate does not support searching as user other than root" ++ optional (isFindutils && cfg.pruneNames != []) "findutils locate does not support pruning by directory component" ++ optional (isFindutils && cfg.pruneBindMounts) "findutils locate does not support skipping bind mounts"; diff --git a/nixos/modules/programs/environment.nix b/nixos/modules/programs/environment.nix index a35b5cc9513e..a1615c920c02 100644 --- a/nixos/modules/programs/environment.nix +++ b/nixos/modules/programs/environment.nix @@ -17,8 +17,7 @@ in config = { environment.variables = - { LOCATE_PATH = "/var/cache/locatedb"; - NIXPKGS_CONFIG = "/etc/nix/nixpkgs-config.nix"; + { NIXPKGS_CONFIG = "/etc/nix/nixpkgs-config.nix"; PAGER = mkDefault "less -R"; EDITOR = mkDefault "nano"; }; diff --git a/pkgs/tools/misc/mlocate/default.nix b/pkgs/tools/misc/mlocate/default.nix index 6dbd0bcc439a..4aef6114c57c 100644 --- a/pkgs/tools/misc/mlocate/default.nix +++ b/pkgs/tools/misc/mlocate/default.nix @@ -1,6 +1,8 @@ -{ stdenv, fetchurl }: +{ stdenv, fetchurl, config }: -stdenv.mkDerivation rec { +let + dbfile = stdenv.lib.attrByPath [ "locate" "dbfile" ] "/var/cache/locatedb" config; +in stdenv.mkDerivation rec { name = "mlocate-${version}"; version = "0.26"; @@ -10,6 +12,7 @@ stdenv.mkDerivation rec { }; buildInputs = [ ]; + makeFlags = [ "dbfile=${dbfile}" ]; meta = with stdenv.lib; { description = "Merging locate is an utility to index and quickly search for files";