Skip to content

Update profiles to use std::filesystem::path#14617

Merged
Ericson2314 merged 1 commit intoNixOS:masterfrom
vinayakankugoyal:path
Nov 24, 2025
Merged

Update profiles to use std::filesystem::path#14617
Ericson2314 merged 1 commit intoNixOS:masterfrom
vinayakankugoyal:path

Conversation

@vinayakankugoyal
Copy link
Contributor

Motivation

Update profiles to use std::filesystem::path

Context

#9205


Add 👍 to pull requests you find important.

The Nix maintainer team uses a GitHub project board to schedule and track reviews.

@github-actions github-actions bot added new-cli Relating to the "nix" command store Issues and pull requests concerning the Nix store labels Nov 22, 2025
@xokdvium
Copy link
Contributor

I'm a lot on the fence of relying more on std::filesystem for I/O and not just path manipulation, since it doesn't have facilities for dirfd-based operations. There are a lot of symlink following TOCTOU issues lurking no doubt. I would prefer if we kept our file-system functions so that we can implement safe primitives without undoing these changes.

@Ericson2314
Copy link
Member

@xokdvium my comments are in that direction. @Mic92 convinced also for exception we need to wrap most things too.

@Mic92
Copy link
Member

Mic92 commented Nov 22, 2025

I'm a lot on the fence of relying more on std::filesystem for I/O and not just path manipulation, since it doesn't have facilities for dirfd-based operations. There are a lot of symlink following TOCTOU issues lurking no doubt. I would prefer if we kept our file-system functions so that we can implement safe primitives without undoing these changes.

We should make a clear decision on this i.e have the std::filesystem path type but than keep all io function in one place that allows us to wrap errors and potentially have the option to implement more secure but potential platform abstraction in one place. How does this sound?

@xokdvium
Copy link
Contributor

xokdvium commented Nov 22, 2025

We should make a clear decision on this i.e have the std::filesystem path type but than keep all io function in one place that allows us to wrap errors and potentially have the option to implement more secure but potential platform-dependent abstraction in one place. How does this sound?

Sounds perfect. Could you file an issue outlining this? I'd prefer also if we could start leveraging SourceAccessor more when I'm done with making it use openat2. RestoreSink now provides safer facilities since I recently rewrote it to use dirfd on unix. That way we have a good default that's harder to misuse.

@Ericson2314
Copy link
Member

Sounds good to me too, and to be clear my review comments above are already going in that direction (at least I think they are).

@Ericson2314
Copy link
Member

diff --git a/src/libutil/include/nix/util/file-system.hh b/src/libutil/include/nix/util/file-system.hh
index 246e0e350f..8200e40e95 100644
--- a/src/libutil/include/nix/util/file-system.hh
+++ b/src/libutil/include/nix/util/file-system.hh
@@ -56,7 +56,10 @@ inline Path absPath(const Path & path, std::optional<PathView> dir = {}, bool re
     return absPath(PathView{path}, dir, resolveSymlinks);
 }

-std::filesystem::path absPath(const std::filesystem::path & path, bool resolveSymlinks = false);
+std::filesystem::path absPath(
+    const std::filesystem::path & path,
+    std::optional<std::filesystem::path> dir = {},
+    bool resolveSymlinks = false);

 /**
  * Canonicalise a path by removing all `.` or `..` components an

let's do this too, and then in the places we were removing absPath, don't do that after all.

@github-actions github-actions bot added the c api Nix as a C library with a stable interface label Nov 23, 2025
Copy link
Member

@Ericson2314 Ericson2314 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This looks good to me now (after squashing). The only function not wrapped is parent_path, which according to https://en.cppreference.com/w/cpp/filesystem/path/parent_path.html is technically allowed to throw for implementation-specific reasons, but I don't think I will.

Since I am co-author here, going to weight for another approval, however.

@Mic92 Mic92 added this pull request to the merge queue Nov 24, 2025
@Mic92 Mic92 removed this pull request from the merge queue due to a manual request Nov 24, 2025
Co-authored-by: Vinayak Goyal <vinayakankugoyal@gmail.com>
Co-authored-by: Eelco Dolstra <edolstra@gmail.com>
@Ericson2314 Ericson2314 disabled auto-merge November 24, 2025 18:39
@Ericson2314 Ericson2314 added this pull request to the merge queue Nov 24, 2025
Merged via the queue into NixOS:master with commit 0c786f3 Nov 24, 2025
16 checks passed
@edolstra edolstra mentioned this pull request Dec 9, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

c api Nix as a C library with a stable interface new-cli Relating to the "nix" command store Issues and pull requests concerning the Nix store

Projects

None yet

Development

Successfully merging this pull request may close these issues.

5 participants