>From 00f489d6303720c65571fdf0bc9ee810a20f70e0 Mon Sep 17 00:00:00 2001
From: Roel Janssen <address@hidden>
Date: Wed, 11 Apr 2018 09:52:11 +0200
Subject: [PATCH] guix-daemon: Disable garbage collection for remote hosts.

* nix/libstore/gc.cc (collectGarbage): Check for remote connections.
* nix/libstore/globals.hh: Add isRemoteConnection setting.
* nix/nix-daemon/nix-daemon.cc (performOp): Display appropriate error message;
  (acceptConnection): Set isRemoteConnection when connection is over TCP.
---
 nix/libstore/gc.cc           | 4 ++++
 nix/libstore/globals.hh      | 4 ++++
 nix/nix-daemon/nix-daemon.cc | 6 ++++++
 3 files changed, 14 insertions(+)

diff --git a/nix/libstore/gc.cc b/nix/libstore/gc.cc
index 72eff5242..1bc6eedb5 100644
--- a/nix/libstore/gc.cc
+++ b/nix/libstore/gc.cc
@@ -595,6 +595,10 @@ void LocalStore::removeUnusedLinks(const GCState & state)
 
 void LocalStore::collectGarbage(const GCOptions & options, GCResults & results)
 {
+    if (settings.isRemoteConnection) {
+        return;
+    }
+
     GCState state(results);
     state.options = options;
     state.trashDir = settings.nixStore + "/trash";
diff --git a/nix/libstore/globals.hh b/nix/libstore/globals.hh
index 1293625e1..83efbcd50 100644
--- a/nix/libstore/globals.hh
+++ b/nix/libstore/globals.hh
@@ -81,6 +81,10 @@ struct Settings {
     uid_t clientUid;
     gid_t clientGid;
 
+    /* Whether the connection comes from a host other than the host running
+       guix-daemon. */
+    bool isRemoteConnection;
+
     /* Whether, if we cannot realise the known closure corresponding
        to a derivation, we should try to normalise the derivation
        instead. */
diff --git a/nix/nix-daemon/nix-daemon.cc b/nix/nix-daemon/nix-daemon.cc
index deb7003d7..65770ba95 100644
--- a/nix/nix-daemon/nix-daemon.cc
+++ b/nix/nix-daemon/nix-daemon.cc
@@ -529,6 +529,11 @@ static void performOp(bool trusted, unsigned int clientVersion,
     }
 
     case wopCollectGarbage: {
+        if (settings.isRemoteConnection) {
+            throw Error("Garbage collection is disabled for remote hosts.");
+            break;
+        }
+
         GCOptions options;
         options.action = (GCOptions::GCAction) readInt(from);
         options.pathsToDelete = readStorePaths<PathSet>(from);
@@ -934,6 +939,7 @@ static void acceptConnection(int fdSocket)
                    connection.  Setting these to -1 means: do not change.  */
                 settings.clientUid = clientUid;
 		settings.clientGid = clientGid;
+                settings.isRemoteConnection = (remoteAddr.ss_family != AF_UNIX);
 
                 /* Handle the connection. */
                 from.fd = remote;
-- 
2.16.3