Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

skawarePackages.skalibs: empty default path #71388

Merged
merged 1 commit into from
Oct 29, 2019
Merged

skawarePackages.skalibs: empty default path #71388

merged 1 commit into from
Oct 29, 2019
+3 −0

Conversation

Profpatsch
Copy link
Member

If PATH is unset, the exec wrappers in skalibs set a default path to
/usr/bin:bin.

This has very unfortunate effects when you e.g. try to run tests on CI
in an empty environment (minus tools explicitely provided by nix with
absolute store paths), because suddenly binaries from outside are
picked up again, especially on non-NixOS.
Even on NixOS, /bin/sh provides another escape hatch if it’s available
from PATH. But on systems like Ubuntu or MacOS (which most CI systems
run on), this picks up all the non-nix binaries.

Things done
  • Tested using sandboxing (nix.useSandbox on NixOS, or option sandbox in nix.conf on non-NixOS)
  • Built on platform(s)
    • NixOS
    • macOS
    • other Linux distributions
  • Tested via one or more NixOS test(s) if existing and applicable for the change (look inside nixos/tests)
  • Tested compilation of all pkgs that depend on this change using nix-shell -p nix-review --run "nix-review wip"
  • Tested execution of all binary files (usually in ./result/bin/)
  • Determined the impact on package closure size (by running nix path-info -S before and after)
  • Ensured that relevant documentation is up to date
  • Fits CONTRIBUTING.md.
Notify maintainers

cc @pmahoney

Sorry, something went wrong.

@Profpatsch
skawarePackages.skalibs: empty default path
ebf256c 
If `PATH` is unset, the exec wrappers in skalibs set a default path to
`/usr/bin:bin`.

This has very unfortunate effects when you e.g. try to run tests on CI
in an empty environment (minus tools explicitely provided by nix with
absolute store paths), because suddenly binaries from outside are
picked up again, especially on non-NixOS.
Even on NixOS, /bin/sh provides another escape hatch if it’s available
from PATH. But on systems like Ubuntu or MacOS (which most CI systems
run on), this picks up all the non-nix binaries.
@Profpatsch Profpatsch requested a review from alyssais October 19, 2019 14:31
@Profpatsch
Copy link
Member Author

@GrahamcOfBorg build skawarePackages

@risicle
Copy link
Contributor

risicle commented Oct 20, 2019

nix-review is happy, macos 10.13.

@alyssais
Copy link
Member

Is OfBorg supposed to have skipped Darwin?

@Profpatsch
Copy link
Member Author

Profpatsch commented Oct 29, 2019
edited
Loading

Is OfBorg supposed to have skipped Darwin?

There’s one package which doesn’t build on Darwin, then ofborg just skips the whole thing. We need support to build (nested) attrsets of derivations. I think that’s also related to passthru.tests cc @Ekleog

@Profpatsch Profpatsch merged commit 14f812a into NixOS:master Oct 29, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@alyssais alyssais

Assignees
No one assigned
Labels
10.rebuild-darwin: 11-100 10.rebuild-linux: 11-100
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@Profpatsch @risicle @alyssais