Skip to content
Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: NixOS/nix
Failed to load repositories. Confirm that selected base ref is valid, then try again.
Loading
base: 0486e87791f0
Choose a base ref
...
head repository: NixOS/nix
Failed to load repositories. Confirm that selected head ref is valid, then try again.
Loading
compare: e2988f48a135
Choose a head ref
  • 2 commits
  • 3 files changed
  • 2 contributors

Commits on Jan 5, 2020

  1. build: fix sandboxing on darwin 

    Starting ba87b08 getEnv now returns an
std::optional which means these getEnv() != "" conditions no longer happen
if the variables are not defined.
    @LnL7
    LnL7 committed Jan 5, 2020

    Verified

    This commit was signed with the committer’s verified signature.
    anthonyfok Anthony Fok
    GPG key ID: EA2500B412C59ACF
    Verified
    Learn about vigilant mode
    Copy the full SHA
    66fccd5 View commit details

Commits on Jan 6, 2020

  1. Merge pull request #3303 from LnL7/darwin-sandbox 

    build: fix sandboxing on darwin
    @edolstra
    edolstra authored Jan 6, 2020
    Copy the full SHA
    e2988f4 View commit details
Showing with 22 additions and 15 deletions.
  1. +20 −13 src/libstore/build.cc
  2. +1 −1 src/libstore/gc.cc
  3. +1 −1 src/nix-prefetch-url/nix-prefetch-url.cc
33 changes: 20 additions & 13 deletions src/libstore/build.cc
View file
Original file line number Diff line number Diff line change
@@ -3340,7 +3340,7 @@ void DerivationGoal::runChild()
;
}
#if __APPLE__
else if (getEnv("_NIX_TEST_NO_SANDBOX") == "") {
else {
/* This has to appear before import statements. */
std::string sandboxProfile = "(version 1)\n";

@@ -3449,25 +3449,32 @@ void DerivationGoal::runChild()
/* They don't like trailing slashes on subpath directives */
if (globalTmpDir.back() == '/') globalTmpDir.pop_back();

builder = "/usr/bin/sandbox-exec";
args.push_back("sandbox-exec");
args.push_back("-f");
args.push_back(sandboxFile);
args.push_back("-D");
args.push_back("_GLOBAL_TMP_DIR=" + globalTmpDir);
args.push_back("-D");
args.push_back("IMPORT_DIR=" + settings.nixDataDir + "/nix/sandbox/");
if (allowLocalNetworking) {
if (getEnv("_NIX_TEST_NO_SANDBOX") != "1") {
builder = "/usr/bin/sandbox-exec";
args.push_back("sandbox-exec");
args.push_back("-f");
args.push_back(sandboxFile);
args.push_back("-D");
args.push_back("_GLOBAL_TMP_DIR=" + globalTmpDir);
args.push_back("-D");
args.push_back(string("_ALLOW_LOCAL_NETWORKING=1"));
args.push_back("IMPORT_DIR=" + settings.nixDataDir + "/nix/sandbox/");
if (allowLocalNetworking) {
args.push_back("-D");
args.push_back(string("_ALLOW_LOCAL_NETWORKING=1"));
}
args.push_back(drv->builder);
} else {
printError("warning: running in sandboxing test mode, sandbox disabled");
builder = drv->builder.c_str();
args.push_back(std::string(baseNameOf(drv->builder)));
}
args.push_back(drv->builder);
}
#endif
#else
else {
builder = drv->builder.c_str();
args.push_back(std::string(baseNameOf(drv->builder)));
}
#endif

for (auto & i : drv->args)
args.push_back(rewriteStrings(i, inputRewrites));
2 changes: 1 addition & 1 deletion src/libstore/gc.cc
View file
Original file line number Diff line number Diff line change
@@ -443,7 +443,7 @@ void LocalStore::findRuntimeRoots(Roots & roots, bool censor)
// lsof is really slow on OS X. This actually causes the gc-concurrent.sh test to fail.
// See: https://github.com/NixOS/nix/issues/3011
// Because of this we disable lsof when running the tests.
if (getEnv("_NIX_TEST_NO_LSOF") == "") {
if (getEnv("_NIX_TEST_NO_LSOF") != "1") {
try {
std::regex lsofRegex(R"(^n(/.*)$)");
auto lsofLines =
2 changes: 1 addition & 1 deletion src/nix-prefetch-url/nix-prefetch-url.cc
View file
Original file line number Diff line number Diff line change
@@ -53,7 +53,7 @@ static int _main(int argc, char * * argv)
{
HashType ht = htSHA256;
std::vector<string> args;
bool printPath = getEnv("PRINT_PATH") != "";
bool printPath = getEnv("PRINT_PATH") == "1";
bool fromExpr = false;
string attrPath;
bool unpack = false;