New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
audit-tmpdir hook: use abspath matching on RPATH entries #51317
Conversation
fcd5c05
to
5808e34
Compare
Is this correct ? the RPATH is a colon separated list so the regexp should probably be something like |
Doh. Right. Hm, grep is invoked with -F to disable regex. Not sure how to do regexp like search while still treating the $TMPDIR pattern as literal. |
Multiple patterns can be added with -e. But with the -F option the only way I found (yet) to lock to start of string is the --line-regex option. But that fails to allow trailing chars after the match, since it matches whole lines.
(Fails to match "/build/bar".) |
Although it'd be interesting to match start-of-string (which is the correct thing to do), I think actually the package that I had problems with get solved by 551aecf (added just two weeks ago). |
Here is one possibility:
that is
|
337f078
to
47d21a8
Compare
@symphorien: Good idea! I replaced sed with printf for performance (now negligeble) and force-pushed. |
This ensures that RPATH entries like "/foo/build/bar" doesn't trigger a match when TMPDIR is "/build/bar". (I've had this problem with a prebuilt package.)
47d21a8
to
ad28261
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Great idea!
@Ericson2314: Thanks! |
Motivation for this change
This ensures that RPATH entries like "/foo/build" doesn't trigger a match when TMPDIR is "/build. (I've had this problem with a prebuilt package.)
Things done
sandbox
innix.conf
on non-NixOS)nix-shell -p nox --run "nox-review wip"
./result/bin/
)nix path-info -S
before and after)