New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
darwin.iproute2mac: init at 1.2.1 #41768
Conversation
|
||
buildInputs = [ python ]; | ||
|
||
__impureHostDeps = [ |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is only necessary if you're actually calling these in the builder. You should be able to leave this out.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
ok, wasn't aware. will strip them out.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yeah, and I'm not even sure if /usr/bin
is allowed.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@LnL7 from the builder? Don't know too, I just thought I should probably document impure usages somewhere. PR updated with __impureHostDeps
removed.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
For reference, these are the only prefixes that this works for unless this is overridden in nix.conf with allowed-impure-host-deps
.
https://github.com/NixOS/nix/blob/e7cb2847ab1cec48eac6a86c56885b3f0df76275/src/libstore/globals.cc#L22
This is used to open up the build sandbox when sandboxing is enabled, allowing builds to open up arbitrary paths would be a security concern.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
thanks for the explanation!
buildInputs = [ python ]; | ||
|
||
postPatch = '' | ||
substituteInPlace src/ip.py --replace /usr/bin/python ${python}/bin/python |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Can you also wrap the other commands here? darwin.network_cmds should have them all.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
right. what about sudo?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It's probably okay to leave for now. I don't think it's packaged anywhere? /cc @LnL7
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
patched all network_cmds. I doubt pkgs/tools/security/sudo
would easily be portable for darwin, so relying on /usr/bin/sudo
being there might be ok
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Sudo can't work, it needs a setuid bit.
No attempt on aarch64-linux (full log) The following builds were skipped because they don't evaluate on aarch64-linux: darwin.iproute2mac Partial log (click to expand)
|
No attempt on x86_64-linux (full log) The following builds were skipped because they don't evaluate on x86_64-linux: darwin.iproute2mac Partial log (click to expand)
|
Success on x86_64-darwin (full log) Attempted: darwin.iproute2mac Partial log (click to expand)
|
Thanks! |
Motivation for this change
This adds
iproute2mac
, a CLI wrapper for basic network utilites on Mac OS X inspired with iproute2 on Linux.Things done
sandbox
innix.conf
on non-NixOS)nix-shell -p nox --run "nox-review wip"
./result/bin/
)cc @LnL7