mirror of
https://github.com/privatevoid-net/nix-super.git
synced 2024-11-27 00:06:16 +02:00
Merge pull request #3144 from matthewbauer/fix-sandbox-fallback
Fix sandbox fallback settings
This commit is contained in:
commit
7c8d7c17f8
1 changed files with 41 additions and 33 deletions
|
@ -939,6 +939,9 @@ private:
|
||||||
/* Fill in the environment for the builder. */
|
/* Fill in the environment for the builder. */
|
||||||
void initEnv();
|
void initEnv();
|
||||||
|
|
||||||
|
/* Setup tmp dir location. */
|
||||||
|
void initTmpDir();
|
||||||
|
|
||||||
/* Write a JSON file containing the derivation attributes. */
|
/* Write a JSON file containing the derivation attributes. */
|
||||||
void writeStructuredAttrs();
|
void writeStructuredAttrs();
|
||||||
|
|
||||||
|
@ -1956,13 +1959,6 @@ void DerivationGoal::startBuilder()
|
||||||
auto drvName = storePathToName(drvPath);
|
auto drvName = storePathToName(drvPath);
|
||||||
tmpDir = createTempDir("", "nix-build-" + drvName, false, false, 0700);
|
tmpDir = createTempDir("", "nix-build-" + drvName, false, false, 0700);
|
||||||
|
|
||||||
/* In a sandbox, for determinism, always use the same temporary
|
|
||||||
directory. */
|
|
||||||
#if __linux__
|
|
||||||
tmpDirInSandbox = useChroot ? settings.sandboxBuildDir : tmpDir;
|
|
||||||
#else
|
|
||||||
tmpDirInSandbox = tmpDir;
|
|
||||||
#endif
|
|
||||||
chownToBuilder(tmpDir);
|
chownToBuilder(tmpDir);
|
||||||
|
|
||||||
/* Substitute output placeholders with the actual output paths. */
|
/* Substitute output placeholders with the actual output paths. */
|
||||||
|
@ -2366,7 +2362,7 @@ void DerivationGoal::startBuilder()
|
||||||
int res = helper.wait();
|
int res = helper.wait();
|
||||||
if (res != 0 && settings.sandboxFallback) {
|
if (res != 0 && settings.sandboxFallback) {
|
||||||
useChroot = false;
|
useChroot = false;
|
||||||
tmpDirInSandbox = tmpDir;
|
initTmpDir();
|
||||||
goto fallback;
|
goto fallback;
|
||||||
} else if (res != 0)
|
} else if (res != 0)
|
||||||
throw Error("unable to start build process");
|
throw Error("unable to start build process");
|
||||||
|
@ -2422,31 +2418,14 @@ void DerivationGoal::startBuilder()
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
void DerivationGoal::initEnv()
|
void DerivationGoal::initTmpDir() {
|
||||||
{
|
/* In a sandbox, for determinism, always use the same temporary
|
||||||
env.clear();
|
directory. */
|
||||||
|
#if __linux__
|
||||||
/* Most shells initialise PATH to some default (/bin:/usr/bin:...) when
|
tmpDirInSandbox = useChroot ? settings.sandboxBuildDir : tmpDir;
|
||||||
PATH is not set. We don't want this, so we fill it in with some dummy
|
#else
|
||||||
value. */
|
tmpDirInSandbox = tmpDir;
|
||||||
env["PATH"] = "/path-not-set";
|
#endif
|
||||||
|
|
||||||
/* Set HOME to a non-existing path to prevent certain programs from using
|
|
||||||
/etc/passwd (or NIS, or whatever) to locate the home directory (for
|
|
||||||
example, wget looks for ~/.wgetrc). I.e., these tools use /etc/passwd
|
|
||||||
if HOME is not set, but they will just assume that the settings file
|
|
||||||
they are looking for does not exist if HOME is set but points to some
|
|
||||||
non-existing path. */
|
|
||||||
env["HOME"] = homeDir;
|
|
||||||
|
|
||||||
/* Tell the builder where the Nix store is. Usually they
|
|
||||||
shouldn't care, but this is useful for purity checking (e.g.,
|
|
||||||
the compiler or linker might only want to accept paths to files
|
|
||||||
in the store or in the build directory). */
|
|
||||||
env["NIX_STORE"] = worker.store.storeDir;
|
|
||||||
|
|
||||||
/* The maximum number of cores to utilize for parallel building. */
|
|
||||||
env["NIX_BUILD_CORES"] = (format("%d") % settings.buildCores).str();
|
|
||||||
|
|
||||||
/* In non-structured mode, add all bindings specified in the
|
/* In non-structured mode, add all bindings specified in the
|
||||||
derivation via the environment, except those listed in the
|
derivation via the environment, except those listed in the
|
||||||
|
@ -2485,6 +2464,35 @@ void DerivationGoal::initEnv()
|
||||||
inode of the current directory doesn't appear in .. (because
|
inode of the current directory doesn't appear in .. (because
|
||||||
getdents returns the inode of the mount point). */
|
getdents returns the inode of the mount point). */
|
||||||
env["PWD"] = tmpDirInSandbox;
|
env["PWD"] = tmpDirInSandbox;
|
||||||
|
}
|
||||||
|
|
||||||
|
void DerivationGoal::initEnv()
|
||||||
|
{
|
||||||
|
env.clear();
|
||||||
|
|
||||||
|
/* Most shells initialise PATH to some default (/bin:/usr/bin:...) when
|
||||||
|
PATH is not set. We don't want this, so we fill it in with some dummy
|
||||||
|
value. */
|
||||||
|
env["PATH"] = "/path-not-set";
|
||||||
|
|
||||||
|
/* Set HOME to a non-existing path to prevent certain programs from using
|
||||||
|
/etc/passwd (or NIS, or whatever) to locate the home directory (for
|
||||||
|
example, wget looks for ~/.wgetrc). I.e., these tools use /etc/passwd
|
||||||
|
if HOME is not set, but they will just assume that the settings file
|
||||||
|
they are looking for does not exist if HOME is set but points to some
|
||||||
|
non-existing path. */
|
||||||
|
env["HOME"] = homeDir;
|
||||||
|
|
||||||
|
/* Tell the builder where the Nix store is. Usually they
|
||||||
|
shouldn't care, but this is useful for purity checking (e.g.,
|
||||||
|
the compiler or linker might only want to accept paths to files
|
||||||
|
in the store or in the build directory). */
|
||||||
|
env["NIX_STORE"] = worker.store.storeDir;
|
||||||
|
|
||||||
|
/* The maximum number of cores to utilize for parallel building. */
|
||||||
|
env["NIX_BUILD_CORES"] = (format("%d") % settings.buildCores).str();
|
||||||
|
|
||||||
|
initTmpDir();
|
||||||
|
|
||||||
/* Compatibility hack with Nix <= 0.7: if this is a fixed-output
|
/* Compatibility hack with Nix <= 0.7: if this is a fixed-output
|
||||||
derivation, tell the builder, so that for instance `fetchurl'
|
derivation, tell the builder, so that for instance `fetchurl'
|
||||||
|
|
Loading…
Reference in a new issue