Eelco Dolstra
d54590fdf3
Fix --no-sandbox
...
When sandboxing is disabled, we cannot put $TMPDIR underneath an
inaccessible directory.
2024-06-21 17:06:19 +02:00
Théophane Hufschmitt
1d3696f0fb
Run the builds in a daemon-controled directory
...
Instead of running the builds under
`$TMPDIR/{unique-build-directory-owned-by-the-build-user}`, run them
under `$TMPDIR/{unique-build-directory-owned-by-the-daemon}/{subdir-owned-by-the-build-user}`
where the build directory is only readable and traversable by the daemon user.
This achieves two things:
1. It prevents builders from making their build directory world-readable
(or even writeable), which would allow the outside world to interact
with them.
2. It prevents external processes running as the build user (either
because that somehow leaked, maybe as a consequence of 1., or because
`build-users` isn't in use) from gaining access to the build
directory.
2024-06-21 17:06:19 +02:00
Théophane Hufschmitt
717f3eea39
Add a test for the user sandboxing
2024-06-21 17:06:18 +02:00
Robert Hensing
2894c1b38e
WIP add testresults output
2024-06-16 16:34:54 +02:00
Robert Hensing
573e385a68
Merge pull request #10907 from hercules-ci/issue-10561
...
C API: Use opaque struct instead of void for `nix_value`
2024-06-15 10:12:13 +02:00
Robert Hensing
b94e1d6218
C API: Value -> nix_value
...
See issue https://github.com/NixOS/nix/issues/10434
2024-06-13 18:51:58 +02:00
Robert Hensing
0b56c98b1c
C API: Value -> nix_value
2024-06-13 18:18:36 +02:00
Eelco Dolstra
1dc7c8e599
eval-fail-infinite-recursion-lambda: Reduce recursion depth
...
This prevents the test from failing in environments with a smaller
configured stack size.
2024-06-13 13:55:42 +02:00
John Ericson
33241887d1
More quote coalescing
2024-06-12 17:47:54 -04:00
John Ericson
d8ae28617d
Try to fix quotes that don't go to end with sed
2024-06-12 17:41:16 -04:00
Cameron Dart
2d467b4731
housekeeping: shellcheck for tests/functional/import-derivation.sh
2024-06-12 17:41:16 -04:00
Cameron Dart
1c93360989
housekeeping: shellcheck for tests/functional/hash-path.sh
2024-06-12 17:41:16 -04:00
Cameron Dart
d1c476865a
housekeeping: shellcheck for tests/functional/gc-runtime.sh
2024-06-12 17:41:16 -04:00
Cameron Dart
cd46ec17f9
housekeeping: shellcheck for tests/functional/function-trace.sh
2024-06-12 17:41:16 -04:00
Cameron Dart
b764dd9aa4
housekeeping: shellcheck for tests/functional/flakes/unlocked-override.sh
2024-06-12 17:41:16 -04:00
Cameron Dart
e1ce349d05
housekeeping: shellcheck for tests/functional/flakes/search-root.sh
2024-06-12 17:41:16 -04:00
Cameron Dart
b9768b4872
housekeeping: shellcheck for tests/functional/flakes/mercurial.sh
2024-06-12 17:41:16 -04:00
Cameron Dart
c7b3468968
housekeeping: shellcheck for tests/functional/flakes/inputs.sh
2024-06-12 17:41:16 -04:00
Cameron Dart
d95adb531e
housekeeping: shellcheck for tests/functional/flakes/init.sh
2024-06-12 17:41:16 -04:00
Cameron Dart
71d5baca47
housekeeping: shellcheck for tests/functional/flakes/flake-in-submodule.sh
2024-06-12 17:41:16 -04:00
Cameron Dart
3b853e795b
housekeeping: shellcheck for tests/functional/flakes/circular.sh
2024-06-12 17:41:16 -04:00
Cameron Dart
ece86b7191
housekeeping: shellcheck for tests/functional/flakes/bundle.sh
2024-06-12 17:41:16 -04:00
Cameron Dart
ee57c610ae
housekeeping: shellcheck for tests/functional/flakes/build-paths.sh
2024-06-12 17:41:16 -04:00
Cameron Dart
d81fd4a1c3
housekeeping: shellcheck for tests/functional/flakes/absolute-attr-paths.sh
2024-06-12 17:41:16 -04:00
Cameron Dart
ae6a842c55
housekeeping: shellcheck for tests/functional/filter-source.sh
2024-06-12 17:41:16 -04:00
Cameron Dart
224f5515b9
housekeeping: shellcheck for tests/functional/fetchTree-file.sh
...
Co-authored-by: Sandro <sandro.jaeckel@gmail.com>
2024-06-12 17:41:16 -04:00
Cameron Dart
f0492a6197
housekeeping: shellcheck for tests/functional/fetchPath.sh
2024-06-12 17:41:16 -04:00
Cameron Dart
823d53c643
housekeeping: shellcheck for tests/functional/experimental-features.sh
2024-06-12 17:41:16 -04:00
Cameron Dart
1c1abefdd2
housekeeping: shellcheck for tests/functional/dyn-drv/text-hashed-output.sh
2024-06-12 17:41:16 -04:00
Cameron Dart
847842c4bb
housekeeping: shellcheck for tests/functional/derivation-json.sh
2024-06-12 17:41:16 -04:00
Cameron Dart
58a653dcc6
housekeeping: shellcheck for tests/functional/compression-levels.sh
2024-06-12 17:41:16 -04:00
Cameron Dart
48520cb71e
housekeeping: shellcheck for tests/functional/chroot-store.sh
2024-06-12 17:41:16 -04:00
Cameron Dart
63272235e2
housekeeping: shellcheck for tests/functional/case-hacks.sh
...
Co-authored-by: Sandro <sandro.jaeckel@gmail.com>
2024-06-12 17:41:16 -04:00
Cameron Dart
4f04006bc1
housekeeping: shellcheck for tests/functional/check-reqs.sh
2024-06-12 17:41:16 -04:00
Cameron Dart
d7bb5bde48
housekeeping: shellcheck for tests/functional/check-refs.sh
2024-06-12 17:41:16 -04:00
Cameron Dart
259b502773
housekeeping: shellcheck for tests/functional/ca/substitute.sh
2024-06-12 17:41:16 -04:00
Cameron Dart
04876c39e4
housekeeping: shellcheck for tests/functional/ca/signatures.sh
2024-06-12 17:41:16 -04:00
Cameron Dart
8f85537629
housekeeping: shellcheck for tests/functional/ca/nix-run.sh
2024-06-12 17:41:16 -04:00
Cameron Dart
deacc421eb
housekeeping: shellcheck for tests/functional/ca/nix-copy.sh
2024-06-12 17:41:16 -04:00
Cameron Dart
195c0da849
housekeeping: shellcheck for tests/functional/ca/duplicate-realisation-in-closure.sh
2024-06-12 17:41:16 -04:00
Cameron Dart
2dfbba3e5e
housekeeping: shellcheck for tests/functional/ca/derivation-json.sh
2024-06-12 17:41:16 -04:00
Cameron Dart
627176fd54
housekeeping: shellcheck for tests/functional/ca/build.sh
2024-06-12 17:41:16 -04:00
Cameron Dart
80c44138cb
housekeeping: shellcheck for tests/functional/ca/build-cache.sh
...
Co-authored-by: Sandro <sandro.jaeckel@gmail.com>
2024-06-12 17:41:16 -04:00
Cameron Dart
c127625095
housekeeping: shellcheck for tests/functional/build-dry.sh
2024-06-12 17:41:16 -04:00
Cameron Dart
f615489e0e
housekeeping: shellcheck for tests/functional/build-delete.sh
2024-06-12 17:41:16 -04:00
Cameron Dart
7186c68f75
housekeeping: shellcheck for tests/functional/brotli.sh
...
Co-authored-by: Sandro <sandro.jaeckel@gmail.com>
2024-06-12 17:41:15 -04:00
Cameron Dart
aeed835a2e
housekeeping: shellcheck for tests/functional/binary-cache.sh
...
Co-authored-by: Sandro <sandro.jaeckel@gmail.com>
2024-06-12 17:41:08 -04:00
Cameron Dart
4a28ba7877
housekeeping: shellcheck for tests/functional/binary-cache-build-remote.sh
2024-06-12 16:58:25 -04:00
Cameron Dart
7738b295e5
housekeeping: shellcheck for tests/functional/bash-profile.sh
2024-06-12 16:58:25 -04:00
John Ericson
7c2981fc55
Fix FreeBSD build
...
This restores some CPP'd code that was added in
c18911602e
and accidentally lost in
2477e4e3b8
.
Co-authored-by: Eelco Dolstra <edolstra@gmail.com>
2024-06-12 15:59:54 -04:00