guix-commits
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

09/10: build-derivations: Leaked environment variables more robust.


From: guix-commits
Subject: 09/10: build-derivations: Leaked environment variables more robust.
Date: Sun, 17 Feb 2019 17:37:08 -0500 (EST)

reepca pushed a commit to branch guile-daemon
in repository guix.

commit 3662d76ec4c1cebf6b8f804d56ccf550ce9053b0
Author: Caleb Ristvedt <address@hidden>
Date:   Wed Aug 16 10:42:29 2017 -0500

    build-derivations: Leaked environment variables more robust.
    
    * guix/store/build-derivations.scm:
      (build-environment-vars): don't include unset leaked environment variables
      in the return value.
      (maybe-use-builtin): set builder environment variables here too.
---
 guix/store/build-derivations.scm | 22 ++++++++++++++++------
 1 file changed, 16 insertions(+), 6 deletions(-)

diff --git a/guix/store/build-derivations.scm b/guix/store/build-derivations.scm
index 87c098a..d531459 100644
--- a/guix/store/build-derivations.scm
+++ b/guix/store/build-derivations.scm
@@ -176,9 +176,11 @@ environment variable that should be set during the build 
execution."
                 '(("NIX_OUTPUT_CHECKED" . "1"))
                 '())
             (if leaked-vars
-                (map (lambda (leaked-var)
-                       (cons leaked-var (getenv leaked-var)))
-                     leaked-vars)
+                ;; leaked vars might not be defined.
+                (filter cdr
+                        (map (lambda (leaked-var)
+                               (cons leaked-var (getenv leaked-var)))
+                             leaked-vars))
                 '())
             (derivation-builder-environment-vars drv))))
 
@@ -381,7 +383,7 @@ environment variables and bind-mounting the listed files. 
Importantly, this
 assumes that it is in a separate namespace at this point."
   ;; warning: the order in which a lot of this happens is significant and
   ;; partially based on guesswork / copying what the c++ does.
-  ;(setsid)
+  (setsid)
   (add-core-files build-environment)
   ;; local communication within the build environment should still be
   ;; possible.
@@ -523,7 +525,15 @@ builtin builder for DRV or it failed."
   (let ((builder (hash-ref builtins
                            (derivation-builder drv))))
     (if builder
-        (builder drv)
+        (begin
+          ;; strip-store-file-name from (guix build utils), used by
+          ;; perform-download indirectly, doesn't honor %store-directory. So
+          ;; we have to set it here. ¯\_(ツ)_/¯
+          (environ (map (match-lambda
+                          ((key . val)
+                           (string-append key "=" val)))
+                        (build-environment-vars drv "/tmp")))
+          (builder drv))
         #f)))
 
 
@@ -792,7 +802,6 @@ such order exists."
         (values result visited))))))
 
 (define (do-derivation-build drv)
-  (format #t "Starting build of derivation ~a~%~%" drv)
   ;; inputs should all exist as of now
   (let-values (((build-env store-inputs)
                 (prepare-build-environment drv
@@ -820,6 +829,7 @@ even if its outputs already exist."
   ;; Inputs need to exist regardless of how we're getting the outputs of this
   ;; derivation.
   (ensure-input-outputs-exist (derivation-inputs drv))
+  (format #t "Starting build of derivation ~a~%~%" drv)
   (let ((output-specs
          (or (attempt-substitute drv)
              (maybe-use-builtin drv)



reply via email to

[Prev in Thread] Current Thread [Next in Thread]