[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
09/10: build-derivations: Leaked environment variables more robust.
From: |
guix-commits |
Subject: |
09/10: build-derivations: Leaked environment variables more robust. |
Date: |
Sun, 17 Feb 2019 17:37:08 -0500 (EST) |
reepca pushed a commit to branch guile-daemon
in repository guix.
commit 3662d76ec4c1cebf6b8f804d56ccf550ce9053b0
Author: Caleb Ristvedt <address@hidden>
Date: Wed Aug 16 10:42:29 2017 -0500
build-derivations: Leaked environment variables more robust.
* guix/store/build-derivations.scm:
(build-environment-vars): don't include unset leaked environment variables
in the return value.
(maybe-use-builtin): set builder environment variables here too.
---
guix/store/build-derivations.scm | 22 ++++++++++++++++------
1 file changed, 16 insertions(+), 6 deletions(-)
diff --git a/guix/store/build-derivations.scm b/guix/store/build-derivations.scm
index 87c098a..d531459 100644
--- a/guix/store/build-derivations.scm
+++ b/guix/store/build-derivations.scm
@@ -176,9 +176,11 @@ environment variable that should be set during the build
execution."
'(("NIX_OUTPUT_CHECKED" . "1"))
'())
(if leaked-vars
- (map (lambda (leaked-var)
- (cons leaked-var (getenv leaked-var)))
- leaked-vars)
+ ;; leaked vars might not be defined.
+ (filter cdr
+ (map (lambda (leaked-var)
+ (cons leaked-var (getenv leaked-var)))
+ leaked-vars))
'())
(derivation-builder-environment-vars drv))))
@@ -381,7 +383,7 @@ environment variables and bind-mounting the listed files.
Importantly, this
assumes that it is in a separate namespace at this point."
;; warning: the order in which a lot of this happens is significant and
;; partially based on guesswork / copying what the c++ does.
- ;(setsid)
+ (setsid)
(add-core-files build-environment)
;; local communication within the build environment should still be
;; possible.
@@ -523,7 +525,15 @@ builtin builder for DRV or it failed."
(let ((builder (hash-ref builtins
(derivation-builder drv))))
(if builder
- (builder drv)
+ (begin
+ ;; strip-store-file-name from (guix build utils), used by
+ ;; perform-download indirectly, doesn't honor %store-directory. So
+ ;; we have to set it here. ¯\_(ツ)_/¯
+ (environ (map (match-lambda
+ ((key . val)
+ (string-append key "=" val)))
+ (build-environment-vars drv "/tmp")))
+ (builder drv))
#f)))
@@ -792,7 +802,6 @@ such order exists."
(values result visited))))))
(define (do-derivation-build drv)
- (format #t "Starting build of derivation ~a~%~%" drv)
;; inputs should all exist as of now
(let-values (((build-env store-inputs)
(prepare-build-environment drv
@@ -820,6 +829,7 @@ even if its outputs already exist."
;; Inputs need to exist regardless of how we're getting the outputs of this
;; derivation.
(ensure-input-outputs-exist (derivation-inputs drv))
+ (format #t "Starting build of derivation ~a~%~%" drv)
(let ((output-specs
(or (attempt-substitute drv)
(maybe-use-builtin drv)
- branch guile-daemon created (now 7b291ff), guix-commits, 2019/02/17
- 02/10: guix: store: Make register-items transactional., guix-commits, 2019/02/17
- 01/10: gnu: address@hidden: Honor NIX_STORE., guix-commits, 2019/02/17
- 09/10: build-derivations: Leaked environment variables more robust.,
guix-commits <=
- 05/10: linux-container: new use-output argument., guix-commits, 2019/02/17
- 03/10: guix: store: Register derivation outputs., guix-commits, 2019/02/17
- 07/10: build-derivations: initial build-group support, guix-commits, 2019/02/17
- 10/10: gnu: linux-container: Make it more suitable for derivation-building., guix-commits, 2019/02/17
- 06/10: build-derivations: use call-with-container, guix-commits, 2019/02/17
- 08/10: linux-container: don't include /dev/ptmx or /dev/pts from host., guix-commits, 2019/02/17
- 04/10: guix/store/build-derivations.scm: new module., guix-commits, 2019/02/17