[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

16/17: build-derivations: Leaked environment variables more robust.

From: Caleb Ristvedt
Subject: 16/17: build-derivations: Leaked environment variables more robust.
Date: Tue, 29 Aug 2017 02:07:49 -0400 (EDT)

reepca pushed a commit to branch guile-daemon
in repository guix.

commit e338c9bf5d0d8965a36e7eaa46e29e1a61d49efb
Author: Caleb Ristvedt <address@hidden>
Date:   Wed Aug 16 10:42:29 2017 -0500

    build-derivations: Leaked environment variables more robust.
    * guix/store/build-derivations.scm:
      (build-environment-vars): don't include unset leaked environment variables
      in the return value.
      (maybe-use-builtin): set builder environment variables here too.
 guix/store/build-derivations.scm | 22 ++++++++++++++++------
 1 file changed, 16 insertions(+), 6 deletions(-)

diff --git a/guix/store/build-derivations.scm b/guix/store/build-derivations.scm
index 4d7f9d0..264e028 100644
--- a/guix/store/build-derivations.scm
+++ b/guix/store/build-derivations.scm
@@ -177,9 +177,11 @@ environment variable that should be set during the build 
                 '(("NIX_OUTPUT_CHECKED" . "1"))
             (if leaked-vars
-                (map (lambda (leaked-var)
-                       (cons leaked-var (getenv leaked-var)))
-                     leaked-vars)
+                ;; leaked vars might not be defined.
+                (filter cdr
+                        (map (lambda (leaked-var)
+                               (cons leaked-var (getenv leaked-var)))
+                             leaked-vars))
             (derivation-builder-environment-vars drv))))
@@ -382,7 +384,7 @@ environment variables and bind-mounting the listed files. 
Importantly, this
 assumes that it is in a separate namespace at this point."
   ;; warning: the order in which a lot of this happens is significant and
   ;; partially based on guesswork / copying what the c++ does.
-  ;(setsid)
+  (setsid)
   (add-core-files build-environment)
   ;; local communication within the build environment should still be
   ;; possible.
@@ -524,7 +526,15 @@ builtin builder for DRV or it failed."
   (let ((builder (hash-ref builtins
                            (derivation-builder drv))))
     (if builder
-        (builder drv)
+        (begin
+          ;; strip-store-file-name from (guix build utils), used by
+          ;; perform-download indirectly, doesn't honor %store-directory. So
+          ;; we have to set it here. ¯\_(ツ)_/¯
+          (environ (map (match-lambda
+                          ((key . val)
+                           (string-append key "=" val)))
+                        (build-environment-vars drv "/tmp")))
+          (builder drv))
@@ -748,7 +758,6 @@ nar, and the length of the nar."
 ;; of those as long as we know which references to be looking for.
 (define (do-derivation-build drv)
-  (format #t "Starting build of derivation ~a~%~%" drv)
   ;; inputs should all exist as of now
   (let-values (((build-env store-inputs)
                 (prepare-build-environment drv
@@ -776,6 +785,7 @@ even if its outputs already exist."
   ;; Inputs need to exist regardless of how we're getting the outputs of this
   ;; derivation.
   (ensure-input-outputs-exist (derivation-inputs drv))
+  (format #t "Starting build of derivation ~a~%~%" drv)
   (let ((output-specs
          (or (attempt-substitute drv)
              (maybe-use-builtin drv)

reply via email to

[Prev in Thread] Current Thread [Next in Thread]