FS#73727 - community/nix: Fix sandboxed builds
Attached to Project:
Community Packages
Opened by Zhaofeng Li (zhaofeng) - Thursday, 10 February 2022, 21:37 GMT
Last edited by Caleb Maclennan (alerque) - Friday, 11 February 2022, 22:35 GMT
Opened by Zhaofeng Li (zhaofeng) - Thursday, 10 February 2022, 21:37 GMT
Last edited by Caleb Maclennan (alerque) - Friday, 11 February 2022, 22:35 GMT
|
Details
Description:
When sandboxing is enabled (default), Nix runs each build in an isolated mount namespace and requires a statically-linked POSIX-compatible sh to run the build script inside the sandbox. Currently, this is not specified so sandboxed build is broken (fail.log). The attached patch uses the busybox sh as the sandbox shell. Additional info: $ pacman -Qi nix | grep Version Version : 2.6.0-1 $ nix --version nix (Nix) 2.6.0 Steps to reproduce: 1. Install nix with default configurations (sandbox enabled) 2. `git clone --depth=1 https://github.com/NixOS/nixpkgs && cd nixpkgs` 3. `nix-build -A hello --check` should fail 4. Install the patched version of nix (0001-nix-fix-sandboxed-build.patch) 5. `systemctl restart nix-daemon` 6. `nix-build -A hello --check` should succeed Attachments: 1. 0001-nix-fix-sandboxed-build.patch - Patch to fix the problem 2. fail.log - Logs for `nix-build -A hello --check` in current package 3. success.log - Logs for `nix-build -A hello --check` with patch |
0001-nix-fix-sandboxed-build....
This task depends upon
Closed by Caleb Maclennan (alerque)
Friday, 11 February 2022, 22:35 GMT
Reason for closing: Fixed
Additional comments about closing: nix-2.6.0-2
Friday, 11 February 2022, 22:35 GMT
Reason for closing: Fixed
Additional comments about closing: nix-2.6.0-2
> AC_ARG_WITH(sandbox-shell, AS_HELP_STRING([--with-sandbox-shell=PATH],[path of a statically-linked shell to use as /bin/sh in sandboxes]),