kloenk/lix
0
0
Fork 0
forked from lix-project/lix
Code Pull requests Activity

Merge pull request #8240 from tweag/macos-sandbox

Browse source 
ci: Always run with sandbox, even on Darwin
This commit is contained in:
Théophane Hufschmitt 2023-05-26 17:06:02 +02:00 committed by GitHub
parent f41dd2c306 2c462486fe
commit 940e9eb8dd
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
6 changed files with 25 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
.github/workflows/ci.yml vendored
View file

@ -20,6 +20,9 @@ jobs:
with: with:
fetch-depth: 0 fetch-depth: 0
- uses: cachix/install-nix-action@v20 - uses: cachix/install-nix-action@v20
with:
# The sandbox would otherwise be disabled by default on Darwin
extra_nix_config: "sandbox = true"
- run: echo CACHIX_NAME="$(echo $GITHUB_REPOSITORY-install-tests | tr "[A-Z]/" "[a-z]-")" >> $GITHUB_ENV - run: echo CACHIX_NAME="$(echo $GITHUB_REPOSITORY-install-tests | tr "[A-Z]/" "[a-z]-")" >> $GITHUB_ENV
- uses: cachix/cachix-action@v12 - uses: cachix/cachix-action@v12
if: needs.check_secrets.outputs.cachix == 'true' if: needs.check_secrets.outputs.cachix == 'true'

2
src/libexpr/eval.cc
View file

@ -2620,7 +2620,7 @@ Strings EvalSettings::getDefaultNixPath()
{ {
Strings res; Strings res;
auto add = [&](const Path & p, const std::string & s = std::string()) { auto add = [&](const Path & p, const std::string & s = std::string()) {
if (pathExists(p)) { if (pathAccessible(p)) {
if (s.empty()) { if (s.empty()) {
res.push_back(p); res.push_back(p);
} else { } else {

2
src/libstore/globals.cc
View file

@ -183,7 +183,7 @@ bool Settings::isWSL1()
Path Settings::getDefaultSSLCertFile() Path Settings::getDefaultSSLCertFile()
{ {
for (auto & fn : {"/etc/ssl/certs/ca-certificates.crt", "/nix/var/nix/profiles/default/etc/ssl/certs/ca-bundle.crt"}) for (auto & fn : {"/etc/ssl/certs/ca-certificates.crt", "/nix/var/nix/profiles/default/etc/ssl/certs/ca-bundle.crt"})
if (pathExists(fn)) return fn; if (pathAccessible(fn)) return fn;
return ""; return "";
} }

2
src/libutil/tests/tests.cc
View file

@ -202,7 +202,7 @@ namespace nix {
} }
TEST(pathExists, bogusPathDoesNotExist) { TEST(pathExists, bogusPathDoesNotExist) {
ASSERT_FALSE(pathExists("/home/schnitzel/darmstadt/pommes")); ASSERT_FALSE(pathExists("/schnitzel/darmstadt/pommes"));
} }
/* ---------------------------------------------------------------------------- /* ----------------------------------------------------------------------------

11
src/libutil/util.cc
View file

@ -266,6 +266,17 @@ bool pathExists(const Path & path)
return false; return false;
} }
bool pathAccessible(const Path & path)
{
try {
return pathExists(path);
} catch (SysError & e) {
// swallow EPERM
if (e.errNo == EPERM) return false;
throw;
}
}
Path readLink(const Path & path) Path readLink(const Path & path)
{ {

8
src/libutil/util.hh
View file

@ -120,6 +120,14 @@ struct stat lstat(const Path & path);
*/ */
bool pathExists(const Path & path); bool pathExists(const Path & path);
/**
* A version of pathExists that returns false on a permission error.
* Useful for inferring default paths across directories that might not
* be readable.
* @return true iff the given path can be accessed and exists
*/
bool pathAccessible(const Path & path);
/** /**
* Read the contents (target) of a symbolic link. The result is not * Read the contents (target) of a symbolic link. The result is not
* in any way canonicalised. * in any way canonicalised.