Merge pull request #3144 from matthewbauer/fix-sandbox-fallback

Fix sandbox fallback settings
2019-11-26 20:51:52 +01:00 · 2019-11-26 20:51:52 +01:00 · 7c8d7c17f8
parent 0be8d7784f 96c84937c4
commit 7c8d7c17f8
1 changed files with 41 additions and 33 deletions
--- a/src/libstore/build.cc
+++ b/src/libstore/build.cc
@ -939,6 +939,9 @@ private:
    /* Fill in the environment for the builder. */
    void initEnv();

+    /* Setup tmp dir location. */
+    void initTmpDir();
+
    /* Write a JSON file containing the derivation attributes. */
    void writeStructuredAttrs();

@ -1956,13 +1959,6 @@ void DerivationGoal::startBuilder()
    auto drvName = storePathToName(drvPath);
    tmpDir = createTempDir("", "nix-build-" + drvName, false, false, 0700);

-    /* In a sandbox, for determinism, always use the same temporary
-       directory. */
-#if __linux__
-    tmpDirInSandbox = useChroot ? settings.sandboxBuildDir : tmpDir;
-#else
-    tmpDirInSandbox = tmpDir;
-#endif
    chownToBuilder(tmpDir);

    /* Substitute output placeholders with the actual output paths. */
@ -2366,7 +2362,7 @@ void DerivationGoal::startBuilder()
        int res = helper.wait();
        if (res != 0 && settings.sandboxFallback) {
            useChroot = false;
-            tmpDirInSandbox = tmpDir;
+            initTmpDir();
            goto fallback;
        } else if (res != 0)
            throw Error("unable to start build process");
@ -2422,31 +2418,14 @@ void DerivationGoal::startBuilder()
 }


-void DerivationGoal::initEnv()
-{
-    env.clear();
-
-    /* Most shells initialise PATH to some default (/bin:/usr/bin:...) when
-       PATH is not set.  We don't want this, so we fill it in with some dummy
-       value. */
-    env["PATH"] = "/path-not-set";
-
-    /* Set HOME to a non-existing path to prevent certain programs from using
-       /etc/passwd (or NIS, or whatever) to locate the home directory (for
-       example, wget looks for ~/.wgetrc).  I.e., these tools use /etc/passwd
-       if HOME is not set, but they will just assume that the settings file
-       they are looking for does not exist if HOME is set but points to some
-       non-existing path. */
-    env["HOME"] = homeDir;
-
-    /* Tell the builder where the Nix store is.  Usually they
-       shouldn't care, but this is useful for purity checking (e.g.,
-       the compiler or linker might only want to accept paths to files
-       in the store or in the build directory). */
-    env["NIX_STORE"] = worker.store.storeDir;
-
-    /* The maximum number of cores to utilize for parallel building. */
-    env["NIX_BUILD_CORES"] = (format("%d") % settings.buildCores).str();
+void DerivationGoal::initTmpDir() {
+    /* In a sandbox, for determinism, always use the same temporary
+       directory. */
+#if __linux__
+    tmpDirInSandbox = useChroot ? settings.sandboxBuildDir : tmpDir;
+#else
+    tmpDirInSandbox = tmpDir;
+#endif

    /* In non-structured mode, add all bindings specified in the
       derivation via the environment, except those listed in the
@ -2485,6 +2464,35 @@ void DerivationGoal::initEnv()
       inode of the current directory doesn't appear in .. (because
       getdents returns the inode of the mount point). */
    env["PWD"] = tmpDirInSandbox;
+}
+
+void DerivationGoal::initEnv()
+{
+    env.clear();
+
+    /* Most shells initialise PATH to some default (/bin:/usr/bin:...) when
+       PATH is not set.  We don't want this, so we fill it in with some dummy
+       value. */
+    env["PATH"] = "/path-not-set";
+
+    /* Set HOME to a non-existing path to prevent certain programs from using
+       /etc/passwd (or NIS, or whatever) to locate the home directory (for
+       example, wget looks for ~/.wgetrc).  I.e., these tools use /etc/passwd
+       if HOME is not set, but they will just assume that the settings file
+       they are looking for does not exist if HOME is set but points to some
+       non-existing path. */
+    env["HOME"] = homeDir;
+
+    /* Tell the builder where the Nix store is.  Usually they
+       shouldn't care, but this is useful for purity checking (e.g.,
+       the compiler or linker might only want to accept paths to files
+       in the store or in the build directory). */
+    env["NIX_STORE"] = worker.store.storeDir;
+
+    /* The maximum number of cores to utilize for parallel building. */
+    env["NIX_BUILD_CORES"] = (format("%d") % settings.buildCores).str();
+
+    initTmpDir();

    /* Compatibility hack with Nix <= 0.7: if this is a fixed-output
       derivation, tell the builder, so that for instance `fetchurl'