Merge pull request #8240 from tweag/macos-sandbox
ci: Always run with sandbox, even on Darwin
This commit is contained in:
commit
940e9eb8dd
6 changed files with 25 additions and 3 deletions
3
.github/workflows/ci.yml
vendored
3
.github/workflows/ci.yml
vendored
|
@ -20,6 +20,9 @@ jobs:
|
||||||
with:
|
with:
|
||||||
fetch-depth: 0
|
fetch-depth: 0
|
||||||
- uses: cachix/install-nix-action@v20
|
- uses: cachix/install-nix-action@v20
|
||||||
|
with:
|
||||||
|
# The sandbox would otherwise be disabled by default on Darwin
|
||||||
|
extra_nix_config: "sandbox = true"
|
||||||
- run: echo CACHIX_NAME="$(echo $GITHUB_REPOSITORY-install-tests | tr "[A-Z]/" "[a-z]-")" >> $GITHUB_ENV
|
- run: echo CACHIX_NAME="$(echo $GITHUB_REPOSITORY-install-tests | tr "[A-Z]/" "[a-z]-")" >> $GITHUB_ENV
|
||||||
- uses: cachix/cachix-action@v12
|
- uses: cachix/cachix-action@v12
|
||||||
if: needs.check_secrets.outputs.cachix == 'true'
|
if: needs.check_secrets.outputs.cachix == 'true'
|
||||||
|
|
|
@ -2620,7 +2620,7 @@ Strings EvalSettings::getDefaultNixPath()
|
||||||
{
|
{
|
||||||
Strings res;
|
Strings res;
|
||||||
auto add = [&](const Path & p, const std::string & s = std::string()) {
|
auto add = [&](const Path & p, const std::string & s = std::string()) {
|
||||||
if (pathExists(p)) {
|
if (pathAccessible(p)) {
|
||||||
if (s.empty()) {
|
if (s.empty()) {
|
||||||
res.push_back(p);
|
res.push_back(p);
|
||||||
} else {
|
} else {
|
||||||
|
|
|
@ -183,7 +183,7 @@ bool Settings::isWSL1()
|
||||||
Path Settings::getDefaultSSLCertFile()
|
Path Settings::getDefaultSSLCertFile()
|
||||||
{
|
{
|
||||||
for (auto & fn : {"/etc/ssl/certs/ca-certificates.crt", "/nix/var/nix/profiles/default/etc/ssl/certs/ca-bundle.crt"})
|
for (auto & fn : {"/etc/ssl/certs/ca-certificates.crt", "/nix/var/nix/profiles/default/etc/ssl/certs/ca-bundle.crt"})
|
||||||
if (pathExists(fn)) return fn;
|
if (pathAccessible(fn)) return fn;
|
||||||
return "";
|
return "";
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -202,7 +202,7 @@ namespace nix {
|
||||||
}
|
}
|
||||||
|
|
||||||
TEST(pathExists, bogusPathDoesNotExist) {
|
TEST(pathExists, bogusPathDoesNotExist) {
|
||||||
ASSERT_FALSE(pathExists("/home/schnitzel/darmstadt/pommes"));
|
ASSERT_FALSE(pathExists("/schnitzel/darmstadt/pommes"));
|
||||||
}
|
}
|
||||||
|
|
||||||
/* ----------------------------------------------------------------------------
|
/* ----------------------------------------------------------------------------
|
||||||
|
|
|
@ -266,6 +266,17 @@ bool pathExists(const Path & path)
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
bool pathAccessible(const Path & path)
|
||||||
|
{
|
||||||
|
try {
|
||||||
|
return pathExists(path);
|
||||||
|
} catch (SysError & e) {
|
||||||
|
// swallow EPERM
|
||||||
|
if (e.errNo == EPERM) return false;
|
||||||
|
throw;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
Path readLink(const Path & path)
|
Path readLink(const Path & path)
|
||||||
{
|
{
|
||||||
|
|
|
@ -120,6 +120,14 @@ struct stat lstat(const Path & path);
|
||||||
*/
|
*/
|
||||||
bool pathExists(const Path & path);
|
bool pathExists(const Path & path);
|
||||||
|
|
||||||
|
/**
|
||||||
|
* A version of pathExists that returns false on a permission error.
|
||||||
|
* Useful for inferring default paths across directories that might not
|
||||||
|
* be readable.
|
||||||
|
* @return true iff the given path can be accessed and exists
|
||||||
|
*/
|
||||||
|
bool pathAccessible(const Path & path);
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Read the contents (target) of a symbolic link. The result is not
|
* Read the contents (target) of a symbolic link. The result is not
|
||||||
* in any way canonicalised.
|
* in any way canonicalised.
|
||||||
|
|
Loading…
Reference in a new issue