[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

bug#42173: [PATCH 2/2] services: nix: Fix sandbox.

From: Ludovic Courtès
Subject: bug#42173: [PATCH 2/2] services: nix: Fix sandbox.
Date: Wed, 22 Jul 2020 12:34:45 +0200
User-agent: Gnus/5.13 (Gnus v5.13) Emacs/26.3 (gnu/linux)


Oleg Pykhalov <go.wigust@gmail.com> skribis:

> * gnu/tests/package-management.scm: New file.
> * gnu/local.mk: Add this.
> * gnu/services/nix.scm (<nix-configuration>): New record.
> (nix-activation): Generate Nix config file.
> (nix-service-type): Add default value.
> (nix-shepherd-service): Allow provide Nix package.
> * doc/guix.texi (Miscellaneous Services)[Nix service]<nix-configuration>:
> Document record.

Nice!  You can add a “Fixes” line too.

> +@item @code{build-sandbox-paths} (default: @code{'()})
> +This is a list of strings or objects appended to the
> +@code{build-sandbox-paths} field of the configuration file.

I’d use “files” or “items” instead of “paths”, for consistency.

> +           (mkdir-p "/etc/nix")
> +           (with-output-to-file "/etc/nix/nix.conf"
> +             (lambda _
> +               (format #t "sandbox = ~a~%" (if #$sandbox "true" "false"))
> +               (format #t "build-sandbox-paths = ~{~a ~}~%"
> +                       (append (append-map (cut call-with-input-file <> read)
> +                                           '#$(map references-file
> +                                                   (list package)))
> +                               '#$build-sandbox-paths))
> +               (for-each (cut display <>) '#$extra-config))))))))

Here you’re adding the closure of Nix itself, which is a bit more than
needed I guess, but maybe it’s OK (perhaps with a comment explaining
that ‘config.nix’ captures store file names.)

Actually I thought this would have to be addressed in the ‘nix’ package
itself because this is where those store file names are captured.  But
maybe it’s OK to do it in the service.  WDYT?

> +(define* (run-nix-test name test-os)
> +  "Run tests in %NIX-OS Guix operating system, which has nix-daemon running."

> +(define %nix-os

Pretty fun.  :-)

> +(define %test-nix
> +  (system-test
> +   (name "nix")
> +   (description "Connect to a running nix-daemon")
> +   (value (run-nix-test name %nix-os))))

Great that you were able to write a test for that!


reply via email to

[Prev in Thread] Current Thread [Next in Thread]