From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp2 ([2001:41d0:2:4a6f::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms11 with LMTPS id WLJkO+CVGF8yCgAA0tVLHw (envelope-from ) for ; Wed, 22 Jul 2020 19:39:12 +0000 Received: from aspmx1.migadu.com ([2001:41d0:2:4a6f::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp2 with LMTPS id 4LZAN+CVGF+kQwAAB5/wlQ (envelope-from ) for ; Wed, 22 Jul 2020 19:39:12 +0000 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id 6C49A940215 for ; Wed, 22 Jul 2020 19:39:12 +0000 (UTC) Received: from localhost ([::1]:47150 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1jyKa5-0001mY-GU for larch@yhetil.org; Wed, 22 Jul 2020 15:39:09 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:53850) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1jyKZy-0001m4-Lw for bug-guix@gnu.org; Wed, 22 Jul 2020 15:39:02 -0400 Received: from debbugs.gnu.org ([209.51.188.43]:59786) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1jyKZy-0007Qo-CH for bug-guix@gnu.org; Wed, 22 Jul 2020 15:39:02 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1jyKZy-0003ad-Aa for bug-guix@gnu.org; Wed, 22 Jul 2020 15:39:02 -0400 Subject: bug#42173: [PATCH 2/2] services: nix: Fix sandbox. Resent-From: Oleg Pykhalov Original-Sender: "Debbugs-submit" Resent-To: bug-guix@gnu.org Resent-Date: Wed, 22 Jul 2020 19:39:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: cc-closed 42173 X-GNU-PR-Package: guix X-GNU-PR-Keywords: To: 42173-done@debbugs.gnu.org Mail-Followup-To: 42173@debbugs.gnu.org, go.wigust@gmail.com, brown121407@posteo.ro Received: via spool by 42173-done@debbugs.gnu.org id=D42173.159544670813754 (code D ref 42173); Wed, 22 Jul 2020 19:39:02 +0000 Received: (at 42173-done) by debbugs.gnu.org; 22 Jul 2020 19:38:28 +0000 Received: from localhost ([127.0.0.1]:43097 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1jyKZQ-0003Zl-1U for submit@debbugs.gnu.org; Wed, 22 Jul 2020 15:38:28 -0400 Received: from mail-lj1-f195.google.com ([209.85.208.195]:36114) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1jyKZO-0003ZY-6F for 42173-done@debbugs.gnu.org; Wed, 22 Jul 2020 15:38:26 -0400 Received: by mail-lj1-f195.google.com with SMTP id d17so3768693ljl.3 for <42173-done@debbugs.gnu.org>; Wed, 22 Jul 2020 12:38:26 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:subject:references:date:in-reply-to:message-id:user-agent :mime-version; bh=X3C6/KmRf5ieO0+KE6GzfAwor7YmxysYFokikq8W2zw=; b=FyUq9xccoWnbJY1YiTEL2JjtKpCcdUgQyVOHAAADhzICAubzz/BYcWqWH0AoMAN0Cc Ay2Wc3hhqdeEaRWU/bId9iMRXFgaiMPQ1kPYqA3jP7gBjrdE/122ozLBPCoLDYbUuhAD bA3TowimKQlj0ycUI+k8piksMan2C/YfbfojBiljyl1Csb/HH4daOsxRlNdLkbz1rK2I McXxYQT8dLdg1Nq6TquupJK8W8WKkbDSbsoyBdHDWxyogbZSo79Zh+B/59TR6YDZJLQ6 gxz3aKkTbk31zGyOH8hMkjCnRlSbu3EeAYt4zuReLjjID1u5EyWQtzYbgGAO1mGue9+C 7Rog== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:subject:references:date:in-reply-to :message-id:user-agent:mime-version; bh=X3C6/KmRf5ieO0+KE6GzfAwor7YmxysYFokikq8W2zw=; b=YLKZw3Yc6Wm/M4m7gdCW9mS67yZLaH7i6sW/dnBzh5ojuHmjfGyynUY5mqKl37xtJ5 6JrgPoQTJ9Lq5ljrm8ktZPTkDEBFt/G7VxR0/vpD02g/1ne1PdFk+nL0QbDWNqPagtkp EoR3Ggf8JoxDw2DVPogUoOyNL+Gyjh10BlaZp7jUvs/tpLt/zi2AIL3+Zr9OFR4Vj03c lPSdAeQlbogQqL3HxFPyCQPe/BEbBhviDr8f+dPNHhpczfYb2u8V4w8sT5vRCBCHGFhy P+CXRWYHOUZlWlvYrh3db2Te2VthkskOEiBNeDKA7/5yhDXI1IRKQHqMWgboA+SJNuuD nF+w== X-Gm-Message-State: AOAM531OcnI+fyq5QwcmDaxeBrRm6gvPW3pMDNbLLvrIw9xqDtkgTRMF gYKvYCSOTPKdqHEddTPXAjcAt91G X-Google-Smtp-Source: ABdhPJxotPLGIn4th0CPdcQS8ZEvV4s26iqbPbK7NE6KE2FZ1Y7z36BAitVnaN1F6l99dluDkLrTjw== X-Received: by 2002:a2e:9c82:: with SMTP id x2mr317410lji.292.1595446699470; Wed, 22 Jul 2020 12:38:19 -0700 (PDT) Received: from guixsd (ppp91-122-98-213.pppoe.avangarddsl.ru. [91.122.98.213]) by smtp.gmail.com with ESMTPSA id l19sm692889ljb.15.2020.07.22.12.38.18 for <42173-done@debbugs.gnu.org> (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 22 Jul 2020 12:38:18 -0700 (PDT) From: Oleg Pykhalov References: <878sfclfrf.fsf@gnu.org> <20200722065939.18138-1-go.wigust@gmail.com> <20200722065939.18138-2-go.wigust@gmail.com> <87zh7rj0sa.fsf@gnu.org> Date: Wed, 22 Jul 2020 22:38:14 +0300 In-Reply-To: <87zh7rj0sa.fsf@gnu.org> ("Ludovic \=\?utf-8\?Q\?Court\=C3\=A8s\=22'\?\= \=\?utf-8\?Q\?s\?\= message of "Wed, 22 Jul 2020 12:34:45 +0200") Message-ID: <87ft9j732x.fsf@gmail.com> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/26.3 (gnu/linux) MIME-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha512; protocol="application/pgp-signature" X-Spam-Score: 0.0 (/) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-Spam-Score: -1.0 (-) X-BeenThere: bug-guix@gnu.org List-Id: Bug reports for GNU Guix List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: bug-guix-bounces+larch=yhetil.org@gnu.org Sender: "bug-Guix" X-Scanner: scn0 Authentication-Results: aspmx1.migadu.com; dkim=fail (rsa verify failed) header.d=gmail.com header.s=20161025 header.b=FyUq9xcc; dmarc=fail reason="SPF not aligned (relaxed)" header.from=gmail.com (policy=none); spf=pass (aspmx1.migadu.com: domain of bug-guix-bounces@gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=bug-guix-bounces@gnu.org X-Spam-Score: -2.01 X-TUID: yRezJ47hpXOV --=-=-= Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Hi, Ludovic Court=C3=A8s writes: [=E2=80=A6] >> + (with-output-to-file "/etc/nix/nix.conf" >> + (lambda _ >> + (format #t "sandbox =3D ~a~%" (if #$sandbox "true" "fals= e")) >> + (format #t "build-sandbox-paths =3D ~{~a ~}~%" >> + (append (append-map (cut call-with-input-file <>= read) >> + '#$(map references-file >> + (list package))) >> + '#$build-sandbox-paths)) >> + (for-each (cut display <>) '#$extra-config)))))))) > > Actually I thought this would have to be addressed in the =E2=80=98nix=E2= =80=99 package > itself because this is where those store file names are captured. But > maybe it=E2=80=99s OK to do it in the service. WDYT? I think it's good enough for now to fix the issue. We could delete prepending =E2=80=98build-sandbox-paths=E2=80=99 with =E2=80=98nix=E2=80=99= closure in future. >> +(define %nix-os > > Pretty fun. :-) Yea, :-). Pushed to master as 4656180d5de1fef2846bea9af27ae509f32376ba Oleg. --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEcjhxI46s62NFSFhXFn+OpQAa+pwFAl8YlaYACgkQFn+OpQAa +pxhVw//d+loKm+gxOWel+43appqPIPd5m0zllbzUa6X/+c3mNNcidGF4wDbhO01 uOW9wr8vxq7vKQYz+2UbM7R7rfYArm79seQfCCjmukX1nUVO8Nhrj6NCnhLDQjc9 Tj3uI7Gu/Ui4pgKwOWXNXNmF36rX3UqBCdNoteHHGbbDZ5/OhQTZSq+pFmVwNdEz 13OrWCi9/UtvNxGU+GT68hiubk9BZDc0vxAd2yZeLWtqcm67tj7EiEwwXgVJnHlu ynLGPGplkWfyIvyz32fUw1M0P1uh/iTgxh8s7/QxyzIZNVDMQ8PnDKwzBt7cv1pc 3GXai1KogOM6Vy1dHKRIECr/PhRq9HSeFReOYEa5NiNbOVoUA8wOxDijvteXbAsk QFSZ7auhuWj2dTV5cqqHfJYoWJlRLvEI+1l/USdUvu9VJZhBEm73TmKLwgk6hcE0 ad71b78Yey0HcB4RRt9Y31XDBspr1ylDYnq6Tj/NK6MQGJf/B+s3jIW2LqeBMAYX hCQFP6FTKi9tgCX2gO2kFA1gNAhe5ggNy0YzWjZl81cyyuHl94ip9IMiXHeLJQ+4 fKAii89xaSbG4Gv2Kxtn07sqNBZBAZ0Suqh8J7a8T5P/6Qc+X6Mfw3BL4hcQ6TRo FWIDIruqfzOxoPIIWRYI0dSDzR/iAWSf9+DBB+CbXXT9CA+PUP0= =5O7I -----END PGP SIGNATURE----- --=-=-=--