From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp2 ([2001:41d0:2:4a6f::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms11 with LMTPS id IRP/Bo4WGF+jXgAA0tVLHw (envelope-from ) for ; Wed, 22 Jul 2020 10:35:58 +0000 Received: from aspmx1.migadu.com ([2001:41d0:2:4a6f::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp2 with LMTPS id OCFjAo4WGF8AGQAAB5/wlQ (envelope-from ) for ; Wed, 22 Jul 2020 10:35:58 +0000 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id 05FC9940225 for ; Wed, 22 Jul 2020 10:35:57 +0000 (UTC) Received: from localhost ([::1]:54330 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1jyC6O-0006js-05 for larch@yhetil.org; Wed, 22 Jul 2020 06:35:56 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:47816) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1jyC5W-0005tR-At for bug-guix@gnu.org; Wed, 22 Jul 2020 06:35:02 -0400 Received: from debbugs.gnu.org ([209.51.188.43]:58038) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1jyC5W-0000o1-1T for bug-guix@gnu.org; Wed, 22 Jul 2020 06:35:02 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1jyC5V-0002Qa-Sr for bug-guix@gnu.org; Wed, 22 Jul 2020 06:35:01 -0400 X-Loop: help-debbugs@gnu.org Subject: bug#42173: [PATCH 2/2] services: nix: Fix sandbox. Resent-From: Ludovic =?UTF-8?Q?Court=C3=A8s?= Original-Sender: "Debbugs-submit" Resent-CC: bug-guix@gnu.org Resent-Date: Wed, 22 Jul 2020 10:35:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 42173 X-GNU-PR-Package: guix X-GNU-PR-Keywords: To: Oleg Pykhalov Received: via spool by 42173-submit@debbugs.gnu.org id=B42173.15954140969320 (code B ref 42173); Wed, 22 Jul 2020 10:35:01 +0000 Received: (at 42173) by debbugs.gnu.org; 22 Jul 2020 10:34:56 +0000 Received: from localhost ([127.0.0.1]:41351 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1jyC5Q-0002QG-1W for submit@debbugs.gnu.org; Wed, 22 Jul 2020 06:34:56 -0400 Received: from eggs.gnu.org ([209.51.188.92]:54230) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1jyC5O-0002Q2-Pz for 42173@debbugs.gnu.org; Wed, 22 Jul 2020 06:34:55 -0400 Received: from fencepost.gnu.org ([2001:470:142:3::e]:46338) by eggs.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1jyC5J-0000m9-Hu; Wed, 22 Jul 2020 06:34:49 -0400 Received: from [2a01:e0a:1d:7270:af76:b9b:ca24:c465] (port=59052 helo=ribbon) by fencepost.gnu.org with esmtpsa (TLS1.2:RSA_AES_256_CBC_SHA1:256) (Exim 4.82) (envelope-from ) id 1jyC5H-0006VG-Db; Wed, 22 Jul 2020 06:34:48 -0400 From: Ludovic =?UTF-8?Q?Court=C3=A8s?= References: <878sfclfrf.fsf@gnu.org> <20200722065939.18138-1-go.wigust@gmail.com> <20200722065939.18138-2-go.wigust@gmail.com> X-URL: http://www.fdn.fr/~lcourtes/ X-Revolutionary-Date: 5 Thermidor an 228 de la =?UTF-8?Q?R=C3=A9volution?= X-PGP-Key-ID: 0x090B11993D9AEBB5 X-PGP-Key: http://www.fdn.fr/~lcourtes/ludovic.asc X-PGP-Fingerprint: 3CE4 6455 8A84 FDC6 9DB4 0CFB 090B 1199 3D9A EBB5 X-OS: x86_64-pc-linux-gnu Date: Wed, 22 Jul 2020 12:34:45 +0200 In-Reply-To: <20200722065939.18138-2-go.wigust@gmail.com> (Oleg Pykhalov's message of "Wed, 22 Jul 2020 09:59:39 +0300") Message-ID: <87zh7rj0sa.fsf@gnu.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/26.3 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Spam-Score: -2.3 (--) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-Spam-Score: -3.3 (---) X-BeenThere: bug-guix@gnu.org List-Id: Bug reports for GNU Guix List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: 42173@debbugs.gnu.org Errors-To: bug-guix-bounces+larch=yhetil.org@gnu.org Sender: "bug-Guix" X-Scanner: scn0 Authentication-Results: aspmx1.migadu.com; dkim=none; dmarc=none; spf=pass (aspmx1.migadu.com: domain of bug-guix-bounces@gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=bug-guix-bounces@gnu.org X-Spam-Score: -1.01 X-TUID: 6m7BGumS/L27 Hi! Oleg Pykhalov skribis: > * gnu/tests/package-management.scm: New file. > * gnu/local.mk: Add this. > * gnu/services/nix.scm (): New record. > (nix-activation): Generate Nix config file. > (nix-service-type): Add default value. > (nix-shepherd-service): Allow provide Nix package. > * doc/guix.texi (Miscellaneous Services)[Nix service]: > Document record. Nice! You can add a =E2=80=9CFixes=E2=80=9D line too. > +@item @code{build-sandbox-paths} (default: @code{'()}) > +This is a list of strings or objects appended to the > +@code{build-sandbox-paths} field of the configuration file. I=E2=80=99d use =E2=80=9Cfiles=E2=80=9D or =E2=80=9Citems=E2=80=9D instead = of =E2=80=9Cpaths=E2=80=9D, for consistency. > + (mkdir-p "/etc/nix") > + (with-output-to-file "/etc/nix/nix.conf" > + (lambda _ > + (format #t "sandbox =3D ~a~%" (if #$sandbox "true" "false= ")) > + (format #t "build-sandbox-paths =3D ~{~a ~}~%" > + (append (append-map (cut call-with-input-file <> = read) > + '#$(map references-file > + (list package))) > + '#$build-sandbox-paths)) > + (for-each (cut display <>) '#$extra-config)))))))) Here you=E2=80=99re adding the closure of Nix itself, which is a bit more t= han needed I guess, but maybe it=E2=80=99s OK (perhaps with a comment explaining that =E2=80=98config.nix=E2=80=99 captures store file names.) Actually I thought this would have to be addressed in the =E2=80=98nix=E2= =80=99 package itself because this is where those store file names are captured. But maybe it=E2=80=99s OK to do it in the service. WDYT? > +(define* (run-nix-test name test-os) > + "Run tests in %NIX-OS Guix operating system, which has nix-daemon runn= ing." ^ TEST-OS > +(define %nix-os Pretty fun. :-) > +(define %test-nix > + (system-test > + (name "nix") > + (description "Connect to a running nix-daemon") > + (value (run-nix-test name %nix-os)))) Great that you were able to write a test for that! Thanks, Ludo=E2=80=99.