From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp0 ([2001:41d0:2:4a6f::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms0.migadu.com with LMTPS id KMnXHUOwZGHZKAEAgWs5BA (envelope-from ) for ; Mon, 11 Oct 2021 23:44:35 +0200 Received: from aspmx1.migadu.com ([2001:41d0:2:4a6f::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp0 with LMTPS id MKRxGUOwZGGSdwAA1q6Kng (envelope-from ) for ; Mon, 11 Oct 2021 21:44:35 +0000 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id 0DAC7E42C for ; Mon, 11 Oct 2021 23:44:35 +0200 (CEST) Received: from localhost ([::1]:42104 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1ma362-0002xL-47 for larch@yhetil.org; Mon, 11 Oct 2021 17:44:34 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:47520) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1ma30h-0006b5-Fc for guix-patches@gnu.org; Mon, 11 Oct 2021 17:39:04 -0400 Received: from debbugs.gnu.org ([209.51.188.43]:49611) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1ma30h-0004qq-6I for guix-patches@gnu.org; Mon, 11 Oct 2021 17:39:03 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1ma30h-0001Pi-4B for guix-patches@gnu.org; Mon, 11 Oct 2021 17:39:03 -0400 X-Loop: help-debbugs@gnu.org Subject: [bug#50960] [PATCH v2 05/11] DRAFT shell: Honor in ~/.config/guix/shell-authorized-directories. Resent-From: Ludovic =?UTF-8?Q?Court=C3=A8s?= Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Mon, 11 Oct 2021 21:39:03 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 50960 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: 50960@debbugs.gnu.org Cc: Ludovic =?UTF-8?Q?Court=C3=A8s?= Received: via spool by 50960-submit@debbugs.gnu.org id=B50960.16339883185327 (code B ref 50960); Mon, 11 Oct 2021 21:39:03 +0000 Received: (at 50960) by debbugs.gnu.org; 11 Oct 2021 21:38:38 +0000 Received: from localhost ([127.0.0.1]:32906 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1ma30H-0001Nf-LL for submit@debbugs.gnu.org; Mon, 11 Oct 2021 17:38:38 -0400 Received: from eggs.gnu.org ([209.51.188.92]:45468) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1ma30A-0001M4-1Q for 50960@debbugs.gnu.org; Mon, 11 Oct 2021 17:38:31 -0400 Received: from fencepost.gnu.org ([2001:470:142:3::e]:40572) by eggs.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1ma304-0004X9-QM; Mon, 11 Oct 2021 17:38:24 -0400 Received: from 91-160-117-201.subs.proxad.net ([91.160.117.201]:53321 helo=gnu.org) by fencepost.gnu.org with esmtpsa (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1ma304-0007Y0-9D; Mon, 11 Oct 2021 17:38:24 -0400 From: Ludovic =?UTF-8?Q?Court=C3=A8s?= Date: Mon, 11 Oct 2021 23:38:03 +0200 Message-Id: <20211011213809.17482-6-ludo@gnu.org> X-Mailer: git-send-email 2.33.0 In-Reply-To: <20211011213809.17482-1-ludo@gnu.org> References: <20211002102116.27726-1-ludo@gnu.org> <20211011213809.17482-1-ludo@gnu.org> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: guix-patches@gnu.org List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-patches-bounces+larch=yhetil.org@gnu.org Sender: "Guix-patches" X-Migadu-Flow: FLOW_IN ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org; s=key1; t=1633988675; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding:resent-cc: resent-from:resent-sender:resent-message-id:in-reply-to:in-reply-to: references:references:list-id:list-help:list-unsubscribe: list-subscribe:list-post; bh=HvaGRdv7sxcLXcR+xBVP+4hzvGzIf+YYHipHmJoPvJ0=; b=bDAFUELOriexgHXXtWoul1Kpyl+f5LS6fwF/tfphsp0MEc+IYOYcsg/K5mdQ/daGPbR/i2 oCDXvXuf+zGYemrUAUJrA8dSlxjzctj5o2rqQS40HDbPt2iZgTzjKF2cISJ6T3vOCD1p7i AGy1LlLAmSjbrod51sbN9zoGUbAwK14fwC/JfUoj6pXNOfLmElY2Aw5ZzdyeZoUl5YgLFU s1vTtkyJiPum0hYmPtQ+zpS3sMf+tW8XAYDmuzCuQGq78iBDgQM3btcBHUcCd+VHyX2ACU WKKIZSUujxXdurIF043Zr3Qr+d/e9hJoTPhy1VEAzSi1ze7waDEICKafE4khOA== ARC-Seal: i=1; s=key1; d=yhetil.org; t=1633988675; a=rsa-sha256; cv=none; b=ZpAZsYbCIMo9Gb4OkpKP01tdCFeDgNaEDxtFHj0Q4SASNwdyuUBNMTQSJAEhKPqUS6RXT0 YJEDHZa6WYmrsyF86LqRMcP4NHhSxNQaZBBkU3y/5L9Dl34ZQcgDeoeNByeSFM4mzTV1HW p72gZGNlC0WuwL0rtURRyzR5xej3v6dcNWTNkNT5ZH4iphLciw8ndejPyYQxBIhYu26m47 3QU4Pi25xlc0rss6O3fkelyl1VlPAqiYGWrsnBTcZXT2jLzln28vGBs6i5g6wIvneMW3zU epS8Ma34Nm2ZWGJISOm0bgs5jstm6MBrUJl+FaHn+9hiSw4dJxuC79DsJPoSsg== ARC-Authentication-Results: i=1; aspmx1.migadu.com; dkim=none; dmarc=pass (policy=none) header.from=gnu.org; spf=pass (aspmx1.migadu.com: domain of guix-patches-bounces@gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=guix-patches-bounces@gnu.org X-Migadu-Spam-Score: 1.28 Authentication-Results: aspmx1.migadu.com; dkim=none; dmarc=pass (policy=none) header.from=gnu.org; spf=pass (aspmx1.migadu.com: domain of guix-patches-bounces@gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=guix-patches-bounces@gnu.org X-Migadu-Queue-Id: 0DAC7E42C X-Spam-Score: 1.28 X-Migadu-Scanner: scn1.migadu.com X-TUID: vjSeXcoXTYbs DRAFT: Squeeze with previous commit, or instead implement "guix shell ." convention? * guix/scripts/shell.scm (authorized-directory-file) (authorized-shell-directory?): New procedure. (auto-detect-manifest): Use it. * doc/guix.texi (Invoking guix shell): Document it. --- doc/guix.texi | 14 ++++++++++ guix/scripts/shell.scm | 60 +++++++++++++++++++++++++++++++++++++++--- tests/guix-shell.sh | 16 ++++++++--- 3 files changed, 83 insertions(+), 7 deletions(-) diff --git a/doc/guix.texi b/doc/guix.texi index b0d745b9e3..b95025a39f 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -5620,6 +5620,20 @@ before @command{guix shell} was invoked. The next garbage collection (@pxref{Invoking guix gc}) may clean up packages that were installed in the environment and that are no longer used outside of it. +As an added convenience, when running from a directory that contains a +@file{guix.scm} or a @file{manifest.scm} file, possibly in a parent +directory, @command{guix shell} automatically loads the file---provided +the directory is listed in +@file{~/.config/guix/shell-authorized-directories}, and only for +interactive use: + +@example +guix shell +@end example + +This provides an easy way to define, share, and enter development +environments. + By default, the shell session or command runs in an @emph{augmented} environment, where the new packages are added to search path environment variables such as @code{PATH}. You can, instead, choose to create an diff --git a/guix/scripts/shell.scm b/guix/scripts/shell.scm index 39d843bde7..45fd536145 100644 --- a/guix/scripts/shell.scm +++ b/guix/scripts/shell.scm @@ -18,6 +18,7 @@ (define-module (guix scripts shell) #:use-module (guix ui) + #:use-module ((guix diagnostics) #:select (location)) #:use-module (guix scripts environment) #:autoload (guix scripts build) (show-build-options-help) #:autoload (guix transformations) (show-transformation-options-help) @@ -29,6 +30,8 @@ (define-module (guix scripts shell) #:use-module (srfi srfi-37) #:use-module (srfi srfi-71) #:use-module (ice-9 match) + #:autoload (ice-9 rdelim) (read-line) + #:autoload (guix utils) (config-directory) #:export (guix-shell)) (define (show-help) @@ -151,6 +154,39 @@ (define device (stat:dev (stat start))) (and (not (string=? directory "/")) (loop (dirname directory)))))))) ;lexical ".." resolution +(define (authorized-directory-file) + "Return the name of the file listing directories for which 'guix shell' may +automatically load 'guix.scm' or 'manifest.scm' files." + (string-append (config-directory) "/shell-authorized-directories")) + +(define (authorized-shell-directory? directory) + "Return true if DIRECTORY is among the authorized directories for automatic +loading. The list of authorized directories is read from +'authorized-directory-file'; each line must be either: an absolute file name, +a hash-prefixed comment, or a blank line." + (catch 'system-error + (lambda () + (call-with-input-file (authorized-directory-file) + (lambda (port) + (let loop () + (match (read-line port) + ((? eof-object?) #f) + ((= string-trim line) + (cond ((string-prefix? "#" line) ;comment + (loop)) + ((string-prefix? "/" line) ;absolute file name + (or (string=? line directory) + (loop))) + ((string-null? (string-trim-right line)) ;blank line + (loop)) + (else ;bogus line + (let ((loc (location (port-filename port) + (port-line port) + (port-column port)))) + (warning loc (G_ "ignoring invalid file name: '~a'~%") + line)))))))))) + (const #f))) + (define (auto-detect-manifest opts) "If OPTS do not specify packages or a manifest, load a \"guix.scm\" or \"manifest.scm\" file from the current directory or one of its ancestors. @@ -179,10 +215,26 @@ (define disallow-implicit-load? (warning (G_ "no packages specified; creating an empty environment~%")) opts) (file - (info (G_ "loading environment from '~a'...~%") file) - (match (basename file) - ("guix.scm" (alist-cons 'load `(package ,file) opts)) - ("manifest.scm" (alist-cons 'manifest file opts))))))) + (if (authorized-shell-directory? (dirname file)) + (begin + (info (G_ "loading environment from '~a'...~%") file) + (match (basename file) + ("guix.scm" (alist-cons 'load `(package ,file) opts)) + ("manifest.scm" (alist-cons 'manifest file opts)))) + (begin + (warning (G_ "not loading '~a' because not authorized to do so~%") + file) + (display-hint (format #f (G_ "To allow automatic loading of +@file{~a} when running @command{guix shell}, you must explicitly authorize its +directory, like so: + +@example +echo ~a >> ~a +@end example\n") + file + (dirname file) + (authorized-directory-file))) + opts)))))) (define-command (guix-shell . args) diff --git a/tests/guix-shell.sh b/tests/guix-shell.sh index 0988ca0a75..95725cba2d 100644 --- a/tests/guix-shell.sh +++ b/tests/guix-shell.sh @@ -22,19 +22,29 @@ guix shell --version +configdir="t-guix-shell-config-$$" tmpdir="t-guix-shell-$$" -trap 'rm -r "$tmpdir"' EXIT -mkdir "$tmpdir" +trap 'rm -r "$tmpdir" "$configdir"' EXIT +mkdir "$tmpdir" "$configdir" "$configdir/guix" + +XDG_CONFIG_HOME="$(realpath $configdir)" +export XDG_CONFIG_HOME guix shell --bootstrap --pure guile-bootstrap -- guile --version # '--ad-hoc' is a thing of the past. ! guix shell --ad-hoc guile-bootstrap -# Ignoring 'manifest.scm' and 'guix.scm' in non-interactive use. +# Ignoring unauthorized files. cat > "$tmpdir/guix.scm" < "$configdir/guix/shell-authorized-directories" + +# Ignoring 'manifest.scm' and 'guix.scm' in non-interactive use. (cd "$tmpdir"; guix shell --bootstrap -- true) mv "$tmpdir/guix.scm" "$tmpdir/manifest.scm" (cd "$tmpdir"; guix shell --bootstrap -- true) -- 2.33.0