checkSandboxed: fix so that cross-built scripts can be checked again
how did this work earlier? does lappy have binfmt enabled??
This commit is contained in:
@@ -1,5 +1,8 @@
|
|||||||
{ lib
|
{ lib
|
||||||
|
, stdenv
|
||||||
, buildPackages
|
, buildPackages
|
||||||
|
, file
|
||||||
|
, gnugrep
|
||||||
, runCommandLocal
|
, runCommandLocal
|
||||||
, runtimeShell
|
, runtimeShell
|
||||||
, sanebox
|
, sanebox
|
||||||
@@ -230,7 +233,7 @@ let
|
|||||||
};
|
};
|
||||||
passthru = (prevAttrs.passthru or {}) // extraPassthru // {
|
passthru = (prevAttrs.passthru or {}) // extraPassthru // {
|
||||||
checkSandboxed = runCommandLocal "${pkgName}-check-sandboxed" {
|
checkSandboxed = runCommandLocal "${pkgName}-check-sandboxed" {
|
||||||
nativeBuildInputs = [ sanebox ];
|
nativeBuildInputs = [ file gnugrep sanebox ];
|
||||||
buildInputs = builtins.map (out: finalAttrs.finalPackage."${out}") (finalAttrs.outputs or [ "out" ]);
|
buildInputs = builtins.map (out: finalAttrs.finalPackage."${out}") (finalAttrs.outputs or [ "out" ]);
|
||||||
} ''
|
} ''
|
||||||
set -e
|
set -e
|
||||||
@@ -243,7 +246,12 @@ let
|
|||||||
echo "checking if $dir/$binname is sandboxed"
|
echo "checking if $dir/$binname is sandboxed"
|
||||||
# XXX: call by full path because some binaries (e.g. util-linux) would otherwise
|
# XXX: call by full path because some binaries (e.g. util-linux) would otherwise
|
||||||
# be shadowed by things the nix builder implicitly puts on PATH.
|
# be shadowed by things the nix builder implicitly puts on PATH.
|
||||||
"$dir/$binname" --sanebox-replace-cli echo "printing for test" \
|
# additionally, call via qemu and manually specify the interpreter *if the file has one*.
|
||||||
|
# if the file doesn't have an interpreter, assume it's directly invokable by qemu (hence, the intentional lack of quotes around `interpreter`)
|
||||||
|
set -x
|
||||||
|
local realbin="$(realpath $dir/$binname)"
|
||||||
|
local interpreter=$(file "$realbin" | grep --only-matching "a /nix/.* script" | cut -d" " -f2 || echo "")
|
||||||
|
${stdenv.hostPlatform.emulator buildPackages} $interpreter "$dir/$binname" --sanebox-replace-cli echo "printing for test" \
|
||||||
| grep "printing for test"
|
| grep "printing for test"
|
||||||
_numExec=$(( $_numExec + 1 ))
|
_numExec=$(( $_numExec + 1 ))
|
||||||
}
|
}
|
||||||
|
Reference in New Issue
Block a user