checkSandboxed: fix so that cross-built scripts can be checked again
how did this work earlier? does lappy have binfmt enabled??
This commit is contained in:
parent
d8d11de9bc
commit
36f4fa3018
|
@ -1,5 +1,8 @@
|
|||
{ lib
|
||||
, stdenv
|
||||
, buildPackages
|
||||
, file
|
||||
, gnugrep
|
||||
, runCommandLocal
|
||||
, runtimeShell
|
||||
, sanebox
|
||||
|
@ -230,7 +233,7 @@ let
|
|||
};
|
||||
passthru = (prevAttrs.passthru or {}) // extraPassthru // {
|
||||
checkSandboxed = runCommandLocal "${pkgName}-check-sandboxed" {
|
||||
nativeBuildInputs = [ sanebox ];
|
||||
nativeBuildInputs = [ file gnugrep sanebox ];
|
||||
buildInputs = builtins.map (out: finalAttrs.finalPackage."${out}") (finalAttrs.outputs or [ "out" ]);
|
||||
} ''
|
||||
set -e
|
||||
|
@ -243,7 +246,12 @@ let
|
|||
echo "checking if $dir/$binname is sandboxed"
|
||||
# XXX: call by full path because some binaries (e.g. util-linux) would otherwise
|
||||
# be shadowed by things the nix builder implicitly puts on PATH.
|
||||
"$dir/$binname" --sanebox-replace-cli echo "printing for test" \
|
||||
# additionally, call via qemu and manually specify the interpreter *if the file has one*.
|
||||
# if the file doesn't have an interpreter, assume it's directly invokable by qemu (hence, the intentional lack of quotes around `interpreter`)
|
||||
set -x
|
||||
local realbin="$(realpath $dir/$binname)"
|
||||
local interpreter=$(file "$realbin" | grep --only-matching "a /nix/.* script" | cut -d" " -f2 || echo "")
|
||||
${stdenv.hostPlatform.emulator buildPackages} $interpreter "$dir/$binname" --sanebox-replace-cli echo "printing for test" \
|
||||
| grep "printing for test"
|
||||
_numExec=$(( $_numExec + 1 ))
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue
Block a user