skawarePackages.skalibs: empty default path

If `PATH` is unset, the exec wrappers in skalibs set a default path to `/usr/bin:bin`. This has very unfortunate effects when you e.g. try to run tests on CI in an empty environment (minus tools explicitely provided by nix with absolute store paths), because suddenly binaries from outside are picked up again, especially on non-NixOS. Even on NixOS, /bin/sh provides another escape hatch if it’s available from PATH. But on systems like Ubuntu or MacOS (which most CI systems run on), this picks up all the non-nix binaries.
2019-10-19 16:26:18 +02:00 · 2019-10-19 16:26:18 +02:00 · 14f812aeef
commit 14f812aeef
parent fc6d1e0ebf
1 changed files with 3 additions and 0 deletions
--- a/pkgs/development/libraries/skalibs/default.nix
+++ b/pkgs/development/libraries/skalibs/default.nix
@ -18,6 +18,9 @@ buildPackage {
    "--dynlibdir=\${lib}/lib"
    "--includedir=\${dev}/include"
    "--sysdepdir=\${lib}/lib/skalibs/sysdeps"
+    # Empty the default path, which would be "/usr/bin:bin".
+    # It would be set when PATH is empty. This hurts hermeticity.
+    "--with-default-path="
  ];

  postInstall = ''