bazel: improve strict action env context
- Bazel strict action env set a default PATH to `/bin/:/usr/bin:/usr/local/bin`. This was previously changed to disable this behavior to improve hermeticity. However the previous change was only removing `/bin:/usr/bin`, keeping `/usr/local/bin`, this commit also remove this entry.
This commit is contained in:
parent
224737f0f7
commit
20752ba4f7
@ -19,6 +19,7 @@
|
||||
, enableNixHacks ? false
|
||||
, gcc-unwrapped
|
||||
, autoPatchelfHook
|
||||
, substituteAll
|
||||
}:
|
||||
|
||||
let
|
||||
@ -145,6 +146,17 @@ stdenv.mkDerivation rec {
|
||||
# This is breaking the build of any C target. This patch removes the last
|
||||
# argument if it's found to be an empty string.
|
||||
./trim-last-argument-to-gcc-if-empty.patch
|
||||
|
||||
# --experimental_strict_action_env (which may one day become the default
|
||||
# see bazelbuild/bazel#2574) hardcodes the default
|
||||
# action environment to a non hermetic value (e.g. "/usr/local/bin").
|
||||
# This is non hermetic on non-nixos systems. On NixOS, bazel cannot find the required binaries.
|
||||
# So we are replacing this bazel paths by defaultShellPath,
|
||||
# improving hermeticity and making it work in nixos.
|
||||
(substituteAll {
|
||||
src = ./strict_action_env.patch;
|
||||
strictActionEnvPatch = defaultShellPath;
|
||||
})
|
||||
] ++ lib.optional enableNixHacks ./nix-hacks.patch;
|
||||
|
||||
|
||||
@ -390,14 +402,6 @@ stdenv.mkDerivation rec {
|
||||
-e "/\$command \\\\$/a --host_java_toolchain='${javaToolchain}' \\\\" \
|
||||
-i scripts/bootstrap/compile.sh
|
||||
|
||||
# --experimental_strict_action_env (which will soon become the
|
||||
# default, see bazelbuild/bazel#2574) hardcodes the default
|
||||
# action environment to a value that on NixOS at least is bogus.
|
||||
# So we hardcode it to something useful.
|
||||
substituteInPlace \
|
||||
src/main/java/com/google/devtools/build/lib/bazel/rules/BazelRuleClassProvider.java \
|
||||
--replace /bin:/usr/bin ${defaultShellPath}
|
||||
|
||||
# This is necessary to avoid:
|
||||
# "error: no visible @interface for 'NSDictionary' declares the selector
|
||||
# 'initWithContentsOfURL:error:'"
|
||||
|
@ -0,0 +1,13 @@
|
||||
diff --git a/src/main/java/com/google/devtools/build/lib/bazel/rules/BazelRuleClassProvider.java b/src/main/java/com/google/devtools/build/lib/bazel/rules/BazelRuleClassProvider.java
|
||||
index a70b5559bc..10bdffe961 100644
|
||||
--- a/src/main/java/com/google/devtools/build/lib/bazel/rules/BazelRuleClassProvider.java
|
||||
+++ b/src/main/java/com/google/devtools/build/lib/bazel/rules/BazelRuleClassProvider.java
|
||||
@@ -466,7 +466,7 @@ public class BazelRuleClassProvider {
|
||||
// Note that --action_env does not propagate to the host config, so it is not a viable
|
||||
// workaround when a genrule is itself built in the host config (e.g. nested genrules). See
|
||||
// #8536.
|
||||
- return "/bin:/usr/bin:/usr/local/bin";
|
||||
+ return "@strictActionEnvPatch@";
|
||||
}
|
||||
|
||||
String newPath = "";
|
Loading…
Reference in New Issue
Block a user