JakeHillion/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

rust: improve fetch-cargo-deps determinism for non-sandboxed builds

Browse Source 
When not using sandboxing, /usr/share/git-core/templates may leak into the
nix build through the libgit2 hardcoded default template search path. We now
explictly set the templatedir to avoid this problem.

See https://github.com/bennofs/nix-index/issues/2#issuecomment-296268983 for
an example case of nondeterminism.
This commit is contained in:
Benno Fünfstück 2017-04-21 23:23:38 +02:00
parent 5238b85207
commit bd78749d33
1 changed files with 32 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

32
pkgs/build-support/rust/fetch-cargo-deps
View File

@ -1,3 +1,18 @@
# copied from libgit2 source code 'repo-template.h'
makeGitTemplate() {
local target="$1"
mkdir -p -m777 "$target/info" "$target/pack" "$target/objects" "$target/refs"
mkdir -p -m777 "$target/refs/heads" "$target/refs/tags" "$target/objects/info" "$target/objects/pack"
cat <<'EOF' > "$target/description"
Unnamed repository; edit this file 'description' to name the repository.
EOF
chmod 666 "$target/description"
cat <<'EOF' > "$target/info/exclude"
# File patterns to ignore; see `git help ignore` for more information.
# Lines that start with '#' are comments.
EOF
}
fetchCargoDeps() { fetchCargoDeps() {
src=$(realpath $1) src=$(realpath $1)
out=$(realpath $2) out=$(realpath $2)
@ -6,6 +21,23 @@ fetchCargoDeps() {
mkdir $out mkdir $out
# Configure git template dir to make libgit2 more deterministic
#
# Without a template dir, libgit2 defaults to /usr/share/git-core/templates,
# which can vary between systems if sandboxed builds aren't used.
#
# Note: we explictly set --tmpdir for mktemp here to make it more friendly
# for nix-shell users, where $TMPDIR is not necessarily set to NIX_BUILD_TOP
echo "Setting up git templatedir"
export GIT_TEMPLATE_DIR="$(mktemp -d --tmpdir=$NIX_BUILD_TOP git-template.XXX)"
makeGitTemplate "$GIT_TEMPLATE_DIR"
export XDG_CONFIG_HOME="$(mktemp -d --tmpdir=$NIX_BUILD_TOP home.XXX)"
mkdir -p $XDG_CONFIG_HOME/git
cat <<EOF > $XDG_CONFIG_HOME/git/config
[init]
templatedir = $GIT_TEMPLATE_DIR
EOF
# Configure cargo to fetch from a local copy of the crates.io registry # Configure cargo to fetch from a local copy of the crates.io registry
echo "Using rust registry from $rustRegistry" echo "Using rust registry from $rustRegistry"