public/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

bazel: improve strict action env context

Browse Source 
- Bazel strict action env set a default PATH to
`/bin/:/usr/bin:/usr/local/bin`. This was previously changed to disable
this behavior to improve hermeticity. However the previous change was
only removing `/bin:/usr/bin`, keeping `/usr/local/bin`, this commit
also remove this entry.
This commit is contained in:
Guillaume Bouchard 2019-11-12 21:07:58 +01:00
parent 224737f0f7
commit 20752ba4f7
2 changed files with 25 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
pkgs/development/tools/build-managers/bazel/default.nix
View File

@ -19,6 +19,7 @@
, enableNixHacks ? false , enableNixHacks ? false
, gcc-unwrapped , gcc-unwrapped
, autoPatchelfHook , autoPatchelfHook
, substituteAll
}: }:
let let
@ -145,6 +146,17 @@ stdenv.mkDerivation rec {
# This is breaking the build of any C target. This patch removes the last # This is breaking the build of any C target. This patch removes the last
# argument if it's found to be an empty string. # argument if it's found to be an empty string.
./trim-last-argument-to-gcc-if-empty.patch ./trim-last-argument-to-gcc-if-empty.patch
# --experimental_strict_action_env (which may one day become the default
# see bazelbuild/bazel#2574) hardcodes the default
# action environment to a non hermetic value (e.g. "/usr/local/bin").
# This is non hermetic on non-nixos systems. On NixOS, bazel cannot find the required binaries.
# So we are replacing this bazel paths by defaultShellPath,
# improving hermeticity and making it work in nixos.
(substituteAll {
src = ./strict_action_env.patch;
strictActionEnvPatch = defaultShellPath;
})
] ++ lib.optional enableNixHacks ./nix-hacks.patch; ] ++ lib.optional enableNixHacks ./nix-hacks.patch;
@ -390,14 +402,6 @@ stdenv.mkDerivation rec {
-e "/\$command \\\\$/a --host_java_toolchain='${javaToolchain}' \\\\" \ -e "/\$command \\\\$/a --host_java_toolchain='${javaToolchain}' \\\\" \
-i scripts/bootstrap/compile.sh -i scripts/bootstrap/compile.sh
# --experimental_strict_action_env (which will soon become the
# default, see bazelbuild/bazel#2574) hardcodes the default
# action environment to a value that on NixOS at least is bogus.
# So we hardcode it to something useful.
substituteInPlace \
src/main/java/com/google/devtools/build/lib/bazel/rules/BazelRuleClassProvider.java \
--replace /bin:/usr/bin ${defaultShellPath}
# This is necessary to avoid: # This is necessary to avoid:
# "error: no visible @interface for 'NSDictionary' declares the selector # "error: no visible @interface for 'NSDictionary' declares the selector
# 'initWithContentsOfURL:error:'" # 'initWithContentsOfURL:error:'"

13
pkgs/development/tools/build-managers/bazel/strict_action_env.patch Normal file
View File

@ -0,0 +1,13 @@
diff --git a/src/main/java/com/google/devtools/build/lib/bazel/rules/BazelRuleClassProvider.java b/src/main/java/com/google/devtools/build/lib/bazel/rules/BazelRuleClassProvider.java
index a70b5559bc..10bdffe961 100644
--- a/src/main/java/com/google/devtools/build/lib/bazel/rules/BazelRuleClassProvider.java
+++ b/src/main/java/com/google/devtools/build/lib/bazel/rules/BazelRuleClassProvider.java
@@ -466,7 +466,7 @@ public class BazelRuleClassProvider {
// Note that --action_env does not propagate to the host config, so it is not a viable
// workaround when a genrule is itself built in the host config (e.g. nested genrules). See
// #8536.
- return "/bin:/usr/bin:/usr/local/bin";
+ return "@strictActionEnvPatch@";
}
String newPath = "";