Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

setup.sh: use -exec rather than -execdir #177789

Merged
merged 1 commit into from Jun 23, 2022
Merged

setup.sh: use -exec rather than -execdir #177789

merged 1 commit into from Jun 23, 2022

Conversation

ghost
Copy link

@ghost ghost commented Jun 15, 2022
edited by ghost
Loading

Note: this is untested. I will undraft when I have verified it. That will take a while (global rebuild). nix build abuild completed; rebuilding the rest of my userspace (should be done by morning)

Description of changes

Busybox's find does not support -execdir, so let's uses -exec instead, in the spirit of requiring the minimum features needed for the task. The benefit of -execdir over -exec is robustness against TOCTOU (Time Of Check Time Of Use) attacks, which I believe are not a concern here.

Some packages (e.g. abuild) put busybox into their nativeBuildInputs, which leads to setup.sh using busybox find rather than $findutils/bin/find (because busybox find is earlier in the $PATH). This PR will fix those packages, although it really isn't a good thing if they are inadvertently changing which stdenv-tools are being used by setup.sh. This PR should not be interpreted as encouraging that sort of thing.

Things done
  • Built on platform(s)
    • x86_64-linux
    • aarch64-linux
    • x86_64-darwin
    • aarch64-darwin
  • For non-Linux: Is sandbox = true set in nix.conf? (See Nix manual)
  • Tested, as applicable:
  • Tested compilation of all packages that depend on this change using nix-shell -p nixpkgs-review --run "nixpkgs-review rev HEAD". Note: all changes have to be committed, also see nixpkgs-review usage
  • Tested basic functionality of all binary files (usually in ./result/bin/)
  • 22.11 Release Notes (or backporting 22.05 Release notes)
    • (Package updates) Added a release notes entry if the change is major or breaking
    • (Module updates) Added a release notes entry if the change is significant
    • (Module addition) Added a release notes entry if adding a new NixOS module
    • (Release notes changes) Ran nixos/doc/manual/md-to-db.sh to update generated release notes
  • Fits CONTRIBUTING.md.

@ghost ghost mentioned this pull request Jun 15, 2022
Closed
13 tasks
@github-actions github-actions bot added the 6.topic: stdenv Standard environment label Jun 15, 2022
setup.sh: use -exec rather than -execdir
64fc13f 
Busybox's `find` does not support `-execdir`, so let's uses `-exec`
instead, in the spirit of requiring the minimum features needed for
the task.
@ghost ghost mentioned this pull request Jun 15, 2022
Closed
13 tasks
@ghost ghost marked this pull request as ready for review June 15, 2022 22:25
@ghost ghost requested review from Ericson2314 and matthewbauer as code owners June 15, 2022 22:25
@ghost ghost mentioned this pull request Jun 23, 2022
Merged
9 tasks
@Mindavi
Copy link
Contributor

Mindavi commented Jun 23, 2022

This looks quite safe to me.

@Mindavi Mindavi merged commit f104ffc into NixOS:staging Jun 23, 2022
@ghost ghost deleted the pr/setup/busyboxfind branch June 23, 2022 04:42
@Artturin Artturin mentioned this pull request Jan 29, 2024
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Ericson2314 Ericson2314 Awaiting requested review from Ericson2314

@matthewbauer matthewbauer Awaiting requested review from matthewbauer

Assignees
No one assigned
Labels
6.topic: stdenv Standard environment 10.rebuild-darwin: 501+ 10.rebuild-darwin: 5001+ 10.rebuild-darwin-stdenv 10.rebuild-linux: 501+ 10.rebuild-linux: 5001+ 10.rebuild-linux-stdenv
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@Mindavi