Skip to content

setup.sh: use -exec rather than -execdir #177789

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
Mindavi merged 1 commit into from Jun 23, 2022
Merged

setup.sh: use -exec rather than -execdir #177789

Mindavi merged 1 commit into from Jun 23, 2022

Conversation

@ghost
Copy link

@ghost ghost commented Jun 15, 2022
edited by ghost
Loading

Note: this is untested. I will undraft when I have verified it. That will take a while (global rebuild). nix build abuild completed; rebuilding the rest of my userspace (should be done by morning)

Description of changes

Busybox's find does not support -execdir, so let's uses -exec instead, in the spirit of requiring the minimum features needed for the task. The benefit of -execdir over -exec is robustness against TOCTOU (Time Of Check Time Of Use) attacks, which I believe are not a concern here.

Some packages (e.g. abuild) put busybox into their nativeBuildInputs, which leads to setup.sh using busybox find rather than $findutils/bin/find (because busybox find is earlier in the $PATH). This PR will fix those packages, although it really isn't a good thing if they are inadvertently changing which stdenv-tools are being used by setup.sh. This PR should not be interpreted as encouraging that sort of thing.

Things done
  • Built on platform(s)
    • x86_64-linux
    • aarch64-linux
    • x86_64-darwin
    • aarch64-darwin
  • For non-Linux: Is sandbox = true set in nix.conf? (See Nix manual)
  • Tested, as applicable:
  • Tested compilation of all packages that depend on this change using nix-shell -p nixpkgs-review --run "nixpkgs-review rev HEAD". Note: all changes have to be committed, also see nixpkgs-review usage
  • Tested basic functionality of all binary files (usually in ./result/bin/)
  • 22.11 Release Notes (or backporting 22.05 Release notes)
    • (Package updates) Added a release notes entry if the change is major or breaking
    • (Module updates) Added a release notes entry if the change is significant
    • (Module addition) Added a release notes entry if adding a new NixOS module
    • (Release notes changes) Ran nixos/doc/manual/md-to-db.sh to update generated release notes
  • Fits CONTRIBUTING.md.

@ghost ghost mentioned this pull request Jun 15, 2022
Closed
13 tasks
@github-actions github-actions bot added the 6.topic: stdenv Standard environment label Jun 15, 2022
setup.sh: use -exec rather than -execdir
64fc13f 
Busybox's `find` does not support `-execdir`, so let's uses `-exec`
instead, in the spirit of requiring the minimum features needed for
the task.
@ghost ghost mentioned this pull request Jun 15, 2022
Closed
13 tasks
@ofborg ofborg bot added 10.rebuild-darwin-stdenv This PR causes stdenv to rebuild on Darwin and must target a staging branch. 10.rebuild-linux-stdenv This PR causes stdenv to rebuild on Linux and must target a staging branch. 10.rebuild-darwin: 501+ This PR causes many rebuilds on Darwin and should normally target the staging branches. 10.rebuild-darwin: 5001+ This PR causes many rebuilds on Darwin and must target the staging branches. 10.rebuild-linux: 501+ This PR causes many rebuilds on Linux and should normally target the staging branches. 10.rebuild-linux: 5001+ This PR causes many rebuilds on Linux and must target the staging branches. labels Jun 15, 2022
@ghost ghost marked this pull request as ready for review June 15, 2022 22:25
@ghost ghost requested review from Ericson2314 and matthewbauer as code owners June 15, 2022 22:25
@ghost ghost mentioned this pull request Jun 23, 2022
Merged
9 tasks
@Mindavi
Copy link
Contributor

Mindavi commented Jun 23, 2022

This looks quite safe to me.

@Mindavi Mindavi merged commit f104ffc into NixOS:staging Jun 23, 2022
@ghost ghost deleted the pr/setup/busyboxfind branch June 23, 2022 04:42
@Artturin Artturin mentioned this pull request Jan 29, 2024
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@Ericson2314 Ericson2314 Awaiting requested review from Ericson2314

@matthewbauer matthewbauer Awaiting requested review from matthewbauer

Assignees

No one assigned

Labels

6.topic: stdenv Standard environment 10.rebuild-darwin: 501+ This PR causes many rebuilds on Darwin and should normally target the staging branches. 10.rebuild-darwin: 5001+ This PR causes many rebuilds on Darwin and must target the staging branches. 10.rebuild-darwin-stdenv This PR causes stdenv to rebuild on Darwin and must target a staging branch. 10.rebuild-linux: 501+ This PR causes many rebuilds on Linux and should normally target the staging branches. 10.rebuild-linux: 5001+ This PR causes many rebuilds on Linux and must target the staging branches. 10.rebuild-linux-stdenv This PR causes stdenv to rebuild on Linux and must target a staging branch.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@Mindavi