From e01e5b814366483ebb7af36e997eec13ff4c7cd4 Mon Sep 17 00:00:00 2001 From: Alexander Kjeldaas Date: Tue, 15 Apr 2014 00:54:13 +0200 Subject: [PATCH 1/3] stdenv setup: disallow references to the build directory Original commit: https://github.com/NixOS/nixpkgs/pull/2281/commits/e52a6a2ba2688ced8e3be8bb933b35e7acd1006e --- pkgs/stdenv/generic/setup.sh | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/pkgs/stdenv/generic/setup.sh b/pkgs/stdenv/generic/setup.sh index 154fdefd789c7..cc6c89315bcac 100644 --- a/pkgs/stdenv/generic/setup.sh +++ b/pkgs/stdenv/generic/setup.sh @@ -794,6 +794,16 @@ installCheckPhase() { $makeFlags "${makeFlagsArray[@]}" \ $installCheckFlags "${installCheckFlagsArray[@]}" ${installCheckTarget:-installcheck} + + if [ -z "$noErrorBuildTop" -a "$NIX_ENFORCE_PURITY" = "1" -a -n "$NIX_BUILD_TOP" ]; then + if grep -qr $NIX_BUILD_TOP $out; then + echo "ERROR: The following files include the build path: $NIX_BUILD_TOP" + echo "ERROR: Either fix the nix expression or set noErrorBuildTop" + grep -lr $NIX_BUILD_TOP $out + exit 1 + fi + fi + runHook postInstallCheck } From a75c2e0913460fd77b30620b6cb95dfc1ceeafcc Mon Sep 17 00:00:00 2001 From: Joachim Fasting Date: Thu, 22 Dec 2016 19:30:05 +0100 Subject: [PATCH 2/3] stdenv: scan all outputs for references to build directory --- pkgs/stdenv/generic/setup.sh | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/pkgs/stdenv/generic/setup.sh b/pkgs/stdenv/generic/setup.sh index cc6c89315bcac..0bf75c8614f3b 100644 --- a/pkgs/stdenv/generic/setup.sh +++ b/pkgs/stdenv/generic/setup.sh @@ -794,15 +794,15 @@ installCheckPhase() { $makeFlags "${makeFlagsArray[@]}" \ $installCheckFlags "${installCheckFlagsArray[@]}" ${installCheckTarget:-installcheck} - if [ -z "$noErrorBuildTop" -a "$NIX_ENFORCE_PURITY" = "1" -a -n "$NIX_BUILD_TOP" ]; then - if grep -qr $NIX_BUILD_TOP $out; then - echo "ERROR: The following files include the build path: $NIX_BUILD_TOP" - echo "ERROR: Either fix the nix expression or set noErrorBuildTop" - grep -lr $NIX_BUILD_TOP $out - exit 1 - fi - fi + for output in $outputs; do + if grep -qr $NIX_BUILD_TOP ${!output} ; then + echo "ERROR: found reference to build path $NIX_BUILD_TOP in the following files" + grep -lr $NIX_BUILD_TOP ${!output} + exit 1 + fi + done + done runHook postInstallCheck } From 8424941d6e55f07028ba9409ba80bc4c6edf952d Mon Sep 17 00:00:00 2001 From: Joachim Fasting Date: Thu, 22 Dec 2016 19:30:37 +0100 Subject: [PATCH 3/3] stdenv doc: document noErrorBuildTop --- doc/stdenv.xml | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/doc/stdenv.xml b/doc/stdenv.xml index 68441ea9393ab..34566dc9988d1 100644 --- a/doc/stdenv.xml +++ b/doc/stdenv.xml @@ -1008,6 +1008,15 @@ installcheck. in the derivation to enable install checks. + + noErrorBuildTop + Allow outputs to capture references to the build + directory. Normally, all outputs are scanned for references to + the build directory and the build aborted if any are found. Such + references are most likely accidental and may make the build + non-reproducible. + + preInstallCheck Hook executed at the start of the installCheck