Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

substitute-all.nix: Define in terms of the substitute bash function #238636

Closed
wants to merge 1 commit into from
Closed

substitute-all.nix: Define in terms of the substitute bash function #238636

wants to merge 1 commit into from

Conversation

raphaelr
Copy link
Contributor

Description of changes

The substituteAll bash function that was previously used substitutes all environment variables. This can cause surprising behaviour, because some environment variables, like system, and not under control of the expression author that calls substituteAll.

This commit changes the nixpkgs substituteAll function to use substitute with an explicit variable list instead. This ensures that the only variables that will be substituted are those that the caller specified, and not any that stdenv.mkDerivation or Nix itself added/modified.

Partially addresses #237216.

TODO:

  • Should this change be added to the release notes? This change can break users that depend on being able to substitute e.g. @system@ without explicitly passing it to substituteAll
  • This function is now very similar to the substitute nixpkgs function, but more ergonomic to use (substitute expects a list of arguments to the bash substitute function, while substituteAll accepts an attrset of variables to replace). Should one of them be removed?
Things done
  • Built on platform(s)
    • x86_64-linux
    • aarch64-linux
    • x86_64-darwin
    • aarch64-darwin
  • For non-Linux: Is sandbox = true set in nix.conf? (See Nix manual)
  • Tested, as applicable:
  • Tested compilation of all packages that depend on this change using nix-shell -p nixpkgs-review --run "nixpkgs-review rev HEAD". Note: all changes have to be committed, also see nixpkgs-review usage
  • Tested basic functionality of all binary files (usually in ./result/bin/)
  • 23.11 Release Notes (or backporting 23.05 Release notes)
    • (Package updates) Added a release notes entry if the change is major or breaking
    • (Module updates) Added a release notes entry if the change is significant
    • (Module addition) Added a release notes entry if adding a new NixOS module
  • Fits CONTRIBUTING.md.

@raphaelr
substitute-all.nix: Define in terms of the substitute bash function
dae4ee5 
The `substituteAll` bash function that was previously used substitutes
all environment variables. This can cause surprising behaviour, because
some environment variables, like `system`, and not under control of the
expression author that calls `substituteAll`.

This commit changes the nixpkgs `substituteAll` function to use
`substitute` with an explicit variable list instead. This ensures that
the only variables that will be substituted are those that the caller
specified, and not any that stdenv.mkDerivation or Nix itself
added/modified.

Partially addresses NixOS#237216.
@ofborg ofborg bot added the 10.rebuild-darwin-stdenv This PR causes stdenv to rebuild label Jun 19, 2023
@ofborg ofborg bot requested review from Profpatsch, Artturin and primeos June 19, 2023 21:22
roberth
roberth reviewed Aug 11, 2023
View reviewed changes
pkgs/build-support/substitute/substitute-all.nix
}@args:

let
variables = builtins.removeAttrs args [
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

removeAttrs is still kinda terrible.
It'd be nicer to first have a function that does the right thing for all possible key value combinations, and then define substituteAll in terms of that function for compatibility.

The interface could be something like this when called

substituteStrings {
  nativeBuildInputs = [ foolint ];
  checkPhase = ''
    runHook preCheck;
    barlint $out;
    runHook postCheck;
  '';
  replacements = {
    "@foo@" = lib.getExe foo;
  };
};

(note that I'm also making the @s explicit for better grepping)

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The above could be done with --replace and escapeShellArg I think.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

My 2c: I think we could have a new interface but at the same time having a better substituteAll that does what it is supposed to do would be much better.

@raphaelr
Copy link
Contributor Author

I do not currently have time to work on this. Closing this.

@raphaelr raphaelr closed this Dec 14, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@thiagokokada thiagokokada thiagokokada left review comments

@roberth roberth roberth left review comments

@Profpatsch Profpatsch Awaiting requested review from Profpatsch

@Artturin Artturin Awaiting requested review from Artturin

@primeos primeos Awaiting requested review from primeos

Assignees
No one assigned
Labels
10.rebuild-darwin: 501+ 10.rebuild-darwin: 5001+ 10.rebuild-darwin-stdenv This PR causes stdenv to rebuild 10.rebuild-linux: 501+ 10.rebuild-linux: 5001+
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@raphaelr @roberth @thiagokokada