about summary refs log tree commit diff
diff options
context:
space:
mode:
authorProfpatsch <mail@profpatsch.de>2021-02-09T20·50+0100
committerProfpatsch <mail@profpatsch.de>2021-02-13T20·00+0000
commit1b706b5ae3514082f4d64eb5718a9f73bcdd46bd (patch)
treee2fee2065e570b6239bdd1c908c5951fd89442a0
parent81122c1297d4cfa2c811bb775308ff412ba674b1 (diff)
feat(users/Profpatsch/lib): add runInEmptyEnv r/2208
Small helper that empties out the environment, except for the given
list of variables.

Change-Id: I5e265496aaa5c248136318aa1c6cd91a67d3f028
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2506
Tested-by: BuildkiteCI
Reviewed-by: Profpatsch <mail@profpatsch.de>
-rw-r--r--users/Profpatsch/lib.nix11
1 files changed, 11 insertions, 0 deletions
diff --git a/users/Profpatsch/lib.nix b/users/Profpatsch/lib.nix
index 05d931b841e5..9dd3cd481d7e 100644
--- a/users/Profpatsch/lib.nix
+++ b/users/Profpatsch/lib.nix
@@ -25,11 +25,22 @@ let
     "fdmove" "-c" "1" "2" bins.printenv "$1" "$@"
   ];
 
+  # remove everything but a few selected environment variables
+  runInEmptyEnv = keepVars:
+    let
+        importas = pkgs.lib.concatMap (var: [ "importas" "-i" var var ]) keepVars;
+        # we have to explicitely call export here, because PATH is probably empty
+        export = pkgs.lib.concatMap (var: [ "${pkgs.execline}/bin/export" var ''''${${var}}'' ]) keepVars;
+    in depot.nix.writeExecline "empty-env" {}
+         (importas ++ [ "emptyenv" ] ++ export ++ [ "${pkgs.execline}/bin/exec" "$@" ]);
+
+
 in {
   inherit
     debugExec
     eprintf
     eprint-stdin
     eprintenv
+    runInEmptyEnv
     ;
 }