diff options
author | Profpatsch <mail@profpatsch.de> | 2021-02-09T20·50+0100 |
---|---|---|
committer | Profpatsch <mail@profpatsch.de> | 2021-02-13T20·00+0000 |
commit | 1b706b5ae3514082f4d64eb5718a9f73bcdd46bd (patch) | |
tree | e2fee2065e570b6239bdd1c908c5951fd89442a0 | |
parent | 81122c1297d4cfa2c811bb775308ff412ba674b1 (diff) |
feat(users/Profpatsch/lib): add runInEmptyEnv r/2208
Small helper that empties out the environment, except for the given list of variables. Change-Id: I5e265496aaa5c248136318aa1c6cd91a67d3f028 Reviewed-on: https://cl.tvl.fyi/c/depot/+/2506 Tested-by: BuildkiteCI Reviewed-by: Profpatsch <mail@profpatsch.de>
-rw-r--r-- | users/Profpatsch/lib.nix | 11 |
1 files changed, 11 insertions, 0 deletions
diff --git a/users/Profpatsch/lib.nix b/users/Profpatsch/lib.nix index 05d931b841e5..9dd3cd481d7e 100644 --- a/users/Profpatsch/lib.nix +++ b/users/Profpatsch/lib.nix @@ -25,11 +25,22 @@ let "fdmove" "-c" "1" "2" bins.printenv "$1" "$@" ]; + # remove everything but a few selected environment variables + runInEmptyEnv = keepVars: + let + importas = pkgs.lib.concatMap (var: [ "importas" "-i" var var ]) keepVars; + # we have to explicitely call export here, because PATH is probably empty + export = pkgs.lib.concatMap (var: [ "${pkgs.execline}/bin/export" var ''''${${var}}'' ]) keepVars; + in depot.nix.writeExecline "empty-env" {} + (importas ++ [ "emptyenv" ] ++ export ++ [ "${pkgs.execline}/bin/exec" "$@" ]); + + in { inherit debugExec eprintf eprint-stdin eprintenv + runInEmptyEnv ; } |