Commit a590f4fc authored by Valentin Reis's avatar Valentin Reis
Browse files

adds sandboxing option.

parent 221e2f59
Pipeline #5490 passed with stage
in 21 seconds
......@@ -100,8 +100,10 @@ data ArgsCommon = ArgsCommon
, run :: Maybe Text
, overrides :: [(String, String)]
, grafting :: Grafting
, sandboxing :: Sandboxing
} deriving (Show)
data Verbosity = Verbose | Normal deriving (Show, Eq)
data Sandboxing = Sandbox | NoSandbox deriving (Show, Eq)
data Grafting = Libnrm | NoGraft deriving (Show, Eq)
data ArgsRemote = ArgsRemote
......@@ -112,21 +114,21 @@ data ArgsRemote = ArgsRemote
instance Default ArgsCommon where
def = ArgsCommon
{ verbosity = Normal,
argopkgs = "<argopkgs>",
run = Nothing,
overrides = [],
grafting = NoGraft
{ verbosity = Normal,
argopkgs = "<argopkgs>",
run = Nothing,
overrides = [],
grafting = NoGraft,
sandboxing = NoSandbox
}
instance Default ArgsRemote where
def = ArgsRemote
{ targetMachine = Nothing,
retreive = Nothing,
retreiveAs = Nothing
retreive = Nothing,
retreiveAs = Nothing
}
targetParser :: Parser String
targetParser =
strArgument (metavar "TARGET" <> showDefault <> help "The build target.")
......@@ -160,6 +162,10 @@ commonParser = do
Normal
Verbose
(long "verbose" <> short 'v' <> help "Enable verbose mode")
sandboxing <- flag
NoSandbox
Sandbox
(long "sandboxing" <> short 's' <> help "Enable nix sandboxing.")
grafting <- flag
NoGraft
Libnrm
......@@ -242,7 +248,8 @@ setupSystem sa = do
export "XDG_CACHE_HOME" $ lineToText cachedir
doVerbose $ printInfo $ lineToText cachedir <> " exported to XDG_CACHE_HOME"
doVerbose $ printInfo "running nix-build for the containers attribute."
doVerbose $ printCommand $ "nix-build " <> pack (unwords (nixArguments "containers" sa))
doVerbose $ printCommand $ "nix-build " <> pack
(unwords (nixArguments "containers" sa))
nodeos_config <- single
$ inproc "nix-build" (fmap pack (nixArguments "containers" sa)) empty
doVerbose $ printInfo "Checking filesystem attributes on /tmp"
......@@ -262,9 +269,10 @@ setupSystem sa = do
ExitFailure n -> die ("Setting suid bit failed with exit code " <> repr n)
vshell "sudo /tmp/argo_nodeos_config --clean_config=kill_content:true" empty
void $ printInfo "Done setting the environment for nix-build up."
where vshell = verboseShell verbose
verbose = verbosity sa == Verbose
doVerbose = when verbose
where
vshell = verboseShell verbose
verbose = verbosity sa == Verbose
doVerbose = when verbose
nixArguments :: String -> ArgsCommon -> [String]
nixArguments target ArgsCommon {..} =
......@@ -303,8 +311,9 @@ wrap nixCommand target sa@ArgsCommon {..} = sh $ do
, "-K"
, "--option"
, "build-use-sandbox"
, "false"
]
++ [if sandboxing == Sandbox then "true" else "false"]
remotely :: String -> ArgsCommon -> ArgsRemote -> IO ()
remotely _ _ _ = putStrLn "unsupported in this version"
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment