From 5a02f8e3842c19d28f39e5b47d804ef70e1b3160 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ludovic=20Court=C3=A8s?= Date: Thu, 3 Oct 2019 22:19:11 +0200 Subject: [PATCH] environment: '--container' honors '--preserve'. * guix/scripts/environment.scm (launch-environment/container): Add #:white-list parameter and honor it. (guix-environment): Pass #:white-list to 'launch-environment/container'. * tests/guix-environment-container.sh: Add test. --- guix/scripts/environment.scm | 19 +++++++++++++++++-- tests/guix-environment-container.sh | 5 +++++ 2 files changed, 22 insertions(+), 2 deletions(-) diff --git a/guix/scripts/environment.scm b/guix/scripts/environment.scm index 535f181bfd..4a51654ce6 100644 --- a/guix/scripts/environment.scm +++ b/guix/scripts/environment.scm @@ -452,7 +452,7 @@ (define* (launch-environment/fork command profile manifest (define* (launch-environment/container #:key command bash user user-mappings profile manifest link-profile? network? - map-cwd?) + map-cwd? (white-list '())) "Run COMMAND within a container that features the software in PROFILE. Environment variables are set according to the search paths of MANIFEST. The global shell is BASH, a file name for a GNU Bash binary in the @@ -461,7 +461,10 @@ (define* (launch-environment/container #:key command bash user user-mappings host file systems to mount inside the container. If USER is not #f, each target of USER-MAPPINGS will be re-written relative to '/home/USER', and USER will be used for the passwd entry. LINK-PROFILE? creates a symbolic link from -~/.guix-profile to the environment profile." +~/.guix-profile to the environment profile. + +Preserve environment variables whose name matches the one of the regexps in +WHILE-LIST." (define (optional-mapping->fs mapping) (and (file-exists? (file-system-mapping-source mapping)) (file-system-mapping->bind-mount mapping))) @@ -487,6 +490,11 @@ (define (optional-mapping->fs mapping) (group-entry (gid 65534) ;the overflow GID (name "overflow")))) (home-dir (password-entry-directory passwd)) + (environ (filter (match-lambda + ((variable . value) + (find (cut regexp-exec <> variable) + white-list))) + (get-environment-variables))) ;; Bind-mount all requisite store items, user-specified mappings, ;; /bin/sh, the current working directory, and possibly networking ;; configuration files within the container. @@ -555,6 +563,12 @@ (define (optional-mapping->fs mapping) (override-user-dir user home cwd) home-dir)) + ;; Set environment variables that match WHITE-LIST. + (for-each (match-lambda + ((variable . value) + (setenv variable value))) + environ) + (primitive-exit/status ;; A container's environment is already purified, so no need to ;; request it be purified again. @@ -759,6 +773,7 @@ (define manifest #:user-mappings mappings #:profile profile #:manifest manifest + #:white-list white-list #:link-profile? link-prof? #:network? network? #:map-cwd? (not no-cwd?)))) diff --git a/tests/guix-environment-container.sh b/tests/guix-environment-container.sh index 32a5ba1f97..d313f2e734 100644 --- a/tests/guix-environment-container.sh +++ b/tests/guix-environment-container.sh @@ -44,6 +44,11 @@ else test $? = 42 fi +# Make sure '--preserve' is honored. +result="`FOOBAR=42; export FOOBAR; guix environment -C --ad-hoc --bootstrap \ + guile-bootstrap -E ^FOO -- guile -c '(display (getenv \"FOOBAR\"))'`" +test "$result" = "42" + # By default, the UID inside the container should be the same as outside. uid="`id -u`" inner_uid="`guix environment -C --ad-hoc --bootstrap guile-bootstrap \