Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Can't have relative paths in NIX_PATH in restricted mode #5998

Closed
shlevy opened this issue Jan 26, 2022 · 1 comment · Fixed by #6001 or NixOS/nixpkgs#157387
Closed

Can't have relative paths in NIX_PATH in restricted mode #5998

shlevy opened this issue Jan 26, 2022 · 1 comment · Fixed by #6001 or NixOS/nixpkgs#157387
Assignees
@thufschmitt
Labels
bug

Comments

@shlevy
Copy link
Member

shlevy commented Jan 26, 2022
edited

Since cbbd21e

$ nix-instantiate --eval -E '<nixpkgs>' -I . --restrict-eval
error: not an absolute path: '.'

This occurs even if, as in this case, the path lookup you perform is not found in the relative path you added.

The cause is that realisePath calls checkSourcePath even if requireAbsolutePath = false, and in restricted mode checkSourcePath calls canonPath, which checks for an absolute path.

I suspect the best thing to do here is simply remove the requireAbsolutePath parameter altogether and not use realisePath in findFile, switching back to realiseContext.
@shlevy shlevy added the bug label Jan 26, 2022
shlevy referenced this issue Jan 26, 2022
@thufschmitt
Factor out the path realisation bit of IFD
cbbd21e
yveshauser added a commit to input-output-hk/marlowe-cardano that referenced this issue Jan 26, 2022
@yveshauser
Nix version on CI changed
759f489 
* see NixOS/nix#5998
shlevy added a commit to input-output-hk/marlowe-cardano that referenced this issue Jan 27, 2022
@shlevy
Fix CI for Nix 2.6.
6ec07ee 
See NixOS/nix#5998
@shlevy
Copy link
Member Author

shlevy commented Jan 27, 2022

Ack, this is worse than I thought:

error: not an absolute path: 'channel:nixos-unstable'

Emphasizes that realiseContext is probably the right call. This value simply isn't necessarily a path.

shlevy added a commit to input-output-hk/marlowe-cardano that referenced this issue Jan 27, 2022
@shlevy
Revert "Fix CI for Nix 2.6."
704d428 
This fix is not enough, see NixOS/nix#5998 (comment)

This reverts commit 6ec07ee.
shlevy added a commit to input-output-hk/marlowe-cardano that referenced this issue Jan 27, 2022
@shlevy
Pin CI to Nix 2.5.1
09dd17a 
Work around NixOS/nix#5998.

Also clean up Nix config while we're at it
shlevy added a commit to input-output-hk/marlowe-cardano that referenced this issue Jan 27, 2022
@shlevy
Pin CI to Nix 2.5.1
3c3d515 
Work around NixOS/nix#5998.

Also clean up Nix config while we're at it
jhbertra pushed a commit to input-output-hk/marlowe-cardano that referenced this issue Jan 27, 2022
@shlevy @jhbertra
Pin CI to Nix 2.5.1
7d1a3fd 
Work around NixOS/nix#5998.

Also clean up Nix config while we're at it
@shlevy shlevy mentioned this issue Jan 27, 2022
Merged
thufschmitt added a commit that referenced this issue Jan 27, 2022
@thufschmitt
Don’t require NIX_PATH entries to be valid paths
fcdc60e 
It’s totally valid to have entries in `NIX_PATH` that aren’t valid paths
(they can even be arbitrary urls or `channel:<channel-name>`).

Fix #5998 and #5980
@Mic92 Mic92 mentioned this issue Jan 30, 2022
Merged
13 tasks
Mic92 added a commit to Mic92/nixpkgs that referenced this issue Jan 30, 2022
@Mic92
nixUnstable: pre20220124 -> pre20220127
6b3a2e6 
fixes NixOS/nix#5998
and NixOS/nix#5980
@adisbladis adisbladis mentioned this issue Feb 6, 2022
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@thufschmitt thufschmitt

Labels
bug
Projects
None yet
Milestone
No milestone
2 participants
@shlevy @thufschmitt