New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
nixos/borgbackup: fix env vars not being passed verbatim in job wrappers #179899
base: master
Are you sure you want to change the base?
Conversation
@ofborg test borgbackup |
75567dd
to
948e134
Compare
948e134
to
c688f11
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
this will definitely need a changelog entry, just in case anyone does rely on expansion for envs. escaping these does look like a good idea in general (can't think of anything that would need env vars to be expanded like this).
c688f11
to
77382a5
Compare
I've added a changelog entry. Example: For cheap VPS nodes that only allow access to a $HOME directory, one would install borg in $HOME and set |
but the builder does not have access to the correct |
|
right, that makes sense then. |
while testing this we noticed that systemd specifiers in the environment remain unescaped in the generated unit, giving another source of differences between the unit and the job wrapper. that'll also need to be solved somehow, but it looks like that would be a multi-year effort since it'd have to touch unit file generation 😕 |
This pull request has been mentioned on NixOS Discourse. There might be relevant details there: |
77382a5
to
6644f50
Compare
Rebased to master. This rebase can be reviewed with: git fetch https://github.com/NixOS/nixpkgs 77382a5a242d72c4f4e60590aeadd6bb55fa5bcf
git range-diff FETCH_HEAD...HEAD |
Like in the borg-job systemd service, env var values are now passed verbatim to the borg process. Previously, the var values were evaluated as bash double quoted strings.
6644f50
to
920bfda
Compare
@@ -551,4 +551,6 @@ Available as [services.patroni](options.html#opt-services.patroni.enable). | |||
|
|||
- `haskellPackages.callHackage` and `haskellPackages.callCabal2nix` (and related functions) no longer keep a reference to the `cabal2nix` call used to generate them. As a result, they will be garbage collected more often. | |||
|
|||
- `services.borgbackup`: In the borg job wrapper, environment variables are now passed verbatim to the borg process, so that its process environment is the same as in the systemd service. Previously, vars were expanded in the Nix build environment for the job wrapper. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We want to move this to the 23.05 release notes
Copy of commit msg
Like in the borg-job systemd service, env var values are now passed verbatim to the borg process.
Previously, the var values were evaluated as bash double quoted strings in the Nix build environment for the job wrapper .
Test this with:
Output before this PR:
Output after this PR: