New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
/bin/sh -> ${stdenv.shell} #21905
/bin/sh -> ${stdenv.shell} #21905
Conversation
@rht, thanks for your PR! By analyzing the history of the files in this pull request, we identified @lethalman, @viric and @rbvermaa to be potential reviewers. |
@@ -82,7 +82,7 @@ rec { | |||
export PATH=${shadow}/bin:$PATH | |||
mkdir -p /etc/pam.d | |||
if [[ ! -f /etc/passwd ]]; then | |||
echo "root:x:0:0::/root:/bin/sh" > /etc/passwd | |||
echo "root:x:0:0::/root:${stdenv.shell}" > /etc/passwd |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
is this safe to use? I think there is a reason why on nixos the root login shell points to /run/current-system/sw/bin/bash
. I could be that docker is special because the shell in nixos-based images are never updated.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
(I have an insufficient information to figure out why, for docker's case)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
IIRC you can only use paths from /etc/shells
as a login shell. Universal paths like /run/current-system/...
seem less likely to break that.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Though in a docker container the risk might be very low.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
/etc/shells
is only relevant for a non-root user doing chsh
on herself; nologin
is usually not in /etc/shells
but works as a login-no-intended shell just fine.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Re: root shell: /bin/sh
is non-interactive, too.
@@ -22,7 +22,7 @@ in { | |||
runInWindowsVM = drv: let | |||
newDrv = drv.override { | |||
stdenv = drv.stdenv.override { | |||
shell = "/bin/sh"; | |||
shell = "${stdenv.shell}"; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This one looks a bit odd to me, are you sure it is not deliberately using /bin/sh
here?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yes, this is deliberate, because this is within a VM and within a cygwin shell and there is no access to the store.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I see.
Manually merged to master. |
Motivation for this change
Use
${stdenv.shell}
inpkgs/build-support
andpkgs/servers
.Address a subset of #183, #1424.
Things done
(nix.useSandbox on NixOS,
or option
build-use-sandbox
innix.conf
on non-NixOS)
nix-shell -p nox --run "nox-review wip"
./result/bin/
)