Skip to content
This repository has been archived by the owner on May 20, 2021. It is now read-only.

Use in restricted mode recently broken #102

Closed
michaelpj opened this issue May 31, 2019 · 2 comments
Closed

Use in restricted mode recently broken #102

michaelpj opened this issue May 31, 2019 · 2 comments

Comments

@michaelpj
Copy link

8c73c4a broke using yarn2nix on hydra in restricted mode.

The problem is this code: 8c73c4a#diff-5712e736e0de6ba170577f8472c398e9R369

I think what's going on is that this constructs paths from strings, and ends up trying to read what looks to hydra like a random store path. I think this is the same underlying issue as in NixOS/nixpkgs#35207.

To reproduce:

  yarn2nix = pkg.callPackage (pkgs.fetchFromGitHub {
    owner = "moretea";
    repo = "yarn2nix";
    rev = "3cc020e384ce2a439813adb7a0cc772a034d90bb";
    sha256 = "0h2kzdfiw43rbiiffpqq9lkhvdv8mgzz2w29pzrxgv8d39x67vr9";
  });

Evaluating in restricted mode gives something like:

error: access to path '/nix/store/g5bkq7ahvxraahsh0a6q376vsm1bf6rr-vi0fx76f50ykk0zag73ln28013q9dq2w-source/package.json' is forbidden in restricted mode
@michaelpj
Copy link
Author

I tried to fix this, and I'm a little baffled by the restrictions. If I revert to just using ./. for src it works, but if I use even a trivial builtins.filterSource call it fails. I would have expected the builtin to work, but apparently not...

@shmish111 shmish111 mentioned this issue May 31, 2019
Closed
@michaelpj michaelpj mentioned this issue May 31, 2019
Closed
@ghost
Copy link

ghost commented Nov 22, 2019

Fixed by #115

@zimbatm zimbatm closed this as completed Nov 22, 2019
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Don't filter the yarn2nix source michaelpj/yarn2nix
2 participants
@zimbatm @michaelpj