feat(users/Profpatsch/lib): add runInEmptyEnv
Small helper that empties out the environment, except for the given list of variables. Change-Id: I5e265496aaa5c248136318aa1c6cd91a67d3f028 Reviewed-on: https://cl.tvl.fyi/c/depot/+/2506 Tested-by: BuildkiteCI Reviewed-by: Profpatsch <mail@profpatsch.de>
This commit is contained in:
parent
81122c1297
commit
1b706b5ae3
1 changed files with 11 additions and 0 deletions
|
@ -25,11 +25,22 @@ let
|
|||
"fdmove" "-c" "1" "2" bins.printenv "$1" "$@"
|
||||
];
|
||||
|
||||
# remove everything but a few selected environment variables
|
||||
runInEmptyEnv = keepVars:
|
||||
let
|
||||
importas = pkgs.lib.concatMap (var: [ "importas" "-i" var var ]) keepVars;
|
||||
# we have to explicitely call export here, because PATH is probably empty
|
||||
export = pkgs.lib.concatMap (var: [ "${pkgs.execline}/bin/export" var ''''${${var}}'' ]) keepVars;
|
||||
in depot.nix.writeExecline "empty-env" {}
|
||||
(importas ++ [ "emptyenv" ] ++ export ++ [ "${pkgs.execline}/bin/exec" "$@" ]);
|
||||
|
||||
|
||||
in {
|
||||
inherit
|
||||
debugExec
|
||||
eprintf
|
||||
eprint-stdin
|
||||
eprintenv
|
||||
runInEmptyEnv
|
||||
;
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue