feat(users/Profpatsch/lib): add runInEmptyEnv

Small helper that empties out the environment, except for the given
list of variables.

Change-Id: I5e265496aaa5c248136318aa1c6cd91a67d3f028
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2506
Tested-by: BuildkiteCI
Reviewed-by: Profpatsch <mail@profpatsch.de>
This commit is contained in:
Profpatsch 2021-02-09 21:50:21 +01:00
parent 81122c1297
commit 1b706b5ae3

View file

@ -25,11 +25,22 @@ let
"fdmove" "-c" "1" "2" bins.printenv "$1" "$@"
];
# remove everything but a few selected environment variables
runInEmptyEnv = keepVars:
let
importas = pkgs.lib.concatMap (var: [ "importas" "-i" var var ]) keepVars;
# we have to explicitely call export here, because PATH is probably empty
export = pkgs.lib.concatMap (var: [ "${pkgs.execline}/bin/export" var ''''${${var}}'' ]) keepVars;
in depot.nix.writeExecline "empty-env" {}
(importas ++ [ "emptyenv" ] ++ export ++ [ "${pkgs.execline}/bin/exec" "$@" ]);
in {
inherit
debugExec
eprintf
eprint-stdin
eprintenv
runInEmptyEnv
;
}