Updating to nix >=2.16 fails during tests
Artturin opened this issue · 0 comments
Artturin commented
ofborg/ofborg/test-srcs/build/default.nix
Line 19 in de415d3
---- nix::tests::strict_sandboxing stdout ----
thread 'nix::tests::strict_sandboxing' panicked at '
The run was expected to Fail, but did not.
| this derivation will be built:
| /nix/store/ih4kj08w3x1vavdy40n08qis00ilrbjy-sandbox-violation.drv
| building '/nix/store/ih4kj08w3x1vavdy40n08qis00ilrbjy-sandbox-violation.drv'...
| /nix/store/002bqs9cx1zavfag41xngiih1f2ari27-sandbox-violation
0 out of 2 required lines matched.
- Err("access to absolute path")
- Err("is forbidden in restricted mode")
', ofborg/src/nix.rs:545:13
stack backtrace:
0: rust_begin_unwind
1: core::panicking::panic_fmt
2: core::panicking::panic_display
at /build/rustc-1.72.0-src/library/core/src/panicking.rs:150:5
3: ofborg::nix::tests::assert_run
at ./src/nix.rs:545:13
4: ofborg::nix::tests::strict_sandboxing
at ./src/nix.rs:848:9
5: ofborg::nix::tests::strict_sandboxing::{{closure}}
at ./src/nix.rs:841:28
6: core::ops::function::FnOnce::call_once
at /build/rustc-1.72.0-src/library/core/src/ops/function.rs:250:5
note: Some details are omitted, run with `RUST_BACKTRACE=full` for a verbose backtrace.
Can't repro locally
derivation {
name = "sandbox-violation";
system = builtins.currentSystem;
src = ./../../../lib;
builder = builtins.storePath <bash>;
args = [ "-c" "echo hi; echo ${toString builtins.currentTime} > $out" ];
}
in depth0/depth1/depth3/default.nix in nixpkgs
$ nix shell "nixpkgs#nixVersions.nix_2_16" --command nix-build depth0/depth1/depth3/default.nix -I "bash=$(command -v bash)" --option restrict-eval true
error: access to absolute path '/home/artturin/nixgits/my-nixpkgs/depth0/depth1/depth3/default.nix' is forbidden in restricted mode