]> git.scottworley.com Git - pinch/commitdiff
Support restricted mode: Allow tarball access with search paths.
authorScott Worley <scottworley@scottworley.com>
Fri, 14 Jan 2022 05:55:09 +0000 (21:55 -0800)
committerScott Worley <scottworley@scottworley.com>
Fri, 14 Jan 2022 06:04:21 +0000 (22:04 -0800)
This allows 'pinch update' to create a new profile.  Updating an
existing profile still doesn't work because nix-env can't read the
existing manifest.

Also, the search path names aren't the best.  Multiple links
probably don't work in restricted mode.  (This tool is deprecated
& is receiving minimal maintenance; patches welcome.)

Changelog
pinch.py
tests/alias.sh
tests/core.sh
tests/multi-update.sh
tests/pin-twice.sh
tests/profile.sh
tests/symlink.sh

index f6943ec3ba9863a16b1540733a3c2d7fb015ebfb..1bd1d9cbd0ac6718ef0d7f0d250f31c4cdb23fb5 100644 (file)
--- a/Changelog
+++ b/Changelog
@@ -3,6 +3,7 @@
 - Deprecate pinch.
 - Show the channel URL being fetched.
 - Use nix 2.3 because 2.4 broke <nix/unpack-channel.nix>.
 - Deprecate pinch.
 - Show the channel URL being fetched.
 - Use nix 2.3 because 2.4 broke <nix/unpack-channel.nix>.
+- Support restricted mode: Allow tarball access with search paths.
 
 
 ## [3.0.5] - 2021-07-09
 
 
 ## [3.0.5] - 2021-07-09
index 130f69a8daeb86fc6521de878da3014075f8b16d..2ba47b22db129d06fe4d88851f5d19346cbc7d11 100644 (file)
--- a/pinch.py
+++ b/pinch.py
@@ -644,6 +644,7 @@ def pinCommand(args: argparse.Namespace) -> None:
 def updateCommand(args: argparse.Namespace) -> None:
     v = Verification()
     exprs: Dict[str, str] = {}
 def updateCommand(args: argparse.Namespace) -> None:
     v = Verification()
     exprs: Dict[str, str] = {}
+    search_paths: List[str] = []
     config = {
         section: read_pinned_config_section(section, conf) for section,
         conf in read_config_files(
     config = {
         section: read_pinned_config_section(section, conf) for section,
         conf in read_config_files(
@@ -651,10 +652,12 @@ def updateCommand(args: argparse.Namespace) -> None:
     alias, nonalias = partition_dict(
         lambda k, v: isinstance(v[0], AliasSearchPath), config)
 
     alias, nonalias = partition_dict(
         lambda k, v: isinstance(v[0], AliasSearchPath), config)
 
-    for section, (sp, pin) in nonalias.items():
+    for section, (sp, pin) in sorted(nonalias.items()):
         assert not isinstance(sp, AliasSearchPath)  # mypy can't see through
         assert not isinstance(pin, AliasPin)        # partition_dict()
         tarball = sp.fetch(v, pin)
         assert not isinstance(sp, AliasSearchPath)  # mypy can't see through
         assert not isinstance(pin, AliasPin)        # partition_dict()
         tarball = sp.fetch(v, pin)
+        search_paths.extend(["-I", "pinch_tarball_for_%s=%s" %
+                            (pin.release_name, tarball)])
         exprs[section] = (
             'f: f { name = "%s"; channelName = "%%s"; src = builtins.storePath "%s"; }' %
             (pin.release_name, tarball))
         exprs[section] = (
             'f: f { name = "%s"; channelName = "%%s"; src = builtins.storePath "%s"; }' %
             (pin.release_name, tarball))
@@ -671,7 +674,8 @@ def updateCommand(args: argparse.Namespace) -> None:
         '--file',
         '<nix/unpack-channel.nix>',
         '--install',
         '--file',
         '<nix/unpack-channel.nix>',
         '--install',
-        '--from-expression'] + [exprs[name] % name for name in sorted(exprs.keys())]
+    ] + search_paths + ['--from-expression'] + [
+        exprs[name] % name for name in sorted(exprs.keys())]
     if args.dry_run:
         print(' '.join(map(shlex.quote, command)))
     else:
     if args.dry_run:
         print(' '.join(map(shlex.quote, command)))
     else:
index dce5747beebc7b859477da1fd525685f6d5a6db4..bf63baacecd60eeb62a445d2602d5ebfe81fd6ba 100755 (executable)
@@ -14,7 +14,7 @@ python3 ./pinch.py pin "$conf"
 
 actual_env_command=`python3 ./pinch.py update --dry-run "$conf"`
 
 
 actual_env_command=`python3 ./pinch.py update --dry-run "$conf"`
 
-expected_env_command_RE='^nix-env --profile /nix/var/nix/profiles/per-user/[^/]+/channels --show-trace --file '\''<nix/unpack-channel.nix>'\'' --install --from-expression '\''f: f \{ name = "(repo-[0-9]{10}-[0-9a-f]{11})"; channelName = "bar"; src = builtins.storePath "'"$NIX_STORE_DIR"'/.{32}-\1.tar.xz"; \}'\'' '\''f: f \{ name = "\1"; channelName = "foo"; src = builtins.storePath "'"$NIX_STORE_DIR"'/.{32}-\1.tar.xz"; \}'\''$'
+expected_env_command_RE='^nix-env --profile /nix/var/nix/profiles/per-user/[^/]+/channels --show-trace --file '\''<nix/unpack-channel.nix>'\'' --install -I pinch_tarball_for_(repo-[0-9]{10}-[0-9a-f]{11})=('"$NIX_STORE_DIR"'/.{32}-\1.tar.xz) --from-expression '\''f: f \{ name = "\1"; channelName = "bar"; src = builtins.storePath "\2"; \}'\'' '\''f: f \{ name = "\1"; channelName = "foo"; src = builtins.storePath "\2"; \}'\''$'
 
 if echo "$actual_env_command" | egrep "$expected_env_command_RE" > /dev/null;then
   echo PASS
 
 if echo "$actual_env_command" | egrep "$expected_env_command_RE" > /dev/null;then
   echo PASS
index 5d11707986f2bd2405a34b8f83ed58d2f83e71ab..60ac99f45d70bc13de750bbaa82a3a3858320d76 100755 (executable)
@@ -8,7 +8,7 @@ python3 ./pinch.py pin "$conf"
 
 actual_env_command=`python3 ./pinch.py update --dry-run "$conf"`
 
 
 actual_env_command=`python3 ./pinch.py update --dry-run "$conf"`
 
-expected_env_command_RE='^nix-env --profile /nix/var/nix/profiles/per-user/[^/]+/channels --show-trace --file '\''<nix/unpack-channel.nix>'\'' --install --from-expression '\''f: f \{ name = "(repo-[0-9]{10}-[0-9a-f]{11})"; channelName = "foo"; src = builtins.storePath "'"$NIX_STORE_DIR"'/.{32}-\1.tar.xz"; \}'\''$'
+expected_env_command_RE='^nix-env --profile /nix/var/nix/profiles/per-user/[^/]+/channels --show-trace --file '\''<nix/unpack-channel.nix>'\'' --install -I pinch_tarball_for_(repo-[0-9]{10}-[0-9a-f]{11})=('"$NIX_STORE_DIR"'/.{32}-\1.tar.xz) --from-expression '\''f: f \{ name = "\1"; channelName = "foo"; src = builtins.storePath "\2"; \}'\''$'
 
 if echo "$actual_env_command" | egrep "$expected_env_command_RE" > /dev/null;then
   echo PASS
 
 if echo "$actual_env_command" | egrep "$expected_env_command_RE" > /dev/null;then
   echo PASS
index aa617c8b90db3c7c01207c23bd7d0750c2477f94..87bf636ae7fe5af9beb1c0b689a8fd9d5f4b3dd3 100755 (executable)
@@ -18,7 +18,7 @@ actual_env_command=`python3 ./pinch.py update --dry-run "$conf" "$conf2"`
 
 rm -rf "$conf2"
 
 
 rm -rf "$conf2"
 
-expected_env_command_RE='^nix-env --profile /nix/var/nix/profiles/per-user/[^/]+/channels --show-trace --file '\''<nix/unpack-channel.nix>'\'' --install --from-expression '\''f: f \{ name = "(repo-[0-9]{10}-[0-9a-f]{11})"; channelName = "bar"; src = builtins.storePath "'"$NIX_STORE_DIR"'/.{32}-\1.tar.xz"; \}'\'' '\''f: f \{ name = "\1"; channelName = "foo"; src = builtins.storePath "'"$NIX_STORE_DIR"'/.{32}-\1.tar.xz"; \}'\''$'
+expected_env_command_RE='^nix-env --profile /nix/var/nix/profiles/per-user/[^/]+/channels --show-trace --file '\''<nix/unpack-channel.nix>'\'' --install -I pinch_tarball_for_(repo-[0-9]{10}-[0-9a-f]{11})=('"$NIX_STORE_DIR"'/.{32}-\1.tar.xz) --from-expression '\''f: f \{ name = "\1"; channelName = "bar"; src = builtins.storePath "\2"; \}'\'' '\''f: f \{ name = "\1"; channelName = "foo"; src = builtins.storePath "\2"; \}'\''$'
 
 if echo "$actual_env_command" | egrep "$expected_env_command_RE" > /dev/null;then
   echo PASS
 
 if echo "$actual_env_command" | egrep "$expected_env_command_RE" > /dev/null;then
   echo PASS
index ee50174b95dbde87b6bc33bcb49fb8ad44e2d6c6..12d4646d4e87288f55b4ce0f0790a97e5383baf7 100755 (executable)
@@ -17,7 +17,7 @@ python3 ./pinch.py pin "$conf"
 
 actual_env_command=`python3 ./pinch.py update --dry-run "$conf"`
 
 
 actual_env_command=`python3 ./pinch.py update --dry-run "$conf"`
 
-expected_env_command_RE='^nix-env --profile /nix/var/nix/profiles/per-user/[^/]+/channels --show-trace --file '\''<nix/unpack-channel.nix>'\'' --install --from-expression '\''f: f \{ name = "(repo-[0-9]{10}-[0-9a-f]{11})"; channelName = "foo"; src = builtins.storePath "'"$NIX_STORE_DIR"'/.{32}-\1.tar.xz"; \}'\''$'
+expected_env_command_RE='^nix-env --profile /nix/var/nix/profiles/per-user/[^/]+/channels --show-trace --file '\''<nix/unpack-channel.nix>'\'' --install -I pinch_tarball_for_(repo-[0-9]{10}-[0-9a-f]{11})=('"$NIX_STORE_DIR"'/.{32}-\1.tar.xz) --from-expression '\''f: f \{ name = "\1"; channelName = "foo"; src = builtins.storePath "\2"; \}'\''$'
 
 if echo "$actual_env_command" | egrep "$expected_env_command_RE" > /dev/null;then
   echo PASS
 
 if echo "$actual_env_command" | egrep "$expected_env_command_RE" > /dev/null;then
   echo PASS
index 00ceb2753e9145a735845a89301f00d722e250a6..08cf5b38cf295de3ec36e7ecb7391c7230368f2c 100755 (executable)
@@ -8,7 +8,7 @@ python3 ./pinch.py pin "$conf"
 
 actual_env_command=`python3 ./pinch.py update --dry-run --profile /path/to/profile "$conf"`
 
 
 actual_env_command=`python3 ./pinch.py update --dry-run --profile /path/to/profile "$conf"`
 
-expected_env_command_RE='^nix-env --profile /path/to/profile --show-trace --file '\''<nix/unpack-channel.nix>'\'' --install --from-expression '\''f: f \{ name = "(repo-[0-9]{10}-[0-9a-f]{11})"; channelName = "foo"; src = builtins.storePath "'"$NIX_STORE_DIR"'/.{32}-\1.tar.xz"; \}'\''$'
+expected_env_command_RE='^nix-env --profile /path/to/profile --show-trace --file '\''<nix/unpack-channel.nix>'\'' --install -I pinch_tarball_for_(repo-[0-9]{10}-[0-9a-f]{11})=('"$NIX_STORE_DIR"'/.{32}-\1.tar.xz) --from-expression '\''f: f \{ name = "\1"; channelName = "foo"; src = builtins.storePath "\2"; \}'\''$'
 
 if echo "$actual_env_command" | egrep "$expected_env_command_RE" > /dev/null;then
   echo PASS
 
 if echo "$actual_env_command" | egrep "$expected_env_command_RE" > /dev/null;then
   echo PASS
index 7f4c3543824a1d64cc1db658e808c9d56ae66300..e5ef8c3372b8dddd9a0f90e8f930ef01d0b80458 100755 (executable)
@@ -14,7 +14,7 @@ python3 ./pinch.py pin "$conf"
 
 actual_env_command=`python3 ./pinch.py update --dry-run "$conf"`
 
 
 actual_env_command=`python3 ./pinch.py update --dry-run "$conf"`
 
-expected_env_command_RE='^nix-env --profile /nix/var/nix/profiles/per-user/[^/]+/channels --show-trace --file '\''<nix/unpack-channel.nix>'\'' --install --from-expression '\''f: f \{ name = "link"; channelName = "bar"; src = builtins.storePath "'"$NIX_STORE_DIR"'/.{32}-link.tar.gz"; \}'\'' '\''f: f \{ name = "(repo-[0-9]{10}-[0-9a-f]{11})"; channelName = "foo"; src = builtins.storePath "'"$NIX_STORE_DIR"'/.{32}-\1.tar.xz"; \}'\''$'
+expected_env_command_RE='^nix-env --profile /nix/var/nix/profiles/per-user/[^/]+/channels --show-trace --file '\''<nix/unpack-channel.nix>'\'' --install -I pinch_tarball_for_link=('"$NIX_STORE_DIR"'/.{32}-link.tar.gz) -I pinch_tarball_for_(repo-[0-9]{10}-[0-9a-f]{11})=('"$NIX_STORE_DIR"'/.{32}-\2.tar.xz) --from-expression '\''f: f \{ name = "link"; channelName = "bar"; src = builtins.storePath "\1"; \}'\'' '\''f: f \{ name = "\2"; channelName = "foo"; src = builtins.storePath "\3"; \}'\''$'
 
 if echo "$actual_env_command" | egrep "$expected_env_command_RE" > /dev/null;then
   echo PASS
 
 if echo "$actual_env_command" | egrep "$expected_env_command_RE" > /dev/null;then
   echo PASS