about summary refs log tree commit diff
path: root/nixpkgs/nixos/modules/profiles/macos-builder.nix
diff options
context:
space:
mode:
Diffstat (limited to 'nixpkgs/nixos/modules/profiles/macos-builder.nix')
-rw-r--r--nixpkgs/nixos/modules/profiles/macos-builder.nix5
1 files changed, 5 insertions, 0 deletions
diff --git a/nixpkgs/nixos/modules/profiles/macos-builder.nix b/nixpkgs/nixos/modules/profiles/macos-builder.nix
index 6c2602881d6b..786e26cf98f7 100644
--- a/nixpkgs/nixos/modules/profiles/macos-builder.nix
+++ b/nixpkgs/nixos/modules/profiles/macos-builder.nix
@@ -145,6 +145,8 @@ in
         # This installCredentials script is written so that it's as easy as
         # possible for a user to audit before confirming the `sudo`
         installCredentials = hostPkgs.writeShellScript "install-credentials" ''
+          set -euo pipefail
+
           KEYS="''${1}"
           INSTALL=${hostPkgs.coreutils}/bin/install
           "''${INSTALL}" -g nixbld -m 600 "''${KEYS}/${user}_${keyType}" ${privateKey}
@@ -154,6 +156,9 @@ in
         hostPkgs = config.virtualisation.host.pkgs;
 
         script = hostPkgs.writeShellScriptBin "create-builder" (
+          ''
+            set -euo pipefail
+          '' +
           # When running as non-interactively as part of a DarwinConfiguration the working directory
           # must be set to a writeable directory.
         (if cfg.workingDirectory != "." then ''
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-05-20 08:55:04 +0000