diff options
author | Will Dietz <w@wdtz.org> | 2018-08-14 22:10:15 -0500 |
---|---|---|
committer | Graham Christensen <graham@grahamc.com> | 2018-09-29 20:29:33 -0400 |
commit | f3a114e088658786cfd5de5b2aa3e7cba9e96c64 (patch) | |
tree | ea19288e7085b402e0af3e3b6bdd617fb0827def | |
parent | 74df71bc8b446dd803aed3990a1148f258772f65 (diff) | |
download | nixlib-f3a114e088658786cfd5de5b2aa3e7cba9e96c64.tar nixlib-f3a114e088658786cfd5de5b2aa3e7cba9e96c64.tar.gz nixlib-f3a114e088658786cfd5de5b2aa3e7cba9e96c64.tar.bz2 nixlib-f3a114e088658786cfd5de5b2aa3e7cba9e96c64.tar.lz nixlib-f3a114e088658786cfd5de5b2aa3e7cba9e96c64.tar.xz nixlib-f3a114e088658786cfd5de5b2aa3e7cba9e96c64.tar.zst nixlib-f3a114e088658786cfd5de5b2aa3e7cba9e96c64.zip |
NIX_PATH: don't prepend $HOME-based value in session variable, set later
environment.sessionVariables cannot refer to the values of env vars, and as a result this has caused problems in a variety of scenarios. One use for these is that they're injected into /etc/profile, elewhere these are used to populate an 'envfile' for pam (`pam 5 pam_env.conf`) which mentions use of HOME being potentially problematic. Anyway if the goal is to make things easier for users, simply do the NIX_PATH modification as extraInit. This fixes the annoying problems generated by the current approach (#40165 and others) while hopefully serving the original goal. One way to check if things are borked is to try: $ sudo env | grep NIX_PATH Which (before this change) prints NIX_PATH variable with an unexpanded $HOME in the value. ------- This does mean the following won't contain user channels for 'will': $ sudo -u will nix-instantiate --eval -E builtins.nixPath However AFAICT currently they won't be present either, due to unescaped $HOME. Unsure if similar situation for other users of sessionVariables (not sudo) work with current situation (if they exist they will regress after this change AFAIK).
-rw-r--r-- | nixos/modules/services/misc/nix-daemon.nix | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/nixos/modules/services/misc/nix-daemon.nix b/nixos/modules/services/misc/nix-daemon.nix index c0eb882c58f3..9a8ca6f43bfe 100644 --- a/nixos/modules/services/misc/nix-daemon.nix +++ b/nixos/modules/services/misc/nix-daemon.nix @@ -345,7 +345,6 @@ in type = types.listOf types.str; default = [ - "$HOME/.nix-defexpr/channels" "nixpkgs=/nix/var/nix/profiles/per-user/root/channels/nixos" "nixos-config=/etc/nixos/configuration.nix" "/nix/var/nix/profiles/per-user/root/channels" @@ -436,7 +435,7 @@ in # Set up the environment variables for running Nix. environment.sessionVariables = cfg.envVars // - { NIX_PATH = concatStringsSep ":" cfg.nixPath; + { NIX_PATH = cfg.nixPath; }; environment.extraInit = optionalString (!isNix20) @@ -446,6 +445,8 @@ in if [ "$USER" != root -o ! -w /nix/var/nix/db ]; then export NIX_REMOTE=daemon fi + '' + '' + export NIX_PATH="$HOME/.nix-defexpr/channels''${NIX_PATH:+:$NIX_PATH}" ''; nix.nrBuildUsers = mkDefault (lib.max 32 cfg.maxJobs); |