wroclaw-git-backups/nix
1
0
Fork 0
mirror of https://github.com/NixOS/nix synced 2025-07-07 18:31:49 +02:00
Code Activity

diff hook: execute as the build user, and pass the temp dir

Browse source
This commit is contained in:
Graham Christensen 2019-05-10 20:59:39 -04:00
parent c78686e411
commit 6df61db060
No known key found for this signature in database
GPG key ID: ACA1C1D120C83D5C
5 changed files with 51 additions and 28 deletions
Download patch file Download diff file Expand all files Collapse all files

12
doc/manual/advanced-topics/diff-hook.xml
View file

@ -46,17 +46,15 @@ file containing:
#!/bin/sh
exec >&2
echo "For derivation $3:"
/run/current-system/sw/bin/runuser -u nobody -- /run/current-system/sw/bin/diff -r "$1" "$2"
/run/current-system/sw/bin/diff -r "$1" "$2"
</programlisting>
<warning>
<para>The diff hook can be run as root. Take care to run as little
as possible as root, for this example we use <command>runuser</command>
to drop privileges.
</para>
</warning>
</para>
<para>The diff hook is executed by the same user and group who ran the
build. However, the diff hook does not have write access to the store
path just built.</para>
<section>
<title>
Spot-Checking Build Determinism