From patchwork Mon Oct 11 21:38:03 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: =?utf-8?q?Ludovic_Court=C3=A8s?= X-Patchwork-Id: 33779 Return-Path: X-Original-To: patchwork@mira.cbaines.net Delivered-To: patchwork@mira.cbaines.net Received: by mira.cbaines.net (Postfix, from userid 113) id 0703727BBE3; Mon, 11 Oct 2021 22:44:38 +0100 (BST) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on mira.cbaines.net X-Spam-Level: X-Spam-Status: No, score=-2.9 required=5.0 tests=BAYES_00,MAILING_LIST_MULTI, RCVD_IN_MSPIKE_H2,SPF_HELO_PASS,URIBL_BLOCKED autolearn=unavailable autolearn_force=no version=3.4.2 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mira.cbaines.net (Postfix) with ESMTPS id 9B49227BBE1 for ; Mon, 11 Oct 2021 22:44:37 +0100 (BST) Received: from localhost ([::1]:42104 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1ma364-0002xL-N1 for patchwork@mira.cbaines.net; Mon, 11 Oct 2021 17:44:36 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:47520) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1ma30h-0006b5-Fc for guix-patches@gnu.org; Mon, 11 Oct 2021 17:39:04 -0400 Received: from debbugs.gnu.org ([209.51.188.43]:49611) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1ma30h-0004qq-6I for guix-patches@gnu.org; Mon, 11 Oct 2021 17:39:03 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1ma30h-0001Pi-4B for guix-patches@gnu.org; Mon, 11 Oct 2021 17:39:03 -0400 X-Loop: help-debbugs@gnu.org Subject: [bug#50960] [PATCH v2 05/11] DRAFT shell: Honor in ~/.config/guix/shell-authorized-directories. Resent-From: Ludovic =?utf-8?q?Court=C3=A8s?= Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Mon, 11 Oct 2021 21:39:03 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 50960 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: 50960@debbugs.gnu.org Cc: Ludovic =?utf-8?q?Court=C3=A8s?= Received: via spool by 50960-submit@debbugs.gnu.org id=B50960.16339883185327 (code B ref 50960); Mon, 11 Oct 2021 21:39:03 +0000 Received: (at 50960) by debbugs.gnu.org; 11 Oct 2021 21:38:38 +0000 Received: from localhost ([127.0.0.1]:32906 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1ma30H-0001Nf-LL for submit@debbugs.gnu.org; Mon, 11 Oct 2021 17:38:38 -0400 Received: from eggs.gnu.org ([209.51.188.92]:45468) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1ma30A-0001M4-1Q for 50960@debbugs.gnu.org; Mon, 11 Oct 2021 17:38:31 -0400 Received: from fencepost.gnu.org ([2001:470:142:3::e]:40572) by eggs.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1ma304-0004X9-QM; Mon, 11 Oct 2021 17:38:24 -0400 Received: from 91-160-117-201.subs.proxad.net ([91.160.117.201]:53321 helo=gnu.org) by fencepost.gnu.org with esmtpsa (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1ma304-0007Y0-9D; Mon, 11 Oct 2021 17:38:24 -0400 From: Ludovic =?utf-8?q?Court=C3=A8s?= Date: Mon, 11 Oct 2021 23:38:03 +0200 Message-Id: <20211011213809.17482-6-ludo@gnu.org> X-Mailer: git-send-email 2.33.0 In-Reply-To: <20211011213809.17482-1-ludo@gnu.org> References: <20211002102116.27726-1-ludo@gnu.org> <20211011213809.17482-1-ludo@gnu.org> MIME-Version: 1.0 X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: guix-patches@gnu.org List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org Sender: "Guix-patches" X-getmail-retrieved-from-mailbox: Patches DRAFT: Squeeze with previous commit, or instead implement "guix shell ." convention? * guix/scripts/shell.scm (authorized-directory-file) (authorized-shell-directory?): New procedure. (auto-detect-manifest): Use it. * doc/guix.texi (Invoking guix shell): Document it. --- doc/guix.texi | 14 ++++++++++ guix/scripts/shell.scm | 60 +++++++++++++++++++++++++++++++++++++++--- tests/guix-shell.sh | 16 ++++++++--- 3 files changed, 83 insertions(+), 7 deletions(-) diff --git a/doc/guix.texi b/doc/guix.texi index b0d745b9e3..b95025a39f 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -5620,6 +5620,20 @@ before @command{guix shell} was invoked. The next garbage collection (@pxref{Invoking guix gc}) may clean up packages that were installed in the environment and that are no longer used outside of it. +As an added convenience, when running from a directory that contains a +@file{guix.scm} or a @file{manifest.scm} file, possibly in a parent +directory, @command{guix shell} automatically loads the file---provided +the directory is listed in +@file{~/.config/guix/shell-authorized-directories}, and only for +interactive use: + +@example +guix shell +@end example + +This provides an easy way to define, share, and enter development +environments. + By default, the shell session or command runs in an @emph{augmented} environment, where the new packages are added to search path environment variables such as @code{PATH}. You can, instead, choose to create an diff --git a/guix/scripts/shell.scm b/guix/scripts/shell.scm index 39d843bde7..45fd536145 100644 --- a/guix/scripts/shell.scm +++ b/guix/scripts/shell.scm @@ -18,6 +18,7 @@ (define-module (guix scripts shell) #:use-module (guix ui) + #:use-module ((guix diagnostics) #:select (location)) #:use-module (guix scripts environment) #:autoload (guix scripts build) (show-build-options-help) #:autoload (guix transformations) (show-transformation-options-help) @@ -29,6 +30,8 @@ (define-module (guix scripts shell) #:use-module (srfi srfi-37) #:use-module (srfi srfi-71) #:use-module (ice-9 match) + #:autoload (ice-9 rdelim) (read-line) + #:autoload (guix utils) (config-directory) #:export (guix-shell)) (define (show-help) @@ -151,6 +154,39 @@ (define device (stat:dev (stat start))) (and (not (string=? directory "/")) (loop (dirname directory)))))))) ;lexical ".." resolution +(define (authorized-directory-file) + "Return the name of the file listing directories for which 'guix shell' may +automatically load 'guix.scm' or 'manifest.scm' files." + (string-append (config-directory) "/shell-authorized-directories")) + +(define (authorized-shell-directory? directory) + "Return true if DIRECTORY is among the authorized directories for automatic +loading. The list of authorized directories is read from +'authorized-directory-file'; each line must be either: an absolute file name, +a hash-prefixed comment, or a blank line." + (catch 'system-error + (lambda () + (call-with-input-file (authorized-directory-file) + (lambda (port) + (let loop () + (match (read-line port) + ((? eof-object?) #f) + ((= string-trim line) + (cond ((string-prefix? "#" line) ;comment + (loop)) + ((string-prefix? "/" line) ;absolute file name + (or (string=? line directory) + (loop))) + ((string-null? (string-trim-right line)) ;blank line + (loop)) + (else ;bogus line + (let ((loc (location (port-filename port) + (port-line port) + (port-column port)))) + (warning loc (G_ "ignoring invalid file name: '~a'~%") + line)))))))))) + (const #f))) + (define (auto-detect-manifest opts) "If OPTS do not specify packages or a manifest, load a \"guix.scm\" or \"manifest.scm\" file from the current directory or one of its ancestors. @@ -179,10 +215,26 @@ (define disallow-implicit-load? (warning (G_ "no packages specified; creating an empty environment~%")) opts) (file - (info (G_ "loading environment from '~a'...~%") file) - (match (basename file) - ("guix.scm" (alist-cons 'load `(package ,file) opts)) - ("manifest.scm" (alist-cons 'manifest file opts))))))) + (if (authorized-shell-directory? (dirname file)) + (begin + (info (G_ "loading environment from '~a'...~%") file) + (match (basename file) + ("guix.scm" (alist-cons 'load `(package ,file) opts)) + ("manifest.scm" (alist-cons 'manifest file opts)))) + (begin + (warning (G_ "not loading '~a' because not authorized to do so~%") + file) + (display-hint (format #f (G_ "To allow automatic loading of +@file{~a} when running @command{guix shell}, you must explicitly authorize its +directory, like so: + +@example +echo ~a >> ~a +@end example\n") + file + (dirname file) + (authorized-directory-file))) + opts)))))) (define-command (guix-shell . args) diff --git a/tests/guix-shell.sh b/tests/guix-shell.sh index 0988ca0a75..95725cba2d 100644 --- a/tests/guix-shell.sh +++ b/tests/guix-shell.sh @@ -22,19 +22,29 @@ guix shell --version +configdir="t-guix-shell-config-$$" tmpdir="t-guix-shell-$$" -trap 'rm -r "$tmpdir"' EXIT -mkdir "$tmpdir" +trap 'rm -r "$tmpdir" "$configdir"' EXIT +mkdir "$tmpdir" "$configdir" "$configdir/guix" + +XDG_CONFIG_HOME="$(realpath $configdir)" +export XDG_CONFIG_HOME guix shell --bootstrap --pure guile-bootstrap -- guile --version # '--ad-hoc' is a thing of the past. ! guix shell --ad-hoc guile-bootstrap -# Ignoring 'manifest.scm' and 'guix.scm' in non-interactive use. +# Ignoring unauthorized files. cat > "$tmpdir/guix.scm" < "$configdir/guix/shell-authorized-directories" + +# Ignoring 'manifest.scm' and 'guix.scm' in non-interactive use. (cd "$tmpdir"; guix shell --bootstrap -- true) mv "$tmpdir/guix.scm" "$tmpdir/manifest.scm" (cd "$tmpdir"; guix shell --bootstrap -- true)