From patchwork Wed Nov 8 15:19:37 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Antero Mejr X-Patchwork-Id: 56097 Return-Path: X-Original-To: patchwork@mira.cbaines.net Delivered-To: patchwork@mira.cbaines.net Received: by mira.cbaines.net (Postfix, from userid 113) id 6338227BBEA; Wed, 8 Nov 2023 15:20:55 +0000 (GMT) X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on mira.cbaines.net X-Spam-Level: X-Spam-Status: No, score=-2.7 required=5.0 tests=BAYES_00,DKIM_INVALID, DKIM_SIGNED,MAILING_LIST_MULTI,SPF_HELO_PASS,URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.6 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mira.cbaines.net (Postfix) with ESMTPS id D694027BBE2 for ; Wed, 8 Nov 2023 15:20:53 +0000 (GMT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1r0kM5-00040j-GW; Wed, 08 Nov 2023 10:20:33 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1r0kLx-0003yU-2S for guix-patches@gnu.org; Wed, 08 Nov 2023 10:20:26 -0500 Received: from debbugs.gnu.org ([2001:470:142:5::43]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1r0kLv-0000T8-MG for guix-patches@gnu.org; Wed, 08 Nov 2023 10:20:24 -0500 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1r0kMX-0003uu-US for guix-patches@gnu.org; Wed, 08 Nov 2023 10:21:01 -0500 X-Loop: help-debbugs@gnu.org Subject: [bug#62848] [PATCH 1/2] guix: Rename white-list to allow-list. Resent-From: Antero Mejr Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Wed, 08 Nov 2023 15:21:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 62848 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: moreinfo patch To: Liliana Marie Prikler Cc: 62848@debbugs.gnu.org, maxim.cournoyer@gmail.com Received: via spool by 62848-submit@debbugs.gnu.org id=B62848.169945683415005 (code B ref 62848); Wed, 08 Nov 2023 15:21:01 +0000 Received: (at 62848) by debbugs.gnu.org; 8 Nov 2023 15:20:34 +0000 Received: from localhost ([127.0.0.1]:46134 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1r0kM5-0003tx-K9 for submit@debbugs.gnu.org; Wed, 08 Nov 2023 10:20:34 -0500 Received: from mout-p-103.mailbox.org ([2001:67c:2050:0:465::103]:47912) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1r0kM0-0003te-G3 for 62848@debbugs.gnu.org; Wed, 08 Nov 2023 10:20:32 -0500 Received: from smtp102.mailbox.org (smtp102.mailbox.org [IPv6:2001:67c:2050:b231:465::102]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by mout-p-103.mailbox.org (Postfix) with ESMTPS id 4SQTK95f98z9snx; Wed, 8 Nov 2023 16:19:41 +0100 (CET) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mailbox.org; s=mail20150812; t=1699456781; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=ZYsOfn+5sAwYE/sTG2Wn+9m029eKBfmwPl+Yeuj3RQ8=; b=MVgl/SjUW0xftWBx9A1f5TChgfWUxVgoj3f2KEuRSkBhMQiYDRSwClQ3h6/sKVy6AOLNDU IM/TOYe3OHPPufj4UbPHeBhZmBbqGYELpLuNmRFOGW0MZla6bD9iyNak3aBjSRKZ8vkwhS sHr7f4L03hY9De4tPTpurW0O0K9wZ9T7JzKi4v/7qJ2sU/vfgIm9uolmtjBSI7yEDHd6Gh yJrrcxi6ewbdf6XCXL5gS9YB8yFx0Un9mCQy/bUee1wq8pBV/eb1YB+hLHnvly0Rh7aaEh Bay7XYUqODbVQUvI+9DOhsZR51YXaHa+pEjiGpT3GEtfteQb16ov4/63JkhATg== In-Reply-To: <16e985a5a6cc331daecfb58a1a737e6c6f76fa32.camel@gmail.com> (Liliana Marie Prikler's message of "Wed, 08 Nov 2023 06:29:03 +0100") References: <87msvpmc2e.fsf@mailbox.org> <16e985a5a6cc331daecfb58a1a737e6c6f76fa32.camel@gmail.com> Date: Wed, 08 Nov 2023 15:19:37 +0000 Message-ID: <87pm0kuvau.fsf_-_@mailbox.org> MIME-Version: 1.0 X-MBO-RS-META: 5nnxgrm98anbm586po14anksqreqjmq8 X-MBO-RS-ID: aeee48d872fb50f6399 X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: guix-patches@gnu.org List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-to: Antero Mejr X-ACL-Warn: , Antero Mejr via Guix-patches X-Patchwork-Original-From: Antero Mejr via Guix-patches via From: Antero Mejr Errors-To: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org Sender: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org X-getmail-retrieved-from-mailbox: Patches * guix/profiles.scm (purify-environment): Rename white-list-regexps to allow-list-regexps. Rename white-list to allow-list. (load-profile): Rename #:white-list-regexps to #:allow-list-regexps. * guix/scripts/environment.scm (launch-environment): Rename (launch-environment/fork): Rename #:white-list-regexps to (launch-environment/container): Rename #:white-list-regexps to (guix-environment*): Rename white-list to allow-list. * tests/profiles.scm (load-profile): Rename #:white-list to #:allow-list in load-profile procedure call. --- guix/profiles.scm | 18 +++++++++--------- guix/scripts/environment.scm | 24 ++++++++++++------------ tests/profiles.scm | 2 +- 3 files changed, 22 insertions(+), 22 deletions(-) base-commit: 220759226e93d76d8d80058f69f9d8b29714bbde diff --git a/guix/profiles.scm b/guix/profiles.scm index 5d2fb8dc64..380f42c5a1 100644 --- a/guix/profiles.scm +++ b/guix/profiles.scm @@ -2103,32 +2103,32 @@ (define* (profile-search-paths profile (list profile) getenv)) (define %precious-variables - ;; Environment variables in the default 'load-profile' white list. + ;; Environment variables in the default 'load-profile' allow list. '("HOME" "USER" "LOGNAME" "DISPLAY" "XAUTHORITY" "TERM" "TZ" "PAGER")) -(define (purify-environment white-list white-list-regexps) +(define (purify-environment allow-list allow-list-regexps) "Unset all environment variables except those that match the regexps in -WHITE-LIST-REGEXPS and those listed in WHITE-LIST." +ALLOW-LIST-REGEXPS and those listed in ALLOW-LIST." (for-each unsetenv (remove (lambda (variable) - (or (member variable white-list) + (or (member variable allow-list) (find (cut regexp-exec <> variable) - white-list-regexps))) + allow-list-regexps))) (match (get-environment-variables) (((names . _) ...) names))))) (define* (load-profile profile #:optional (manifest (profile-manifest profile)) - #:key pure? (white-list-regexps '()) - (white-list %precious-variables)) + #:key pure? (allow-list-regexps '()) + (allow-list %precious-variables)) "Set the environment variables specified by MANIFEST for PROFILE. When PURE? is #t, unset the variables in the current environment except those that -match the regexps in WHITE-LIST-REGEXPS and those listed in WHITE-LIST. +match the regexps in ALLOW-LIST-REGEXPS and those listed in ALLOW-LIST. Otherwise, augment existing environment variables with additional search paths." (when pure? - (purify-environment white-list white-list-regexps)) + (purify-environment allow-list allow-list-regexps)) (for-each (match-lambda ((($ variable _ separator) . value) (let ((current (getenv variable))) diff --git a/guix/scripts/environment.scm b/guix/scripts/environment.scm index 6ae3b11e39..e1ab66c9ed 100644 --- a/guix/scripts/environment.scm +++ b/guix/scripts/environment.scm @@ -485,18 +485,18 @@ (define exit/status (compose exit status->exit-code)) (define primitive-exit/status (compose primitive-exit status->exit-code)) (define* (launch-environment command profile manifest - #:key pure? (white-list '()) + #:key pure? (allow-list '()) emulate-fhs?) "Load the environment of PROFILE, which corresponds to MANIFEST, and execute COMMAND. When PURE?, pre-existing environment variables are cleared before -setting the new ones, except those matching the regexps in WHITE-LIST. When +setting the new ones, except those matching the regexps in ALLOW-LIST. When EMULATE-FHS?, first set up an FHS environment with $PATH and generate the LD cache." ;; Properly handle SIGINT, so pressing C-c in an interactive terminal ;; application works. (sigaction SIGINT SIG_DFL) (load-profile profile manifest - #:pure? pure? #:white-list-regexps white-list) + #:pure? pure? #:allow-list-regexps allow-list) ;; Give users a way to know that they're in 'guix environment', so they can ;; adjust 'PS1' accordingly, for instance. Set it to PROFILE so users can @@ -706,15 +706,15 @@ (define (suggest-command-name profile command) closest)))))))) (define* (launch-environment/fork command profile manifest - #:key pure? (white-list '())) + #:key pure? (allow-list '())) "Run COMMAND in a new process with an environment containing PROFILE, with the search paths specified by MANIFEST. When PURE?, pre-existing environment variables are cleared before setting the new ones, except those matching the -regexps in WHITE-LIST." +regexps in ALLOW-LIST." (match (primitive-fork) (0 (launch-environment command profile manifest #:pure? pure? - #:white-list white-list)) + #:allow-list allow-list)) (pid (match (waitpid pid) ((_ . status) status))))) @@ -723,7 +723,7 @@ (define* (launch-environment/container #:key command bash user user-mappings profile manifest link-profile? network? map-cwd? emulate-fhs? nesting? (setup-hook #f) - (symlinks '()) (white-list '())) + (symlinks '()) (allow-list '())) "Run COMMAND within a container that features the software in PROFILE. Environment variables are set according to the search paths of MANIFEST. The global shell is BASH, a file name for a GNU Bash binary in the store. When @@ -818,7 +818,7 @@ (define* (launch-environment/container #:key command bash user user-mappings (environ (filter (match-lambda ((variable . value) (find (cut regexp-exec <> variable) - white-list))) + allow-list))) (get-environment-variables))) ;; Bind-mount all requisite store items, user-specified mappings, ;; /bin/sh, the current working directory, and possibly networking @@ -931,7 +931,7 @@ (define* (launch-environment/container #:key command bash user user-mappings (override-user-dir user home cwd) home-dir)) - ;; Set environment variables that match WHITE-LIST. + ;; Set environment variables that match ALLOW-LIST. (for-each (match-lambda ((variable . value) (setenv variable value))) @@ -1090,7 +1090,7 @@ (define (guix-environment* opts) '("/bin/sh") (list %default-shell)))) (mappings (pick-all opts 'file-system-mapping)) - (white-list (pick-all opts 'inherit-regexp))) + (allow-list (pick-all opts 'inherit-regexp))) (define store-needed? ;; Whether connecting to the daemon is needed. @@ -1203,7 +1203,7 @@ (define (guix-environment* opts) #:user-mappings mappings #:profile profile #:manifest manifest - #:white-list white-list + #:allow-list allow-list #:link-profile? link-prof? #:network? network? #:map-cwd? (not no-cwd?) @@ -1218,7 +1218,7 @@ (define (guix-environment* opts) (return (exit/status (launch-environment/fork command profile manifest - #:white-list white-list + #:allow-list allow-list #:pure? pure?))))))))))))) ;;; Local Variables: diff --git a/tests/profiles.scm b/tests/profiles.scm index 9c419ada93..1e134f5105 100644 --- a/tests/profiles.scm +++ b/tests/profiles.scm @@ -367,7 +367,7 @@ (define glibc (getenv "PATH")) (getenv "GUILE_LOAD_PATH"))) (with-environment-excursion - (load-profile profile #:pure? #t #:white-list '()) + (load-profile profile #:pure? #t #:allow-list '()) (equal? (list (string-append "PATH=" bindir)) (environ)))))))