Tightening result caching security.
This commit is contained in:
Malte Brandy
parent
c0622e77b4
commit
9d9ee79550
1 changed files with 2 additions and 2 deletions
|
|
@ -5,7 +5,7 @@ let
|
||||||
cfgDir = "${stateDir}/cfg";
|
cfgDir = "${stateDir}/cfg";
|
||||||
cfg = config.services.laminar;
|
cfg = config.services.laminar;
|
||||||
cacheResult = "${pkgs.writeShellScript "cache-result-as-root"
|
cacheResult = "${pkgs.writeShellScript "cache-result-as-root"
|
||||||
"${pkgs.nix}/bin/nix-store -r --indirect --add-root /var/cache/gc-links/$2 $1"}";
|
''echo "Cached build-result $1 to $(${pkgs.nix}/bin/nix-store -r --indirect --add-root "/var/cache/gc-links/$2" "$1")."''}";
|
||||||
in {
|
in {
|
||||||
options = {
|
options = {
|
||||||
services.laminar = {
|
services.laminar = {
|
||||||
|
|
@ -42,7 +42,7 @@ in {
|
||||||
ghcArgs = [ "-threaded" ];
|
ghcArgs = [ "-threaded" ];
|
||||||
} (builtins.readFile ./nix-jobs.hs);
|
} (builtins.readFile ./nix-jobs.hs);
|
||||||
"cache-result" = pkgs.writeShellScript "cache-result" ''
|
"cache-result" = pkgs.writeShellScript "cache-result" ''
|
||||||
/run/wrappers/bin/sudo ${cacheResult} $1 $2
|
/run/wrappers/bin/sudo ${cacheResult} "$1" "$2"
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
jobs = {
|
jobs = {
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue