英文:
Nix: go package in --pure mode still pointing to host's GOPATH
问题
我正在尝试使用go包运行一个nix shell来测试一个go程序。然而,为了确保可重现性,我不希望nix-shell中的go指向任何与主机相关的路径或信息。所以,有人建议我在命令中使用--pure
标志。
我的最终命令如下:
$ nix-shell --pure -p go
一旦shell启动,我运行go env
,结果如下:
GO111MODULE=""
GOARCH="amd64"
GOBIN=""
GOCACHE="/home/HOSTUSERNAME/.cache/go-build"
GOENV="/home/HOSTUSERNAME/.config/go/env"
GOEXE=""
GOEXPERIMENT=""
GOFLAGS=""
GOHOSTARCH="amd64"
GOHOSTOS="linux"
GOINSECURE=""
GOMODCACHE="/home/HOSTUSERNAME/go/pkg/mod"
GONOPROXY=""
GONOSUMDB=""
GOOS="linux"
GOPATH="/home/HOSTUSERNAME/go"
GOPRIVATE=""
GOPROXY="https://proxy.golang.org,direct"
GOROOT="/nix/store/a7875alzpnr46z6mv4ssymfdwmvr6xbq-go-1.19.4/share/go"
GOSUMDB="sum.golang.org"
GOTMPDIR=""
GOTOOLDIR="/nix/store/a7875alzpnr46z6mv4ssymfdwmvr6xbq-go-1.19.4/share/go/pkg/tool/linux_amd64"
GOVCS=""
GOVERSION="go1.19.4"
GCCGO="gccgo"
GOAMD64="v1"
AR="ar"
CC="gcc"
CXX="g++"
CGO_ENABLED="1"
GOMOD="/dev/null"
GOWORK=""
CGO_CFLAGS="-g -O2"
CGO_CPPFLAGS=""
CGO_CXXFLAGS="-g -O2"
CGO_FFLAGS="-g -O2"
CGO_LDFLAGS="-g -O2"
PKG_CONFIG="pkg-config"
GOGCCFLAGS="-fPIC -m64 -pthread -Wl,--no-gc-sections -fmessage-length=0 -fdebug-prefix-map=/run/user/1000/go-build3633664660=/tmp/go-build -gno-record-gcc-switches"
我原本期望以一种可重现的方式安装我的Go项目,而不使用主机继承的GOPATH
和其他相关的环境变量。
有没有办法通过Nix在shell中安装的go包完全与主机系统的依赖项分离,然后测试Go项目?
英文:
I'm trying to run a nix shell with the go package to test a go program. However, to ensure reproducability, I do not want the go in nix-shell to point back to any host related path or info. So, I was advised to use the --pure
flag in the command.
My final command looks like this:
$ nix-shell --pure -p go
Once the shell is live, I run go env
and I see this:
GO111MODULE=""
GOARCH="amd64"
GOBIN=""
GOCACHE="/home/HOSTUSERNAME/.cache/go-build"
GOENV="/home/HOSTUSERNAME/.config/go/env"
GOEXE=""
GOEXPERIMENT=""
GOFLAGS=""
GOHOSTARCH="amd64"
GOHOSTOS="linux"
GOINSECURE=""
GOMODCACHE="/home/HOSTUSERNAME/go/pkg/mod"
GONOPROXY=""
GONOSUMDB=""
GOOS="linux"
GOPATH="/home/HOSTUSERNAME/go"
GOPRIVATE=""
GOPROXY="https://proxy.golang.org,direct"
GOROOT="/nix/store/a7875alzpnr46z6mv4ssymfdwmvr6xbq-go-1.19.4/share/go"
GOSUMDB="sum.golang.org"
GOTMPDIR=""
GOTOOLDIR="/nix/store/a7875alzpnr46z6mv4ssymfdwmvr6xbq-go-1.19.4/share/go/pkg/tool/linux_amd64"
GOVCS=""
GOVERSION="go1.19.4"
GCCGO="gccgo"
GOAMD64="v1"
AR="ar"
CC="gcc"
CXX="g++"
CGO_ENABLED="1"
GOMOD="/dev/null"
GOWORK=""
CGO_CFLAGS="-g -O2"
CGO_CPPFLAGS=""
CGO_CXXFLAGS="-g -O2"
CGO_FFLAGS="-g -O2"
CGO_LDFLAGS="-g -O2"
PKG_CONFIG="pkg-config"
GOGCCFLAGS="-fPIC -m64 -pthread -Wl,--no-gc-sections -fmessage-length=0 -fdebug-prefix-map=/run/user/1000/go-build3633664660=/tmp/go-build -gno-record-gcc-switches"
I was expecting to install my Go project in a reproducible way without using the host's inherited GOPATH
and other related environment variables.
Is there way to completely detach the host system's dependencies by Nix's go package installed in the shell and then test the Go Project?
答案1
得分: 1
即使环境变量GOPATH
、GOENV
、GOMODCACHE
等"完全未设置",go env
和相关工具仍会合成相对于$HOME
的默认值。
因此,如果您想定期测试您的项目是否对您的主目录有隐藏的依赖关系,您应该将其构建包装在一个Nix派生中;假设您在一个支持沙箱的平台上,并且启用了此功能,这将导致该构建在一个沙箱中进行,无法访问您的主目录。
有关构建一个派生来包装您的程序构建的指导,请参阅gomod2nix和更一般地参阅nixos.wiki上的Go条目。
另外,请注意,nix-shell --pure
并不能创建在每个方面都是纯净的shell:仍然存在对来自本地通道的nixpkgs的依赖。如果您想要控制这一点,您需要一个shell.nix
或flake.nix
,以固定特定的nixpkgs版本。
英文:
Even when the environment variables GOPATH
, GOENV
, GOMODCACHE
, &c. are completely unset, go env
and related tools synthesize default values relative to $HOME
.
Thus, if you want to test on a regular basis that your project doesn't have hidden dependencies on your home directory, you should wrap its build in a Nix derivation; assuming you're on a platform where Nix supports sandboxing, and that this feature is enabled, this will cause that build to be done in a sandbox with no access to your home directory.
See gomod2nix and more generally the Go entry on nixos.wiki for guidance on building a derivation to wrap your program's build.
Also, note that nix-shell --pure
doesn't create shells that are pure in every sense of the world: There's still a dependency on nixpkgs coming from your local channels. If you want to control that, you'll want a shell.nix
or flake.nix
that pins a specific nixpkgs revision.
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论